what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

Files from Rafie Muhammad

First Active2022-06-08
Last Active2024-10-30
WordPress WP-Automatic SQL Injection
Posted Oct 30, 2024
Authored by Valentin Lobstein, Rafie Muhammad | Site metasploit.com

This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows the attacker to inject and execute arbitrary SQL commands, which can be used to create a malicious administrator account. The password for the new account is hashed using MD5. Once the administrator account is created, the attacker can upload and execute a malicious plugin, leading to full control over the WordPress site.

tags | exploit, remote, arbitrary, code execution, sql injection
advisories | CVE-2024-27956
SHA-256 | ee57dce5428a24a7b498257e3bc5ee22dadff0bd6e92b4746a779384b38532cb
WordPress LiteSpeed Cache Cookie Theft
Posted Sep 17, 2024
Authored by jheysel-r7, Rafie Muhammad | Site metasploit.com

This Metasploit module exploits an unauthenticated account takeover vulnerability in LiteSpeed Cache, a WordPress plugin that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when the Debug Logging feature is enabled, the plugin will log admin cookies to the /wp-content/debug.log endpoint which is accessible without authentication. The Debug Logging feature in the plugin is not enabled by default. The admin cookies found in the debug.log can be used to upload and execute a malicious plugin containing a payload.

tags | exploit
advisories | CVE-2024-44000
SHA-256 | 6e09b750ae1a9a0b2b8f3c6e3aa95c6c27115a13bd3431b2f9fa3155e9f1d346
WordPress Core 6.3.1 XSS / DoS / Arbitrary Shortcode Execution
Posted Oct 13, 2023
Authored by James Golovich, Rafie Muhammad, WhiteCyberSec, Marc Montpas, Edouard L, s5s, JB Audras, Jorge Costa, raouf_maklouf, mascara7784 | Site wordfence.com

WordPress Core versions prior to 6.3.2 suffer from arbitrary shortcode execution, cross site scripting, denial of service, and information leakage vulnerabilities. Versions prior to 6.3.2 are vulnerable.

tags | exploit, denial of service, arbitrary, vulnerability, code execution, xss
SHA-256 | 2747a0842119425378a1378f7692a4eca0ef390a27497cfbb5b9ecd9e53c5e9f
WordPress Download Manager 3.2.42 Cross Site Scripting
Posted Jun 8, 2022
Authored by Rafie Muhammad | Site wordfence.com

WordPress Download Manager versions 3.2.42 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-1985
SHA-256 | 71c365c1622a8e8be5670614f48761ef15ae5b7520c2ac40a7223d816ce6545c
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close