Real Name | Bobby Cooke |
---|---|
Email address | private |
First Active | 2019-12-13 |
Last Active | 2022-12-22 |
286 bytes small macOS/x64 execve Caesar cipher string null-free shellcode.
aa23ac4a240ae6871b72d0723b1c8d4ebded5889ad862b0dd0455f86699c05a2
253 bytes small macOS/x64 execve null-free shellcode.
8b589116ca43d93bd39b3f0f87c1530ec372e055ebb8ddff6b021bf288966dd7
Library Management System version 1.0 suffers from a remote blind time-based SQL injection vulnerability.
09e215838b64206f4d4119c058c5e284bdd8e98c69dab8b13f7377a4746d602f
The Custom JS plugin version 0.1 for GetSimple CMS suffers from a cross site request forgery vulnerability that allows remote unauthenticated attackers to inject arbitrary client-side code into authenticated administrators browsers, which results in remote code execution on the hosting server, when an authenticated administrator visits a malicious third party website.
37fb00eaa335aa6aa61ddf4f19d244b74484eafd86b630f87d5ad3af340ea879
655 bytes small 64-bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.
9b8f41be48c0a71cc5b34fd0d409faea955538963763a4a5c5ca27e1ec4d2afb
205 bytes small 64-bit Windows 10 shellcode that dynamically resolves the base address of kernel32.dll via PEB and ExportTable method. It contains no null bytes (0x00), and therefore will not crash if injected into typical stack buffer overflow vulnerabilities.
6143eebe8156ea982d4ef3362eab1915ca829a3ac99ed38af8a6c4ca2e852a0d
387 bytes small 64-bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups. Shellcode must be executed from a process with either a HIGH or SYSTEM integrity level.
0e9ecdb6d32c850a8cd46f1c273c31f8a22128d898a75e6f5be2706159ec67b0
GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to persistent cross site scripting to remote code execution exploit.
41f7e0ef54e05dad22d7753afc0b084638622f4b9593b685c302c7652a13556c
GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to remote code execution exploit.
2258d141aff440b13bbfd4362d347becfdafdef8d0b55521c249b9ab20702509
GetSimple CMS version 3.3.16 cross site scripting to remote shell upload exploit.
ff447b6110d359109791159d602b028e64b080305d8c9119c22a55bb1534f865
House Rental version 1.0 remote SQL injection exploit that leverages the keywords variable.
f3ce405357239bc159864db3af6456bd0791342c989bbfdf3d252560b427b3d3
CloudMe version 1.11.2 exploit that uses MSVCRT.System to create a new user (boku:0v3R9000!) and add the new user to the Administrators group. A requirement of successful exploitation is the CloudMe.exe process must be running as administrator.
fa72c3ffb403b1cf08f01966de80e025ee648636329bef78008faa0a5aee32e9
Tailor MS version 1.0 suffers from a cross site scripting vulnerability.
e5d3f596826a09594cd3da84dcda261dea5ea9721eb1dcd54f95e306795f8d75
GetSimple CMS Multi User plugin version 1.8.2 suffers from multiple cross site request forgery vulnerabilities.
075778612c10f536d4c7290644af4418086d7b993e4b199b7293a0ab52418e5e
Travel Management System version 1.0 unauthenticated remote code execution exploit.
ae792bbf40d2a842ca65d8accf25592c3e2dabed687c3b2b2ed5ea3351984110
Travel Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
760a289450add3ed69ac34686c2ac0875e492c2eaedd8b52cd0215906b35ebdc
Warehouse Inventory System version 1.0 suffers from a cross site request forgery vulnerability.
9259a5dd56037ce00a387f69f7055e6c55dbde1233f6394e2f390ff750bc8b9b
Tailor MS version 1.0 reflected cross site scripting key logger exploit.
24220cad535f63bbf6ab9fb8609e3780a5eb9b381a139bf42293242409ed5b05
BarracudaDrive version 6.5 suffers from a privilege escalation vulnerability.
bd93725c180cdafc139079c727d570922f7d871548126bc0ba7bf1843d4f7cb3
House Rental version 1.0 SQL injection exploit that changes the administrative password. Written in python.
03add875cfdb342001765974b146763270038bf46f6fe406f0e48df2834e06a7
Car Rental Management System version 1.0 unauthenticated persistent cross site scripting session harvester exploit.
b40d22bc3d4f56d3e0cef9a50ef2bae88ee704433658470af06ab12026f23b0a
Stock Management System version 1.0 suffers from a cross site request forgery vulnerability.
8721d9d0b4fda87f3d87fe69d111a14351e5052fb99acd5d3ea19f598339654b
Stock Management System version 1.0 cross site scripting credential harvesting exploit.
0aa55b6e25b3a9933f28634730833294cbcfe2ff2ac206b516d5e1c2fa64234a
Online Bike Rental version 1.0 suffers from an authenticated remote shell upload vulnerability.
3df5a1467fc3909370ba828c15f93e72b4265fd87271aa821233dcccaae9f382
Daily Tracker System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a8be4ff2a62d77c301deb8c022913ab021be0ba97c5458a6e843f74c9b13d029