Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AVideoEncoderGetImageCmdInject ¶ added in v0.5.0
AVideoEncoderGetImageCmdInject exploits CVE-2026-29058: unauthenticated OS command injection in AVideo Encoder's getImage.php. The base64Url parameter is base64-decoded and passed through FILTER_VALIDATE_URL, then interpolated directly into an ffmpeg shell command within double quotes without escapeshellarg(). Backticks in the URL path achieve command substitution.
func (*AVideoEncoderGetImageCmdInject) Check ¶ added in v0.5.0
func (m *AVideoEncoderGetImageCmdInject) Check(run *sdk.Context) (sdk.CheckResult, error)
func (*AVideoEncoderGetImageCmdInject) Exploit ¶ added in v0.5.0
func (m *AVideoEncoderGetImageCmdInject) Exploit(run *sdk.Context) error
func (*AVideoEncoderGetImageCmdInject) Info ¶ added in v0.5.0
func (m *AVideoEncoderGetImageCmdInject) Info() sdk.Info
type Langflow ¶
Langflow exploits pre-auth RCE in Langflow's /api/v1/validate/code endpoint. Python exec via decorator injection (CVE-2025-3248).
type MajorDoMoCmdInject ¶ added in v0.5.0
MajorDoMoCmdInject exploits CVE-2023-50917: command injection in MajorDoMo's thumb.php via the transport parameter.
func (*MajorDoMoCmdInject) Check ¶ added in v0.5.0
func (m *MajorDoMoCmdInject) Check(run *sdk.Context) (sdk.CheckResult, error)
func (*MajorDoMoCmdInject) Exploit ¶ added in v0.5.0
func (m *MajorDoMoCmdInject) Exploit(run *sdk.Context) error
func (*MajorDoMoCmdInject) Info ¶ added in v0.5.0
func (m *MajorDoMoCmdInject) Info() sdk.Info
type MajorDoMoCycleExecs ¶ added in v0.5.0
MajorDoMoCycleExecs exploits CVE-2026-27175: unauthenticated command injection via MajorDoMo's rc/index.php. The param parameter is interpolated into double quotes without escapeshellarg() and inserted into the safe_execs table. The cycle_execs.php worker (started by MajorDoMo's cycle.php on boot) polls this table every second and passes each entry to execInBackground().
func (*MajorDoMoCycleExecs) Check ¶ added in v0.5.0
func (m *MajorDoMoCycleExecs) Check(run *sdk.Context) (sdk.CheckResult, error)
Check verifies the rc handler is accessible without authentication. Intentionally avoids sending a command parameter to prevent inserting entries into safe_execs during readiness probing.
func (*MajorDoMoCycleExecs) Exploit ¶ added in v0.5.0
func (m *MajorDoMoCycleExecs) Exploit(run *sdk.Context) error
Exploit injects the payload via rc/index.php's param field. The cycle_execs.php worker polls safe_execs every second and executes it.
func (*MajorDoMoCycleExecs) Info ¶ added in v0.5.0
func (m *MajorDoMoCycleExecs) Info() sdk.Info
type OpenDCIM ¶
OpenDCIM exploits SQL injection in openDCIM's install.php LDAP config update to achieve RCE via dot binary path poisoning (CVE-2026-28515/28516/28517).
func (*OpenDCIM) Check ¶
Check probes install.php accessibility and confirms SQLi via time-based test.
func (*OpenDCIM) ExecuteCommand ¶
ExecuteCommand injects a command via SQLi into the dot binary path and triggers it.
type SpringCloudFunc ¶
SpringCloudFunc exploits SpEL injection in Spring Cloud Function's routing-expression header (CVE-2022-22963).
func (*SpringCloudFunc) Check ¶
func (m *SpringCloudFunc) Check(run *sdk.Context) (sdk.CheckResult, error)
func (*SpringCloudFunc) Info ¶
func (m *SpringCloudFunc) Info() sdk.Info
Source Files