by r0t,der4444,cembo,VietMafia

Tuesday, January 17, 2006

just view..

I wasnt more than week in .net and i see that xaPridel had posted some 0-day exploitz without public re-publishing.
So, with public stuff i hope i will be back in this blog after 1-2 weeks ....
Also i will give in board some good stuff .
take care and stay tuned:} with Pridels Sec Crew.

Saturday, January 14, 2006

ezDatabase 2.0 and below

ezDatabase 2.0 and below
"ezDatabase is the foundation for your online databases. It is a powerful web based application that allows even non-technical users to create online databases for their website. ezDatabase will do the hard work while you concentrate on building the databases you want."

This vulnerability was first disclosed at:
By Pridels Team:

This application insecurely uses variables in several ways.

registered_globals = on OR off

Rewrite the application to follow the guidelines of the PHP Security Consortium

At this time there are several more vulnerabilites that have only been disclosed at:

Tuesday, January 10, 2006

new domains....

I add yesterday some new domains, cauz is for some reasons on air and isnt very good domain for us.
so i think main domain can be also :
and some bonnus domains

cembo can do changes by forum and set for now as main domain.

keep workin!

Monday, January 09, 2006

r0t is here....

Hi guys i read comments , that my buddys ,friends are worry abot me.
Of course im alive , just dont have any connect to internet.
About our project, this blog isnt dead and will not be dead, just for some time i will be very inactive poster here, in my place can be der4444 or cembo or RaZbh .
About the domain is still in air when i will have more oportunities in internet and normal connection i will resolve that problem.
cembo and xpridel is admins on board , the board is empty but i hope after this post it will start to be an normal board , with great stuff for many level members, hackers,crackers,testers,programmers all those who wanna learn and share they knowlegde from whole globe.
board you can found on

about my problems and error´s from real life, nobody must throw away or overwrite they hd´s cauz i had some problems.

To my team guys: dont stop workin, i will be back!


Monday, January 02, 2006

Primo Cart SQL inj.

Primo Cart SQL inj.

Vuln. discovered by : r0t
Date: 2 jan. 2006
affected version:1.0 and prior

Product Description:

Primo Cart is a fully customizable turnkey shopping cart solution that enables any novice to advance level merchant to execute and manage their very own storefront fast and easy. The administration area interface is design with CSS for a clean look/feel and new AJAX technology for fast product management made easy. Coupled with the robust Smarty template engine, changes to the look/feel can be performed directly via FTP. Backend by MySQL and optimized for fast product querying. Supports and dynamic shipping cost lookup via UPS Online Tools, unlimited products, unlimited category nesting, unlimited custom fields, options/variances, product images, product rating/reviews, and unique category meta tags. The advance product import tool takes in a CSV file for mass imports. Primo cart offers free updates and community support to keep your cart tuned and in shape.

Vuln. Description:

Primo Cart contains a flaw that allows a remote sql injection attacks.Input passed to the "q" parameter in "search.php" and "email" parameter in "user.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code



Edit the source code to ensure that input is properly sanitised.

Copyright (c) 2006 Pridels Sec Crew