header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Pluck CMS CSRF – Injecting malicious contents to pagess

PHP exploit written below can be used to add malicious contents to any page created by CMS. The rexploits results in HTML outputs corresponding CMS pages (main pages). HTML outputs are called CSRF exploit which will edit the page which will include malicious content and old contents of page. Malicious content must be chosen by the attacker. In the case of illustration, I just put the <script>alert('123');</script>. Many devastating usage would be achieved through injecting HTML code to a page.

Apache suEXEC privilege elevation / information disclosure

The suEXEC feature in Apache allows users to run CGI and SSI programs under different user IDs than the web server. However, a bug in the suEXEC configuration can allow an attacker to read any file or directory on the UNIX/Linux system with the user and group ID of the Apache web server. This can be exploited by running PHP or CGI code inside a web hosting environment that uses suEXEC as a protection mechanism.

MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation

The Windows kernel does not properly isolate broadcast messages from low integrity applications from medium or high integrity applications. This allows commands to be broadcasted to an open medium or high integrity command prompts allowing escalation of privileges. We can spawn a medium integrity command prompt, after spawning a low integrity command prompt, by using the Win+Shift+# combination to specify the position of the command prompt on the taskbar. We can then broadcast our command and hope that the user is away and doesn't corrupt it by interacting with the UI. Broadcast issue affects versions Windows Vista, 7, 8, Server 2008, Server 2008 R2, Server 2012, RT. But Spawning a command prompt with the shortcut key does not work in Vista so you will have to check if the user is already running a command prompt and set SPAWN_PROMPT false. The WEB technique will execute a powershell encoded payload from a Web location. The FILE technique will drop an executable to the file system, set it to medium integrity and execute it. The TYPE technique will attempt to execute a powershell encoded payload directly from the command line but it may take s

PineApp Mail-SeCure ldapsyncnow.php Arbitrary Command Execution

This module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the ldapsyncnow.php component, due to the insecure usage of the shell_exec() php function. This module has been tested successfully on PineApp Mail-SeCure 3.70.

Arbitrary File Overwrite in Wimpy MP3

The Wimpy MP3 application is vulnerable to an arbitrary file overwrite weakness. An attacker can exploit this vulnerability by providing malicious data through the 'trackFile' parameter in the 'wimpy_trackplays.php' script. This can lead to the overwrite of a text file with attacker-supplied content. Successful exploitation of this vulnerability can assist an attacker in further attacks.

Recent Exploits: