exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 2,293 RSS Feed

Proof of Concept Files

Oracle DBMS_REDACT Dynamic Data Masking Bypass
Posted Jan 3, 2023
Authored by Emad Al-Mousa

Proof of concept overview on how the DBMS_REDACT Dynamic Data Masking security feature in Oracle can be bypassed. Affected versions include 19c and 21c.

tags | exploit, proof of concept, bypass
SHA-256 | faa91bafa9b2e6c720d769cabe566e32648af86218a89d1e65f2e8680b811db4
ModSecurity Backdoor Tool
Posted Jan 3, 2023
Authored by Jozef Sudolsky | Site github.com

Proof of concept remote command execution and file retrieval backdoor script for ModSecurity.

tags | tool, remote, rootkit, proof of concept
systems | unix
SHA-256 | 48d8b60d0bc4cdb2a44679ca2e1994ad76834d87845227891745d812a2dd8f7b
IBM Websphere Application Server 7.0 Cross Site Scripting
Posted Dec 2, 2022
Authored by Milad Karimi

IBM Websphere Application Server version 7.0 persistent cross site scripting vulnerability proof of concept details.

tags | exploit, xss, proof of concept
advisories | CVE-2009-0855
SHA-256 | dc1233536d7555212b10f45b23030e26739234a2f687d52112ff10261d1e40e6
Roxy Fileman 1.4.6 Remote Shell Upload
Posted Nov 21, 2022
Authored by Hadi Mene

Roxy Fileman versions 1.4.6 and below remote shell upload proof of concept exploit.

tags | exploit, remote, shell, proof of concept, file upload
advisories | CVE-2022-40797
SHA-256 | 16a9c59173c82b869a340397a5e68377531e0e0f9be9781793142e4f47786e1b
Microsoft Outlook 2019 16.0.13231.20262 Remote Code Execution
Posted Nov 21, 2022
Authored by Hangjun Go

This is a whitepaper along with a proof of concept eml file discussing CVE-2020-16947 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.13231.20262 when it fails to properly handle objects in memory.

tags | exploit, paper, remote, code execution, proof of concept
advisories | CVE-2020-16947
SHA-256 | e10886839475e813dff9362bc048392f047b424255b849ca304a468b0daa17a3
Microsoft Outlook 2019 16.0.12624.20424 Out-Of-Bounds Read
Posted Nov 21, 2022
Authored by Hangjun Go

This is a whitepaper along with a proof of concept eml file that demonstrates an out-of-bounds read on Outlook 2019 version 16.0.12624.20424. NIST references this issue as simply an information disclosure.

tags | exploit, paper, proof of concept, info disclosure
advisories | CVE-2020-1493
SHA-256 | d7cbdf78b8d88b5ef4f17ae322717c6adec1d335f3eddae9fc75f883c66bbc76
Automated Tank Gauge (ATG) Remote Configuration Disclosure
Posted Nov 3, 2022
Authored by RoseSecurity

In 2015, HD Moore, the creator of Metasploit, published an article disclosing over 5,800 gas station Automated Tank Gauges (ATGs) which were publicly accessible. Besides monitoring for leakage, these systems are also instrumental in gauging fluid levels, tank temperature, and can alert operators when tank volumes are too high or have reached a critical low. ATGs are utilized by nearly every fueling station in the United States and tens of thousands of systems internationally. They are most commonly manufactured by Veeder-Root, a supplier of fuel dispensers, payment systems, and forecourt merchandising. For remote monitoring of these fuel systems, operators will commonly configure the ATG serial interface to an internet-facing TCP port (generally set to TCP 10001). This script reads the Get In-Tank Inventory Report from TCP/10001 as a proof of concept to demonstrate the arbitrary access.

tags | exploit, remote, arbitrary, root, tcp, proof of concept
SHA-256 | 1222ef3166eddf3e2b1283c72bc5f78616ec813de663f9a776c261eacba66ccf
MiniDVBLinux 5.4 Change Root Password
Posted Oct 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

MiniDVBLinux versions 5.4 and below root password changing proof of concept exploit.

