• Advertise
  • SS7 Hacking
Tuesday, January 31, 2023
No Result
View All Result
I Need Hack - Hacking Tutorials, News, Tips
  • Home
  • Exploits

    Broadcast Signal Intrusion – Hacking Radio Stations

    PHPJabbers Car Park Booking System 2.0 Cross Site Scripting

    Zstore 6.6.0 Cross Site Scripting

    PHPJabbers Event Ticketing System Script 1.0 Cross Site Scripting

    PHPJabbers Travel Tours Script 1.0 SQL Injection

    PHPJabbers Travel Tours Script 1.0 Cross Site Scripting

    PHPJabbers Property Listing Script 3.1 SQL Injection

    PHPJabbers Property Listing Script 3.1 Cross Site Scripting

    Razer Synapse 3.7.0731.072516 Local Privilege Escalation

    Trending Tags

    • sms exploit
    • ss7 software
    • simswap software
    • jpg exploit
    • kali linux
  • Hacking News
    Serious 2FA Bypass Vulnerability Affected Facebook And Instagram

    Serious 2FA Bypass Vulnerability Affected Facebook And Instagram

    Multiple Vulnerabilities In Yellowfin BI Could Allow RCE Attacks

    Multiple Vulnerabilities In Yellowfin BI Could Allow RCE Attacks

    LearnPress Plugin Vulnerabilities Risk Numerous WordPress Sites

    LearnPress Plugin Vulnerabilities Risk Numerous WordPress Sites

    TROJANPUZZLE Attack Forces AI Assistants to Suggest Rogue Coding

    Multiple Vulnerabilities Found In Samsung Galaxy App Store App

    Researchers Find Class Pollution-A Prototype Pollution Variant That Affects Python

    Be on the lookout for this AnyDesk Phishing campaign that delivers Vidar info stealer

    Brave Browser turns your device into a proxy for others via “Snowflake” Feature

    This tool, “telerwaf”, protects go apps from web-based attacks

  • Hacking Tools

    Test3213

    Test 2

    Test 2

    test

    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Here are some tips for students to help protect their data privacy

    Client-Side Exploitation [FREE COURSE VIDEO]

    What Common Security Problems Are Cloud-Based Networks?

    Penetration testing OWASP Top 10 Vulnerabilities [FREE COURSE CONTENT]

    OSINT Fundamentals [FREE COURSE CONTENT]

    Trending Tags

    • hacking tools
    • hacking software
    • hacking tips
    • ss7 attacks
    • simswap software
    • sms exploit
  • Hacking Tutorials

    Test3213

    Test 2

    Test 2

    test

    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Here are some tips for students to help protect their data privacy

    Client-Side Exploitation [FREE COURSE VIDEO]

    What Common Security Problems Are Cloud-Based Networks?

    Penetration testing OWASP Top 10 Vulnerabilities [FREE COURSE CONTENT]

    OSINT Fundamentals [FREE COURSE CONTENT]

  • Kali Linux
    Villain : Windows And Linux Backdoor Generator And Multi-Session Handler

    Villain : Windows And Linux Backdoor Generator And Multi-Session Handler

    PXEThief : Extract Passwords From The Operating System Deployment Functionality

    PXEThief : Extract Passwords From The Operating System Deployment Functionality

    The Terminal Application Cypherhound contains 260+ Neo4j Cyphers for BloodHound DataSets

    Subparse: Modular Malware Analysis Artifact Collection And Correlation Framework

    AzureHound : Azure Data Exporter For BloodHound

    Xerror is an automated penetration testing tool with GUI

    Mongoaudit is an audit and pentesting tool for MongoDB databases

    ADFSRelay – Proof of Concept Utilities Developed For Researching NTLM Relaying Attacks Targeting ADFS

    Azure Sentinel protects Kubernetes deployments

    Trending Tags

    • kali linux
    • kali tools
    • hacking tools kali
    • kali hacking
    • pentesting
  • Security
    Facebook & Instagram Flaw Let Anyone Bypass Two-factor Authentication

    Facebook & Instagram Flaw Let Anyone Bypass Two-factor Authentication

    U.S. No Fly List Leaked on Hacker Forum

    U.S. No Fly List Leaked on Hacker Forum

    Hackers Exploiting Unpatched Exchange Servers in The Wild

    Hackers Exploiting Unpatched Exchange Servers in The Wild

    Critical Realtek Vulnerability Impacting IoT Devices Worldwide

    Critical Realtek Vulnerability Impacting IoT Devices Worldwide

    New Research Uncovers Threat Actor Behind Infamous Golden Chickens Malware-as-a-Service

    New Research Uncovers Threat Actor Behind Infamous Golden Chickens Malware-as-a-Service

    Doctor Paid $60k in Bitcoin to Hire Dark Web Hitmen

    Doctor Paid $60k in Bitcoin to Hire Dark Web Hitmen

    What is Word Unscrambler In Gaming?

