what you don't know can hurt you
Showing 1 - 25 of 2,715 RSS Feed

Shell Files

WordPress FormCraft 2.0 CSRF / Shell Upload
Posted Mar 18, 2019
Authored by KingSkrupellos

WordPress version 5.0.4 with FormCraft plugin version 2.0 suffers from a cross site request forgery vulnerability that can be leveraged to perform a shell upload.

tags | exploit, shell, csrf
MD5 | 34bba172e28c83ea38f0a59db712f769
elFinder PHP Connector exiftran Command Injection
Posted Mar 12, 2019
Authored by Brendan Coles, Thomas Chauchefoin, q3rv0 | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is not validated, allowing shell metacharacters. When performing image operations on JPEG files, the filename is passed to the exiftran utility without appropriate sanitization, causing shell commands in the file name to be executed, resulting in remote command injection as the web server user. The PHP connector is not enabled by default. The system must have exiftran installed and in the PATH. This module has been tested successfully on elFinder versions 2.1.47, 2.1.20, and 2.1.16 on Ubuntu.

tags | exploit, remote, web, shell, php
systems | linux, ubuntu
MD5 | 3664569f65ef2128717bd5e02f29d7b4
QNAP TS-431 QTS Remote Command Execution
Posted Mar 7, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module creates a virtual web server and uploads the php payload into it. Admin privileges cannot access any server files except File Station files. The user who is authorized to create Virtual Web Server can upload malicious php file by activating the server. Exploit creates a new directory into File Station to connect to the web server. However, only the "index.php" file is allowed to work in the virtual web server directory. No files can be executed except "index.php". Gives an access error. After the harmful "index.php" has been uploaded, the shell can be retrieved from the server. There is also the possibility of working in higher versions. Affects versions prior to 4.2.2.

tags | exploit, web, shell, php
MD5 | a35108ec28d9740153245bbe67cbb79a
WordPress WP-Image-News-Slider 3.3 Cross Site Request Forgery / Shell Upload
Posted Mar 5, 2019
Authored by KingSkrupellos

WordPress WP-Image-News-Slider plugin version 3.3 suffers from cross site request forgery and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, csrf
MD5 | 565786e871040f0759e592f8d15a7c02
Booked Scheduler 2.7.5 Remote Command Execution
Posted Mar 5, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits a file upload vulnerability Booked 2.7.5. In the "Look and Feel" section of the management panel, you can modify the Logo-Favico-CSS files. Upload sections has file extension control except favicon part. You can upload the file with the extension you want through the Favicon field. The file you upload is written to the main directory of the site under the name "custom-favicon". After you upload the php payload to the main directory, the exploit executes the payload and receives a shell.

tags | exploit, shell, php, file upload
MD5 | d99806184924b3c9ff46a07a219526b9
WordPress WP-DreamworkGallery 2.3 CSRF / Shell Upload
Posted Mar 4, 2019
Authored by KingSkrupellos

WordPress WP-DreamworkGallery plugin version 2.3 suffers from cross site request forgery and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, csrf
MD5 | ebb77b46f615eb3e479a22add194666d
Joomla ModPPCSimpleSpotLight 1.2 / 3.0 CSRF / Shell Upload
Posted Mar 4, 2019
Authored by KingSkrupellos

Joomla ModPPCSimpleSpotLight module versions 1.2 and 3.0 suffer from cross site request forgery and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, csrf
MD5 | deefd967b89d7090b674d60afaae3978
Feng Office 3.7.0.5 Remote Command Execution
Posted Feb 28, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in Feng Office version 3.7.0.5. The application allows unauthenticated users to upload arbitrary files. There is no control of any session. All files are sent under /tmp directory. The .htaccess file under the /tmp directory prevents files with the php, php2, and php3 extensions. This exploit creates the php payload and moves the payload to the main directory via shtml. After moving the php payload to the main directory, the exploit executes payload and receives a shell.

tags | exploit, arbitrary, shell, php, file upload
MD5 | fd4c717a95e850f0b81235df10b31b52
HanYazilim Paper Submission System .NET 1.0 Shell Upload
Posted Feb 22, 2019
Authored by KingSkrupellos

HanYazilim Paper Submission System .NET version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 4aaca634076bf068eefce87d76d0b6f3
Joomla JWallPapers 2.0.1 Cross Site Request Forgery / Shell Upload
Posted Feb 19, 2019
Authored by KingSkrupellos

Joomla JWallPapers component version 2.0.1 suffers from cross site request forgery and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, csrf
MD5 | 9aab6fcc8810d60727be6c9cea7da1d0
Joomla Attachments 3.2.6 Shell Upload
Posted Feb 19, 2019
Authored by KingSkrupellos

Joomla Attachments component version 3.2.6 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 1b32b2a5e7b7c598712e5dccee53aaf3
Digi TransPort LR54 Restricted Shell Escape
Posted Feb 18, 2019
Authored by Stig Palmquist

Digi TransPort LR54 suffers from a restricted shell bypass vulnerability that gets a root shell.

tags | exploit, shell, root, bypass
advisories | CVE-2018-20162
MD5 | 896322aa0ccd273bc0ef57111661649e
macOS Reverse TCP Port 4444 IPv6 Shellcode
Posted Feb 18, 2019
Authored by Ken Kitahara

