This exploit allows an attacker to perform SQL injection on the admin/login.asp page of oneSCHOOL application. It retrieves the login name and password from the UsersSecure table. The exploit works for all versions of oneSCHOOL.
All recordings mechanisms (Keystoke, SSH Text Recorder and video) can be evaded because users entries are not properly validated. Commands executed in a reverse shell are not monitored. The connection process will freeze just after the 'session is being recorded' banner and the all commands we enter are not monitored.
The PicUploader plugin for Wordpress version 1.0 allows remote attackers to upload arbitrary files to the server due to improper handling of file uploads. This can lead to remote code execution or unauthorized access to sensitive information.
This exploit allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on Exagate Sysguard 6001. By tricking a user into visiting a malicious website, the attacker can add an admin account without the user's knowledge or consent.
This script is a simple experiment to exploit the KR00K vulnerability (CVE-2019-15126), that allows to decrypt some WPA2 CCMP data in vulnerable devices. More specifically this script attempts to retrieve Plaintext Data of WPA2 CCMP packets knowning: the TK (128 bites all zero), the Nonce (sent plaintext in packet header), and the Encrypted Data.
VScode may use code from a virtualenv found in the project folders without asking the user, leading to arbitrary code execution by cloning and opening a malicious Python repository.
This exploit allows an attacker to retrieve the admin username and hash from the Zenphoto 1.1.3 application. The vulnerability exists in the 'rss.php' file, where the 'albumnr' parameter is not properly sanitized before being used in a SQL query. By injecting a UNION SELECT statement, the attacker can retrieve sensitive information from the database, such as the admin username and hash.
The Netlink GPON Router 1.0.11 is vulnerable to remote code execution. By sending a specially crafted request, an attacker can execute arbitrary code on the router.
This module exploits multiple vulnerabilities in rConfig version 3.9 in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in the `path` parameter of the ajax archive file functionality within the rConfig web interface in order to execute the payload. Valid credentials for a user with administrative privileges are required. However, this module can bypass authentication via SQLI. This module has been successfully tested on Rconfig 3.9.3 and 3.9.4.
This exploit allows an authenticated user to execute arbitrary commands on the target system by uploading a specially crafted PHP file. The vulnerability exists in the 'image-upload.php' file of PHPKB Multi-Language 9. By uploading a PHP file containing the desired command, the attacker can execute it by visiting the generated URL.
Services By CQR