Loading

Sunday, July 31, 2011

Marhaban Ya Ramadhan

"Marhaban Ya Ramadhan"


Assalamu'alaikum Wr. Wb.

Marhaban Ya Ramadhan - Selamat Datang Bulan Ramadhan

Do'a Malaikat Jibril adalah sbb:

"Ya Allah tolong abaikan puasa ummat Muhammad,
apabila sebelum memasuki bulan Ramadhan dia tidak melakukan hal-hal yang berikut:

- Tidak memohon maaf terlebih dahulu kepada kedua orang tuanya (jika masih ada);
- Tidak berma'afan terlebih dahulu antara suami istri;
- Tidak berma'afan terlebih dahulu dengan orang-orang sekitarnya.

Maka Rasulullahpun mengatakan amiin sebanyak 3 kali.
Dapat kita bayangkan, yang berdo'a adalah Malaikat dan yang meng-amiinkan adalah Rasullullah
dan para sahabat, dan dilakukan pada hari Jum'at.

Tanpa Disadari

11 bulan
banyak kata sudah diucapkan dan dilontarkan
tak semua menyejukkan,

11 bulan
banyak perilaku yang sudah dibuat dan diciptakan
tak semua menyenangkan,

11 bulan
banyak keluhan, kebencian, kebohongan
menjadi bagian dari diri,


saatnya istirahat dalam "perjalanan dunia"
saatnya membersihkan jiwa yang berjelaga,
saatnya menikmati indahnya kemurahanNya
saatnya memahami makna pensucian diri

Selamat menunaikan Ibadah Puasa
bersama kita leburkan kekhilafan,

Semoga dengan puasa mempertemukan kita
dengan Keagungan Lailatul Qadar
dan kita semua menjadi pilihanNya
untuk dikabulkan do'a - do'a
dan kembali menjadi fitrah

Amin.



Shoutz:
~~~~~~~
oO0::::: Greetz and Thanks: :::::0Oo.
Tuhan YME
My Parents
SPYRO_KiD
K-159
lirva32
newbie_campuz

And Also My LuvLy wife :
..::.E.Z.R (The deepest Love I'v ever had..).::..

in memorial :
1. Monique
2. Dewi S.
3. W. Devi Amelia
4. S. Anna

oO0:::A hearthy handshake to: :::0Oo
~ Crack SKY Staff
~ Echo staff
~ antijasakom staff
~ jatimcrew staff
~ whitecyber staff
~ lumajangcrew staff
~ devilzc0de staff
~ unix_dbuger, boys_rvn1609, jaqk, byz9991, bius, g4pt3k, anharku, wandi, 5yn_4ck, kiddies, bom2, untouch, antcode
~ arthemist, opt1lc, m_beben, gitulaw, luvrie, poniman_coy, ThePuzci, x-ace, newbie_z, petunia, jomblo.k, hourexs_paloer, cupucyber, kucinghitam, black_samuraixxx, ucrit_penyu, wendys182, cybermuttaqin
~ k3nz0, thomas_ipt2007, blackpaper, nakuragen, candra, dewa
~ whitehat, wenkhairu, Agoes_doubleb, diki, lumajangcrew a.k.a adwisatya a.k.a xyberbreaker, wahyu_antijasakom
~ Cruz3N, mywisdom,flyff666, gunslinger_, ketek, chaer.newbie, petimati, gonzhack, spykit, xtr0nic, N4ck0, assadotcom, Qrembiezs, d4y4x, gendenk, si bD, Jimmy Deadc0de, Rede Deadc0de
~ All people in SMAN 3
~ All members of spyrozone
~ All members of echo
~ All members of newhack
~ All members of jatimcrew
~ All members of Anti-Jasakom
~ All members of whitecyber
~ All members of Devilzc0de
~ All members of Kaskus - "Especially Regional Solo Kaskus"
#e-c-h-o, #K-elektronik, #newhack, #Solohackerlink, #YF, #defacer, #manadocoding, #jatimcrew, #antijasakom, #whitecyber, #devilzc0de [Read More...]

Tuesday, June 14, 2011

[AJS_ADVISORIES_09&2011] CubeCart 2.0.7 XSS && Remote SQL Injection => Multiple Vulnerabilities

# Exploit Title: CubeCart 2.0.7 XSS && Remote SQL Injection => Multiple Vulnerabilities
# Date: June, 14th 2011 [GMT +7]
# Author: Shamus
# Software Link: http://www.cubecart.com/
# Version : CubeCart 2.0.7
# Tested on: windows 7, ubuntu 11.04
# CVE : -

-----------------------------------------------------------------------------------------
[AJS_ADVISORIES_09&2011] CubeCart 2.0.7 XSS && Remote SQL Injection => Multiple Vulnerabilities
-----------------------------------------------------------------------------------------

Author : Shamus
Date : June, 14th 2011 [GMT +7]
Location : Solo && Jogjakarta, Indonesia
Web : http://antijasakom.net/forum
Critical Lvl : Medium
Impact : Exposure of sensitive information
Where : From Remote
---------------------------------------------------------------------------



Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : CubeCart
Version : CubeCart 2.0.7
Vendor : Devellion Limited of 5 Bridge Street,Bishops Stortford, HERTS. CM23 2JU (Company Registration Number 5323904)
Download : http://www.cubecart.com/site/downloads/
Description :
CubeCart is a fully featured ecommerce shopping cart solution used by over a million store owners around the world.
CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support.
With CubeCart you can quickly setup a powerful online store which can be used to sell digital or tangible products to new and existing customers all over the world.
There are a great deal of powerful features enabling your business to trade online successfully.
It is easy to modify the look and feel of your store to match your company's branding or to site comfortably beside your existing website due to CubeCart's powerful HTML template system.
Our solutions are robust, flexible, affordable and are supported by not only a profitable and stable company but a thriving community of enthusiasts who are keen to recommend it and share their ideas and experience.
To use CubeCart you will require a compatible web hosting account. If you wish to take credit/debit card payments a merchant account will be required to work with one of the supported modules.
If you have any questions about our products or services, please be sure to contact a member of staff who will be delighted to help.

--------------------------------------------------------------------------



Vulnerability:
~~~~~~~~~~~~
A weakness has been discovered cubecart.
Where an attacker could exploit the gap that exists to obtain sensitive data within the database.
This may compromise the integrity of your database and/or expose sensitive information.
- The SQL injection vulnerability identified in the path "index.php", "view_cart.php" and "view_product.php".
- The XSS vulnerability identified in the path "search".


