This tool allows a user to bypass Version 3 of Google's Invisible RECAPTCHA by creating a spoofed web app that leverages the same RECAPTCHA, by providing the victims site key. What makes a site vulnerable? 1. They are using Version 3 of Google's Invisible RECAPTCHA 2. They allow the site key to be used on 'localhost'. However, while currently untested you could try adding the DNS name of the target you are attacking and try resolving it to 127.0.0.1 in your hosts file. NOTE: Exploit users need to have a functional understanding of both Python and JavaScript to make the necessary changes to run this exploit.
The PackWeb Formap E-learning application from EDISER is vulnerable to SQL injection via the 'NumCours' parameter on the eleve_cours.php
This exploit allows an attacker to perform local file inclusion and remote code execution on the XCMS version 1.82. The exploit involves manipulating the 'pg' parameter in the index.php file to access sensitive files on the server and execute arbitrary code. The exploit also mentions a hash disclosure vulnerability that allows an attacker to access user hashes. To achieve RCE, the attacker needs to upload an image with a PHP code binded and then use the LFI vulnerability to execute the code.
The SkyFex Client 1.0 software is vulnerable to a remote stack overflow exploit in the "Start()" method. An attacker can exploit this vulnerability by providing specially crafted input to the method, causing a stack overflow and potentially allowing the execution of arbitrary code. This vulnerability can be exploited remotely without authentication. The vulnerability affects version 1.0.2.77 of the SkyFexClient.ocx file. The exploit has been tested on Windows XP Professional SP2 with Internet Explorer 7.
The 'ETDService' service in ELAN Smart-Pad 11.10.15.1 has an unquoted service path vulnerability. This allows an attacker with local access to execute arbitrary code with elevated privileges.
This is a proof-of-concept exploit for a Denial of Service vulnerability in VIM 8.2. The vulnerability allows an attacker to cause a crash or hang the VIM process by executing a specific command.
This exploit targets the HiSilicon DVR/NVR hi3520d firmware and allows for remote access to a backdoor account. The exploit code provided in the POC section can be used to exploit this vulnerability.
This exploit allows an attacker to escalate their privileges in the xglance-bin 11.00 software. It leverages a vulnerability with CVE-2014-2630. The exploit code sets the user ID to the effective user ID, and then executes a shell command.
In the file showCode.php, there is a vulnerability that allows for remote command execution by modifying the $path variable and using the shell_exec function.
Exploit based on FoToZ exploit but with reverse connectback and bind features for all NT based OS's. Can be triggered by clicking the exploit jpeg file in Windows Explorer or opening it in explorer.exe.
Services By CQR