Category Archives: Penetration Testing

Penetration testing information, tools, tutorials, contracts and howto

E-Commerce PHP Shopping Cart Script osCommerce 2.3.4.1 – Arbitrary File Upload Vulnerability Exploit Code

      E-Commerce PHP Shopping Cart Script osCommerce 2.3.4.1 – Arbitrary File Upload Vulnerability Exploit Code   # Exploit Title: osCommerce 2.3.4.1 Authenticated Arbitrary File Upload # Date: 11.11.2017 # Exploit Author: Simon Scannell – https://scannell-infosec.net <contact@scannell-infosec.net> # Vendor Homepage: https://www.oscommerce.com/ # Software Link: https://www.oscommerce.com/Products&Download=oscom234 # Version: 2.3.4.1, 2.3.4 – Other versions have not… Read More »

Share Button

MyBB 1.8.13 – Remote Code Execution + Cross-Site Scripting Vulnerability Exploit Code Proof of Concept

# Exploit Title: RCE in MyBB up to 1.8.13 via installer # Date: Found on 05-29-2017 # Exploit Author: Pablo Sacristan # Vendor Homepage: https://mybb.com/ # Version: Version > 1.8.13 (Fixed in 1.8.13) # CVE : CVE-2017-16780 This RCE can be executed via CSRF but doesn’t require it (in some special cases). The requirements are… Read More »

Share Button

Eir D1000 Wireless Router – WAN Side Remote Command Injection Exploit

    # Exploit Title: Eir D1000 Wireless Router – WAN Side Remote Command Injection # Date: 7th November 2016 # Exploit Author: Kenzo # Website: https://devicereversing.wordpress.com # Tested on Firmware version: 2.00(AADU.5)_20150909 # Type: Webapps # Platform: Hardware   Description =========== By sending certain TR-064 commands, we can instruct the modem to open port… Read More »

Share Button

Penetration Testing Reconassaince Command Line Tricks Dig, Mass Domain Resolution, Ping Sweeping

Here are some simple command line tricks to help while doing recon on your target network/host A simple way to automatically resolve domain names, can be used with a for loop to resolve a massive list of domain names, you can also add a cronjob and create an .out file if you want to track… Read More »

Share Button