This repository is a curated collection of my exploits and security research. Below is a comprehensive list of various vulnerabilities I have discovered or explored in different CMSs and software.
Exploits List 1. PopojiCMS 2.0.1 Remote Command Execution (RCE)
2. Lepton CMS 7.0.0 Remote Code Execution (RCE)
3. liveSite 2019.1 Remote Code Execution (RCE)
4. iGalerie 3.0.22 Cross Site Scripting (XSS)
5. PluXml Blog 5.8.9 Remote Code Execution (RCE)
6. Form Tools 3.1.1 Cross Site Scripting (XSS)
7. WebCalendar 1.3.0 Cross Site Scripting (XSS)
8. WhatACart 2.0.7 Cross Site Scripting (XSS)
9. ShopSite 14.0 Cross Site Scripting (XSS)
10. Kopage Website Builder 4.4.15 Cross Site Scripting (XSS)
11. WBCE CMS Version 1.6.1 Remote Command Execution (RCE)
12. Magento 2.4.6 XSLT Server Side Injection (XSLT)
13. MotoCMS Version 3.4.3 - SQL Injection (SQL)
14. Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS)
15. Total CMS 1.7.4 - Remote Code Execution (RCE)
16. MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)
17. Unquoted Service Path in Microsoft GamingServicesNet
18. Shell Upload in Total CMS 1.7.4 (RCE)
19. Textpattern CMS v4.8.8 - Stored Cross-Site Scripting (XSS)
20. Xoops CMS 2.5.10 - Stored Cross-Site Scripting (XSS)
21. Textpattern CMS v4.8.8 - Command Injection (RCE)
22. Monstra 3.0.4 - Stored Cross-Site Scripting (XSS)
23. Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)
24. Office Suite Premium 10.9.1.42602 Cross Site Scripting (XSS)
25. Office Suite Premium 10.9.1.42602 Path Traversal (LFI)
26. Office Suite Premium 10.9.1.42602 Local File Inclusion (LFI)
27. Alkacon OpenCMS 15.0 Cross Site Scripting (XSS)
28. Zip & RAR FileExtractor v5.7 - Reflected XSS
29. Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)
30. Moodle 4.3 Cross Site Scripting (XSS)
31. CSZ CMS 1.3.0 Shell Upload (RCE)
32. PyroCMS 3.0.1 Cross Site Scripting (XSS)
33. CE Phoenix 1.0.8.20 Cross Site Scripting (XSS)
34. CE Phoenix v1.0.8.20 - Remote Code Execution (RCE)
35. Moodle 4.3 Reflected (XSS)
36. Dotclear 2.29 Cross Site Scripting (XSS)
37. SitePad 1.8.2 Cross Site Scripting (XSS)
38. CMS Made Simple 2.2.19 Remote Code Execution (RCE)
39. CMS Made Simple 2.2.19 Cross Site Scripting (XSS)
40. CMS Made Simple 2.2.19 Server-Side Template Injection (SSTI)
41. SuperCali 1.1.0 Cross Site Scripting (XSS)
42. Moodle 4.3 Insecure Direct Object Reference
43. Soholaunch 4.9.4 r44 Shell Upload
44. Feng Office 3.10.8.21 Cross Site Scripting
45. HTMLy 2.9.6 Cross Site Scripting
46. Open eShop 2.7.0 Cross Site Scripting
47. Jcow Social Network Cross Site Scripting
48. ElkArte Forum 1.1.9 Remote Code Execution
49. Akaunting 3.1.8 Server-Side Template Injection
50. Akaunting 3.1.8 Client-Side Template Injection
51. Microweber 2.0.15 Cross Site Scripting
52. Bagisto 2.1.2 Client-Side Template Injection
The information and exploits in this repository are provided for educational and research purposes only. The use of this information for attacking targets without prior mutual consent is illegal. The author is not responsible for any misuse of the information provided here.
For any queries or contributions, feel free to reach out. Contact Information