119 bytes small macOS reverse shell (::1:4444/TCP) shellcode.

tags | shell, tcp, shellcode
MD5 | 6397c35a057a288f54f8ee4475724784
macOS 127.0.0.1:4444 Reverse Shell Shellcode
Posted Feb 18, 2019
Authored by Ken Kitahara

103 bytes small macOS reverse (127.0.0.1:4444/TCP) shell (/bin/sh) with null-free shellcode.

tags | shell, tcp, shellcode
MD5 | 7ea2751121ef3c6b1e135ae2a9db3a20
Slims CMS Senayan Library Management System 7.0 Shell Upload
Posted Feb 14, 2019
Authored by KingSkrupellos

Slims CMS Senayan Library Management System version 7.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload
MD5 | d5be7d73783868baa48653a63e6a6a0d
snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation
Posted Feb 13, 2019
Authored by Chris Moberly

This exploit bypasses access control checks to use a restricted API function (POST /v2/snaps) of the local snapd service. This allows the installation of arbitrary snaps. Snaps in "devmode" bypass the sandbox and may include an "install hook" that is run in the context of root at install time. dirty_sockv2 leverages the vulnerability to install an empty "devmode" snap including a hook that adds a new user to the local system. This user will have permissions to execute sudo commands. As opposed to version one, this does not require the SSH service to be running. It will also work on newer versions of Ubuntu with no Internet connection at all, making it resilient to changes and effective in restricted environments. This exploit should also be effective on non-Ubuntu systems that have installed snapd but that do not support the "create-user" API due to incompatible Linux shell syntax. Some older Ubuntu systems (like 16.04) may not have the snapd components installed that are required for sideloading. If this is the case, this version of the exploit may trigger it to install those dependencies. During that installation, snapd may upgrade itself to a non-vulnerable version. Testing shows that the exploit is still successful in this scenario. This is the second of two proof of concepts related to this issue. Versions below 2.37.1 are affected.

tags | exploit, arbitrary, shell, local, root, proof of concept
systems | linux, ubuntu
advisories | CVE-2019-7304
MD5 | e9db49ddfa940a474a61af831e403fe3
WordPress WP User Manager 2.0.8 Shell Upload
Posted Feb 5, 2019
Authored by Mr Winst0n

WordPress WP User Manager plugin version 2.0.8 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 3fca06ac6e8e03541e64f3fb8360717c
WordPress Ultimate-Member 2.0.38 Cross Site Request Forgery / Shell Upload
Posted Feb 5, 2019
Authored by KingSkrupellos

WordPress Ultimate-Member plugin version 2.0.38 suffers from cross site request forgery and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, csrf
MD5 | f61b91a24dc98849236a6c36c3e9540e
Debian Security Advisory 4382-1
Posted Feb 4, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4382-1 - Nick Cleaton discovered two vulnerabilities in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the rsync support could result in the bypass of this restriction, allowing the execution of arbitrary shell commands.

tags | advisory, arbitrary, shell, vulnerability
systems | linux, debian
advisories | CVE-2019-3463, CVE-2019-3464
MD5 | c712f853c846c1437ca257c7fcd7a563
Joomla Remository 3.58 Database Disclosure / Shell Upload / SQL Injection
Posted Jan 31, 2019
Authored by KingSkrupellos

Joomla Remository component version 3.58 suffers from database disclosure, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection, info disclosure
MD5 | 18465f7b60e2578f320cbef6b64376ed
Debian Security Advisory 4377-1
Posted Jan 30, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4377-1 - The ESnet security team discovered a vulnerability in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve (Subversion), rdist and/or rsync operations. Missing validation in the scp support could result in the bypass of this restriction, allowing the execution of arbitrary shell commands.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2019-1000018
MD5 | 0f3abdb1f9aef1a11fc5a00e69af7d17
Linux/ARM Reverse Shell Shellcode
Posted Jan 29, 2019
Authored by Gokul Babu

64 bytes small Linux/ARM reverse TCP (192.168.1.124:4321) shell (/bin/sh) shellcode.

tags | shell, tcp, shellcode
systems | linux
MD5 | e576a654739aa60859efbc5ba2d8bc76
WordPress MM-Forms-Community 2.2.7 Shell Upload / SQL Injection
Posted Jan 25, 2019
Authored by KingSkrupellos

WordPress MM-Forms-Community plugin version 2.2.7 suffers from remote shell upload and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, sql injection
MD5 | 982252fe3a971fdcf2bcfce4c7d269bb
WordPress pitajte-strucnjaka 4.9.6 Shell Upload
Posted Jan 25, 2019
Authored by KingSkrupellos

WordPress pitajte-strucnjaka plugin version 4.9.6 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | ea500206c71fd9e591418c2fcbaca0a0
Splunk Enterprise 7.2.3 Command Execution
Posted Jan 24, 2019
Authored by Lee Mazzoleni

Splunk Enterprise version 7.2.3 authenticated remote reverse shell code execution exploit.

tags | exploit, remote, shell, code execution
MD5 | df373c09f1ec13bc91f5b1af385b3c67
Page 1 of 109
Back12345Next

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    22 Files
  • 20
    Mar 20th
    14 Files
  • 21
    Mar 21st
    8 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close