1231
0day Today Inj3ct0r Exploits Market and 0day Exploits Database #1337day #0day
Joomla! 4.1.2 Shell Upload 0day Exploit
#0day #exploit #1337day
https://0day.today/exploit/description/37355
More information : @r0073r
Hotmail.com reset account 0day Exploit
#0day #exploit
Hotmail.com 0day Exploit can reset any email account
https://0day.today/exploit/description/30155
More information: @r0073r
Moodle Pre-Auth Remote Code Execution 0day Exploit
#0day #exploit #1337day
Test on : Moodle 3.11.2+ and previous
The exploit allow remote code execution, work with default installations and should not require any authentication or user interaction. 0day exploit affecting recent versions of Moodle
More information : @r0073r
TikTok reset account password Exploit
#0day #exploit
Security Risk Critical
Description : Exploit can reset password and get full control any TikTok account. You can change target mobile phone without any problems, because exploit use bypass 2fa vulnerability
https://0day.today/exploit/description/36118
More information : @r0073r
Magento 2.4.0 / 2.3.5p1 (and earlier) Arbitrary Code Execution 0day Exploit
#0day #exploit
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components.
https://0day.today/exploit/description/36026
More information : @r0073r
QBOT Botnet C2 Panel - Authentication Bypass Vulnerability
https://0day.today/exploit/description/35927
#0day #exploit#1337day
A vulnerability exists in the Qbot botnet C2, in the code that performs the login. A remote attacker can exploit it to bypass the authentication, having the ability to control the botnet and perform action as an authenticated user, like taking control of the botnet.
This Botnet has a lot of variants, which makes it more difficult to categorize it in versions.
Hopefully, all the versions found out there are found to be vulnerable, just minor changes are required for the exploit to work. Most versions out there are vulnerable.
Video proof :: https://vimeo.com/521107579
More information : @r0073r
12k HSBC bank account log + app available
#0day #exploit #tools
Includes:
Username and password
Ip
Location
And full access to most accounts
* SOLD TO ONLY ONE PERSON
For more information and proof pm : @r0073r
iCloud reset mail Account Authentication Elevation Of Privilege 0day Exploit4500usd => 4000usd
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must have shell access to exploit this vulnerability, however Guest access is sufficient.
The specific flaw exists within the authentication of users who use their iCloud account and password to log in to OS X. Any user is able to change the password of these users without knowing the previous password. This allows an attacker to run arbitrary commands as that user. If the target user is an Admin, the attacker can run arbitrary commands as root.
=========
More information : @r0073r
be careful: if http://0day.today redirecting to pastebin page - your ip address block. Please use TOR browser: site mirror …http://curaj33verawgaddbsdsrzc5krmopfyqnei66io5ldhqwdiqukt4vcyd.onion
Читать полностью…
Attacker can access device SpringBoard, run default iOS apps, run 3rd party iOS apps installed from AppStore, open Photos, Reminders, Notes, Email, and all other iOS apps, make and receive calls / sms, etc.
What you receive: The source code of exploit written in TheOS tweak platform https://theos.dev Exploit works on jailbroken devices (checkm8 bootrom exploit - checkra.in jailbreak)
How to run exploit: Jailbreak device using free checkra1n tool and upload theos script to victims device, then enter any random passcode and it will be accepted as correct passcode and the lock screen will be opened.
Usage info Supported iOS versions (tested):
iOS 12.x.x, iOS 13.x.x, iOS 14 beta - will support iOS 14 once it will be released (basically the exploit doesn't depends on iOS version (because of checkm8 jailbreak bootrom exploit can not be patched in the future, so it can be used in all future iOS releases as well)
Affected ver Supported device list (tested) A5 - A11 CPUs:
iPhone X
iPhone 8
iPhone 8 Plus
iPhone 7
iPhone 7 Plus
iPhone 6
iPhone 6 Plus
iPhone 6S
iPhone 6S Plus
iPhone SE
iPhone 5S
iPhone 5C
iPad 7
iPad Pro 12.9 in. 1st
iPad Pro 12.9 in. 2nd
iPad Pro 10.5 in (2017)
iPad 5
iPad 6
iPad Air 2
iPad Air
iPad Mini 4
iPad Mini 3
iPad Mini 2
BustaBit used a root server seed to generate its current hash chain.
PLAY: https://www.bustabit.com/play
FAQ: https://www.bustabit.com/faq
Each item in the hashchain represents a result in the game.
My exploit provides you with the root server seed and a javascript file which you can start via:
node bustabit-v2.js <gameNumber>
It will generate the next 10 game results starting from the <gameNumber>
bustabit is a thrilling social bitcoin gambling game. It's a real time, simple, and exciting game where you can securely play for fun or to win money.
Each round of the game, you have the opportunity to place a bet before the round starts. Once the round begins, a lucky multiplier starts at 1x and begins climbing higher and higher.
At any moment, you can click "Cashout" to lock in the current multiplier which awards you with your multiplied bet.
