-
PHP Files ≈ Packet Storm
Sep 1, 2024 | 17:22 pm
This Metasploit module exploits several authenticated SQL Inject vulnerabilities in VICIdial 2.14b0.5 prior to svn/trunk revision 3555 (VICIBox 10.0.0, prior to January 20 is vulnerable). Injection point 1 is on vicidial/admin.php when adding a user, in the modify_email_accounts parameter. Injection[…]
Read more...
-
PHP Files ≈ Packet Storm
Sep 1, 2024 | 17:21 pm
Icingaweb versions from 2.9.0 to 2.9.5 inclusive, and 2.8.0 to 2.8.5 inclusive suffer from an unauthenticated directory traversal vulnerability. The vulnerability is triggered through the icinga-php-thirdparty library, which allows unauthenticated users to retrieve arbitrary files from the targets filesystem via[…]
Read more...
-
PHP Files ≈ Packet Storm
Sep 1, 2024 | 17:17 pm
This Metasploit module exploits a directory traversal vulnerability found in Bitweaver. When handling the overlay_type parameter, view_overlay.php fails to do any path checking/filtering, which can be abused to read any file outside the virtual directory.
Read more...
-
PHP Files ≈ Packet Storm
Sep 1, 2024 | 17:13 pm
This Metasploit module exploits a bypass issue with WPS Hide Login versions less than or equal to 1.9. WPS Hide Login is used to make a new secret path to the login page, however a GET request to /wp-admin/options.php with[…]
Read more...
-
PHP Files ≈ Packet Storm
Sep 1, 2024 | 16:46 pm
This Metasploit module attempts to bruteforce the chinese caidao asp/php/aspx backdoor.
Read more...
-
PHP Files ≈ Packet Storm
Sep 1, 2024 | 16:45 pm
The iDangero.us Chop Slider 3 WordPress plugin version 3.4 and prior contains a blind SQL injection in the id parameter of the get_script/index.php page. The injection is passed through GET parameters, and thus must be encoded, and magic_quotes is applied[…]
Read more...
-
PHP Files ≈ Packet Storm
Sep 1, 2024 | 16:21 pm
LearnPress, a learning management plugin for WordPress, prior to 3.2.6.8 is affected by an authenticated SQL injection via the current_items parameter of the post-new.php page.
Read more...
-
PHP Files ≈ Packet Storm
Sep 1, 2024 | 16:05 pm
This Metasploit module exploits a directory traversal vulnerability found in WebPageTest. Due to the way the gettext.php script handles the file parameter, it is possible to read a file outside the www directory.
Read more...
-
PHP Files ≈ Packet Storm
Sep 1, 2024 | 15:58 pm
This Metasploit module exploits an unauthenticated database backup vulnerability in WordPress plugin Boldgrid-Backup also known as Total Upkeep version < 1.14.10. First, env-info.php is read to get server information. Next, restore-info.json is read to retrieve the last backup file. That[…]
Read more...
-
PHP Files ≈ Packet Storm
Aug 31, 2024 | 22:04 pm
This Metasploit module exploits a SQL Injection vulnerability In TYPO3 NewsController.php in the news module 5.3.2 and earlier. It allows an unauthenticated user to execute arbitrary SQL commands via vectors involving overwriteDemand and OrderByAllowed. The SQL injection can be used[…]
Read more...
-
PHP Files ≈ Packet Storm
Aug 31, 2024 | 21:56 pm
The WordPress WPLMS theme from version 1.5.2 to 1.8.4.1 allows an authenticated user of any user level to set any system option due to a lack of validation in the import_data function of /includes/func.php. The module first changes the admin[…]
Read more...
-
PHP Files ≈ Packet Storm
Aug 31, 2024 | 21:42 pm
This Metasploit module abuses the "install/upgrade.php" component on vBulletin 4.1+ and 4.5+ to create a new administrator account, as exploited in the wild on October 2013. This Metasploit module has been tested successfully on vBulletin 4.1.5 and 4.1.0.
Read more...
-
PHP Files ≈ Packet Storm
Aug 31, 2024 | 21:36 pm
The WordPress WP EasyCart plugin from version 1.1.30 to 3.0.20 allows authenticated users of any user level to set any system option via a lack of validation in the ec_ajax_update_option and ec_ajax_clear_all_taxrates functions located in /inc/admin/admin_ajax_functions.php. The module first changes[…]
Read more...
-
PHP Files ≈ Packet Storm
Aug 31, 2024 | 21:05 pm
This Metasploit module exploits an authentication bypass vulnerability in login.php in order to execute arbitrary code via a command injection vulnerability in property_box.php. This Metasploit module was tested against Oracle Secure Backup version 10.3.0.1.0 (Win32).
Read more...
-
PHP Files ≈ Packet Storm
Aug 31, 2024 | 21:04 pm
This Metasploit module exploits an authentication bypass vulnerability in login.php in order to execute arbitrary code via a command injection vulnerability in property_box.php. This Metasploit module was tested against Oracle Secure Backup version 10.3.0.1.0 (Win32).
Read more...
-
PHP Files ≈ Packet Storm
Aug 31, 2024 | 19:45 pm
AlienVault 4.5.0 is susceptible to an authenticated SQL injection attack via a PNG generation PHP file. This Metasploit module exploits this to read an arbitrary file from the file system. Any authenticated user is able to exploit it, as administrator[…]
Read more...
-
PHP Files ≈ Packet Storm
Aug 31, 2024 | 19:32 pm
AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against newpolicyform.php, using the insertinto parameter. This Metasploit module exploits the vulnerability to read an arbitrary file from the file system. Any authenticated user is able to exploit[…]
Read more...
-
PHP Files ≈ Packet Storm
Aug 31, 2024 | 19:30 pm
This Metasploit module extracts the usernames and hashed passwords of all users of the Pimcore web service by exploiting a SQL injection vulnerability in Pimcores REST API. Pimcore begins to create password hashes by concatenating a users username, the name[…]
Read more...
-
PHP Files ≈ Packet Storm
Aug 31, 2024 | 19:18 pm
Due to lack of verification of a visitors permissions, it is possible to execute the export.php script included in the default installation of the Ultimate CSV Importer plugin and retrieve the full contents of the user table in the WordPress[…]
Read more...
-
PHP Files ≈ Packet Storm
Aug 31, 2024 | 18:53 pm
This Metasploit module will extract user credentials from DoliWamp - a WAMP packaged installer distribution for Dolibarr ERP on Windows - versions 3.3.0 to 3.4.2 by hijacking a users session. DoliWamp stores session tokens in filenames in the tmp directory.[…]
Read more...
-
PHP Files ≈ Packet Storm
Aug 31, 2024 | 17:44 pm
This Metasploit module uses a denial-of-service (DoS) condition appearing in a variety of programming languages. This vulnerability occurs when storing multiple values in a hash table and all values have the same hash value. This can cause a web server[…]
Read more...
-
PHP Files ≈ Packet Storm
Aug 31, 2024 | 17:01 pm
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to
Read more...