==================================================================================================================================== | # Title : xcash V1.5 Insecure Settings Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit) | | # Vendor : https://appdevs.net/ | | # Dork : "Mollitia saepe ipsam nihil soluta quaerat vitae commodi placeat." | "Take your chance to win the world’s biggest lotto jackpots" | "Complete solution for mobile money and wallet system. Comes with User" | ==================================================================================================================================== poc : [+] The vulnerability is about leaving the default settings During the installation of the script and using the default username and password [+] Dorking İn Google Or Other Search Enggine. [+] Use Payload : user=admin & pass=admin123 or admin [+] https://127.0.0.1/allpeorg/admin/dashboard Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet | | =======================================================================================================================================