exploit the possibilities
Showing 1 - 25 of 4,934 RSS Feed

PHP Files

MaraCMS 7.5 Remote Code Execution
Posted Sep 28, 2020
Authored by Erik Wynter, Michele Cisternino | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in MaraCMS versions 7.5 and below in order to execute arbitrary commands. The module first attempts to authenticate to MaraCMS. It then tries to upload a malicious PHP file to the web root via an HTTP POST request to codebase/handler.php. If the php target is selected, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to this file. For the linux and windows targets, the module uploads a simple PHP web shell. Subsequently, it leverages the CmdStager mixin to deliver the final payload via a series of HTTP GET requests to the PHP web shell. Valid credentials for a MaraCMS admin or manager account are required. This module has been successfully tested against MaraCMS 7.5 running on Windows Server 2012 (XAMPP server).

tags | exploit, web, arbitrary, shell, root, php, file upload
systems | linux, windows
advisories | CVE-2020-25042
MD5 | f3fcdcf0924156e882b29740d16480f8
Visitor Management System In PHP 1.0 Cross Site Scripting
Posted Sep 22, 2020
Authored by Rahul Ramkumar

Visitor Management System in PHP version 1.0 suffers from an unauthenticated persistent cross site scripting vulnerability.

tags | exploit, php, xss
advisories | CVE-2020-25761
MD5 | d64c37a536ecac0b5d3e1dac3dbcaa45
Visitor Management System In PHP 1.0 SQL Injection
Posted Sep 22, 2020
Authored by Rahul Ramkumar

Visitor Management System in PHP version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
advisories | CVE-2020-25760
MD5 | eb513471e0235ff5f467e06b619ab1d2
B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code Execution
Posted Sep 21, 2020
Authored by LiquidWorm | Site zeroscience.mk

B-swiss 3 Digital Signage System version 3.6.5 suffers from an authenticated arbitrary PHP code execution vulnerability. The vulnerability is caused due to the improper verification of uploaded files in index.php script thru the rec_poza POST parameter. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in the /usr/users directory. Due to an undocumented and hidden maintenance account admin_m which has the highest privileges in the application, an attacker can use these hard-coded credentials to authenticate and use the vulnerable image upload functionality to execute code on the server.

tags | exploit, arbitrary, php, code execution
MD5 | b8122e7dc5d8a3a0549b1366c4226983
Mida Solutions eFramework ajaxreq.php Command Injection
Posted Sep 16, 2020
Authored by Brendan Coles, elbae | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration permits the apache user to execute any command as root without providing a password, resulting in privileged command execution as root. This module has been successfully tested on Mida Solutions eFramework-C7-2.9.0 virtual appliance.

tags | exploit, arbitrary, root, php
advisories | CVE-2020-15920
MD5 | 1b7215ff6d3355202c2e796fb94a2cac
Gentoo Linux Security Advisory 202009-10
Posted Sep 14, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202009-10 - A vulnerabilities in PHP could lead to a Denial of Service condition. Versions less than 7.2.33:7.2 are affected.

tags | advisory, denial of service, php, vulnerability
systems | linux, gentoo
advisories | CVE-2020-7068
MD5 | d02ea2e4e445ae9dc9a0319b525b6459
Red Hat Security Advisory 2020-3662-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3662-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer over-read, buffer overflow, code execution, information leakage, integer overflow, null pointer, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, web, overflow, php, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-11045, CVE-2019-11047, CVE-2019-11048, CVE-2019-11050, CVE-2019-13224, CVE-2019-13225, CVE-2019-16163, CVE-2019-19203, CVE-2019-19204, CVE-2019-19246, CVE-2019-20454, CVE-2020-7059, CVE-2020-7060, CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7065, CVE-2020-7066
MD5 | 1e12fa29983b7f83af758496e3d90857
D-Link Central WiFi Manager CWM(100) Remote Code Execution
Posted Aug 18, 2020
Authored by M3 at ZionLab, Redouane Niboucha | Site metasploit.com

