Posted by Unknown | Saturday, 19 October 2013 |
Posted in
exploit,
leak
Hi friends,
Here again new 0day of WHMCS.
It's affect the Version 5.2.8 ( Current Version)
Again shit poor coding in new version of WHMCS .
Epicness not over . They make same mistake in
/includes/dbfunctions.phpWe can manipulate the GET/POST variables and end up with something like
$key = array('sqltype' => 'TABLEJOIN', 'value' = '[SQLI]');By using this Vulnerability we can also change the /configuration.php to whatever we want.
Vulnerability Deatils:
/includes/dbfunctions.php:
<?php
function select_query($table, $fields, $where, $orderby = '', $orderbyorder = '', $limit = '', $innerjoin = '') {
global $CONFIG;
global $query_count;
global $mysql_errors;
global $whmcsmysql;
if (!$fields) {
$fields = '*';
}
$query = 'SELECT ' . $fields . ' FROM ' . db_make_safe_field($table);
if ($innerjoin) {
$query .= ' INNER JOIN ' . db_escape_string($innerjoin);
}
if ($where) {
if (is_array($where)) {
$criteria = array();
foreach ($where as $origkey => $value) {
$key = db_make_safe_field($origkey);
if (is_array($value)) {
if ($key == 'default') {
$key = '`default`';
}
if ($value['sqltype'] == 'LIKE') {
$criteria[] = $key . ' LIKE \'%' . db_escape_string($value['value']) . '%\'';
continue;
}
if ($value['sqltype'] == 'NEQ') {
$criteria[] = $key . '!=\'' . db_escape_string($value['value']) . '\'';
continue;
}
if ($value['sqltype'] == '>') {
$criteria[] = $key . '>' . db_escape_string($value['value']);
continue;
}
if ($value['sqltype'] == '<') {
$criteria[] = $key . '<' . db_escape_string($value['value']);
continue;
}
if ($value['sqltype'] == '<=') {
$criteria[] = $origkey . '<=' . db_escape_string($value['value']);
continue;
}
if ($value['sqltype'] == '>=') {
$criteria[] = $origkey . '>=' . db_escape_string($value['value']);
continue;
}
if ($value['sqltype'] == 'TABLEJOIN') {
$criteria[] = $key . '=' . db_escape_string($value['value']);
continue;
}
if ($value['sqltype'] == 'IN') {
$criteria[] = $key . ' IN (\'' . implode('\',\'', db_escape_array($value['values'])) . '\')';
continue;
}
continue;
}
[...]
?>
So why wait for WHMCS to fix it :p
Just edit your previous 5.2.7 sqli 0day script or download new modified script from below:
http://www.mediafire.com/view/r6mrq71wxlwwv9t/whmcs2.pyor
https://www.dropbox.com/s/p2uta0bj41ya7gw/whmcs2.pyNow , Enjoy and stay Tunned with us.
Credit: Localhost.re
Posted by Unknown | Thursday, 17 October 2013 |
Posted in
deface
BlackHatMinds Website was finally owned by
Team Code104 after defacing it for 2 times in this year.
A message showing on the website:You got owned for the Third time now Mr.Parth Rai aka Pakka Chutiya
Admins of BlackHatMinds have messed with Code104 crew many times by attempting dns hijack of code104 domain and showing it as defaced...etc. So, a revenge was taken by Code104 T34m
More Noobidity and Exposures of BlackHatMinds Ultra NooB Admins Parth Rai and Edward Maya:
Exposure 1
Exposure 2
Exposure 3
Posted by Unknown | Saturday, 12 October 2013 |
Posted in
Team KDMS
A Pro-Palestinian Hacker's group who recently managed to hijack the
Rapid7 ,
Metasploit ,
AVG,
Avira & WhatsApp's websites has successfully hijacked another two Antivirus website
ESET &
Bitdefender.
Brief Detail Oh Hijack:
The Team KDMS successfully changed the DNS records of both websites to redirect visitor to a website playing the Palestinian national anthem and displaying a political message
Message :
We was thinking about quitting hacking and disappear again ..!
But we said : there is some sites must be hacked
You are one of our targets
Therefore we are here ..
And there is another thing .. do you know Palestine ?
There is a land called Palestine on the earth
This land has been stolen by Zionist
Do you know it ?
Palestinian people has the right to live in peace
Deserve to liberate their land and release all prisoners from israeli jails
We want peace
Long Live Palestine
Both the domains are registered from REGISTER.COM. REGISTER.COM is also domain registrar for Metasploit & Rapid7 websites (was hijacked yesterday).
The Websites were Hijacked by a spoofed change request fax to Register.com
Posted by Unknown | |
Posted in
Team KDMS
Posted by Unknown | Friday, 11 October 2013 |
Posted in
Anonymous,
CyberCrime
Malaysia DNS Hacked by The Most Dangerous and popular DNS hacker 1337
Google’s Malaysian site has been hacked and replaced with a splash screen giving credit to a group called “Team Madleets.” The normal site has been offline for several hours as of late Thursday afternoon and the page lists a series of handles that are ostensibly part of the team responsible. Updated with brief statement from the hackers below.
The attack appears to have been of the DNS poisoning variety, in which a hacker gained access to the Malaysia Network Information Center and changed the DNS records of Google’s site to Madleets-controlled servers. So no information appears to have been changed on Google’s servers at this time, as this is a redirect attack of sorts.
