IRIS Citations Management Tool (post auth) Uzaktan komut çalıştırma açığı bulunmuş olup aşağıdaki url den exploit dosyasını indirip test edebilirsiniz.
Here is a bug that I finally found time to write about 🙂
The attached contains my mini framework, exploit and screenshot.
# I Read It Somewhere (IRIS) <= v1.3 (post auth) Remote Command Execution
# download: http://ireaditsomewhere.googlecode.com
# - Found this in my archive, duno how long this has been 0Day for... but I had no use for it obviously.
# - Yes! ..the code is disgusting, but does the job
# - Sorry if I ripped your code, it worked for me and I dont reinvent wheels so thank you!
# ~ aeon (https://infosecabsurdity.wordpress.com/)
# Exploit requirements:
# - A valid account as at least a user
# - The target to have outgoing internet connectivity
IP.Gallery 4.2.x and 5.0.x Persistent XSS Açığı bulunmuş olup, açığın olupum yeri ve açık hakkında açıklamalar şu şekildedir;
# Exploit Title: IP.Gallery 4.2.x and 5.0.x persistent XSS vulnerability
# Date: 8/2/2013
# Exploit Author: Mohamed Ramadan
# Vendor Homepage: http://www.invisionpower.com/
# Software Link: http://www.invisionpower.com/apps/gallery/
# Version: IP.Gallery 4.2.x and 5.0.x
image title is vulnerable to persistent XSS vulnerability which allow any
normal member to hack any administrator account or any other member account.
we contacted the vendor and reported this issue to them and they fixed it
and released this patch:
Here is a video demonstrating the attack in action :
and here is another video demonstrating how to bypass httponly cookies :
TP-LINK Admin Panel Multiple CSRF Açığı bulunmuş olup, açığın kullanımı ve açık hakkında açıklamalar şu şekildedir;
Advisory Name: Multiple Cross Site Request Forgery vulnerabilities in
TP-LINK Admin Panel
Internal Cybsec Advisory Id: 2013-0208-Multiple CSRF vulnerabilities in
Vulnerability Class: Cross Site Request Forgery (CSRF)
Release Date: 02/08/2013
Affected Applications: Firmware v3.13.6 Build 110923 Rel.53137n; other
versions may also be affected.
Affected Platforms: WR2543ND or any running the vulnerable firmware.
Local / Remote: Remote
Severity: Medium � CVSS: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
Researcher: Juan Manuel Garcia
Vendor Status: Acknowedged / Unpatched
Release Mode: User released
Reference to Vulnerability Disclosure Policy:
Multiple Cross Site Request Forgery vulnerabilities were found in TP-LINK
Admin Panel, because the application allows authorized users to perform
certain actions via HTTP requests without making proper validity checks to
verify the source of the requests. This can be exploited to perform
certain actions with administrative privileges if a logged-in user visits
a malicious web site.
Proof of Concepts:
1) New Storage Sharing and FTP Server user:
2) Disable the Router's Stateful Inspection Firewall:
An affected user may unintentionally execute actions written by an
attacker. In addition, an attacker may change router settings or gain
2012-10-10 � Vulnerability is identified.
2012-10-11 � Vendor is contacted.
2012-10-12 � Vulnerability details are sent to vendor.
2012-10-17 � Vendor confirms vulnerability and states �This vulnerability
has been escalated to our RD engineer but under current web server
framework it is hard to fix. Our engineer team will modify the web server
framework to fix this. Currently it is under process but will take time�.
2012-10-25 � Cybsec asks the vendor for the planned publication date for
2012-10-26 � Vendor states �I have no detailed schedule yet�.
2012-12-12 � Cybsec asks if there are any news regarding the solution of
2012-12-12 � Vendor states �The fix of this reported vulnerability is not
included in the last firmware upgrade because the web server framework
change is still under development�.
2013-02-01 � Cybsec tells the Vendor that the security advisory will be
published on Wednesday February 6.
2013-02-08 � Having received no reply from TP-Link, vulnerability is
For more information regarding the vulnerability feel free to contact the
jmgarcia <at> cybsec <dot> com
About CYBSEC S.A. Security Systems
Since 1996, CYBSEC is engaged exclusively in rendering professional
services specialized in Information Security. Their area of services
covers Latin America, Spain and over 250 customers are a proof of their
To keep objectivity, CYBSEC S.A. does not represent, neither sell, nor is
associated with other software and/or hardware provider companies.
Our services are strictly focused on Information Security, protecting our
clients from emerging security threats, maintaining their IT deployments
available, safe, and reliable.
Beyond professional services, CYBSEC is continuously researching new
defense and attack techniques and contributing with the security community
with high quality information exchange.
For more information, please visit www.cybsec.com
(c) 2010 - CYBSEC S.A. Security Systems
Coyote cms_site Sql injection Vulnerability
Sql injection on cms website
he we Goo !!
Google Dork : 'inurl:cms.php?id="
# Special Greetz : Mr.Benladen & X-Line & Azar36.Exe & Biksoft & xMjahd & KhalidMoro
WordPress p1m media manager plugin SQL Injection açığı ve açık bulucunun açık hakkındaki değerlentirmeleri şu kekildedir;
____ _ _ ____ _ _ ____ _ _ ___ ____ ____
|__| | | |__| |__| |__| |_/ |__] |__| |__/
| | |___ |___ | | | | | | | \_ |__] | | | \
# Exploit Title: WordPress p1m media manager plugin SQL Injection Vulnerability
# Author: KinG Of PiraTeS
# Facebook Profile: www.fb.me/cr4ck3d
# Facebeook Page : www.fb.me/serial.crack
# Facebeook Page : www.fb.me/Cars2Luxe
# E-mail: email@example.com / firstname.lastname@example.org
# Web Site : www.1337day.com | www.inj3ct0rs.com
# Category:: webapps
# Google Dork: inurl:"/wp-content/plugins/p1m-media-manager/"
# platform : php
# Vendor: NA
# Version: x.x.x
# Security Risk : High
# Tested on: [Windows 7 Edition Intégrale 64bit ]
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h |
# | * ------> KinG Of PiraTeS * The g0bl!n <-------- * |
# | ------------------------------------------------- < |
U can inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database.
Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password.
With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.
[~] P0c [~] :
Vuln file in :
[~] D3m0 [~] :
Peace From Algeria
# Greets To :
KedAns-Dz & Caddy-Dz & kalashinkov3 **All Algerians Hackers** , Kondamne , errajol ettayeb
(exploit-id.com) , (1337day.com) , (Sec4ever.com) , (h4ckforu.com) , (alboraaq.com)
All My Friendz: Hanixpo , Caddy-Dz , Indoushka , Jago-dz ,saoucha , BriscO-Dz
Over-X , Kha&miX ,Ev!LsCr!pT_Dz , T0xic ,TrOon , Tn_Scorpion , ..others ?___?