exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 5,316 RSS Feed

PHP Files

PHP CGI Argument Injection Remote Code Execution
Posted Jun 18, 2024
Authored by Orange Tsai, sfewer-r7, WatchTowr | Site metasploit.com

This Metasploit module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant (such as Chinese or Japanese), such that the Unicode best-fit conversion scheme will unexpectedly convert a soft hyphen (0xAD) into a dash (0x2D) character. Additionally a target web server must be configured to run PHP under CGI mode, or directly expose the PHP binary. This issue has been fixed in PHP 8.3.8 (for the 8.3.x branch), 8.2.20 (for the 8.2.x branch), and 8.1.29 (for the 8.1.x branch). PHP 8.0.x and below are end of life and have note received patches. XAMPP is vulnerable in a default configuration, and we can target the /php-cgi/php-cgi.exe endpoint. To target an explicit .php endpoint (e.g. /index.php), the server must be configured to run PHP scripts in CGI mode.

tags | exploit, web, cgi, php
systems | windows
advisories | CVE-2024-4577
SHA-256 | c2545000b9fdd9d40a19e238932d2917bdfb1a41c680df6e0ffb2128341c38ef
PHP Remote Code Execution
Posted Jun 14, 2024
Authored by Yesith Alvarez

PHP versions prior to 8.3.8 suffer from a remote code execution vulnerability.

tags | exploit, remote, php, code execution
advisories | CVE-2024-4577
SHA-256 | 6d8851066f1e1d5a5aa1172f697d6dfd3debd910db8f3f51cfdc80ab2a6cb6ae
Cacti Import Packages Remote Code Execution
Posted Jun 13, 2024
Authored by EgiX, Christophe de la Fuente | Site metasploit.com

This exploit module leverages an arbitrary file write vulnerability in Cacti versions prior to 1.2.27 to achieve remote code execution. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The module finally triggers the payload to execute arbitrary PHP code in the context of the user running the web server. Authentication is needed and the account must have access to the Import Packages feature. This is granted by setting the Import Templates permission in the Template Editor section.

tags | exploit, remote, web, arbitrary, php, code execution
advisories | CVE-2024-25641
SHA-256 | f1f588ee0ed499b26894cbffe269abc74a129bb2bc296920c54da9fcdb577639
Ubuntu Security Notice USN-6825-1
Posted Jun 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6825-1 - It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 16.04 LTS. It was discovered that ADOdb was incorrectly handling GET parameters in test.php. A remote attacker could possibly use this issue to execute cross-site scripting attacks. This issue only affected Ubuntu 16.04 LTS.

tags | advisory, remote, php, xss, sql injection
systems | linux, ubuntu
advisories | CVE-2016-4855, CVE-2016-7405, CVE-2021-3850
SHA-256 | 01e0f44081269e85a54c1d9b8ba563fa88ee4b62bc5f34527ee8158874e4e2ff
WordPress Hash Form 1.1.0 Remote Code Execution
Posted Jun 6, 2024
Authored by Valentin Lobstein, Francesco Carlucci | Site metasploit.com

The Hash Form Drag and Drop Form Builder plugin for WordPress suffers from a critical vulnerability due to missing file type validation in the file_upload_action function. This vulnerability exists in all versions up to and including 1.1.0. Unauthenticated attackers can exploit this flaw to upload arbitrary files, including PHP scripts, to the server, potentially allowing for remote code execution on the affected WordPress site. This Metasploit module targets multiple platforms by adapting payload delivery and execution based on the server environment.

tags | exploit, remote, arbitrary, php, code execution
advisories | CVE-2024-5084
SHA-256 | 64b2193d74612e99562b23a4a36b832a46e526be92d5e77374181caa141143e0
Aquatronica Control System 5.1.6 Password Disclosure
Posted May 30, 2024
Authored by LiquidWorm | Site zeroscience.mk

