Information Security News and Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>CubeCart PHP (shipkey parameter) &lt;= 4.3.x Remote SQL Injection</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================================
CubeCart PHP (shipkey parameter) &lt;= 4.3.x Remote SQL Injection
==============================================================
SQL Injection in CubeCart PHP Free &amp; Commercial Shopping Cart Application
1. *Advisory Information*
Title: SQL Injection in CubeCart PHP Free &amp; Commercial [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>linux/ARM – setuid(0) &amp; kill(-1, SIGKILL) – 28 bytes</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
linux/ARM – setuid(0) &amp; kill(-1, SIGKILL) – 28 bytes
====================================================
/*
Title: Linux/ARM – setuid(0) &amp; kill(-1, SIGKILL) – 28 bytes
(Kill all processes)
Date: 2010-06-29
Tested: ARM926EJ-S [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>linux/ARM – setuid(0) &amp; execve(&quot;/bin/sh&quot;,&quot;/bin/sh&quot;,0) – 38 bytes</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================================
linux/ARM – setuid(0) &amp; execve(&quot;/bin/sh&quot;,&quot;/bin/sh&quot;,0) – 38 bytes
================================================================
/*
Title: Linux/ARM – setuid(0) &amp; execve(&quot;/bin/sh&quot;,&quot;/bin/sh&quot;,0) – 38 bytes
Date: 2010-06-29
Tested: ARM926EJ-S rev 5 (v5l)
Author: Jonathan Salwan
Web: http://shell-storm.org [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Inj3ct0r’s Community =&gt; 0xr00t / Make haste to register </title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================================
Inj3ct0r’s Community =&gt; 0xr00t / Make haste to register
==========================================================
opened a test forum. Please register. Registration will close 07/30/2010
0xr00t.com/index.php
Actively involved. Inactive user will be removed from the [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Oxygen2PHP &lt;= 1.1.3 (member.php) Blind SQL Injection Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================================
Oxygen2PHP &lt;= 1.1.3 (member.php) Blind SQL Injection Exploit
============================================================
#!/usr/bin/perl
#[0-Day] Oxygen2PHP &lt;= 1.1.3 (member.php) Remote SQL Injection Exploit
#Coded By Dante90, WaRWolFz Crew
#Bug Discovered By: Dante90, WaRWolFz Crew
use LWP::UserAgent;
use HTTP::Cookies;
use strict;
my $UserName = [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Oxygen2PHP &lt;= 1.1.3 (forumdisplay.php) Blind SQL Injection Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==================================================================
Oxygen2PHP &lt;= 1.1.3 (forumdisplay.php) Blind SQL Injection Exploit
==================================================================
#!/usr/bin/perl
#[0-Day] Oxygen2PHP &lt;= 1.1.3 (forumdisplay.php) Remote Blind SQL Injection Exploit
#Coded By Dante90, WaRWolFz Crew
#Bug Discovered By: Dante90, WaRWolFz Crew
use strict;
use LWP::UserAgent;
use HTTP::Request::Common;
use Time::HiRes;
use [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ShopCartDx &lt;= v4.30 (products.php) Blind SQL Injection Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================================
ShopCartDx &lt;= v4.30 (products.php) Blind SQL Injection Exploit
==============================================================
#!/usr/bin/perl
#[0-Day] ShopCartDx &lt;= v4.30 (products.php) Remote Blind SQL Injection Exploit
#Coded By Dante90, WaRWolFz Crew
#Bug Discovered By: Dante90, WaRWolFz Crew
use strict;
use LWP::UserAgent;
use HTTP::Request::Common;
use Time::HiRes;
use [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ShopCartDx &lt;= v4.30 (product_detail.php) Blind SQL Injection Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================================
ShopCartDx &lt;= v4.30 (product_detail.php) Blind SQL Injection Exploit
====================================================================
#!/usr/bin/perl
#[0-Day] ShopCartDx &lt;= v4.30 (product_detail.php) Remote Blind SQL Injection Exploit
#Coded By Dante90, WaRWolFz Crew
#Bug Discovered By: Dante90, WaRWolFz Crew
use strict;
use LWP::UserAgent;
use HTTP::Request::Common;
use Time::HiRes;
use [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Oxygen2PHP &lt;= 1.1.3 (post.php) Blind SQL Injection Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================================
