what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files from Valentin Lobstein

First Active2021-11-11
Last Active2024-10-30
WordPress WP-Automatic SQL Injection
Posted Oct 30, 2024
Authored by Valentin Lobstein, Rafie Muhammad | Site metasploit.com

This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows the attacker to inject and execute arbitrary SQL commands, which can be used to create a malicious administrator account. The password for the new account is hashed using MD5. Once the administrator account is created, the attacker can upload and execute a malicious plugin, leading to full control over the WordPress site.

tags | exploit, remote, arbitrary, code execution, sql injection
advisories | CVE-2024-27956
SHA-256 | ee57dce5428a24a7b498257e3bc5ee22dadff0bd6e92b4746a779384b38532cb
BYOB Unauthenticated Remote Code Execution
Posted Oct 16, 2024
Authored by Valentin Lobstein, chebuya | Site metasploit.com

This Metasploit module exploits two vulnerabilities in the BYOB (Build Your Own Botnet) web GUI. It leverages an unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user. It also uses an authenticated command injection in the payload generation page. These vulnerabilities remain unpatched.

tags | exploit, web, arbitrary, vulnerability
advisories | CVE-2024-45256, CVE-2024-45257
SHA-256 | 79a52f4825a37f1f32b41c75c5291bce58103929d4c86cd602c2497b8eff4236
VICIdial Authenticated Remote Code Execution
Posted Oct 1, 2024
Authored by Valentin Lobstein, Jaggar Henry | Site metasploit.com

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

tags | exploit, arbitrary, shell, root
advisories | CVE-2024-8504
SHA-256 | 2328f6faa4b6ae3ca330a27bb8694e1604bd747c455740abb7e147c4bd02a379
SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution
Posted Sep 12, 2024
Authored by Valentin Lobstein, Laluka, Julien Voisin, Vozec | Site metasploit.com

This Metasploit module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the lister_fichiers_par_champs function, which is triggered when the bigup_retrouver_fichiers parameter is set to any value. By exploiting the improper handling of multipart form data in file uploads, an attacker can inject and execute arbitrary PHP code on the target server. This critical vulnerability affects all versions of SPIP from 4.0 up to and including 4.3.1, 4.2.15, and 4.1.17. It allows unauthenticated users to execute arbitrary code remotely via the public interface. The vulnerability has been patched in versions 4.3.2, 4.2.16, and 4.1.18.

tags | exploit, remote, arbitrary, php, code execution, file upload
advisories | CVE-2024-8517
SHA-256 | 470929e92864600915a7773675e61c23486f09b86f3d05d72951628b436ed7c0
WordPress GiveWP Donation / Fundraising Platform 3.14.1 Code Execution
Posted Aug 29, 2024
Authored by Julien Ahrens, Valentin Lobstein, EQSTSeminar, Villu Orav | Site metasploit.com

The GiveWP Donation plugin and Fundraising Platform plugin for WordPress in all versions up to and including 3.14.1 is vulnerable to a PHP object injection (POI) flaw granting an unauthenticated attacker arbitrary code execution.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2024-5932
SHA-256 | e3b0f075dd3c67bb401766241b1a40088cf8f52a33b79fe6c2ea5b667c1296f2
SPIP 4.2.12 Remote Code Execution
Posted Aug 22, 2024
Authored by Valentin Lobstein, Laluka, Julien Voisin | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in SPIP versions up to and including 4.2.12. The vulnerability occurs in SPIP's templating system where it incorrectly handles user-supplied input, allowing an attacker to inject and execute arbitrary PHP code. This can be achieved by crafting a payload manipulating the templating data processed by the echappe_retour() function, invoking traitements_previsu_php_modeles_eval(), which contains an eval() call.

tags | exploit, remote, arbitrary, php, code execution
SHA-256 | 220b4c7418ac511ddb8ab8d9f4dfe87f0368c9ca91b9699fa9d3b9a0c425f434
WordPress Hash Form 1.1.0 Remote Code Execution
Posted Jun 6, 2024
Authored by Valentin Lobstein, Francesco Carlucci | Site metasploit.com

The Hash Form Drag and Drop Form Builder plugin for WordPress suffers from a critical vulnerability due to missing file type validation in the file_upload_action function. This vulnerability exists in all versions up to and including 1.1.0. Unauthenticated attackers can exploit this flaw to upload arbitrary files, including PHP scripts, to the server, potentially allowing for remote code execution on the affected WordPress site. This Metasploit module targets multiple platforms by adapting payload delivery and execution based on the server environment.

tags | exploit, remote, arbitrary, php, code execution
advisories | CVE-2024-5084
SHA-256 | 64b2193d74612e99562b23a4a36b832a46e526be92d5e77374181caa141143e0
AVideo WWBNIndex Plugin Unauthenticated Remote Code Execution
Posted May 22, 2024
Authored by Valentin Lobstein | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the WWBNIndex plugin of the AVideo platform. The vulnerability exists within the submitIndex.php file, where user-supplied input is passed directly to the require() function without proper sanitization. By exploiting this, an attacker can leverage the PHP filter chaining technique to execute arbitrary PHP code on the server. This allows for the execution of commands and control over the affected system. The exploit is particularly dangerous because it does not require authentication, making it possible for any remote attacker to exploit this vulnerability.

tags | exploit, remote, arbitrary, php, code execution
advisories | CVE-2024-31819
SHA-256 | 7df90df7e75927e09777170cc36a4823a5062bc6e077056564aea5f7a6ba8b7f
DerbyNet 9.0 print/render/racer.inc SQL Injection
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/racer.inc.