tags | exploit, root, proof of concept
SHA-256 | 0517758916f5224ee0d63a86e0026b8a9d83c177f294a5ec74c5a0938e44fc11
macOS 12.3.1 Local Root
Posted Oct 10, 2022
Authored by zhuowei | Site worthdoingbadly.com

This is a write up demonstrating how to get root on macOS 12.3.1 using CoreTrust and DriverKit bugs. Included is the spawn_root proof of concept.

tags | exploit, root, proof of concept
advisories | CVE-2022-26763, CVE-2022-26766
SHA-256 | 42264f6011010d1ea9305f22c2f23628b9337624b236c163e1a40b0e1273560f
Apple macOS Remote Events Memory Corruption
Posted Sep 5, 2022
Authored by Jeremy Brown

This is a proof of concept exploit for the Apple macOS remote events remote memory corruption vulnerability. It serves as a toolkit to help debug and trigger crashes.

tags | exploit, remote, proof of concept
systems | apple
advisories | CVE-2022-22630
SHA-256 | b71c042ede4f92abca7d1cc98ba26d58de335a31e253ab82c25fea5b3120ba80
Kik Messenger XMPP Stanza Smuggling
Posted Jun 10, 2022
Authored by Ivan Fratric, Google Security Research

There is a vulnerability in Kik Messenger for Android that allows an attacker to send arbitrary XMPP stanzas (XMPP control messages) to another Kik client, including XMPP stanzas that are normally sent only by the Kik server. Included is a proof of concept that demonstrates sending of the stc stanza which triggers a captcha dialog and opens an arbitrary attacker-control webpage on the victim client. However, the full impact is likely larger than this, and includes any application features accessible over XMPP.

tags | exploit, arbitrary, proof of concept
SHA-256 | 3f66b31a34e395df392668d6453b6eee4bbfd623765c95d99108116f95c8a143
Confluence OGNL Injection Proof Of Concept
Posted Jun 7, 2022
Authored by Samy Younsi | Site github.com

Proof of concept script that exploits the remote code execution vulnerability affecting Atlassian Confluence versions 7.18 and below. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance. All supported versions of Confluence Server and Data Center are affected. Confluence Server and Data Center versions after 1.3.0 and below 7.18.1 are affected. The vulnerability has a CVSS score of 10 out of 10 for criticality.

tags | exploit, remote, arbitrary, code execution, proof of concept
advisories | CVE-2022-26134
SHA-256 | af35a5a0af240395f62e977601885f29387ee4fc958081d1910e6f6f0d3d428a
Through The Wire CVE-2022-26134 Confluence Proof Of Concept
Posted Jun 7, 2022
Authored by jbaines-r7 | Site github.com

Through the Wire is a proof of concept exploit for CVE-2022-26134, an OGNL injection vulnerability affecting Atlassian Confluence Server and Data Center versions 7.13.6 LTS and below and versions 7.18.0 "Latest" and below. This was originally a zero-day exploited in-the-wild.

tags | exploit, proof of concept
advisories | CVE-2022-26134
SHA-256 | 942e5b3f32027294cb480a1f6e34ca8ed1933380c4aa4a79161e45a5c6ec7cbc
Microsoft Office MSDT Follina Proof Of Concept
Posted May 31, 2022
Authored by JMousqueton | Site github.com

Proof of concept for the remote code execution vulnerability in MSDT known as Follina.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2022-30190
SHA-256 | 53ac1f74816b206d64cdb03e581a54d26e7aad446de7be2e6ecd1af77d47ebc2
Microsoft Follina Proof Of Concept
Posted May 31, 2022
Authored by onecloudemoji | Site github.com

Proof of concept exploit for the Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability dubbed Follina.

tags | exploit, remote, code execution, proof of concept
systems | windows
advisories | CVE-2022-30190
SHA-256 | 21dda01f8e88aa4687f62848057799f68aeaf508af81b73f3368b5656c8f92fe
Zyxel Remote Command Execution
Posted May 16, 2022
Authored by jbaines-r7 | Site github.com

Victorian Machinery is a proof of concept exploit for CVE-2022-30525. The vulnerability is an unauthenticated and remote command injection vulnerability affecting Zyxel firewall's that support zero touch provisioning. Zyxel pushed a fix for this issue on April 28, 2022. Multiple models are affected.