    What is Word Unscrambler In Gaming?

    Yandex Source Code Online Leaked, Company Denies Hack

    Yandex Source Code Online Leaked, Company Denies Hack

    Extradited Alleged ShinyHunters Hacker Pleads Not Guilty in US Court

    Extradited Alleged ShinyHunters Hacker Pleads Not Guilty in US Court

  • Advertise
  • Home
  • Exploits

    Broadcast Signal Intrusion – Hacking Radio Stations

    PHPJabbers Car Park Booking System 2.0 Cross Site Scripting

    Zstore 6.6.0 Cross Site Scripting

    PHPJabbers Event Ticketing System Script 1.0 Cross Site Scripting

    PHPJabbers Travel Tours Script 1.0 SQL Injection

    PHPJabbers Travel Tours Script 1.0 Cross Site Scripting

    PHPJabbers Property Listing Script 3.1 SQL Injection

    PHPJabbers Property Listing Script 3.1 Cross Site Scripting

    Razer Synapse 3.7.0731.072516 Local Privilege Escalation

    Trending Tags

    • sms exploit
    • ss7 software
    • simswap software
    • jpg exploit
    • kali linux
  • Hacking News
    Serious 2FA Bypass Vulnerability Affected Facebook And Instagram

    Serious 2FA Bypass Vulnerability Affected Facebook And Instagram

    Multiple Vulnerabilities In Yellowfin BI Could Allow RCE Attacks

    Multiple Vulnerabilities In Yellowfin BI Could Allow RCE Attacks

    LearnPress Plugin Vulnerabilities Risk Numerous WordPress Sites

    LearnPress Plugin Vulnerabilities Risk Numerous WordPress Sites

    TROJANPUZZLE Attack Forces AI Assistants to Suggest Rogue Coding

    Multiple Vulnerabilities Found In Samsung Galaxy App Store App

    Researchers Find Class Pollution-A Prototype Pollution Variant That Affects Python

    Be on the lookout for this AnyDesk Phishing campaign that delivers Vidar info stealer

    Brave Browser turns your device into a proxy for others via “Snowflake” Feature

    This tool, “telerwaf”, protects go apps from web-based attacks

  • Hacking Tools

    Test3213

    Test 2

    Test 2

    test

    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Here are some tips for students to help protect their data privacy

    Client-Side Exploitation [FREE COURSE VIDEO]

    What Common Security Problems Are Cloud-Based Networks?

    Penetration testing OWASP Top 10 Vulnerabilities [FREE COURSE CONTENT]

    OSINT Fundamentals [FREE COURSE CONTENT]

    Trending Tags

    • hacking tools
    • hacking software
    • hacking tips
    • ss7 attacks
    • simswap software
    • sms exploit
  • Hacking Tutorials

    Test3213

    Test 2

    Test 2

    test

    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Here are some tips for students to help protect their data privacy

    Client-Side Exploitation [FREE COURSE VIDEO]

    What Common Security Problems Are Cloud-Based Networks?

    Penetration testing OWASP Top 10 Vulnerabilities [FREE COURSE CONTENT]

    OSINT Fundamentals [FREE COURSE CONTENT]

  • Kali Linux
    Villain : Windows And Linux Backdoor Generator And Multi-Session Handler

    Villain : Windows And Linux Backdoor Generator And Multi-Session Handler

    PXEThief : Extract Passwords From The Operating System Deployment Functionality

    PXEThief : Extract Passwords From The Operating System Deployment Functionality

    The Terminal Application Cypherhound contains 260+ Neo4j Cyphers for BloodHound DataSets

    Subparse: Modular Malware Analysis Artifact Collection And Correlation Framework

    AzureHound : Azure Data Exporter For BloodHound

    Xerror is an automated penetration testing tool with GUI

    Mongoaudit is an audit and pentesting tool for MongoDB databases

    ADFSRelay – Proof of Concept Utilities Developed For Researching NTLM Relaying Attacks Targeting ADFS

