I also have Admin creator (For injecting your user to become admin). Credential Grabber (For grabbing Stripe keys, SMTP)
And i actually got a lot of SES,SENDGRID,POSTMARK Smtp from this
The script of the grabber and admin injector will be PHP and you need to run the command or visit the url after you uploaded the .php files
And i actually got a lot of SES,SENDGRID,POSTMARK Smtp from this
The script of the grabber and admin injector will be PHP and you need to run the command or visit the url after you uploaded the .php files
Prepare your magento list and be ready in an hours.
Please know that the tools im about to release is for educational purposes only.
Researcher around the world are welcome to look, Modify and test on their own website.
Thank you
❤3
Magento Polyshell RCE is online
Grab it here -> https://github.com/khadafigans/Magento-Polyshell-RCE
Grab it here -> https://github.com/khadafigans/Magento-Polyshell-RCE
❤2
Dont forget to Give star and fork the Github or i wont upload any exploit anymore 😡
Please open Telegram to view this post
VIEW IN TELEGRAM
❤4
Also if you like the project and want to keep supporting the creator of the project. Here is my wallet 😭 😭
₿ BTC: 17sbbeTzDMP4aMELVbLW78Rcsj4CDRBiZh
Please open Telegram to view this post
VIEW IN TELEGRAM
❤8
Also dont forget to read this very very carefully -> https://github.com/khadafigans/Magento-Polyshell-RCE/blob/main/Workflow_Detail.md
GitHub
Magento-Polyshell-RCE/Workflow_Detail.md at main · khadafigans/Magento-Polyshell-RCE
Full and complete RCE exploit for Magento Polyshell - khadafigans/Magento-Polyshell-RCE
🔥3
Hey guys, i need some kind of review or idea that might help for an upgrade. How is the Polyshell? Is it great? Or is it bad
cms.py
16.9 KB
Forgot to upload this to github and i kinda lazy right now. this is magento detection (i will upload this to github too in the same repo)
❤3
I got a lot of people asking me questions so instead of answering each one i made this FAQ (Frequently Ask Questions)
FAQ
Q : How do i get Vulnerable list?
A : Idk bro where did u get your site list???
Q : Why haven’t i got any results from using Polyshell RCE?
A : If you still see the script running then just wait and if u want to test accuracy make your own site labs and remmber its only works on MAGENTO.
Q : How do i know my site list is magento?
A : Use cms.py that i have uploaded into the same repo or telegram
Q : Do you build private exploit?
A : Depends on the price. And i only able to build that already have a PoC or something. Do not expect me to build 0day because i can’t and it cost a lot of resources.
Q : Do you have an exploit you haven’t share yet?
A : Yes and i will never share that for security reasons ofcourse.
Q : How do i get Vulnerable list?
A : Idk bro where did u get your site list???
Q : Why haven’t i got any results from using Polyshell RCE?
A : If you still see the script running then just wait and if u want to test accuracy make your own site labs and remmber its only works on MAGENTO.
Q : How do i know my site list is magento?
A : Use cms.py that i have uploaded into the same repo or telegram
Q : Do you build private exploit?
A : Depends on the price. And i only able to build that already have a PoC or something. Do not expect me to build 0day because i can’t and it cost a lot of resources.
Q : Do you have an exploit you haven’t share yet?
A : Yes and i will never share that for security reasons ofcourse.