| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 8 Dec 2006 11:23:32 -0000 From: ifx@...u.us To: bugtraq@...urityfocus.com Subject: Midicart vulerable lintah_|adv|_15@...6>=========<[MidiCart]<===>[php b/d] ____ _________ ________________ ____ ___________ ___________ _____________ ____________ _______________ /___________________________________________________________________ _________________________________ / / ooo000-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~- ~-~-~-~-~-~-~-~-~-~-~-~-~-~000ooo/ / / \ \ \ Indonesian Cyber-Terrorist [ Grey Hats ] / / \ / / \ iFX a.k.a inversFX / / | ifx@... | | / \ \ / _________ \ \ | _____________ | | ! _____________________________ ! | :_________________________________________________.__________________ ________________________________:/ | | | | | | locate : Indonesia, Jakarta | | | -------------------------------- | | | date :06/12/2006 | | | -------------------------------- | | | title : | | | remote command execution through | | | arbitary local inclusion & vuln | | | of javascript | | | -------------------------------- | |/\ Developer : www.MidiCart.com / \ \_ -------------------------------- __/ \__/\ Victims : Commercial use /-----------------------------\\ -------------------------------- |-----------------------------|/ \---------------------------/ PoC : A. BYpass upload ------------------------ when you open admin page, and you see `new item` with uplod the image and i try uplod another ( u can guess it ;P ) then gotcha!!, you got it :) 1. open : http://<path>/admin/add.php 2. access your file, ex ; your file is cucut.php then : http://<path>/images/cucut.php 3. have fun :) patch : - use permission in that(images) folder to write --> drwxrwxr- x dork : think it :) B. Shopping cheap :D ------------------------ 1.st choose what is you want to order 2.then you can go to viewcart 3.on 'Qty', fill minus [-] value on 'Qty' field, which make it cheaper example : Qty Item No. Item Price USD Total 1 6001 128MB PC2100 DDR 22.99 22.99 -1 5001 Sony 52x CDROM 12.99 0.0-1298 Product Total USD 9.100 4.all right here we go patch : add script which not allowed 'minus' into the variable. ---------------------------------------------------------------------- origin : http://cupu.us/adv/15-iFX-2006-adv-midicart-phpbackdoor.txt ---------------------------------------------------------------------- iFX Said, and greet : ================================================> Lintah [ team of destroyer fucking school ] : -------------------------- iFX aka inversFX BJ aka Blue_Jaccker Sin~X aka Sin_Cross Xpl aka Xploid gM aka G4mm4 S3 aka Sock-3d BRO aka BiG_ReD_OnE fZ aka FrezZe cTZ aka CuruTZ -------------------------- k1tk4t solpot matdhule Fungky slacky Cow_1iseng NpR thama lapet setiawan theSnowbrain Soey y3d1ps Lirva32 K-159 Comex Bithedz anomaly tr0n: bitch(LOL) Cyb3rh3b Cybertank Ceyen netcom h34rt_br34ker x-ace x16 slackX til Silverant LasT COffin [mR]opt1lc BeWab Bluespy Val NoGe ghoz kukasih OvErDoNgO PremanMedan sakitjiwa t1g3r ^^Nakutta king_purba Mr_orche Sefirosu drygol@...ky0u etc....... @DALnet #phreakcuy #nyubicrew @ALLINDO #hitamputih@...indo #e-c-h-o #aikmel #asiahacker #newhack[dot]org #h4cky0u #groot #javahack #raptor #soey #semprol #yogyafree #daboxs #jasakom .......
Powered by blists - more mailing lists