    Azure Sentinel protects Kubernetes deployments

    Trending Tags

    • kali linux
    • kali tools
    • hacking tools kali
    • kali hacking
    • pentesting
  • Security
    Facebook & Instagram Flaw Let Anyone Bypass Two-factor Authentication

    Facebook & Instagram Flaw Let Anyone Bypass Two-factor Authentication

    U.S. No Fly List Leaked on Hacker Forum

    U.S. No Fly List Leaked on Hacker Forum

    Hackers Exploiting Unpatched Exchange Servers in The Wild

    Hackers Exploiting Unpatched Exchange Servers in The Wild

    Critical Realtek Vulnerability Impacting IoT Devices Worldwide

    Critical Realtek Vulnerability Impacting IoT Devices Worldwide

    New Research Uncovers Threat Actor Behind Infamous Golden Chickens Malware-as-a-Service

    New Research Uncovers Threat Actor Behind Infamous Golden Chickens Malware-as-a-Service

    Doctor Paid $60k in Bitcoin to Hire Dark Web Hitmen

    Doctor Paid $60k in Bitcoin to Hire Dark Web Hitmen

    What is Word Unscrambler In Gaming?

    What is Word Unscrambler In Gaming?

    Yandex Source Code Online Leaked, Company Denies Hack

    Yandex Source Code Online Leaked, Company Denies Hack

    Extradited Alleged ShinyHunters Hacker Pleads Not Guilty in US Court

    Extradited Alleged ShinyHunters Hacker Pleads Not Guilty in US Court

  • Advertise
No Result
View All Result
I Need Hack - Hacking Tutorials, News, Tips
SS7 SMS Intercept SS7 SMS Intercept SS7 SMS Intercept
Home Exploits

ERPGo SaaS 3.9 CSV Injection

by Ineedhack
January 23, 2023
in Exploits
0
80
SHARES
497
VIEWS
Share on FacebookShare on Twitter
Kripkey Spy Phone Kripkey Spy Phone Kripkey Spy Phone

# Exploit Title: ERPGo SaaS 3.9 – CSV Injection
# Date: 18/01/2023

# Exploit Author: Sajibe Kanti

# CVE ID

# Vendor Name: RajodiyaInfotech

# Vendor Homepage: https://rajodiya.com/

# Software Link

https://codecanyon.net/item/erpgo-saas-all-in-one-business-erp-with-project-account-hrm-crm-pos/33263426

# Version: 3.9

# Tested with: Windows & Live Litespeed Web Server

# Demo Link : https://demo.rajodiya.com/erpgo-saas/login

# Description

ERPGo, a SaaS platform for software-as-a-service (SaaS), is susceptible to CSV.

injection attacks. When an attacker can inject malware into the victim’s computer, this type of attack is called injection attacks.

To manipulate data imported into or exported from a CSV file in order to

Execute malicious code, or gain unauthorized access to sensitive information

information. An attacker can exploit this vulnerability by

Injecting data that is specially designed into a CSV File, then import it

In the ERPGo system. The attacker could gain access to the ERPGo system.

Access to confidential information such as financial or login credentials is possible

data or execute malicious code on the system.

# Proof of Concept (PoC), Exploit

1) Go To : https://erpgo.127.0.0.1/ERPGo/register <====| Register New

Account

2) Fill out the registration

3. Now, click Accounting System

Step 4: Now, Add a new Vendor / Click Create

‘ /C calc’!A0

6. Now, submit this form

7) Download the Vendors list as a csv

8) File This CSV in Excel

9) Open the Calculator

# Image PoC: Refer Image

1) Payload Fired: https://prnt.sc/EkKPZiMa6yz8

Tags: hack newshacking softwarehacking tipshacking toolshacking tutorialsinstagram hackjpg exploitsms exploit
Ineedhack

Ineedhack

Next Post

Active eCommerce CMS 6.5.0 Cross Site Scripting

Sim Swap Software Sim Swap Software Sim Swap Software

Recommended

CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability

Microsoft Exchange AutoDiscover Design Flaw: The Great Leak

1 year ago

Inout Jobs Portal 2.2.2 SQL Injection

6 days ago

Popular News

    • Advertise
    • SS7 Hacking

    ©2017- 2022 Hacking Tutorials

    No Result
    View All Result
    • Home
    • Exploits
    • Hacking News
    • Hacking Tools
    • Hacking Tutorials
    • Kali Linux
    • Security
    • Advertise