🖥 https://system32.ink/nginx-ingress-kubernetes-cve-2024-7646-poc/ 🖥

🖥 NGINX-Ingress Kubernetes CVE-2024-7646 PoC 🐻

🚨A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the networking.k8s.io or extensions API group) can bypass 🖥 annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.😵

📡The issue allows an attacker to access the Kubernetes Service Account (SA) token by exploiting improper input validation in the nginx.ingress.kubernetes.io/auth-tls-verify-client annotation.💻

😒TRYHACKME😒 PREMIUM AVAILABLE ( PAID ) ⚡️

➖➖➖➖➖➖➖➖➖➖➖➖➖➖➖➖➖

🔣🤓 ONE MONTH : 250 RUPEES (💲CHECKOUT) 🤑

➖➖➖➖➖➖➖➖➖➖➖➖➖➖➖➖➖

🔠🔤 @ProtocolNick ✈️ IF YOU NEED

1️⃣0️⃣0️⃣🔣 TRUSTED
1️⃣0️⃣0️⃣🔣 MONEY BACK GUARANTEE

HOSTINGER
VPS ✔️
HOSTINGS ✔️
CPANEL HOSTINGS ✔️
RDPS ✔️
DOMAINS ✔️
WORDPRESS HOSTINGS ✔️
RESELLER HOSTINGS ✔️

🔤🔤🔤🔤
🔤🔤🔤🔤🔤🔤🔤🔤

CHEAP PRICED
85% OFF 💼
PURCHASE HERE
PURCHASE HERE

🖥 https://system32.ink/best-restaurant-menu-by-pricelisto-wordpress-plugin-cve-2024-38793-exploit/ 🖥

ℹ️ Best Restaurant Menu by PriceListo Wordpress Plugin CVE-2024-38793 Exploit 🏴‍☠️

📌 This is a proof of concept exploit for the vulnerability CVE-2024-38793, an SQL injection vulnerability for versions of the WordPress plugin Best Restaurant Menu a.k.a Great Restaurant Menu WP before 1.4.2.

🆘The vulnerability occurs because of a lack on input sanitization on the groups argument when using the brm_restaurant_menu shortcode.

✍️Note: This does require the credentials of a user with at least Contributor level privileges.

🟥The code will attempt to grab the username and password hashes from the WordPress users table.💻

🖥 https://system32.ink/fastadmin-retrieve-db-details-directory-traversal-cve-2024-7928-exploit/ 🖥

🖥 FastAdmin Retrieve DB Details Directory Traversal CVE-2024-7928 Exploit 💻

ℹ️ A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal 🖥. The attack may be launched remotely. 🖥

🖥 https://system32.ink/necroword-embed-payload-using-undetect-macros/ 🖥

💻NecroWord - Embed Payload Using Undetect Macros🔩

ℹ️NecroWord — an easy way to embed a payload using undetect macros! 😀

🤔 What is it?

➡️— In simple words - you can create an undetect infected .doc document 📄

✏️How to use ?

➡️• Generate payload gird (image file with generated code)

🟣• Set download link to your payload-grid

➡️• Generate your infected document!

🆘Attention! — This is not a CVE | We condemn the use of software for illegal purposes. All responsibility for use lies with you

🖥 https://system32.ink/litespeed-cache-privilege-escalation-cve-2024-28000-exploit/ 🖥

📡 LiteSpeed Cache Privilege Escalation CVE-2024-28000 Exploit 💻

ℹ️ The LiteSpeed Cache plugin's user simulation feature is protected by a weak security hash generated using predictable values. An attacker can exploit this vulnerability by brute-forcing the security hash and passing it in a cookie along with a targeted user ID. If successful, the attacker can escalate their privileges to that of an Administrator. 🖥

📌Affected Versions
LiteSpeed Cache plugin versions prior to 6.4 are vulnerable.

🖥 https://system32.ink/xsslite-stealer/ 🖥

🎮 XSSLite Stealer 🐻

💻 XSSLite is a well-obfuscated piece of malicious software that uses several anti-analysis and anti-detection mechanisms. For example, this stealer checks whether it is launched on a virtual machine by looking for infrastructures related to Hyper-V and VMware. It also boasts some anti-debugging features.

📡XSSLite uses the DLL side-loading technique to infiltrate machines. In other words, it utilizes the Windows DLL search order mechanism to leverage a legitimate program that executes the malicious payload. Following successful installation, the malicious program begins collecting relevant device data.

🆘XSSLite can extract and exfiltrate data from Chromium-based browsers. Typically, stealers target browsing and search engine histories, Internet cookies, log-in credentials (usernames/passwords), personally identifiable details, credit card numbers, and other sensitive information.

ℹ️According to XSSLite's promotional material, it can obtain data from all types of browser extensions. This could include plug-ins related to cloud storage, password management, 2FA/MFA (Two/Multi-Factor Authentication), cryptocurrency platforms, etc.

📢Furthermore, this malware can exfiltrate (download) victims' desktop files. The program also aims to steal cryptocurrency wallets. Additionally, the stealer has keylogging abilities, i.e., it can record keystrokes (keyboard input).

➡️It is pertinent to mention that malware developers commonly improve upon their creations and methodologies; therefore, potential future iterations of XSSLite could have additional/different capabilities.