| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060927092847.17498.qmail@securityfocus.com> Date: 27 Sep 2006 09:28:47 -0000 From: ifx@...u.us To: bugtraq@...urityfocus.com Subject: bug com_madeira lintah_|adv|_02@...6>=========<[mambo-com_madeira]<===>[php injek] by : iFX a.k.a inversFX _______________________________ [ apem-zigzag@...kom.net ] [ inversfx@...oo.com ] [ ifx@...u.us ] ------------------------------- locate : Indonesia, Jakarta -------------------------------- date : 21/09/2006 -------------------------------- title : php backdoor & bug with in ;D -------------------------------- Developer : www.brightnet.co.uk << author of it ;D www.mamboserver.com -------------------------------- PoC : -------------------------------------------------------------------- 1. in 'photoupload.php' we can upload any file to the media's folder which have rwxrwxrwx permission ;D : ..... ..... and have `other` access permission to access that file ;D then now time to backdooring ;D ex: 1. upload your file to : http://localhost/administrator/components/com_madeira/photoupload.php 2. access your file in : http://localhost/components/com_madeira/images/youruplodfile.php in these section you get a few oportunity : 1. you can do RFI 2. you can delete any file in that folder 3. you can deface any picture which products 4. hmm, maybe you can see picture ;D 5. find it by your self :D ---------------------------------------------------------------------- origin : http://cupu.us/adv/ ---------------------------------------------------------------------- So you can find the dork by your self oK! ;D sory for my words In English, cuz I often REMED!!! ------------------------------------------------------------------------------------- iFX Said, and greet : ================================================> Lintah : -------------------------- iFX aka inversFX BJ aka Blue_Jaccker Sin~X aka Sin_Cross Xpl aka Xploid gM aka G4mm4 S3 aka Sock-3d BRO aka BiG_ReD_OnE fZ aka FrezZe cTZ aka CuruTZ _________________________________________________ /if our school not yet die then we didn't die \ \_________________________________________________/ ================================================> nyubicrew : -------------------------- solpot [baik hati suka menabung tidak sombong, dkk ;D] bius [Oi teman, makasih banget atas semua yang U ajarkan ke /me!, jarang2 ada hacker kaya' lu yang baek, :P] matdhule [rajanya bug nih orang, pasti setiap hari ngeluarin bug, wkwk :D] Fungky [Kayakna nih orang OLna tiap tengah malem mulu, jangan2 jangan2, jadi takut, wkwkwk :P] slacky [pasti kalo gw minta duit dikasi melulu ;", :)] Cow_1iseng [Nih orang kerjaannya makan mulu kayakna, wkwk :P] NpR [waduh ini orang kayakna strategis amat, nama tanpa wujud :D] thama [nih orang masih sekolah, tapi katanya ngga pernah ulangan << mungkin ga sich?? :? :D] lapet [ni orang baek banget, au' tuh kenape bisa begitu, namun gw salut deh ama lo om, hehe :D] setiawan [Oi jangan suka ngadalin orang oi, wkwk :D] theSnowbrain [Woi kali ngasi user ssh itu yang awet dan tahan lama donk ;D :)] dkk (Lupa gwe) << pokokna Solpot_Crew pada kocak2 deh... :D ================================================> Echo : -------------------------- y3d1ps [Jarang OL nih orang kaya'na, so no comment :|] lirva32 [nih orang spik2na aja se-ember eh taunya slanker, kwkwkw =))] Bithedz [Oi jangan wardriving mulu om, ntar kena GIPS malah kepanasan WLAN lho, kwkw, kan badan lo terbikin dari GIPS, heueeheuhe :-@ :D] anomaly [tunggu pembalasanku kawan, jangan suka ngekick :) :D :P] ================================================> Kecoak : -------------------------- cr45H3r [ngeselin Abis, gw jitak juga lo :[] :D :P] Cyb3rh3b [user friendly, wkwkwk] Cybertank [Rada gila, ngga konek gitu deh orang nya :P] Ceyen [waduh jangan kebanyakan makan dodol atuh!, no DODOl no cry ;D] bang_burung[Phoenix || loneEeagle] [Ngga jelas nicknya nih orang, tapi banyak riset tuh wkwk, good luck om burung!! :P] ================================================> No Community : -------------------------- netcom [Setiap hari pasti punya masalah, sabar ya, tapi nih orang pasti punya stuff yang aneh2, bagi2 donk om kalo ada yg baru! :D] h34rt_br34ker [Yang pasti sich nih orang ada usaha tuk belajar ;D] x-ace [Kecil-kecil si cabe rawit, tapi kalo berusaha pasti bisa kok :P] x16 [Woi, you must learn Indo GAUL language!, wkwk :D] slackX [Wah nih orang pengalaman amet ama yang namanya pinguin, widih mantep dah :))] til [Woi cannelna masih OP semua ??, kwkwkw good luck! ] Silverant [Biasanya sich nih orang punya idventory yang baru2, soalna gw minta stuff2 dari dia] LasT COffin [Oi kuliahnya jangan banyak2 ntar kepala lu meledak lho :D] k1tk4t [wih ngga bisa ngomong gw, ama master phracker, takut gw, tapi nih orang `menurut` gw ilmu phrackingnya ya dia ini yang paling SUHU se DALNET, jangan sering jumper om ntar kesetrum :D] ================================================>================================================>================================================>================================================>================================================> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |OK | Apply | Cancel | ----------------------
Powered by blists - more mailing lists