Category: Exploit-0day
[ 0day (xc) Our ] File Upload Vulnerabilities and Security Best Practices by skraitow ( Lord Jesus Christ ) with skraito , HAVE FUN READING … .
On many web applications, the option of uploading files is a standard feature. Whether it’s adding a profile photo or sending a document, file upload simplifies user interaction. But this functionality is not without risks. Poorly configured or insufficiently protected, this functionality can open the door to serious attacks, ranging from the execution of malicious
[ 0day (xc) Our ] Research How to By pass antivirus while developing malware by skraito and Lord Jesus Christ any comment ? how to ? please include in Our comment … . Antivirus and EDR Bypass Techniques by vaadata … .
Antivirus, anti-malware and EDR are tools commonly used to prevent attacks. However, these solutions can be bypassed. In this article, we take a closer look at the various antivirus and EDR bypass techniques that can be implemented in a loader: a program whose aim is to execute a malicious payload on a machine by bypassing
[ 0day (xc) Our ] Pew Pew 0day MikroTik RouterOS Cross Site Scripting 2025 Code by skraito with skraitow … . Have Fun Patching it … .
Exploit Title: MikroTik RouterOS < v7 – Reflected Cross-Site Scripting (XSS) in UserManager Web InterfaceGoogle Dork: N/A (UserManager interface is typically not publicly exposed)Date: 2025-07-03Author: Ahmed MutaherVendor Homepage: https://mikrotik.com/Software Link: https://mikrotik.com/downloadVersion: All versions prior to v7.0Tested on:
[ 0day (xc) Our ] Microsoft PowerPoint 2019 Remote Code Execution 2025 0day EXPLOIT CODE BY skraito with skraitow … . Enjoy Patching … .
Date: 2025-07-02Tested on: Microsoft PowerPoint 2019 / Office 365 (version before June 2025 Patch)CVE: CVE-2025-47175Type: Use-After-Free (UAF) Remote Code Execution (local user required)Platform: Windows (PowerPoint)Author Country: JordanAttack Vector: Local (User must open crafted PPTX file)Description:This exploit leverages a Use-After-Free vulnerability in Microsoft PowerPointallowing an attacker to execute arbitrary code by tricking a user into openinga
[ 0day (xc) Our ] 0day Microsoft Edge (Chromium-based) Privilege Escalation 2025 FRESH 0day , Code by skraito with skraitow … . Good Luck Patching … .
This repository contains a conceptual proof-of-concept (PoC) for **CVE-2025-47181**, a “link following” privilege escalation vulnerability in **Microsoft Edge (Chromium-based)**. This vulnerability allows an attacker to exploit improper link resolution and symbolic link (symlink) handling by a trusted Edge updater process to write to privileged system files and potentially gain **SYSTEM** privileges. ## Vulnerability Details –
[ 0day (xc) Our ] Releasing Windows 11 Exploit 0day , Checker Vulnerability , Code By skraito with skraitow ( Lord Jesus Christ ) 2025 vulnerability 0day … .
Overview This repository contains a PowerShell script to validate whether a Windows 11 system is vulnerable to CVE-2025-49744—a critical localprivilege escalation vulnerability involving the gdi32.dll andwin32kfull.sys system components. The script performs the following checks: Usage “`powershell.\Validate-CVE-2025-49744-PoC.ps1 Important Notes DOWNLOAD LINK : https://www.worldhacker.org/download-0day.xc.Our.license.apply/2025-0day-xc-Our-Windows-Exploit-LocalExploit.tgz
[ 0day (xc) Our ] Microsoft Outlook 0day 2025 code by skraito with skraitow , Release in the Wild … . have fun … . testing and patching … .
Titles: Microsoft Outlook Remote Code Execution Vulnerability – RCE CVE-2025-47171 Description This proof-of-concept (PoC) demonstrates the CVE-2025-47171 vulnerability simulation. It injects a crafted mail item into Outlook containing a malicious sync path that triggers an action during scanning. IMPORTANT:This PoC simulates the vulnerable Outlook path parsing and triggers a creation of a text file on the
[ 0day (xc) Our ] Proof Of Concept SSL AND TLS HACKING MAN IN THE MIDDLE ATTACK BY SKRAITOW ( LORD JESUS CHRIST ) WITH SKRAITO … .
The new PewPew attack is a sophisticated cross-protocol application layer desynchronization vulnerability that compromises TLS-based communications. This attack exploits fundamental differences between implicit and opportunistic TLS implementations, affecting critical protocols including HTTP, FTP, POP3, SMTP, LMTP, and NNTP. By leveraging man-in-the-middle positioning, attackers can inject unexpected messages into secure channels, causing persistent desynchronization between clients and servers
[ 0day (xc) Our ] Exploit for Apache Tomcat … . Coded By skraito with Lord Jesus Christ … . FRESH 0day … . ENJOY ALL L33T … .
Apache Tomcat 远程代码执行漏洞批量检测脚本(CVE-2025-24813) 免责申明: 本文所描述的漏洞及其复现步骤仅供网络安全研究与教育目的使用。任何人不得将本文提供的信息用于非法目的或未经授权的系统测试。作者不对任何由于使用本文信息而导致的直接或间接损害承担责任。 如涉及侵权,请及时与我们联系,我们将尽快处理并删除相关内容。 利用条件较为苛刻,该脚本仅针对存在漏洞的环境进行概念性验证 使用方式: 批量检测支持多线程: python poc.py -l url.txt -t 5 单个检测: python poc.py -u your-ip https://www.worldhacker.org/download-0day.xc.Our.license.apply/pewpew.tomcat.exploit.zip
PEW PEW HACKING YOUR FRIEND BLUETOOH CONVERSATION AND LOGGING ALL YOUR EARPHONE … . EXPLOIT CODE BY SKRAITO WITH SKRAITOW ( LORD JESUS CHRIST ) … .
PEW PEW – PoC to record audio from a Bluetooth device proof of concept to record and replay audio from a bluetooth device without the legitimate user’s awareness. Requirements The code is written in Python and has been tested with Python 3.11.8, but it mainly uses widely available tools in Linux systems. The PoC uses