The stamp at the top says ‘[!] Struck by 1337′, which is apparently a reference to an individual hacker within the group called 1337, who has recently (allegedly) performed hacks on domain registrars of several countries. A message on 1337′s Facebook page says “Google Malaysia Stamped By 1337″ and references the google.com.my and google.my domains. The only other indicator about who the group could be is a reference to them being Pakistani in origin.The Madleets address leads to a Facebook page for the team that has the following message posted:We feel we need to alert anyone, that we don’t hack any country tlds for example google.com.my as a result of any kind of hate, We don’t hate anyone, We love all humanity, there is no obvious reason for stamping the tlds.
Least the reason is not any kind of hate.
Whatever the reason is we can’t explain except we love all of you.
Regard’s
H4x0rL1f3
The site, "google.com.my," was functioning normally later on Friday, but was displaying this snapshot as page put in place by the Madleet Hackers.
The page info states that “MadLeets is a Ethical and 1337 White Hat Hackers Community. We are Anti Hackers , we teach how to protect yourself from getting hacked.”
Hacker Used his Owned Server to host the Hijacked domains :
k [Primary Name Server] SKEY0000032631
b0x4.madleets.com 142.4.211.228
l [Secondary Name Server] SKEY0000032628
b0x3.madleets.com 185.8.105.82
Google.my, Google.com.my and also Mazda.my was Hijacked by 1337 in this attack
Top-level domains such as ".com" and country-code top level domains are held by a variety of companies and organizations. The security of those records is managed by those companies and is often mostly out of the control of the entities whose DNS records they hold.
A string of prominent companies have been affected by DNS hacks recently, including the New York Times, Huffington Post, Twitter and LeaseWeb.Earlier this week, a pro-Palestinian group gained entry to Network Solutions' network and modified DNS records for the website of the security companies AVG and Avira; the messaging platform WhatsApp; RedTube, a pornography site; and Alexa, a Web metrics company.
If the reasoning on the team’s Facebook page is accurate, then this is simply a matter of doing it because they can and not to make a political statement. A link placed in the source code of the page leads to a music video for the artist Instrumental Core. The music is auto-played on the site while visitors are there.
Google Malaysia was hacked back in July, along with several other Malaysian sites, by a group protesting the treatment of Bangladeshi workers in that country. One possible motivation for the group taking action now, if it is indeed not simply “exposing vulnerabilities” would be the Global Entrepreneurship Summit in Kuala Lumpur, which will be attended by Secretary of State John Kerry in lieu of President Barack Obama.Read More about recent Google Palestine DNS Hijacked at CyberAoN
Posted by Unknown | Sunday, 6 October 2013 |
Posted in
CyberCrime,
deface
MadLeeTs breached another NIC.
After successfully breached Council of Country Code Administrators Registry Services. 1337 Hacker from team MadLeeTs Hack NIC of
Antigua and Barbuda & Saint Lucia.
Below are the list of sites which have deface by them along with Deface Mirror
Posted by Unknown | Saturday, 5 October 2013 |
Posted in
exploit,
Technology,
vulnerability
WHMCS 5.2.7 SQLI INJECTION
So, Friends and Enemies :p here is the Lastest Vulnerability Leaked in Black Hackers Market for WHMCS
Vulnerability Effects:
/includes/dbfunctions.php:
Have Fun Guys!!!!
Posted by Unknown | Friday, 4 October 2013 |
Posted in
CyberCrime,
deface
Pakistani hackers of Team Madleets have breached the systems of the Council of Country Code Administrators (CoCCA) Registry Services.
The attackers defaced the CoCCA websites and the ones of several Network Information Centers (NIC) managed by CoCCA Registry Services (NZ) Limited, a private company that provides hosting services and software development on behalf of CoCCA members.
The CoCCA websites hacked by the Pakistani group are cocca.cx, cocca.org.nz, coccaregistry.org, coccaregistry.net and coccaregistry.com.
The targeted NICs are the ones of Christmas Island (nic.cx and nic.ki), Solomon Islands (nic.sb), East Timor (nic.tl), Norfolk Island (nic.nf and nic.net.nf), and South Georgia (nic.gs).
I would have reached out to CoCCA Registry Services representatives for a statement, but at the time of writing, all of their sites are inaccessible.
Posted by Unknown | |
Posted in
CyberCrime,
deface
Hackers of the Afghan Cyber Army have breached and defaced the official website of the Syrian Investment Agency (sia.gov.sy). The attackers have added their defacement page to a subfolder of the site.
The hackers say they’ve targeted the Syrian government website in support of their “brothers in Syria who fight for freedom.”
“O people of Syria, if you want we sacrifice our souls for you, and I say to all Mujahedeen brothers generally and to the Mujahedeen of Jabhat-Ul-Nasrah specifically: may Allah bless you in your Jihad and sacrifices and may Allah benefit through you,” the hackers said.
“Victory has become successive and the structure of Islam is now high and mighty. Hold your sword and fight those who have transgressed. With your machine gun enter the battlefield,” they wrote next to a picture of Bashar al-Assad, the president of Syria.
At the time of writing, the defacement page is still present on sia.gov.sy
