🖥 https://system32.ink/best-restaurant-menu-by-pricelisto-wordpress-plugin-cve-2024-38793-exploit/ 🖥

ℹ️ Best Restaurant Menu by PriceListo Wordpress Plugin CVE-2024-38793 Exploit 🏴‍☠️

📌 This is a proof of concept exploit for the vulnerability CVE-2024-38793, an SQL injection vulnerability for versions of the WordPress plugin Best Restaurant Menu a.k.a Great Restaurant Menu WP before 1.4.2.

🆘The vulnerability occurs because of a lack on input sanitization on the groups argument when using the brm_restaurant_menu shortcode.

✍️Note: This does require the credentials of a user with at least Contributor level privileges.

🟥The code will attempt to grab the username and password hashes from the WordPress users table.💻

🖥 https://system32.ink/fastadmin-retrieve-db-details-directory-traversal-cve-2024-7928-exploit/ 🖥

🖥 FastAdmin Retrieve DB Details Directory Traversal CVE-2024-7928 Exploit 💻

ℹ️ A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal 🖥. The attack may be launched remotely. 🖥

🖥 https://system32.ink/necroword-embed-payload-using-undetect-macros/ 🖥

💻NecroWord - Embed Payload Using Undetect Macros🔩

ℹ️NecroWord — an easy way to embed a payload using undetect macros! 😀

🤔 What is it?

➡️— In simple words - you can create an undetect infected .doc document 📄

✏️How to use ?

➡️• Generate payload gird (image file with generated code)

🟣• Set download link to your payload-grid

➡️• Generate your infected document!

🆘Attention! — This is not a CVE | We condemn the use of software for illegal purposes. All responsibility for use lies with you

🖥 https://system32.ink/litespeed-cache-privilege-escalation-cve-2024-28000-exploit/ 🖥

📡 LiteSpeed Cache Privilege Escalation CVE-2024-28000 Exploit 💻

ℹ️ The LiteSpeed Cache plugin's user simulation feature is protected by a weak security hash generated using predictable values. An attacker can exploit this vulnerability by brute-forcing the security hash and passing it in a cookie along with a targeted user ID. If successful, the attacker can escalate their privileges to that of an Administrator. 🖥

📌Affected Versions
LiteSpeed Cache plugin versions prior to 6.4 are vulnerable.

🖥 https://system32.ink/xsslite-stealer/ 🖥

🎮 XSSLite Stealer 🐻

💻 XSSLite is a well-obfuscated piece of malicious software that uses several anti-analysis and anti-detection mechanisms. For example, this stealer checks whether it is launched on a virtual machine by looking for infrastructures related to Hyper-V and VMware. It also boasts some anti-debugging features.

📡XSSLite uses the DLL side-loading technique to infiltrate machines. In other words, it utilizes the Windows DLL search order mechanism to leverage a legitimate program that executes the malicious payload. Following successful installation, the malicious program begins collecting relevant device data.

🆘XSSLite can extract and exfiltrate data from Chromium-based browsers. Typically, stealers target browsing and search engine histories, Internet cookies, log-in credentials (usernames/passwords), personally identifiable details, credit card numbers, and other sensitive information.

ℹ️According to XSSLite's promotional material, it can obtain data from all types of browser extensions. This could include plug-ins related to cloud storage, password management, 2FA/MFA (Two/Multi-Factor Authentication), cryptocurrency platforms, etc.

📢Furthermore, this malware can exfiltrate (download) victims' desktop files. The program also aims to steal cryptocurrency wallets. Additionally, the stealer has keylogging abilities, i.e., it can record keystrokes (keyboard input).

➡️It is pertinent to mention that malware developers commonly improve upon their creations and methodologies; therefore, potential future iterations of XSSLite could have additional/different capabilities.

🖥 https://system32.ink/windows-tcp-ip-remote-code-execution-cve-2024-38063-exploit/ 🖥

🖥 Windows TCP/IP Remote Code Execution CVE-2024-38063 Exploit 💻

📡 RCE in tcpip.sys 🖥

✏️ ईश्वरः परमः कृष्णः सच्चिदानन्दविग्रहः।
अनादिरादिर्गोविन्दः सर्वेकारणकारणम् ॥

⚡️ Lord Krishna who is known as Govinda is the Supreme Godhead. He
has an eternal, blissful, spiritual body. He is the origin of
all. He has no other origin and He is the prime cause of all

➡️भगवान् तो कृष्ण हैं, जो सच्चिदानन्द स्वरुप हैं। उनका कोई आदि नहीं है, क्योंकि वे प्रत्येक वस्तु के आदि हैं।
भगवान गोविंद समस्त कारणों के कारण हैं।

🖥 Cacti 1.2.26 CVE-2024-25641 RCE Automated Exploit 🪩

🔠0️⃣🔠🔠🔠🔠🔠🔠 🔣 https://system32.ink/cacti-1-2-26-cve-2024-25641-rce-automated-exploit/ 🖥

💻 Fully automated exploit for CVE-2024-25641. When a user is authenticated, Cacti version 1.2.26 is vulnerable to an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server (RCE).🐻

🖥 https://system32.ink/oxyco-rat-pro-v3-9-6/ 🖥

💻 Oxyco RAT PRO v3.9.6 🤡

ℹ️ Compatible with all devices
🟢 Bypass Play Store Signature
😈 The bypass does not depend on APK files outside the Play Store
🛡 100% FUD APK file
⏳ No screen permissions required
🍎 No permission requests when installing APKs on your device

⏰⏰⏰⏰⏰⏰⏰⏰⏰⏰⏰⏰⏰

gg's hacker's ( have a good day —❤️
‼️anyone remember ? miss you all

Link

Search by keyword, 
filter by vulnerability type,
service affected and OS. Detailed description for each exploit
(with PoC, Nuclei template or Metasploit module

#hacker_bano_chutiya_nhe 🌜❤️🌛 { back to work }