Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      1337day-Exploits

      October CMS Upload Protection Bypass Code Execution

      Recommended Posts

      This Metasploit module exploits an Authenticated user with permission to upload and manage media contents can upload various files on the server. Application prevents the user from uploading PHP code by checking the file extension. It uses black-list based approach, as seen in octobercms/vendor/october/rain/src/Filesystem/ Definitions.php:blockedExtensions(). This module was tested on October CMS version version 1.0.412 on Ubuntu.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By 0x1
          GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.

          Hidden Content
          Give reaction to this post to see the hidden content. The project collects legitimate functions of Unix binaries that can be abused to get the f**k break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks. See the full list of functions.
          This was inspired by the LOLBAS project for Windows.
          GTFOBins is a collaborative project created by norbemi and cyrus_and where everyone can contribute with additional binaries and techniques.

          Hidden Content
          Give reaction to this post to see the hidden content. gtfo

          Hidden Content
          Give reaction to this post to see the hidden content. This is a standalone script written in Python 3 for GTFOBins. You can search for Unix binaries that can be exploited to bypass system security restrictions. These binaries can be abused to get the f**k break out of restricted shells, escalate privileges, transfer files, spawn bind and reverse shells, etc...
          The functions are from  
          Hidden Content
          Give reaction to this post to see the hidden content.   and all credit goes to its respective contributors. They are simplified (no need for environmental variables) and syntax highlighted.
          Hidden Content
          Give reaction to this post to see the hidden content. Download

          Hidden Content
          Give reaction to this post to see the hidden content. Install
          The script has 2 dependencies:
          colorama pygments You can install these by typing:
          Hidden Content
          Give reaction to this post to see the hidden content. Run
          Hidden Content
          Give reaction to this post to see the hidden content.  
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content. A builder for your Clipper with a bunch of cool features.

          Hidden Content
          Give reaction to this post to see the hidden content.  
        • By dEEpEst

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By dEEpEst

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By dEEpEst

          Hidden Content
          Give reaction to this post to see the hidden content.