The longer you stay in the game before cashing out, the higher the multiplier gets. But beware! Every tick of the game has a chance of busting. If you do not cash out before the bust, you lose your bet.
proof video: https://0day.today/videos/34134.mp4
10% discount
Whatsapp Desktop (session hijacking) Payload 0day Exploit
#0day #exploit #1337day
This vulnerability makes you able to get Full Access
Any account Victim installed Whatsapp Version Desktop
By Payload Exploit (Support ant last version)
proof video: https://0day.today/videos/34312.mp4
For more information : @inj3ct0r
iCloud reset mail Account Authentication Elevation Of Privilege 0day Exploit
21% discount
#0day
#exploit
https://0day.today/exploit/description/29171
More information : @r0073r
Bustabit Bitcoin Server Seed way of earning Exploit
10% discount
#0day
#exploit
https://0day.today/exploit/description/34134
More information : @r0073r
Oracle solaris sshd Remote Root Exploit
10% #off
#0day #exploit #1337day
https://0day.today/exploit/description/33737
More information : @r0073r
Instagram bypass Access Account Private Method Exploit
#0day #exploit #1337day
With this method you can hack almost any Instagram Account
https://0day.today/exploit/description/23926
https://vimeo.com/549000247
More information : @r0073r
#0day #Exploit
WordPress 5.8.2 core Remote Code Execution 0day Exploit
This python exploit allow remote code execution, work with default installations and should not require any authentication or user interaction.
https://0day.today/exploit/description/37088
More information : @r0073r
Windows Server 2019 Remote Desktop Protocol Bypass 0day Exploit
#0day #exploit #tools #0day_exploit
https://0day.today/exploit/description/36315
More information : @r0073r
TikTok reset account password Exploit
#0day #exploit
Exploit can reset password and get full control any TikTok account. You can change target mobile phone without any problems, because exploit use bypass 2fa vulnerability
https://0day.today/exploit/description/36118
More information : @r0073r
Hotmail.com reset account 0day Exploit3000$ => 2600$
https://0day.today/exploit/description/30155
#0day #exploit #1337day
For more information : @r0073r
Pornhub User Account takeover Privilage Escalation Exploit
#0day #exploit
Privilege Escalation via same username during registration . We can get into any account that has a valid username registered in ht.pornhub.com using the same username with different email /identity . That is why I belief here privacy is being exploited and privilege is unrestricted to any third person , who may eventually compromise accounts of the general users.
https://0day.today/exploit/description/27097
More information : @r0073r
Paypal bypass email verify logins Vulnerability
#0day #exploit #1337day
https://0day.today/exploit/description/28103
More information : @r0073r
Whatsapp Desktop (session hijacking) Payload 0day Exploit
This vulnerability makes you able to get Full Access
Any account Victim installed Whatsapp Version Desktop
By Payload Exploit (Support ant last version)
proof video: https://0day.today/videos/34312.mp4
================
#exploit #0day
More information : @r0073r
Video proof
https://vimeo.com/458328805
iOS 12 / 13 / 14 Passcode Bypass 0day Exploit
15% discount only for first purchase
#0day #exploit #1337day
https://0day.today/exploit/description/34938
More information and use discount : @r0073r
15% discount
Bustabit Bitcoin Server Seed way of earning Exploit
#0DAY #EXPLOIT#1337DAY
https://0day.today/exploit/description/34134
For more information : @r0073r
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must have shell access to exploit this vulnerability, however Guest access is sufficient.
The specific flaw exists within the authentication of users who use their iCloud account and password to log in to OS X. Any user is able to change the password of these users without knowing the previous password. This allows an attacker to run arbitrary commands as that user. If the target user is an Admin, the attacker can run arbitrary commands as root.
BustaBit used a root server seed to generate its current hash chain.
PLAY: https://www.bustabit.com/play
FAQ: https://www.bustabit.com/faq
Each item in the hashchain represents a result in the game.
My exploit provides you with the root server seed and a javascript file which you can start via:
node bustabit-v2.js <gameNumber>
It will generate the next 10 game results starting from the <gameNumber>
bustabit is a thrilling social bitcoin gambling game. It's a real time, simple, and exciting game where you can securely play for fun or to win money.
Each round of the game, you have the opportunity to place a bet before the round starts. Once the round begins, a lucky multiplier starts at 1x and begins climbing higher and higher.
At any moment, you can click "Cashout" to lock in the current multiplier which awards you with your multiplied bet.
The longer you stay in the game before cashing out, the higher the multiplier gets. But beware! Every tick of the game has a chance of busting. If you do not cash out before the bust, you lose your bet.
Usage info Do not use it to obvious as it could raise suspicion.
You can run my javascript file from any operating system having node installed or simply create your own bot using the server root seed.
Instagram bypass access account private Metod 20% #off
#0day #exploit #1337day
https://0day.today/exploit/description/23926
How work : https://youtu.be/dxlGTa_gSpg
More info : @r0073r
Linux (CUPSD 1.x.x/2.x.x) Remote 0day Exploit
10% #off
#0day #exploit #1337day
https://0day.today/exploit/description/33739
More information : @r0073r