Boonex Dolphin all versoin <= 7.3 Authentication Bypass

Posted by Saadi On Wednesday, 26 October 2016 3 comments
# Exploit Title     : Boonex Dolphin all versoin <= 7.3 Authentication Bypass # Exploit Author    : Saadat Ullah saadi_linux[@]rocketmail.com # Software Link     : https://www.boonex.com # Author HomePage   : http://security-geeks.blogspot.com      Proof of Concept   File: admin.inc.php Line:...
READ MORE

Hack Diaries - Pwning TLD Uganda

Posted by Saadi On Friday, 8 July 2016 1 comments
Hi, after a long time... today I am going to show you POC for pwning TLD .ug which I did some 3-4 years back. Years back the interface of the domain was http://old.registry.co.ug/ and "Domain Manager Panel" sub-domain was not exposed in the TLD main domain and search engines. So,...
READ MORE

000WebHost Leaked Data - Wordlist

Posted by Saadi On Tuesday, 1 December 2015 0 comments
Hi, I have just extracted passwords from leaked 000WebHost data and made a wordlist for hash cracking :). You can find it here https://drive.google.com/open?id=0B_ysNAZFtakdRlg5N0pvV01jS...
READ MORE

OpenCart <= 1.5.6.1 SQL Injection

Posted by Saadi On Wednesday, 26 March 2014 11 comments
Hi , so today we have SQL injection in OpenCart .I discovered this bug several months ago when i pentested OpenCart and found CSRF in it too.You can check CSRF here.The ebay.php file in OpenCart is badly coded and you can see a lot SQLi in it.So here it is.. http://www.exploit-db.com/exploits/32520 http://packetstormsecurity.com/files/125867/OpenCart-1.5.6.1-SQL-Injection.html http://cxsecurity.com/issue/WLB-2014030212 http://1337day.com/exploit/description/22071 #...
READ MORE

ClipSharePro <= 4.1 Local File Inclusion

Posted by Saadi On Saturday, 8 March 2014 1 comments
http://www.exploit-db.com/exploits/32131 http://cxsecurity.com/issue/WLB-2014030063 # Exploit Title  : ClipSharePro <= 4.1 Local File Inclusion # Date           : 2013/3/9 # Exploit Author : Saadat Ullah , saadi_linux[at]rocketmail[dot]com # Software Link  : http://www.clip-share.com # Author HomePage: http://security-geeks.blogspot.com #...
READ MORE
Read more »

Mybb 1.6.12 XSS P0c

Posted by Saadi On Friday, 14 February 2014 2 comments
Hi , i didn't update the blog for some time as i was busy with some other stuff but now onward some cool stuff coming soon which i found but didn't publish them.. Mybb XSS ,  some days back i found a advisory XSS in search.php Reference : http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/ After...
READ MORE

iScripts MultiCart <= 2.4 Persistent XSS / CSRF / XSS+CSRF Account takeover

Posted by Saadi On Saturday, 14 December 2013 1 comments
# Exploit Title  : iScripts MultiCart <=  2.4 Persistent XSS / CSRF / XSS+CSRF Account takeover # Date           : 2013/12/14 # Exploit Author : Saadat Ullah , saadi_linux[at]rocketmail[dot]com # Software Link  : http://www.iscripts.com # Author HomePage: http://security-geeks.blogspot.com # Tested on: Server : Apache/2.2.15 PHP/5.3.3 # Cross-site...
READ MORE
Page 1 of 6123456Next