This Metasploit module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM(100) versions below v1.03R0100_BETA6. The vulnerability exists in the username cookie, which is passed to eval() without being sanitized. Dangerous functions are not disabled by default, which makes it possible to get code execution on the target.

tags | exploit, php, code execution
advisories | CVE-2019-13372
MD5 | ad4f9d0e1e861c8a9f9b8b0544120a4c
vBulletin 5.x Remote Code Execution
Posted Aug 13, 2020
Authored by Zenofex | Site metasploit.com

This Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widget_tabbedcontainer_tab_panel template while also providing the widget_php argument. This causes the former template to load the latter bypassing filters originally put in place to address CVE-2019-16759. This also allows the exploit to reach an eval call with user input allowing the module to achieve PHP remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.2 on Ubuntu Linux.

tags | exploit, remote, php, code execution
systems | linux, ubuntu
advisories | CVE-2019-16759, CVE-2020-7373
MD5 | b60b0666592e30c6b174a6e6343f7c54
Baldr Botnet Panel Shell Upload
Posted Jul 29, 2020
Authored by Ege Balci | Site metasploit.com

This Metasploit module exploits a arbitrary file upload vulnerability within the Baldr stealer malware control panel. Attackers can turn this vulnerability into remote code execution by adding malicious PHP code inside the victim logs ZIP file and registering a new bot to the panel by uploading the ZIP file under the logs directory. On versions 3.0 and 3.1 victim logs are ciphered by a random 4 byte XOR key. This exploit module retrieves the IP specific XOR key from panel gate and registers a new victim to the panel with adding the selected payload inside the victim logs.

tags | exploit, remote, arbitrary, php, code execution, file upload
MD5 | 3aee05fb3bfa3e3eb0452ce7bbf7bdfb
Pandora FMS 7.0 NG 7XX Remote Command Execution
Posted Jul 11, 2020
Authored by Fernando Catoira, Erik Wynter, Julio Sanchez | Site metasploit.com

This Metasploit module exploits a vulnerability (CVE-2020-13851) in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 (and perhaps older versions) in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in th e Events feature of Pandora FMS. This flaw allows users to execute arbitrary commands via the target parameter in HTTP POST requests to the Events function. After authenticating to the target, the module attempts to exploit this flaw by issuing such an HTTP POST request, with the target parameter set to contain the payload. If a shell is obtained, the module will try to obtain the local MySQL database password via a simple grep command on the plaintext /var/www/html/pandora_console/include/config.php file. Valid credentials for a Pandora FMS account are required. The account does not need to have admin privileges. This module has been successfully tested on Pandora 7.0 NG 744 running on CentOS 7 (the official virtual appliance ISO for this version).

tags | exploit, web, arbitrary, shell, local, php
systems | linux, centos
advisories | CVE-2020-13851
MD5 | f5291266eaebb8b290e3a0b7e6659455
Impress CMS 1.4.0 Code Execution / SQL Injection
Posted Jul 10, 2020
Authored by AppleBois

Impress CMS version 1.4.0 has an issue where an authenticated user can make use of the AutoTask feature to execute php code, allowing for remote SQL injection and remote code execution.

tags | exploit, remote, php, code execution, sql injection
MD5 | b5f8c806b5bde139ab34a7e35d46ad18
PHP 7.4 FFI disable_functions Bypass
Posted Jul 9, 2020
Authored by Hunter Gregal

PHP version 7.4 FFI disable_functions bypass proof of concept exploit.

tags | exploit, php, proof of concept, bypass
MD5 | 837034ab8198c13f97935215b65ad576
Red Hat Security Advisory 2020-2835-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2835-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include an underflow vulnerability.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2019-11043
MD5 | 7d3efa23b778cb571c090b3a2406b404
openSIS 7.4 Unauthenticated PHP Code Execution
Posted Jul 6, 2020
Authored by EgiX | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a local file inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.