Aquatronica Control System version 5.1.6 has a tcp.php endpoint on the controller that is exposed to unauthenticated attackers over the network. This vulnerability allows remote attackers to send a POST request which can reveal sensitive configuration information, including plaintext passwords. This can lead to unauthorized access and control over the aquarium controller, compromising its security and potentially allowing attackers to manipulate its settings.

tags | exploit, remote, php, tcp
SHA-256 | 156dd012b72f45fad1f98bb1e1e9d6db89c8dfc2181bfdb205566cd6e184f365
Progress Flowmon 12.3.5 Local sudo Privilege Escalation
Posted May 30, 2024
Authored by Dave Yesland | Site metasploit.com

This Metasploit module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PHP code it can be used to elevate privileges to root. Progress Flowmon up to at least version 12.3.5 is vulnerable.

tags | exploit, root, php
SHA-256 | 4d7c5d9c8f90f2082d79d0b216623a4757503aa44c96d6dd6a02243cececec08
AVideo WWBNIndex Plugin Unauthenticated Remote Code Execution
Posted May 22, 2024
Authored by Valentin Lobstein | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the WWBNIndex plugin of the AVideo platform. The vulnerability exists within the submitIndex.php file, where user-supplied input is passed directly to the require() function without proper sanitization. By exploiting this, an attacker can leverage the PHP filter chaining technique to execute arbitrary PHP code on the server. This allows for the execution of commands and control over the affected system. The exploit is particularly dangerous because it does not require authentication, making it possible for any remote attacker to exploit this vulnerability.

tags | exploit, remote, arbitrary, php, code execution
advisories | CVE-2024-31819
SHA-256 | 7df90df7e75927e09777170cc36a4823a5062bc6e077056564aea5f7a6ba8b7f
Cacti 1.2.26 Remote Code Execution
Posted May 15, 2024
Authored by EgiX | Site karmainsecurity.com

Cacti versions 1.2.26 and below suffer from a remote code execution execution vulnerability in import.php.

tags | exploit, remote, php, code execution
advisories | CVE-2024-25641
SHA-256 | 86b50d4574919755d30f44ebc0972085ad39e9820171813614fe42cf0df9f937
Prison Management System Using PHP SQL Injection
Posted May 14, 2024
Authored by Sanjay Singh

Prison Management System Using PHP suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
advisories | CVE-2024-33288
SHA-256 | e69f0a647f9409afaeb28fca9549b65a8f171f0f00a1d280a8d677cfdf0704ee
POMS PHP 1.0 SQL Injection / Shell Upload
Posted May 9, 2024
Authored by nu11secur1ty

POMS PHP version 1.0 suffers from remote shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, php, vulnerability, sql injection
SHA-256 | 6fbd9b24154b7a82bd33b970bc8f205aec51838beab9dfdcd8c402c4bc2fe213
Ubuntu Security Notice USN-6757-2
Posted May 3, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6757-2 - USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem. It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

tags | advisory, arbitrary, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-4900, CVE-2024-2756, CVE-2024-3096
SHA-256 | 9657a689d1e137641b5539b1d18e172041c6d3cba27fdc722c254145353f09b5
SOPlanning 1.52.00 SQL Injection
Posted May 3, 2024
Authored by liquidsky

SOPlanning version 1.52.00 suffers from a remote SQL injection vulnerability in projects.php.

tags | exploit, remote, php, sql injection
advisories | CVE-2024-33722
SHA-256 | e53b7e681658c99d38155029675c243627ca96d8d11916eba4a766fb4d6a4c69
SOPlanning 1.52.00 Cross Site Request Forgery
Posted May 3, 2024
Authored by liquidsky

SOPlanning version 1.52.00 suffers from a cross site request forgery vulnerability in xajax_server.php.

tags | exploit, php, csrf
SHA-256 | a3c73b7d4acc8e32c7247c327692a33f62025c56af9edaa24b5dfff34103fc5a
SOPlanning 1.52.00 Cross Site Scripting
Posted May 3, 2024
Authored by liquidsky

