Share
## https://sploitus.com/exploit?id=68A3F776-A338-5DB3-A31D-A85B46D3DF8A
# ๐ฌ CVE-PoC-Hub โ Curated Proof-of-Concept Exploits
> Working, verified PoC scripts for recent CVEs. Tested in lab environments.
> For security researchers, penetration testers, and CTF players.
---
## โ ๏ธ Disclaimer
**All PoCs are for educational and authorized testing only.**
Each exploit has been tested in isolated lab environments.
**Do not use against systems without explicit permission.**
---
## ๐ Repository Structure
```
CVE-PoC-Hub/
โโโ README.md
โโโ CVE-2026-XXXXX/ # Each CVE gets its own folder
โ โโโ README.md # Description + steps
โ โโโ exploit.py # Working PoC
โ โโโ screenshot.png # Proof of exploitation
โโโ templates/
โ โโโ poc-template.py # Standard PoC template
โโโ poc-runner.py # Bulk PoC runner
```
---
## ๐ฅ Recent CVEs (2026)
| CVE | Product | Type | CVSS | PoC |
|-----|---------|------|------|-----|
| CVE-2026-PENDING | 299Ko CMS | Reflected XSS | 6.1 | [PoC](./CVE-2026-299Ko-XSS/) |
| CVE-2026-PENDING | Toner Management | BAC | 8.2 | [PoC](./CVE-2026-Toner-BAC/) |
| CVE-2026-PENDING | Inventory Mgmt | SQLi Auth Bypass | 9.8 | [PoC](./CVE-2026-Inventory-SQLi/) |
| CVE-2026-PENDING | Simple Inventory | SQLi ร5 | 9.8 | [PoC](./CVE-2026-SimpleInv-SQLi/) |
| CVE-2026-PENDING | HC Store | Auth Bypass | 9.8 | [PoC](./CVE-2026-HCStore-Auth/) |
| CVE-2026-PENDING | Marketplace Mgmt | File Upload RCE | 9.0 | [PoC](./CVE-2026-Marketplace-RCE/) |
| CVE-2026-PENDING | MobiMart | BAC | 9.1 | [PoC](./CVE-2026-MobiMart-BAC/) |
| CVE-2026-PENDING | Premium Property | SQLi ร3 + Auth | 9.8 | [PoC](./CVE-2026-PremiumProp-SQLi/) |
| CVE-2026-PENDING | CampusHub | SQLi ร7 + XSS | 9.8 | [PoC](./CVE-2026-CampusHub/) |
| CVE-2026-PENDING | Public Utility | SQLi ร2 + XSS ร2 | 9.8 | [PoC](./CVE-2026-PublicUtil/) |
| CVE-2026-PENDING | DAGD | SSRF ร2 + XSS | 7.5 | [PoC](./CVE-2026-DAGD-SSRF/) |
| CVE-2026-PENDING | BoidCMS | XSS + Data Exposure | 9.8 | [PoC](./CVE-2026-BoidCMS/) |
*CVE IDs pending MITRE assignment. PoCs will be published when CVEs are public.*
---
## ๐ Quick Start
```bash
git clone https://github.com/javokhir-sec/CVE-PoC-Hub.git
cd CVE-PoC-Hub
# List all available PoCs
python poc-runner.py --list
# Run a specific PoC (in lab environment)
python poc-runner.py --cve CVE-2026-XXXXX --target http://lab-target.local
```
---
## ๐ PoC Template
Use this template for your own PoCs: [`templates/poc-template.py`](templates/poc-template.py)
```python
#!/usr/bin/env python3
"""
CVE-YYYY-XXXXX: [Vulnerability Type] in [Product]
CVSS: X.X | Severity: Critical/High/Medium/Low
Author: @javokhir-sec
"""
import requests
import sys
TARGET = sys.argv[1] if len(sys.argv) > 1 else "http://localhost"
def exploit(target):
"""Execute the exploit and return True if vulnerable."""
print(f"[*] Testing {target} for CVE-YYYY-XXXXX")
# Step 1: Send malicious request
payload = "alert(1)"
r = requests.get(f"{target}/search?q={payload}")
# Step 2: Verify exploitation
if payload in r.text:
print(f"[+] VULNERABLE! Payload reflected in response.")
return True
else:
print(f"[-] Not vulnerable.")
return False
if __name__ == "__main__":
exploit(TARGET)
```
---
## ๐ ๏ธ Bulk PoC Runner
```bash
# Run all XSS PoCs against a target
python poc-runner.py --category xss --target http://lab.local
# Run all SQLi PoCs
python poc-runner.py --category sqli --target http://lab.local
# Run specific severity level
python poc-runner.py --severity critical --target http://lab.local
```
---
## ๐ Stats
| Category | Count |
|----------|-------|
| SQL Injection | 5 |
| XSS (Reflected/Stored) | 4 |
| Broken Access Control | 3 |
| Auth Bypass | 2 |
| SSRF | 1 |
| File Upload RCE | 1 |
| **Total** | **12** |
---
## ๐ค Contributing
Have a working PoC for a recent CVE?
1. Fork this repo
2. Create folder: `CVE-YYYY-XXXXX/`
3. Include: `README.md` + `exploit.py` + screenshot
4. Submit PR
---
## ๐ License
MIT ยฉ [Javokhir Tursunboyev](https://github.com/javokhir-sec)