Sosyal mühendislik testleri kapsamında sıkça tercih edilen phishing (oltalama) saldırısı için hedef kullanıcıların web tarayıcılarında kanca işlemlerinde kullanılabilecek bir araç olan Trape’den bahsedeceğiz. Trape Nedir? Trape, phishing saldırılarında kullanılan ve kullanıcı takibini de yapabilen bir araçtır. Kullanım Amaçları Senaryo: Kurbana sahte bir web sayfasının linki gönderilerek kullanıcı adı ve parola bilgileri ele geçirilecektir. Senaryo: Kurbana…
# Exploit Title: Centos Web Panel 0.9.8.480 Multiple Vulnerabilities # Exploit Author: Seccops – Siber Güvenlik Hizmetleri (https://seccops.com) # Vendor Homepage: http://centos-webpanel.com/ # Software Link: http://centos-webpanel.com/system-requirements # Version: 0.9.8.480 # Tested on: Centos 7 # Vulnerability Types: Command Injection, Local File Inclusion, Cross-site Scripting, Frame Injection # CVE: CVE-2018-18322, CVE-2018-18323, CVE-2018-18324 Referans: 0day.today, NIST/NVD
# Exploit Title: Virtualmin 6.03 Multiple Vulnerabilities # Exploit Author: Seccops – Siber Güvenlik Hizmetleri (https://seccops.com) # Vendor Homepage: https://www.virtualmin.com/ # Software Link: https://www.virtualmin.com/download.html # Version: 6.03 # Tested on: Centos 7 # Vulnerability Types: Frame Injection & Cross-site Scripting # CVE: CVE-2018-18207, CVE-2018-18208 Referans: 0day.today
# Exploit Title: Wikidforum 2.20 Multiple SQL Injection Vulnerabilities # Date: 2018-10-08 # Exploit Author: Seccops – Siber Güvenlik Hizmetleri (https://seccops.com) # Vendor Homepage: https://sourceforge.net/projects/wikidforum/ # Software Link: https://sourceforge.net/projects/wikidforum/files/Wikidforum-com-ed.2.20.zip/download # Version: 2.20 # Tested on: Windows 10 # Vulnerability Type: SQL Injection # CVE: CVE-2018-18075 Referans: Exploit-DB, CxSecurity, NIST/NVD
# Exploit Title: Wikindx 5.3.2 Multiple Cross-Site Scripting # Exploit Author: Seccops (https://seccops.com) # Vendor Homepage: http://wikindx.sourceforge.net/ # Software Link: https://sourceforge.net/projects/wikindx/files/latest/download # Version: 5.3.2 # Tested on: Windows 10 # Vulnerability Type : Cross-site Scripting # CWE: CWE-79 Referans: 0day.today, CxSecurity