#Exploit Title: X2CRM v8.5 – Stored Cross-Site Scripting (XSS) (Authenticated) #Date: 12 September 2024 #Exploit Author: Okan Kurtulus #Vendor Homepage: https://x2engine.com #Version: v8.5 #Tested on: Ubuntu 22.04 #CVE: 2024-48120 Proof of Concept: Log in to the system with any user […]
Author: Okan Kurtuluş
Vtiger CRM v8.2.0 – HTML Injection (Authenticated)
#Exploit Title: Vtiger CRM v8.2.0 – HTML Injection (Authenticated) #Date: 12 September 2024 #Exploit Author: Okan Kurtulus #Vendor Homepage: https://www.vtiger.com #Version: v8.2.0 #Tested on: Ubuntu 22.04 #CVE: 2024-48119 Proof of Concept: After logging in as a registered user, it was […]
IDOR Vulnerability in KubeSphere / CVE-2024-46528
Hi guys, I am writing to report a potential Insecure Direct Object Reference (IDOR) vulnerability that I have discovered in KubeSphere. Below are the details of the vulnerability: There is a potential Insecure Direct Object References (IDOR) vulnerability in KubeSphere […]
PowerShell Policy Bypass Yöntemleri
Herkese selamlar, yoğun iş günlerinden sonra kendime boş bir vakit yaratıp kısa ama öz bir yazı yazmak istedim. Bu yazımda Powershell Policy’leri dilim döndükçe anlatıp, bunları nasıl bypasslayabiliriz ona değineceğim. PowerShell execution policy’leri, PowerShell scriptlerinin nasıl ve ne zaman çalıştırılabileceğini […]
Kubernetes Penetration Testing Guide
Hi everyone,In this article, I will not dwell on what Kubernetes is and what it is not. I assume you know these. Today, I would like to share with you the steps that I actively follow in Kubernetes Pentest processes. […]
What is Pineapple Device?
Hi everyone, today I will talk about the Pineapple device and its installation as much as I can. I’m thinking of writing about this topic in parts. Today, I will be talking about what this device does and how to […]
October CMS v3.4.4 – Stored Cross-Site Scripting (XSS) (Authenticated)
#Exploit Title: October CMS v3.4.4 – Stored Cross-Site Scripting (XSS) (Authenticated) #Date: 29 June 2023 #Exploit Author: Okan Kurtulus #Vendor Homepage: https://octobercms.com #Version: v3.4.4 #Tested on: Ubuntu 22.04 #CVE: 2023-37692 #Proof of Concept: 1-) Install the system through the website […]
Piwigo v13.7.0 – Stored Cross-Site Scripting (XSS) (Authenticated)
#Exploit Title: Piwigo v13.7.0 – Stored Cross-Site Scripting (XSS) (Authenticated) #Date: 4 July 2023 #Exploit Author: Okan Kurtulus #Vendor Homepage: https://piwigo.org #Version: 13.7.0 #Tested on: Ubuntu 22.04 #CVE: N/A #Proof of Concept: 1-) Install the system through the website and […]
CMS Made Simple v2.2.17 – Stored Cross-Site Scripting (XSS) (Authenticated)
#Exploit Title: CMS Made Simple v2.2.17 – Stored Cross-Site Scripting (XSS) (Authenticated) #Date: 25 June 2023 #Exploit Author: Okan Kurtulus #Vendor Homepage: https://www.cmsmadesimple.org #Version: 2.2.17 #Tested on: Ubuntu 18.04 #CVE: 2023-36970 #Proof of Concept: 1-) Install the system through the […]
CMS Made Simple v2.2.17 – File Upload Remote Code Execution (RCE) (Authenticated)
#Exploit Title: CMS Made Simple v2.2.17 – File Upload Remote Code Execution (Authenticated) #Date: 25 June 2023 #Exploit Author: Okan Kurtulus #Vendor Homepage: https://www.cmsmadesimple.org/ #Version: 2.2.17 #Tested on: Ubuntu 18.0.4 #CVE: 2023-36969 #Proof of Concept: 1-) Install the system through […]