Tuesday, October 10, 2006

echo 0wned Milworm advisories

Yesterday we (k-159, the_day and me) are doin some Bug Hunting for all Php Content Management System (CMS). Before we are doin this research time, k-159 has introducing us about some new technique/ways to hunting a bug in a short time. During this research day (October 9th) the_day found five advisories in a day, and K-159 found two bug in a day (but publish only one for some purpose).

how about Me?, i found some (three exactly) vulnerable CMS, but the sad thing that the version of CMS are old enough to have a bug (somebody has release the advisories n the vendor already releasing a new version). Till now, im reaching out the script to found a vulnerable one ... poor me

So, from yesterday till now, echo.or.id 0wned milw0rm top five web apps advisories, which is mean the front page... phew. Here is the screenshot, maybe u would find the same for todays,

There you go mate .., lets Dig em :)


  1. heuehueheuhe, borongan nieh :P~

    btw, is there a new technique ?

    i just know

    include $variabel

    and then just declarate the variable and..... puff (remote file inclusion) :D

    kLo ada yg cara COOL -nya paste juga dunk omz :lol:

    th3sn0wbr4in (dot) blogspot (dot) com

  2. @th3sn0wbr4in : hu uh, maren pada semangat tuh apalagi dedi :P, yups, typically vuln script emang kek gitu, ini cuma cara sorting di cms duank :)

  3. gimana tuh tehniknya supaya cepet dapet mas? /me juga mau diajarin :D

  4. @matdhule: emang belum tau ? :p

  5. ax[I]xu said..
    Bang gmn new technique nya? maklum penasarn..

  6. coba baca-baca ini : http://blog.wired.com/27bstroke6/2006/10/fun_with_google.html, http://www.schneier.com/blog/archives/2006/10/googles_code_se.html