Strapi Framework Vulnerable to Remote Code Execution

Last update: Mar 08, 2022

Overview

CVE-2019-19609

Strapi Framework Vulnerable to Remote Code Execution

well, I didnt found any exploit for CVE-2019-19609 so I wrote one. :/

Usage


python3 exploit.py <rhost> <lhost> <jwt> <url>

A video

https://youtu.be/alhZJmuUd2s

More Information

https://hack-fast.herokuapp.com/cve/CVE-2019-19609
https://github.com/strapi/strapi/pull/4636

Owner

Dasith Vidanage

/opt/vibe

GitHub Repository

A forensic collection tool written in Python.

CHIRP A forensic collection tool written in Python. Watch the video overview 📝 Table of Contents 📝 Table of Contents 🧐 About 🏁 Getting Started Pre

1k Dec 09, 2022

Meterpreter Reverse shell over TOR network using hidden services

Poiana Reverse shell over TOR network using hidden services Features - Create a hidden service - Generate non-staged payload (python/meterpreter_rev

80 Dec 21, 2022

Enhancing Twin Delayed Deep Deterministic Policy Gradient with Cross-Entropy Method

Enhancing Twin Delayed Deep Deterministic Policy Gradient with Cross-Entropy Method Hieu Trung Nguyen, Khang Tran and Ngoc Hoang Luong Setup Clone thi

6 Jun 29, 2022

Generate MIPS reverse shell shellcodes easily !

MIPS-Reverse MIPS-Reverse is a tool that can generate shellcodes for the MIPS architecture that launches a reverse shell where you can specify the IP

29 Jul 27, 2021

IPscan - This Script is Framework To automate IP process large scope For Bug Hunting

IPscan This Script is Framework To automate IP process large scope For Bug Hunti

8 Mar 12, 2022

simple python keylogger

HELLogger simple python keylogger DISCLAIMERS: DON'T DO BAD THINGS. THIS PROGRAM IS MEANT FOR PERSONAL USES ONLY. USE IT ONLY IN COMPUTERS WHERE YOU H

10 Nov 10, 2022

Big-Papa Integrates Javascript and python for remote cookie stealing which then can be used for session hijacking

Big-Papa is a remote cookie stealer which can then be used for session hijacking and Bypassing 2 Factor Authentication

77 Jan 03, 2023

Hammer-DDos - Hammer DDos With Python

Hammer-DDos $ apt update $ apt upgrade $ apt install python $ apt install git $

1 Jan 24, 2022

Exploit for GitLab CVE-2021-22205 Unauthenticated Remote Code Execution

Vuln Impact An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files tha

2 Dec 30, 2021

neo Tool is great one in binary exploitation topic

neo Tool is great one in binary exploitation topic. instead of doing several missions by many tools and windows, you can now automate this in one tool in one session.. Enjoy it

4 Oct 10, 2022

Create a secure tunnel from a custom domain to localhost using Fly and WireGuard.

Fly Dev Tunnel Developers commonly use apps like ngrok, localtunnel, or cloudflared to expose a local web service at a publicly-accessible URL. This i

170 Dec 11, 2022

Open Source Tool - Cybersecurity Graph Database in Neo4j

GraphKer Open Source Tool - Cybersecurity Graph Database in Neo4j |G|r|a|p|h|K|e|r| { open source tool for a cybersecurity graph database in neo4j } W

27 Dec 06, 2022

PoC for CVE-2021-26855 -Just a checker-

CVE-2021-26855 PoC for CVE-2021-26855 -Just a checker- Usage python3 CVE-2021-26855.py -u https://mail.example.com -c example.burpcollaborator.net # C

17 Dec 22, 2022

A simple Outline Server Access Key Copy and Paste Web Interface

Outline Keychain A simple Outline Server Access Key Copy and Paste Web Interface Developed for key and password export and copy & paste for other Shad

1 Dec 28, 2021

Threat Intel Platform for T-POTs

GreedyBear The project goal is to extract data of the attacks detected by a TPOT or a cluster of them and to generate some feeds that can be used to p

72 Jan 01, 2023

Directory Traversal in Afterlogic webmail aurora and pro

CVE-2021-26294 Exploit Directory Traversal in Afterlogic webmail aurora and pro . Description: AfterLogic Aurora and WebMail Pro products with 7.7.9 a