tags | exploit, remote, proof of concept
advisories | CVE-2022-30525
SHA-256 | d85780bb5daa2abd4c685fc1f2bd14ad0bfe7fbd9a5a6a99b45f1efcddb6a0bf
F5 BIG-IP Remote Code Execution
Posted May 9, 2022
Authored by Alt3kx | Site github.com

F5 BIG-IP remote code execution proof of concept exploit that leverages the vulnerability identified in CVE-2022-1388.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2022-1388
SHA-256 | 2c3224e25af9797e9d7139c7d759da88b2eae07b09d164c4bf3a7423cfb95c06
Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass
Posted Apr 4, 2022
Authored by Adam Shebani

Roxy File Manager version 1.4.5 proof of concept exploit for a PHP file upload restriction bypass vulnerability.

tags | exploit, php, proof of concept, bypass, file upload
advisories | CVE-2018-20525
SHA-256 | 56429affeb38a91070ee24b0aaf512970594ce033504501832983da83e9dea5a
Dirty Pipe SUID Binary Hijack Privilege Escalation
Posted Mar 8, 2022
Authored by Blasty, Max Kellermann

Variant proof of concept exploit for the Dirty Pipe file overwrite vulnerability. This version hijacks a SUID binary to spawn a root shell.

tags | exploit, shell, root, proof of concept
advisories | CVE-2022-0847
SHA-256 | 896e5b87da1c2dcdc6b5bf2a4c03daf9da0145521f3b205c1bcf72db8ff2340f
Dirty Pipe Linux Privilege Escalation
Posted Mar 8, 2022
Authored by Max Kellermann | Site dirtypipe.cm4all.com

Proof of concept for a vulnerability in the Linux kernel existing since version 5.8 that allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes.

tags | exploit, arbitrary, kernel, root, proof of concept
systems | linux
advisories | CVE-2022-0847
SHA-256 | 44e38035938b0841fe6c4b79375b95d9bdcc4665c0a63ed1dcb0ca5df0c03212
OpenBMCS 2.4 Remote Privilege Escalation
Posted Jan 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

OpenBMCS version 2.4 create administrator proof of concept exploit that leverages a remote privilege escalation vulnerability.

tags | exploit, remote, proof of concept
SHA-256 | dfa165d919105379e965f9f7c64bc72209b082357f408421bbd7348be571f7ea
HTTP Protocol Stack Denial Of Service / Remote Code Execution
Posted Jan 17, 2022
Authored by nu11secur1ty

Proof of concept for a Microsoft HTTP protocol stack vulnerability that causes a denial of service.

tags | exploit, web, denial of service, protocol, proof of concept
advisories | CVE-2022-21907
SHA-256 | c2c18115a401a528cf1b5dc31c17571b0980e3c441f00ab74bcca4c29d729334
Apache Log4j2 2.14.1 Remote Code Execution
Posted Dec 10, 2021
Authored by tangxiaofeng7 | Site github.com

Apache Log4j2 versions 2.14.1 and below proof of concept remote code execution exploit. JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

tags | exploit, remote, arbitrary, code execution, proof of concept
advisories | CVE-2021-44228
SHA-256 | c8d0355e439c74ae436d3c409fe4b1f7b1c6c2d6fb97d2375bbaa49de94f642b
Docker runc Command Execution Proof Of Concept
Posted Dec 8, 2021
Authored by Frichetten | Site github.com

Docker proof of concept command execution exploit that leverages runc.

tags | exploit, proof of concept
advisories | CVE-2019-5736
SHA-256 | d839ae3cbe28eac31921153401a56b44bcb7aa9e71186e649af207b24a2573d0
Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download
Posted Nov 15, 2021
Authored by Rizal Muhammed

Wipro Holmes Orchestrator version 20.4.1 unauthenticated arbitrary file reading proof of concept exploit.

tags | exploit, arbitrary, proof of concept
advisories | CVE-2021-38146
SHA-256 | aa43fdedfc7f5227a2a020d9bd25796fe6699fb9bbb47484e3814e5633c6039b
Page 1 of 92
Back12345Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close