SOPlanning version 1.52.00 suffers from a cross site scripting vulnerability in groupe_save.php.

tags | exploit, php, xss
advisories | CVE-2024-33724
SHA-256 | b3547a84c8cad40f1ad245d4773be05f04779afc966facea5aec1efac17e152d
Ubuntu Security Notice USN-6757-1
Posted Apr 30, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6757-1 - It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to cookie by pass.

tags | advisory, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2022-4900, CVE-2024-2756, CVE-2024-3096
SHA-256 | d148d55e0339c28ab206c4e04376d9c0144caabdf1c279dfc99b6ae169bc4172
LRMS PHP 1.0 SQL Injection / Shell Upload
Posted Apr 22, 2024
Authored by nu11secur1ty

LRMS PHP version 1.0 suffers from remote shell upload and multiple remote SQL injection vulnerabilities.

tags | exploit, remote, shell, php, vulnerability, sql injection
SHA-256 | cd29b75f4fc26669967838b2cacc350651afd70ebc41fa183a818a2044008a19
Debian Security Advisory 5661-1
Posted Apr 16, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5661-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.

tags | advisory, php
systems | linux, debian
advisories | CVE-2023-3823, CVE-2023-3824, CVE-2024-2756, CVE-2024-3096
SHA-256 | 7c99b12b4316d40822aec03a738c08d2f71e83f8ccbfc93224b96903f3515868
Debian Security Advisory 5660-1
Posted Apr 16, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5660-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.

tags | advisory, php
systems | linux, debian
advisories | CVE-2023-3823, CVE-2023-3824, CVE-2024-2756, CVE-2024-3096
SHA-256 | 0069a8ea5cc51d5ef3e22cd8bb63e827819ebc41dadb05af036e8a0cb29b90c5
GUnet OpenEclass E-learning 3.15 File Upload / Command Execution
Posted Apr 11, 2024
Authored by Georgios Tsimpidas, Frey

GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution.

tags | exploit, remote, php, file upload
advisories | CVE-2024-31777
SHA-256 | 87510b61a4bcdb0fdc6c31f4148617866220f4cd5cc391960946f28d1c611747
Invision Community 4.7.16 Remote Code Execution
Posted Apr 8, 2024
Authored by EgiX | Site karmainsecurity.com

Invision Community versions 4.7.16 and below suffer from a remote code execution vulnerability in toolbar.php.

tags | exploit, remote, php, code execution
advisories | CVE-2024-30162
SHA-256 | 79e57c6d95c397c23ce4c4203e72406e2900a93befed691fbc0ae540ed7a9cf4
Invision Community 4.7.15 SQL Injection
Posted Apr 8, 2024
Authored by EgiX | Site karmainsecurity.com

Invision Community versions 4.4.0 through 4.7.15 suffer from a remote SQL injection vulnerability in store.php.

tags | exploit, remote, php, sql injection
advisories | CVE-2024-30163
SHA-256 | f3e99d07ab1ab0d469a1a39ceb456ac6dc86fdcbd9071ad8690ce38ecca5a7ff
DerbyNet 9.0 playlist.php Cross Site Scripting
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in playlist.php.

tags | exploit, php, xss
advisories | CVE-2024-30929
SHA-256 | 33a3298bf5768c9f7a9fcd2deaa459729d65f2eb60c8601a0d2dd30561151395
DerbyNet 9.0 racer-results.php Cross Site Scripting
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in racer-results.php.

tags | exploit, php, xss
advisories | CVE-2024-30927
SHA-256 | e1f0ec83ec56b1d3ebff89be4223a47e4c6caea8be38185b375b827447078473
DerbyNet 9.0 photo-thumbs.php Cross Site Scripting
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo-thumbs.php.

tags | exploit, php, xss
advisories | CVE-2024-30925
SHA-256 | e33a05805911bcd786fdff15a7d4ac31f136e43e12a0f9ec5b25c0db38d7fe3e
Page 5 of 213
Back34567Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    49 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close