Jump to content

Bigojey

Members
  • Posts

    26
  • Joined

  • Last visited

    Never

Everything posted by Bigojey

  1. Microsoft Security Bulletin List With some public exploits with source code and executables try it get in...jav.ch greetz
  2. wow thank you very much m8... nice work
  3. <div class='quotetop'>QUOTE("Xavier")</div> pls in english german or espanol i hope it isnt such negativsentence
  4. i got this exploit from a friend. his name is Mustafa Can Bjorn but everybody knows him as nukedx ps: i dont know if this exploit was given before so dont be angry pls if you already know this exploit here's the exploit : Vendor: MKPortal (http://www.mkportal.it/) Version: 1.1 RC1 and prior versions must be affected. (Runs on vBulletin!) About: Via this methods remote attacker can inject arbitrary SQL queries to ind parameter in index.php of MKPortal. Vulnerable code can be found in the file mkportal/include/VB/vb_board_functions.php at line 35-37, as you can see it easy to by pass this SQL update function. Also there is cross-site scripting vulnerability in pm_popup.php the parameters u1,m1,m2,m3,m4 did not sanitized properly. Level: Critical --- How&Example: SQL Injection : GET -> http://[victim]/[mkportaldir]/index.php?ind= EXAMPLE -> [url]http://[victim]/[/url][mkportaldir]/index.php?ind=',userid='1 So with this example remote attacker updates his session's userid to 1 and after refreshing the page he can logs as userid 1. XSS: GET -> [url]http://[victim]/[/url][mkportaldir]/includes/pm_popup.php?u1=[XSS]&m1=[XSS]&m2=[XSS]&m3=[XSS]&m4=[XSS] --- Timeline: * 21/04/2006: Vulnerability found. * 21/04/2006: Contacted with vendor and waiting reply. --- Exploit: http://www.nukedx.com/?getxpl=26 --- Dorks: "MKPortal 1.1 RC1" --- Original advisory can be found at: http://www.nukedx.com/?viewdoc=26
  5. <div class='quotetop'>QUOTE("Alex")</div> Alex m8 ive already found one but thx... but i will not flame now we are all brothers xD
  6. thx m8! but the page is down i think look @ the pic KLICK FOR THE PIC
  7. thx for the tutorial nos could you pls post the url to the decoder ???
  8. Bigojey

    Shell !

    very cool. n1 thank you very much . everybody needs these shells
  9. Yeah i saw it after downloading and opening it. Very useful! Thx again
  10. i dont know what it is but i will download and look thx for sharing
  11. i have looked for a crack but i am not sure if it will work. my sockscap32.exe is the 2.38 version but i've found only crackz for the 2.37 <= versions i will upload some crackz i hope it will work if you test it. but pls check the crackz with your av! http://rapidshare.de/files/24296638/crackz.rar.html greetz
  12. yes : P thank you i hope the other users like it ,too. greetz
  13. Hi Community i hope a lot of you can understand me:) I have asked a good friend of me if he could make a Video for RomanianHackersZone. The VideoTutorial treats about the Vnc remote Exploit. We can easyly bypass the login (usernane-password) and get into RemoteComputers which has got a Vulnerable VncServer. Enjoy it Password: dafreak Mirror 1 : http://rapidshare.de/files/24269467/Vnc-Sc...aFreak.rar.html Mirror 2 : http://www.megaupload.com/?d=BRXBTYJ5 greetz BigOjey
  14. sry i was a long time not in this board because i had problems with my pc. i am happy that u liked it ^^. (the bad thing is that i can only speak german,english,latin,espanol,turkish but not your language :'( but i hope that i will learn it soon
  15. http://rapidshare.de/files/23506381/Sql_In..._freak.rar.html (pass: dafreak) hope u enjoy it
×
×
  • Create New...