Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS
GitHub - TanveerS1ngh/Chamilo-LMS-CVE-2023-4220-Exploit: Refurbish Chamilo LMS CVE-2023-4220 exploit written in bash
Refurbish Chamilo LMS CVE-2023-4220 exploit written in bash - TanveerS1ngh/Chamilo-LMS-CVE-2023-4220-Exploit
https://github.com/TanveerS1ngh/Chamilo-LMS-CVE-2023-4220-ExploitGitHub - TanveerS1ngh/Pluck-CMS-v4.7.18-Remote-Code-Execution-CVE-2023-50564-: Refurbish exploit in bash
Refurbish exploit in bash. Contribute to TanveerS1ngh/Pluck-CMS-v4.7.18-Remote-Code-Execution-CVE-2023-50564- development by creating an account on GitHub.
https://github.com/TanveerS1ngh/Pluck-CMS-v4.7.18-Remote-Code-Execution-CVE-2023-50564-GitHub - TanveerS1ngh/SQLPad-6.10.0-Exploit-CVE-2022-0944: Refurbish
Refurbish. Contribute to TanveerS1ngh/SQLPad-6.10.0-Exploit-CVE-2022-0944 development by creating an account on GitHub.
https://github.com/TanveerS1ngh/SQLPad-6.10.0-Exploit-CVE-2022-0944Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
Github link:
https://github.com/Tanveer...
GitHub - TanveerS1ngh/WonderCMS-4.3.2-XSS-to-RCE-Exploits-CVE-2023-41425: CVE-2023-41425 Refurbish
CVE-2023-41425 Refurbish. Contribute to TanveerS1ngh/WonderCMS-4.3.2-XSS-to-RCE-Exploits-CVE-2023-41425 development by creating an account on GitHub.
https://github.com/TanveerS1ngh/WonderCMS-4.3.2-XSS-to-RCE-Exploits-CVE-2023-41425zgimszhd61/CVE-2024-23114 · GitHub
Repository for CVE-2024-23113. Contribute to zgimszhd61/CVE-2024-23114 development by creating an account on GitHub.
https://github.com/zgimszhd61/CVE-2024-23114GitHub - MarioTesoro/CVE-2024-48569: Proof of concept of multiple Stored Cross-Site Scripting (XSS) vulnerabilities discovered in ACI Worldwide Proactive Risk M..
Proof of concept of multiple Stored Cross-Site Scripting (XSS) vulnerabilities discovered in ACI Worldwide Proactive Risk Manager v 9.1.1.0 - MarioTesoro/CVE-2024-48569
https://github.com/MarioTesoro/CVE-2024-48569An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Github link:
https://github.com/louisth...
GitHub - louisthedonothing/CVE-2019-9053: CVE-2019-9053 rewritten in python3 to fix broken syntax. Affects CMS made simple <2.2.10
CVE-2019-9053 rewritten in python3 to fix broken syntax. Affects CMS made simple <2.2.10 - louisthedonothing/CVE-2019-9053
https://github.com/louisthedonothing/CVE-2019-9053In this Capture the Flag (CTF) challenge from Hack The Box, we tackled the “Chemistry” box, where reconnaissance played a pivotal role. Here’s an overview of the methodology used to exploit the vulnerabilities.
Recon and Initial Findings
Using Nmap, we discovered open ports—22 (SSH) and 5000, a Python-based web server using Werkzeug. Port 5000 hosted a “Chemistry CIF Analyzer” web application, enabling CIF (Crystallographic Information File) uploads for structure analysis. CIF files store crystal structure data, and handling them securely is crucial.
Upload Testing and CIF Analysis
We tested the upload functionality by uploading a sample CIF file, which returned a 404 error but hinted at a server path /structure. This behavior suggested a possible CIF parsing vulnerability using the pymatgen library. Outdated versions of Werkzeug and Python increased the likelihood of security flaws.
Exploitation via Deserialization and CIF Structure
Using a deserialization exploit in pymatgen, we crafted a malicious CIF file, embedding a reverse shell payload. This approach leveraged the server’s vulnerable parsing mechanisms. By executing the payload, we gained access to a low-privilege shell.