tags | exploit, remote, sql injection
advisories | CVE-2024-30923
SHA-256 | c59f5b4f5d044eb7838a408a25e1ddb8966666ed55c708660903f015ccf7e1b5
DerbyNet 9.0 print/render/award.inc SQL Injection
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/award.inc.

tags | exploit, remote, sql injection
advisories | CVE-2024-30922
SHA-256 | 635f60dcea426f833c149bf378a0e8ce1585c3548641f81eb1702cf39c8c50de
DerbyNet 9.0 ajax/query.slide.next.inc SQL Injection
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in ajax/query.slide.next.inc.

tags | exploit, remote, sql injection
advisories | CVE-2024-30928
SHA-256 | 4d58e0287f76d2e5689e86c7f6907829d0e768e9a60e0f2ac317c9153ee4e3b6
DerbyNet 9.0 playlist.php Cross Site Scripting
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in playlist.php.

tags | exploit, php, xss
advisories | CVE-2024-30929
SHA-256 | 33a3298bf5768c9f7a9fcd2deaa459729d65f2eb60c8601a0d2dd30561151395
DerbyNet 9.0 racer-results.php Cross Site Scripting
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in racer-results.php.

tags | exploit, php, xss
advisories | CVE-2024-30927
SHA-256 | e1f0ec83ec56b1d3ebff89be4223a47e4c6caea8be38185b375b827447078473
DerbyNet 9.0 inc/kisosks.inc Cross Site Scripting
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in inc/kiosks.inc.

tags | exploit, xss
advisories | CVE-2024-30926
SHA-256 | 74c4544a3c0353807fe286b034266f311ce4af6f554209e73f1d797e5fbff5cc
DerbyNet 9.0 photo-thumbs.php Cross Site Scripting
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo-thumbs.php.

tags | exploit, php, xss
advisories | CVE-2024-30925
SHA-256 | e33a05805911bcd786fdff15a7d4ac31f136e43e12a0f9ec5b25c0db38d7fe3e
DerbyNet 9.0 checkin.php Cross Site Scripting
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in checkin.php.

tags | exploit, php, xss
advisories | CVE-2024-30924
SHA-256 | 8f9e6fd28f6cfe91749cb218425046ee910787a3a9fd05dafed94fca09da5a72
DerbyNet 9.0 photo.php Cross Site Scripting
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo.php.

tags | exploit, php, xss
advisories | CVE-2024-30921
SHA-256 | d7ac5458d2d0756d2d607450406a0027661faffb3740c59db51f83e2e7620fe8
DerbyNet 9.0 render-document.php Cross Site Scripting
Posted Apr 5, 2024
Authored by Valentin Lobstein

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in render-document.php.

tags | exploit, php, xss
advisories | CVE-2024-30920
SHA-256 | 6ac6f7dc08e5aa36734a4a3929671a6b16c39f23cfa800f533b74b3aa6969051
WordPress Bricks Builder Theme 1.9.6 Remote Code Execution
Posted Mar 27, 2024
Authored by Valentin Lobstein, Calvin Alkan | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit the eval() function usage within the theme. Successful exploitation allows for full control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.

tags | exploit, remote, arbitrary, php, code execution
advisories | CVE-2024-25600
SHA-256 | 5a32fb78bdb52593a7f339d7321ec50570d8dc8998da3f4da0c0eaf663f73ac5
Vinchin Backup And Recovery 7.2 Command Injection
Posted Mar 14, 2024
Authored by Valentin Lobstein

Vinchin Backup and Recovery versions 7.2 and below suffer from an authentication command injection vulnerability.

tags | exploit
advisories | CVE-2024-25228
SHA-256 | dd0fc3f58917682d94f66913e102128d1a5e1eb10e34fa851b9f47a77fc06b74
Vinchin Backup And Recovery 7.2 SystemHandler.class.php Command Injection
Posted Jan 26, 2024
Authored by Valentin Lobstein

Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in SystemHandler.class.php.

tags | exploit, php
advisories | CVE-2024-22903
SHA-256 | dc8db7a93b49f089a2c51bccac868cf579a7563c72b570b389665c44bbc72c33
Vinchin Backup And Recovery 7.2 Default Root Credentials
Posted Jan 26, 2024
Authored by Valentin Lobstein

Vinchin Backup and Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security vulnerability.

tags | exploit, root
advisories | CVE-2024-22902
SHA-256 | 143e6238373ef81a5ff8ac20adcd938850570b964ce2524cbda8409d063c34f6
Vinchin Backup And Recovery 7.2 Default MySQL Credentials
Posted Jan 26, 2024
Authored by Valentin Lobstein

A critical security issue has been discovered in Vinchin Backup and Recovery version 7.2. The software has been found to use default MYSQL credentials, which could lead to significant security risks.

tags | exploit
advisories | CVE-2024-22901
SHA-256 | 5cbb4901365c8c32a2383f8e2b3f381029f1d5fc24795a4103af00a458e5220b
Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection
Posted Jan 26, 2024
Authored by Valentin Lobstein

Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the syncNtpTime function.

tags | exploit
advisories | CVE-2024-22899
SHA-256 | 0242c4e4a374f9777179ac019e4dd5586b14c724b7f3ef5b41b8ad3c320ff6b3
Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection
Posted Jan 26, 2024
Authored by Valentin Lobstein

Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the setNetworkCardInfo function.

tags | exploit
advisories | CVE-2024-22900
SHA-256 | 2407896a2dd181668f83b4a0636bae9fcbdf6fe55fccd57e7c2642e04f270ff5
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close