Vulners
Lucene search
midiripoff.txt
`lintah_|adv|_15@2006>=========<[MidiCart]<===>[php b/d]
____ _________ ________________ ____ ___________ ___________
_____________ ____________ _______________
/___________________________________________________________________
_________________________________ / /
ooo000-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
~-~-~-~-~-~-~-~-~-~-~-~-~-~000ooo/ /
/
\ \
\ Indonesian Cyber-Terrorist [
Grey Hats ] / /
\
/ /
\ iFX a.k.a inversFX
/ /
| ifx@...
| |
/
\ \
/ _________
\ \
| _____________
| |
! _____________________________
! |
:_________________________________________________.__________________
________________________________:/
| | |
| | |
locate : Indonesia, Jakarta | | |
-------------------------------- | | |
date :06/12/2006 | | |
-------------------------------- | | |
title : | | |
remote command execution through | | |
arbitary local inclusion & vuln | | |
of javascript | | |
-------------------------------- | |/\
Developer : www.MidiCart.com / \ \_
-------------------------------- __/ \__/\
Victims : Commercial use /-----------------------------\\
-------------------------------- |-----------------------------|/
\---------------------------/
PoC :
A. BYpass upload
------------------------
when you open admin page, and you see `new item`
with uplod the image and i try uplod another ( u can guess
it ;P )
then gotcha!!, you got it :)
1. open :
http://<path>/admin/add.php
2. access your file, ex ; your file is cucut.php then :
http://<path>/images/cucut.php
3. have fun :)
patch :
- use permission in that(images) folder to write --> drwxrwxr-
x
dork :
think it :)
B. Shopping cheap :D
------------------------
1.st choose what is you want to order
2.then you can go to viewcart
3.on 'Qty', fill minus [-] value on 'Qty' field, which make
it cheaper
example :
Qty Item No. Item Price USD
Total
1 6001 128MB PC2100 DDR 22.99
22.99
-1 5001 Sony 52x CDROM 12.99
0.0-1298
Product Total USD
9.100
4.all right here we go
patch :
add script which not allowed 'minus' into the variable.
----------------------------------------------------------------------
origin :
http://cupu.us/adv/15-iFX-2006-adv-midicart-phpbackdoor.txt
----------------------------------------------------------------------
iFX Said, and greet :
================================================>
Lintah [ team of destroyer fucking school ] :
--------------------------
iFX aka inversFX
BJ aka Blue_Jaccker
Sin~X aka Sin_Cross
Xpl aka Xploid
gM aka G4mm4
S3 aka Sock-3d
BRO aka BiG_ReD_OnE
fZ aka FrezZe
cTZ aka CuruTZ
--------------------------
k1tk4t solpot
matdhule Fungky
slacky Cow_1iseng
NpR thama
lapet setiawan
theSnowbrain Soey
y3d1ps Lirva32
K-159 Comex
Bithedz anomaly
tr0n: bitch(LOL) Cyb3rh3b
Cybertank Ceyen
netcom h34rt_br34ker
x-ace x16
slackX til
Silverant LasT COffin
[mR]opt1lc BeWab
Bluespy Val
NoGe ghoz
kukasih OvErDoNgO
PremanMedan sakitjiwa
t1g3r ^^Nakutta
king_purba Mr_orche
Sefirosu drygol@h4cky0u
etc.......
@DALnet
#phreakcuy
#nyubicrew @ALLINDO
#hitamputih@allindo
#e-c-h-o
#aikmel
#asiahacker
#newhack[dot]org
#h4cky0u
#groot
#javahack
#raptor
#soey
#semprol
#yogyafree
#daboxs
#jasakom
.......
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Dec 2006 00:00Current
7.4High risk
Vulners AI Score7.4