Category Archives: Exploits & PoC

E-Commerce PHP Shopping Cart Script osCommerce 2.3.4.1 – Arbitrary File Upload Vulnerability Exploit Code

      E-Commerce PHP Shopping Cart Script osCommerce 2.3.4.1 – Arbitrary File Upload Vulnerability Exploit Code   # Exploit Title: osCommerce 2.3.4.1 Authenticated Arbitrary File Upload # Date: 11.11.2017 # Exploit Author: Simon Scannell – https://scannell-infosec.net <contact@scannell-infosec.net> # Vendor Homepage: https://www.oscommerce.com/ # Software Link: https://www.oscommerce.com/Products&Download=oscom234 # Version: 2.3.4.1, 2.3.4 – Other versions have not… Read More »

Share Button

MyBB 1.8.13 – Remote Code Execution + Cross-Site Scripting Vulnerability Exploit Code Proof of Concept

# Exploit Title: RCE in MyBB up to 1.8.13 via installer # Date: Found on 05-29-2017 # Exploit Author: Pablo Sacristan # Vendor Homepage: https://mybb.com/ # Version: Version > 1.8.13 (Fixed in 1.8.13) # CVE : CVE-2017-16780 This RCE can be executed via CSRF but doesn’t require it (in some special cases). The requirements are… Read More »

Share Button