Share
## https://sploitus.com/exploit?id=68A3F776-A338-5DB3-A31D-A85B46D3DF8A
# ๐Ÿ”ฌ CVE-PoC-Hub โ€” Curated Proof-of-Concept Exploits

> Working, verified PoC scripts for recent CVEs. Tested in lab environments.
> For security researchers, penetration testers, and CTF players.


  
  
  
  


---

## โš ๏ธ Disclaimer

**All PoCs are for educational and authorized testing only.**
Each exploit has been tested in isolated lab environments.
**Do not use against systems without explicit permission.**

---

## ๐Ÿ“‚ Repository Structure

```
CVE-PoC-Hub/
โ”œโ”€โ”€ README.md
โ”œโ”€โ”€ CVE-2026-XXXXX/           # Each CVE gets its own folder
โ”‚   โ”œโ”€โ”€ README.md              # Description + steps
โ”‚   โ”œโ”€โ”€ exploit.py             # Working PoC
โ”‚   โ””โ”€โ”€ screenshot.png         # Proof of exploitation
โ”œโ”€โ”€ templates/
โ”‚   โ””โ”€โ”€ poc-template.py        # Standard PoC template
โ””โ”€โ”€ poc-runner.py              # Bulk PoC runner
```

---

## ๐Ÿ”ฅ Recent CVEs (2026)

| CVE | Product | Type | CVSS | PoC |
|-----|---------|------|------|-----|
| CVE-2026-PENDING | 299Ko CMS | Reflected XSS | 6.1 | [PoC](./CVE-2026-299Ko-XSS/) |
| CVE-2026-PENDING | Toner Management | BAC | 8.2 | [PoC](./CVE-2026-Toner-BAC/) |
| CVE-2026-PENDING | Inventory Mgmt | SQLi Auth Bypass | 9.8 | [PoC](./CVE-2026-Inventory-SQLi/) |
| CVE-2026-PENDING | Simple Inventory | SQLi ร—5 | 9.8 | [PoC](./CVE-2026-SimpleInv-SQLi/) |
| CVE-2026-PENDING | HC Store | Auth Bypass | 9.8 | [PoC](./CVE-2026-HCStore-Auth/) |
| CVE-2026-PENDING | Marketplace Mgmt | File Upload RCE | 9.0 | [PoC](./CVE-2026-Marketplace-RCE/) |
| CVE-2026-PENDING | MobiMart | BAC | 9.1 | [PoC](./CVE-2026-MobiMart-BAC/) |
| CVE-2026-PENDING | Premium Property | SQLi ร—3 + Auth | 9.8 | [PoC](./CVE-2026-PremiumProp-SQLi/) |
| CVE-2026-PENDING | CampusHub | SQLi ร—7 + XSS | 9.8 | [PoC](./CVE-2026-CampusHub/) |
| CVE-2026-PENDING | Public Utility | SQLi ร—2 + XSS ร—2 | 9.8 | [PoC](./CVE-2026-PublicUtil/) |
| CVE-2026-PENDING | DAGD | SSRF ร—2 + XSS | 7.5 | [PoC](./CVE-2026-DAGD-SSRF/) |
| CVE-2026-PENDING | BoidCMS | XSS + Data Exposure | 9.8 | [PoC](./CVE-2026-BoidCMS/) |

*CVE IDs pending MITRE assignment. PoCs will be published when CVEs are public.*

---

## ๐Ÿš€ Quick Start

```bash
git clone https://github.com/javokhir-sec/CVE-PoC-Hub.git
cd CVE-PoC-Hub

# List all available PoCs
python poc-runner.py --list

# Run a specific PoC (in lab environment)
python poc-runner.py --cve CVE-2026-XXXXX --target http://lab-target.local
```

---

## ๐Ÿ“‹ PoC Template

Use this template for your own PoCs: [`templates/poc-template.py`](templates/poc-template.py)

```python
#!/usr/bin/env python3
"""
CVE-YYYY-XXXXX: [Vulnerability Type] in [Product]
CVSS: X.X | Severity: Critical/High/Medium/Low
Author: @javokhir-sec
"""

import requests
import sys

TARGET = sys.argv[1] if len(sys.argv) > 1 else "http://localhost"

def exploit(target):
    """Execute the exploit and return True if vulnerable."""
    print(f"[*] Testing {target} for CVE-YYYY-XXXXX")

    # Step 1: Send malicious request
    payload = "alert(1)"
    r = requests.get(f"{target}/search?q={payload}")

    # Step 2: Verify exploitation
    if payload in r.text:
        print(f"[+] VULNERABLE! Payload reflected in response.")
        return True
    else:
        print(f"[-] Not vulnerable.")
        return False

if __name__ == "__main__":
    exploit(TARGET)
```

---

## ๐Ÿ› ๏ธ Bulk PoC Runner

```bash
# Run all XSS PoCs against a target
python poc-runner.py --category xss --target http://lab.local

# Run all SQLi PoCs
python poc-runner.py --category sqli --target http://lab.local

# Run specific severity level
python poc-runner.py --severity critical --target http://lab.local
```

---

## ๐Ÿ“Š Stats

| Category | Count |
|----------|-------|
| SQL Injection | 5 |
| XSS (Reflected/Stored) | 4 |
| Broken Access Control | 3 |
| Auth Bypass | 2 |
| SSRF | 1 |
| File Upload RCE | 1 |
| **Total** | **12** |

---

## ๐Ÿค Contributing

Have a working PoC for a recent CVE?

1. Fork this repo
2. Create folder: `CVE-YYYY-XXXXX/`
3. Include: `README.md` + `exploit.py` + screenshot
4. Submit PR

---

## ๐Ÿ“œ License

MIT ยฉ [Javokhir Tursunboyev](https://github.com/javokhir-sec)