Category Archives: Vulnerabilities & Exploits

E-Commerce PHP Shopping Cart Script osCommerce 2.3.4.1 – Arbitrary File Upload Vulnerability Exploit Code

      E-Commerce PHP Shopping Cart Script osCommerce 2.3.4.1 – Arbitrary File Upload Vulnerability Exploit Code   # Exploit Title: osCommerce 2.3.4.1 Authenticated Arbitrary File Upload # Date: 11.11.2017 # Exploit Author: Simon Scannell – https://scannell-infosec.net <contact@scannell-infosec.net> # Vendor Homepage: https://www.oscommerce.com/ # Software Link: https://www.oscommerce.com/Products&Download=oscom234 # Version: 2.3.4.1, 2.3.4 – Other versions have not… Read More »

Share Button

MyBB 1.8.13 – Remote Code Execution + Cross-Site Scripting Vulnerability Exploit Code Proof of Concept

# Exploit Title: RCE in MyBB up to 1.8.13 via installer # Date: Found on 05-29-2017 # Exploit Author: Pablo Sacristan # Vendor Homepage: https://mybb.com/ # Version: Version > 1.8.13 (Fixed in 1.8.13) # CVE : CVE-2017-16780 This RCE can be executed via CSRF but doesn’t require it (in some special cases). The requirements are… Read More »

Share Button

Similarities and Differences in the terms Phishing, Malvertising, Spam and Malware E-mails

What is Phishing? What are malvertising, spam e-mail and malware e-mail campaigns?  These terms have started to become intertwined and used interchangeably which generally means that there is a lack of understanding in the IT community which is typical. Over time laziness and improper training has a way of bending security definitions into bundles. A great example… Read More »

Share Button

ALERT! Very Active PHISHING CAMPAIGN still alive targetting Dropbox Users

I received the link via e-mail but also found it online through some redirects and a dropbox typeo domain name. The images and page look spot on ….but if you look at the URI like you should you’ll notice right away we got some problems here! http://glabalinvestment.tk/cost/DROP1/casts/   The campaign is stealing your Gmail, Yahoo,… Read More »

Share Button

Converted PCAP sample of a Microsoft Windows Reverse Shell

Converted PCAP sample of a Microsoft Windows Reverse Shell, the shell is spawned on port 4444, the hacked PC initiates the connection to 192.168.1.109 which has a Netcat listener waiting on port 4444 to spawn a command line shell on connect. You can see once the shell is spawned a user is created and added… Read More »

Share Button