tags | exploit, arbitrary, local, php, vulnerability, sql injection, file inclusion
advisories | CVE-2020-13381, CVE-2020-13382, CVE-2020-13383
MD5 | 07a638401a07dae3fe0cc15b5a196965
Nagios XI 5.6.12 Remote Code Execution
Posted Jul 6, 2020
Authored by Basim Alabdullah

Nagios XI version 5.6.12 remote code execution exploit that leverages export-rrd.php.

tags | exploit, remote, php, code execution
MD5 | 31691ce3c81c37946e036a7240a1b83f
e-learning PHP Script 0.1.0 SQL Injection
Posted Jul 1, 2020
Authored by KeopssGroup0day Inc

e-learning PHP Script version 0.1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | d3535b2b5828fb6373c1ce7b70ade504
PHP-Fusion 9.03.60 PHP Object Injection
Posted Jul 1, 2020
Authored by coiffeur

PHP-Fusion version 9.03.60 suffers from a PHP object injection vulnerability.

tags | exploit, php
MD5 | 17b561a217b4cfbeba912004f8ef1c98
Agent Tesla Panel Remote Code Execution
Posted Jun 18, 2020
Authored by Ege Balci, mekhalleh, gwillcox-r7 | Site metasploit.com

This Metasploit module exploits a command injection vulnerability within the Agent Tesla control panel, in combination with an SQL injection vulnerability and a PHP object injection vulnerability, to gain remote code execution on affected hosts. Panel versions released prior to September 12, 2018 can be exploited by unauthenticated attackers to gain remote code execution as user running the web server. Agent Tesla panels released on or after this date can still be exploited however, provided that attackers have valid credentials for the Agent Tesla control panel. Note that this module presently only fully supports Windows hosts running Agent Tesla on the WAMP stack. Support for Linux may be added in a future update, but could not be confirmed during testing.

tags | exploit, remote, web, php, code execution, sql injection
systems | linux, windows
MD5 | d4d981962d4baab56ec1e03af0dd4132
College-Management-System-Php 1.0 SQL Injection
Posted Jun 18, 2020
Authored by BLAY ABU SAFIAN

College-Management-System-Php version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
MD5 | fedd77cb039b3c893f4bfd8b2086e2ca
PHP-Fusion 9.03.60 PHP Object Injection / SQL Injection
Posted Jun 15, 2020
Authored by coiffeur

PHP-Fusion version 9.03.60 PHP object injection to SQL injection pre-authentication exploit.

tags | exploit, php, sql injection
MD5 | cb7df3cd8016da3a40d81715186ff656
LinuxKI Toolset 6.01 Remote Command Execution
Posted Jun 10, 2020
Authored by numan turle, Cody Winkler | Site metasploit.com

This Metasploit module exploits a vulnerability in LinuxKI Toolset versions 6.01 and below which allows remote code execution. The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in the security vulnerability.

tags | exploit, remote, php, code execution
advisories | CVE-2020-7209
MD5 | cd78cc0c010d3ea09c0e4662335d84a3
WordPress Drag And Drop Multi File Uploader Remote Code Execution
Posted Jun 4, 2020
Authored by h00die, Austin Martin | Site metasploit.com

This Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells to be uploaded. No authentication is required for exploitation.

tags | exploit, shell, php, file upload
advisories | CVE-2020-12800
MD5 | 8741d1320b67d5240a0da5c63f0f5065
NeonLMS Learning Management System PHP Laravel Script 4.6 XSS
Posted Jun 4, 2020
Authored by th3d1gger

NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from a persistent cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | 2e508022471e1a49271d4745b0b3e811
NeonLMS Learning Management System PHP Laravel Script 4.6 File Download
Posted Jun 4, 2020
Authored by th3d1gger

NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, php, info disclosure
MD5 | e762859b96e7391cb7c4d0f1d5bc1371
Page 1 of 198
Back12345Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    8 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    4 Files
  • 26
    Sep 26th
    1 Files
  • 27
    Sep 27th
    1 Files
  • 28
    Sep 28th
    20 Files
  • 29
    Sep 29th
    11 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close