exploits, tools and miscellaneous
Exploit a remote unauthenticated memory disclosure in Siteminder SSO / CA SSO
Incorrect decoding of URL results in improperly terminated and reflected string value.
Exploits two weak cryptographic session token mechanisms in iDRAC 6 web interfaces to obtain authentication credentials and then deploys a CVE-2018-1212 payload to obtain root code execution.
CVE-2019-9053 was a SQL injection in CMSMadeSimple. This exploit performs a new SQL injection attack in the new code by providing data as an unanticipated type.
Brute force tool to be used with a pre-exsisting PHP file incusion exploit, where no suitable exploitable code exists natively on the target. Designed to attack musllibc php (I.E. alpine).