March 15, 2022 Exploit

Apache2 2.4.49 – LFI & RCE Exploit – CVE-2021-41773

Apache2 2.4.49 – LFI & RCE Exploit Info # Exploit Title: Apache HTTP Server 2.4.49 – Path Traversal & Remote Code Execution (RCE) # Exploit Author: Gaurav Raj https://gauravraj.xyz https://blog.gauravraj.xyz # Vendor Homepage: https://apache.org/ # Version: 2.4.49 # Tested on: 2.4.49 # CVE : CVE-2021-41773 Screenshots GitHub View Github

February 6, 2022 Exploit

An exploit and demonstration on how to exploit a Stored XSS vulnerability in anonstress

An exploit and demonstration on how to exploit a Stored XSS vulnerability in https://anonstress.com. Details Vulnerability Severity Description Stored XSS 5.0/10 This vulnerability allows attackers to execute arbitrary javascript code on a victims browser. Exploit

January 13, 2022 Exploit

SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)

Bad Blood is an exploit for CVE-2021-20038, a stack-based buffer overflow in the httpd binary of SMA-100 series systems using firmware versions 10.2.1.x. I’ve written a lot of the technical details here: The exploit, as written, will open up a telnet bind shell on port 1270. An attacker that connects to the shell will achieve execution as nobody. Example Output

December 13, 2021 Exploit

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user