PoC/Exploit:
~~~~~~~~~~
SQL injection vulnerability affects:

- http://site.com/path/index.php?cat_id=%27

- http://site.com/path/view_product.php?product=%27

- http://site.com/path/view_cart.php?add=%27


XSS vulnerability affects:

- http://site.com/path/search.php

admin page:

- http://site.com/path/admin/login.php


Dork:
~~~~~
Google : inurl:"index.php?cat_id=" powered by CubeCart 2.0.7

Solution:
~~~~~
- Your script should filter metacharacters from user input.
- Edit the source code to ensure that input is properly verified.


Timeline:
~~~~~~~
- 12 - 06 - 2011 bug found.
- 12 - 06 - 2011 vendor contacted, but no response.
- 14 - 06 - 2011 Advisories release.

---------------------------------------------------------------------------



Shoutz:
~~~~~~~
oO0::::: Greetz and Thanks: :::::0Oo.
Tuhan YME
My Parents
SPYRO_KiD
K-159
lirva32
newbie_campuz

And Also My LuvLy wife :
..::.E.Z.R (The deepest Love I'v ever had..).::..

in memorial :
1. Monique
2. Dewi S.
3. W. Devi Amelia
4. S. Anna

oO0:::A hearthy handshake to: :::0Oo
~ Crack SKY Staff
~ Echo staff
~ antijasakom staff
~ jatimcrew staff
~ whitecyber staff
~ lumajangcrew staff
~ devilzc0de staff
~ unix_dbuger, boys_rvn1609, jaqk, byz9991, bius, g4pt3k, anharku, wandi, 5yn_4ck, kiddies, bom2, untouch, antcode
~ arthemist, opt1lc, m_beben, gitulaw, luvrie, poniman_coy, ThePuzci, x-ace, newbie_z, petunia, jomblo.k, hourexs_paloer, cupucyber, kucinghitam, black_samuraixxx, ucrit_penyu, wendys182, cybermuttaqin
~ k3nz0, thomas_ipt2007, blackpaper, nakuragen, candra, dewa
~ whitehat, wenkhairu, Agoes_doubleb, diki, lumajangcrew a.k.a adwisatya a.k.a xyberbreaker, wahyu_antijasakom
~ Cruz3N, mywisdom,flyff666, gunslinger_, ketek, chaer.newbie, petimati, gonzhack, spykit, xtr0nic, N4ck0, assadotcom, Qrembiezs, d4y4x, gendenk, si bD, Jimmy Deadc0de, Rede Deadc0de
~ All people in SMAN 3
~ All members of spyrozone
~ All members of echo
~ All members of newhack
~ All members of jatimcrew
~ All members of Anti-Jasakom
~ All members of whitecyber
~ All members of Devilzc0de
~ All members of Kaskus - "Especially Regional Solo Kaskus"
#e-c-h-o, #K-elektronik, #newhack, #Solohackerlink, #YF, #defacer, #manadocoding, #jatimcrew, #antijasakom, #whitecyber, #devilzc0de
---------------------------------------------------------------------------



Contact:
~~~~~~~~~
Shamus : Shamus@antijasakom.net
Homepage: https://antijasakom.net/forum/viewtopic.php?f=38&t=737
-------------------------------- [ EOF ] ----------------------------------

[Read More...]

Contact Person

Yahoo Messenger :





Donate to make this site alive :

Information


Shamus-2010

About Me

..SHAMUS.. menurut pendapat dari beberapa ahli terkemuka dunia, argumentasi, opini, simpangan dari fakta yang ada, dan menurut kata orang-orang yang agak ga jelas yang ada di sekitar kita serta cerita dari beberapa narasumber terpercaya.. (watduwh...apalagi ini) ...aq ini orangnya pendiam, baek hati, sabar, suka menolong, ramah dan rajin menabung...juga NGANGENIN... note : khusus kata terakhir jangan pernah di percaya, karena memang sulit untuk di percaya.. ( mode narsis : ON ) Halagh... Apa lagi ini...ngaco... Hehhehe... ga dink... padahal aq tu ga segitu-segitu amat..tau lah... tapi yang pasti... Aq hanyalah seorang manusia biasa yang akan tetap menangis bila bersedih dan akan tertawa bila bahagia...:-) "so,My lastest comment..." ..I'm everyone...but noone... ..Everywhere...nowhere...

Categories

Stats

kumpulblogger