Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      1337day-Exploits

      October CMS Upload Protection Bypass Code Execution

      Recommended Posts

      This Metasploit module exploits an Authenticated user with permission to upload and manage media contents can upload various files on the server. Application prevents the user from uploading PHP code by checking the file extension. It uses black-list based approach, as seen in octobercms/vendor/october/rain/src/Filesystem/ Definitions.php:blockedExtensions(). This module was tested on October CMS version version 1.0.412 on Ubuntu.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By dEEpEst

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and attempting to detect a bypass (or two) for said firewall, on the specified target.
          Features
              Ability to run on a single URL with the -u/--url flag
              Ability to run through a list of URL’s with the -l/--list flag
              Ability to detect over 40 different firewalls
              Ability to try over 20 different tampering techniques
              Ability to pass your own payloads either from a file, from the terminal, or use the default payloads
              Default payloads that are guaranteed to produce at least one WAF triggering
              Ability to bypass firewalls using both SQLi techniques and cross-site scripting techniques
              Ability to run behind multiple proxy types (socks4, socks5, http, https, and Tor)
              Ability to use a random user agent, personal user agent, or custom default user agent
              Auto-assign protocol to HTTP or ability to force protocol to HTTPS
              A built-in encoder so you can encode your payloads into the discovered bypasses
              More to come…
          Changelog v1.7
              Bunch of issue fixes with a few new wafs added into it enjoy

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By dEEpEst
          Verci Spy System RAT | Ransomware | NSA Exploits | UAC | Spread
          Verci Spy System  OR Verci_Spy_System
            Hidden Content
          Give reaction to this post to see the hidden content. This Tool Was Designed By US,This Tool is a Remote Access Trojan That you can Take over any Windows machine into your control and can do many things within that infected PC , also the infected PC will have a virus that will spread rapidly within usb-sticks and make other safe PCs infected too , by inserting the usb into it and click any of the shortcuts and so on . That Tool was designed for some educational purposes and some testing for PC security and we are not responsible for any illegal use for it , this tool also designed for a Better Hacking Visual Effects , that can deliver you a feeling of real hacker , you can use it within hacking movies , and have some animations and a localization map for detecting victims allover the world ,and Verci Wasn`t Cracked after it`s trial version was release , but the installer wasn`t cracked before , also Our XPR Tool , but we will not going into same mistake and not release any trial version for free .     and this is program options that you can do with the infected PC and you took control on it :     1-UAC (User Access Control) Manager (Enable or Disable)   2-Open remote Webcam / Microphone   3-Control Remote Desktop   4-File Manager Controller   5-Process Manager   6-Regedit Controller   7-Services Manager   8-Devices & Printers Viewer   9-Active Windows Manager   10-View Remote WiFi Networks   11-View Saved WIFI Passwords   12-Ransomwares [ You Have 2 Ransomwares] (Try anyone you wish)   13-WiFi Hotspot Creator [Use any other device to check the Hotspot]   14-Lan Computer Manager [Lan Spread (Premium Only)]   15-Network Connections/Drivers Manager   16-Scan Remote websites ports   17-Scan Lan network devices ports   18-Manage installed Programs   19-Unmovable chat system   20-Clipboard Manager [Images & Text] (Set & Get Clipboard)   21-Remote Command prompt   22-Code Compiler   23-Saved Password Stealer (Updated)   24-Remote Keylogger (Offline/Online)   25-DDOS Attack Manager / Http Flooder   26-Full Computer information Manager   27-(Installed Pyhton Scripts) a) This Option allow you to install Sqlmap Script in Client PC and Hack any infected sites using it _By this way Client PC will be saved in site logs not your PC   28-Run File (From Disk/Url)   29-Open Url (Default Browser)[Or](Any Browser)   30-Automatic Victim Transfer Option [Transfer to any host or external IP]   31- NoIP Updater   32-Ransomware Builder [Build own Ransomware with your own Bitcoin]   33-Notify With Client Webcam image   34-Spam options :       a) You can open fake Facebook login page in Client PC and grab passwords in keylogger       b) You can open fake Paypal login page in Client PC and grab passwords in keylogger       c) You can open fake Visa card number confirmation page in Client PC and grab information in keylogger   36-Auto Share Client Drivers over Lan     Ransomware Builder Manager :   This is the scheme of Ransomware       *) Generate Random password of 15 random chosen Characters       *) Start Encrypting all files exist in user Directory using the password       *) Kills explorer.exe       *) Kills Microsoft.Exchange       *) Kills MSExchange       *) Kills sqlserver.exe       *) Kills sqlwriter.exe       *) Kills mysqld.exe       *) Delete all Shadow copies       *) Usb spread (shortcut)[.lnk]       *) Keep loop to Encrypt all files exist in other Drives using the password     Available Trojans : 2 Trojans - 2 Downloaders: a) Full Control (Size : 400 Kilobytes) b)Worm Control (Size : 170 Kilobytes) c).exe Downloader (Size : 11 Kilobytes) d).vbs Downloader (Size : 909 Bytes)   Preview Image 1 :
          You can now Enter Free Port  You Choose Manual and Click Ok
            Hidden Content
          Give reaction to this post to see the hidden content. Preview Image 2 :
          Fast Look Hidden Content
          Give reaction to this post to see the hidden content.
          To Exit FullScreen Press "Click To Restore"   Downloads: Hidden Content
          Give reaction to this post to see the hidden content.
        • By dEEpEst
          Iɴʙᴏx Mᴀɪʟᴇʀ 

          ɢᴜɪᴅᴇ: 

          sᴛᴇᴘ 1: ʙᴜʏ/ᴄᴀʀᴅ ʏᴏᴜʀsᴇʟғ ᴀ ʜᴏsᴛɪɴɢ
          sᴛᴇᴘ 2: ɢᴏ ᴛᴏ ᴄᴘᴀɴᴇʟ->> ғɪʟᴇ ᴍᴀɴᴀɢᴇʀ
          sᴛᴇᴘ 3: ᴜᴘʟᴏᴀᴅ ᴛʜɪs ɪɴʙᴏx ᴍᴀɪʟᴇʀ
          sᴛᴇᴘ 4: ᴛʀʏ ᴛᴏ sᴇɴᴅ ᴍᴇssᴀɢᴇ ᴡɪᴛʜ ɪᴛ ᴛᴏ ᴠɪᴄᴛɪᴍ

          Hidden Content
          Give reaction to this post to see the hidden content.