Hash Cracking and Privilege Escalation
Further exploration revealed an MD5-hashed database containing user credentials. Using hash-cracking tools, we obtained plaintext passwords, granting SSH access to the “rosa” user. From there, tunneling enabled us to exploit another service running on port 8080, where aiohttp, an outdated Python asynchronous server framework, revealed a directory traversal vulnerability (CVE-2024-23334). This allowed us to escalate privileges and access sensitive files.
Conclusion
This CTF highlighted critical security aspects: outdated dependencies, deserialization flaws, and improper file handling can expose applications to severe vulnerabilities. Continuous updates, secure file parsing practices, and dependency management are essential in safeguarding applications from these threats.
#hackthebox
GitHub - EQSTLab/CVE-2024-46538: Proof-of-Concept for CVE-2024-46538
Proof-of-Concept for CVE-2024-46538. Contribute to EQSTLab/CVE-2024-46538 development by creating an account on GitHub.
https://github.com/EQSTLab/CVE-2024-46538GitHub - bl4ckarch/pf-pwnme: This is a simple POC to for show the pfsense 2.7 Command injection Vulnerability ( CVE-2023-42326)
This is a simple POC to for show the pfsense 2.7 Command injection Vulnerability ( CVE-2023-42326) - bl4ckarch/pf-pwnme
https://github.com/bl4ckarch/pf-pwnmeGitHub - uixss/PoC-CVE-2024-4947: A comprehensive analysis of the Chrome Remote Code Execution
A comprehensive analysis of the Chrome Remote Code Execution - GitHub - uixss/PoC-CVE-2024-4947: A comprehensive analysis of the Chrome Remote Code Execution
https://github.com/uixss/PoC-CVE-2024-4947GitHub - r3s3tt/CVE-2021-31755: POC cve-2021-31755
POC cve-2021-31755. Contribute to r3s3tt/CVE-2021-31755 development by creating an account on GitHub.
https://github.com/r3s3tt/CVE-2021-31755Microsoft Exchange Server Remote Code Execution Vulnerability.
Github link:
https://github.com/soltana...
GitHub - soltanali0/CVE-2022-41082: CVE-2022-41082-poc
CVE-2022-41082-poc. Contribute to soltanali0/CVE-2022-41082 development by creating an account on GitHub.
https://github.com/soltanali0/CVE-2022-41082GitHub - groshi/CVE-2024-38812-POC-5-Hands-Private: CVE-2024-38812 : Critical Heap-Buffer Overflow vulnerability in VMWare vCenter.
CVE-2024-38812 : Critical Heap-Buffer Overflow vulnerability in VMWare vCenter. - groshi/CVE-2024-38812-POC-5-Hands-Private
https://github.com/groshi/CVE-2024-38812-POC-5-Hands-PrivateUndisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Github link:
https://github.com/AMELYA1...
GitHub - AMELYA13/CVE-2023-46747-Mass-RCE: CVE-2023-46747-Mass-RCE
CVE-2023-46747-Mass-RCE. Contribute to AMELYA13/CVE-2023-46747-Mass-RCE development by creating an account on GitHub.
https://github.com/AMELYA13/CVE-2023-46747-Mass-RCEA use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
Github link:
https://github.com/groshi/...
GitHub - groshi/CVE-2024-23113-Private-POC: CVE-2024-23113-Private-POC
CVE-2024-23113-Private-POC. Contribute to groshi/CVE-2024-23113-Private-POC development by creating an account on GitHub.
https://github.com/groshi/CVE-2024-23113-Private-POCGitHub - xbee9/cve-2022-20223: A simple bash script for exploiting Android 10/11/12 using cve-2022-20223.
A simple bash script for exploiting Android 10/11/12 using cve-2022-20223. - xbee9/cve-2022-20223
https://github.com/xbee9/cve-2022-20223Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Github link:
https://github.com/MacTavi...
GitHub - MacTavish2/CVE-2023-46747-Mass-RCE: CVE-2023-46747-Mass-RCE
CVE-2023-46747-Mass-RCE. Contribute to MacTavish2/CVE-2023-46747-Mass-RCE development by creating an account on GitHub.
https://github.com/MacTavish2/CVE-2023-46747-Mass-RCEIn the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
Github link:
https://github.com/davidzz...
GitHub - davidzzo23/CVE-2022-23131: Zabbix Frontend Authentication Bypass Vulnerability
Zabbix Frontend Authentication Bypass Vulnerability - davidzzo23/CVE-2022-23131
https://github.com/davidzzo23/CVE-2022-23131