Oxygen2PHP &lt;= 1.1.3 (post.php) Blind SQL Injection Exploit
==========================================================
#!/usr/bin/perl
#[0-Day] Oxygen2PHP &lt;= 1.1.3 (post.php) Remote Blind SQL Injection Exploit
#Coded By Dante90, WaRWolFz Crew
#Bug Discovered By: Dante90, WaRWolFz Crew
use strict;
use LWP::UserAgent;
use HTTP::Request::Common;
use Time::HiRes;
use [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ES Simple Uploader v 1.1 =&gt; upload shell Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================================
ES Simple Uploader v 1.1 =&gt; upload shell Vulnerability
======================================================
##########################################
#[+] Date: 30/06/2010
#[+] Author: MeGo
#[+] Tested ON :windows xP
#[+] MY Team : Team Hacker Egypt
#[+] Email: M3GO@live.com
#[+] CategorY : Webapps/0day [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>SIDA University System SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==================================================
SIDA University System SQL Injection Vulnerability
==================================================
# Author: K053 &lt;K053.dev0te3 at gmail&gt;
# Vendor : SIDA &lt; http://91.98.156.224/ &gt;
# Version: All below 1389 are vulberable
====================================================================================
Note: Seems vendor patched this vulnerability in newest update [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>XiGroup (news.php) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================
XiGroup (news.php) SQL Injection Vulnerability
==============================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>MusicBox &lt;= v3.3 (install.php) Change Password Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================================
MusicBox &lt;= v3.3 (install.php) Change Password Vulnerability
============================================================
[~] Author : Mr.ThieF
[~] Software Link : www.musicboxv2.com
[~] Version : v3.3
[~] Contact : Sj-@hotmail.com &lt;~
[~] DorK : genre_artists.php?id=13
[~] CVE :
[~] Code :
[~] How To Exploit [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Dada CMS (gioco_desc.php) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================================
Dada CMS (gioco_desc.php) SQL Injection Vulnerability
=====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>iScripts EasySnaps Multiple SQL Injection Vulnerabilities</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================================
iScripts EasySnaps Multiple SQL Injection Vulnerabilities
=========================================================
iScripts EasySnaps Multiple SQL Injection Vulnerabilities
Name iScripts EasySnaps
Vendor [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>MooreAdvice (productlist.asp) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================================
MooreAdvice (productlist.asp) SQL Injection Vulnerability
=========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>VGM Forbin (article.asp) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
VGM Forbin (article.asp) SQL Injection Vulnerability
====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>DCMS (SC.php) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================
DCMS (SC.php) SQL Injection Vulnerability
=========================================
# Exploit Title: DCMS (SC.php) SQL Injection Vulnerability
# Date: 01.07.2010
# Author: Dark.Man &gt; dark.kopat@gmail.com
# Thanks To: ALimanov / Diq3N / By.HuCRe / SkyTurk / 3KStyL3 /
WatChFul / P_i_X_X_e / [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Ubiquity Nanostation5 (Air OS) 0day Remote Command Execution</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================================
Ubiquity Nanostation5 (Air OS) 0day Remote Command Execution
============================================================
# Exploit Title: Ubiquity Nanostation5 (Air OS) 0day Remote Command Execution
# Date: 01 07 2010
# Author: Emanuele ‘emgent’ Gentili
# Software Link: N/A
# Version: [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Setiran CMS Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================
Setiran CMS Blind SQL Injection Vulnerability
=============================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]