Bitcoin Drop Significantly Recently
R.I.P HOTFILE.COM
“As a result of a United States federal court having found Hotfile.com to be in violation of copyright law, the site has been permanently shut down. If you are looking for your favorite movies or TV shows online, there are more ways than ever today to get high quality access to them on legal platforms.”
Today 05 december 2013 Hotfile RIP !
Elite Cyber Force Hacked by Code104 Team
Elite Cyber Force (Team ECF) Owned
Code104 Team says the below message:
For Mirrors Visit the below links:
[+] http://ecf.me/
[+] http://zone-hc.com/archive/mirror/1d09440_ecf.me_mirror_.html
[+] http://zone-h.com/mirror/id/21121128
For Ezine Exposure Visit:
[+] ez.code104.net/ecf/
"Bangladeshi TeamECF (Elite Cyber Forces) pretended to be 1337 h4x0rz but they gottheir ass kicked by Code104 team. First better secure your own site kidies before using your havij on random websites."
For Mirrors Visit the below links:
[+] http://ecf.me/
[+] http://zone-hc.com/archive/mirror/1d09440_ecf.me_mirror_.html
[+] http://zone-h.com/mirror/id/21121128
For Ezine Exposure Visit:
[+] ez.code104.net/ecf/
WHMCS 5.2.8 SQLI Vulnerability (0day)
Hi friends,
Here again new 0day of WHMCS.
It's affect the Version 5.2.8 ( Current Version)
Again shit poor coding in new version of WHMCS .
Epicness not over . They make same mistake in
/includes/dbfunctions.php
We can manipulate the GET/POST variables and end up with something like $key = array('sqltype' => 'TABLEJOIN', 'value' = '[SQLI]');
By using this Vulnerability we can also change the /configuration.php to whatever we want.
Vulnerability Deatils:
/includes/dbfunctions.php:
<?php
function select_query($table, $fields, $where, $orderby = '', $orderbyorder = '', $limit = '', $innerjoin = '') {
global $CONFIG;
global $query_count;
global $mysql_errors;
global $whmcsmysql;
if (!$fields) {
$fields = '*';
}
$query = 'SELECT ' . $fields . ' FROM ' . db_make_safe_field($table);
if ($innerjoin) {
$query .= ' INNER JOIN ' . db_escape_string($innerjoin);
}
if ($where) {
if (is_array($where)) {
$criteria = array();
foreach ($where as $origkey => $value) {
$key = db_make_safe_field($origkey);
if (is_array($value)) {
if ($key == 'default') {
$key = '`default`';
}
if ($value['sqltype'] == 'LIKE') {
$criteria[] = $key . ' LIKE \'%' . db_escape_string($value['value']) . '%\'';
continue;
}
if ($value['sqltype'] == 'NEQ') {
$criteria[] = $key . '!=\'' . db_escape_string($value['value']) . '\'';
continue;
}
if ($value['sqltype'] == '>') {
$criteria[] = $key . '>' . db_escape_string($value['value']);
continue;
}
if ($value['sqltype'] == '<') {
$criteria[] = $key . '<' . db_escape_string($value['value']);
continue;
}
if ($value['sqltype'] == '<=') {
$criteria[] = $origkey . '<=' . db_escape_string($value['value']);
continue;
}
if ($value['sqltype'] == '>=') {
$criteria[] = $origkey . '>=' . db_escape_string($value['value']);
continue;
}
if ($value['sqltype'] == 'TABLEJOIN') {
$criteria[] = $key . '=' . db_escape_string($value['value']);
continue;
}
if ($value['sqltype'] == 'IN') {
$criteria[] = $key . ' IN (\'' . implode('\',\'', db_escape_array($value['values'])) . '\')';
continue;
}
continue;
}
[...]
?>
So why wait for WHMCS to fix it :p
Just edit your previous 5.2.7 sqli 0day script or download new modified script from below:
http://www.mediafire.com/view/r6mrq71wxlwwv9t/whmcs2.py
or
https://www.dropbox.com/s/p2uta0bj41ya7gw/whmcs2.py
Now , Enjoy and stay Tunned with us.
Credit: Localhost.re
Black Hat Minds Owned By Code104
BlackHatMinds Website was finally owned by Team Code104 after defacing it for 2 times in this year.
A message showing on the website:
You got owned for the Third time now Mr.Parth Rai aka Pakka Chutiya
Admins of BlackHatMinds have messed with Code104 crew many times by attempting dns hijack of code104 domain and showing it as defaced...etc. So, a revenge was taken by Code104 T34m
More Noobidity and Exposures of BlackHatMinds Ultra NooB Admins Parth Rai and Edward Maya:
Exposure 1
Exposure 2
Exposure 3
A message showing on the website:
You got owned for the Third time now Mr.Parth Rai aka Pakka Chutiya
Admins of BlackHatMinds have messed with Code104 crew many times by attempting dns hijack of code104 domain and showing it as defaced...etc. So, a revenge was taken by Code104 T34m
More Noobidity and Exposures of BlackHatMinds Ultra NooB Admins Parth Rai and Edward Maya:
Exposure 1
Exposure 2
Exposure 3
ESET and BitDefender Websites Hijacked by Pro-Palestinian Hackers
A Pro-Palestinian Hacker's group who recently managed to hijack the Rapid7 , Metasploit , AVG, Avira & WhatsApp's websites has successfully hijacked another two Antivirus website ESET & Bitdefender.
Brief Detail Oh Hijack:
The Team KDMS successfully changed the DNS records of both websites to redirect visitor to a website playing the Palestinian national anthem and displaying a political message
Message :
We was thinking about quitting hacking and disappear again ..!
But we said : there is some sites must be hacked
You are one of our targets
Therefore we are here ..
And there is another thing .. do you know Palestine ?
There is a land called Palestine on the earth
This land has been stolen by Zionist
Do you know it ?
Palestinian people has the right to live in peace
Deserve to liberate their land and release all prisoners from israeli jails
We want peace
Long Live Palestine
Both the domains are registered from REGISTER.COM. REGISTER.COM is also domain registrar for Metasploit & Rapid7 websites (was hijacked yesterday).
The Websites were Hijacked by a spoofed change request fax to Register.com
Website of ESET And Bitdefender Hijacked by Palestine Hacker's
Again websites of famous antivirus websites hijacked by Palestine Hacker's ( Team KDMS )
Website's :
http://bitdefender.com/
http://eset.com/
Mirror's :
http://zone-h.org/mirror/id/20965095
http://zone-h.org/mirror/id/20965099
Website of Bitdefender is now restored but http://eset.com/ is still hijacked
Stay tuned for full report
