Information Security News and Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>EggBlogg 4.1 &lt;= LFI Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================
EggBlogg 4.1 &lt;= LFI Vulnerability
=================================
# Exploit Title: EggBlogg 4.1 &lt;= LFI
# Date: 28 luglio 2010
# Author: Anti Sec
# Software Link: http://eggblog.net/
# Version: 4.1
# Google dork : Eggblogg
# Platform / Tested on: Slackware 13.1
# [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Zemana AntiLogger AntiLog32.sys &lt;= 1.5.2.755 Local Privilege Escalation</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================================================
Zemana AntiLogger AntiLog32.sys &lt;= 1.5.2.755 Local Privilege Escalation
=======================================================================
Zemana AntiLogger AntiLog32.sys &lt;= 1.5.2.755 Local Privilege Escalation Vulnerability
VULNERABLE PRODUCTS
Zemana AntiLogger &lt;=1.9.2.2.206
DETAILS:
AntiLog32.sys create a device called DeviceAntiLog32 , and handles DeviceIoControl request IoControlCode [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Apache Tomcat &lt; 6.0.18 UTF8 Directory Traversal Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================================
Apache Tomcat &lt; 6.0.18 UTF8 Directory Traversal Vulnerability
=============================================================
/*Apache Tomcat &lt; 6.0.18 UTF8 Directory Traversal Vulnerability get /etc/passwd Exploit
c0d3r: mywisdom
thanks for not being lame to change exploit author
tis is one of [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Microsoft Soap SDK (V 1.02.814.0)beta (mssoap1.dll) ActiveX load Code </title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================================================
Microsoft Soap SDK (V 1.02.814.0)beta (mssoap1.dll) ActiveX load Code
=====================================================================
# Title : Microsoft Soap SDK (V 1.02.814.0)beta (mssoap1.dll) 0day suffer
from ActiveX load Code
# Tested : Windows xp (sp3)
## Author [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Windows live msn (V 2009 build 14.0.8117.416) ActiveX ADD &amp; delete user</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================================================
Windows live msn (V 2009 build 14.0.8117.416) ActiveX ADD &amp; delete user
=======================================================================
########################{In The Name Of Allah The Mercifull}######################?
# Title : Windows live msn (V 2009 build [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>PunBB Mod User_Diaries &lt;= 1.1.4 (diary_rss.php) Sql Injection Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================================================
PunBB Mod User_Diaries &lt;= 1.1.4 (diary_rss.php) Sql Injection Exploit
=====================================================================
#!/usr/bin/php
&lt;?PHP
error_reporting(E_STRICT ^ E_WARNING);
/*
———————————————————————
PunBB Mod User_Diaries &lt;= 1.1.4 &quot;diary_rss.php&quot; sql injection exploit
———————————————————————
download: http://www.punres.org/files.php?pid=467
by staker[at]hotmail[dot]it
———————————————————————
[*] http://[example]/diary_rss.php?id=0+UNION+SELECT+1,CONCAT_WS(0×3a,username,password),3,4,5,6,7,8,9+FROM+foo_users+WHERE+id=2#
[EXPLANATION / NOTE: IT WORKS REGARDLESS OF PHP.INI [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_expautos SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>========================================================
Joomla Component com_expautos SQL Injection Vulnerability
========================================================
# Author : #Expl0it
# Email &amp; msn : exploit[at]guiadohacker[dot]com[dot]br
# Date : 31 July 2010
# web : http://guiadohacker.com.br
# Where : From Remote
# Dork : no dork for Newbies [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_gamesbox 1.0.15 SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================================
Joomla Component com_gamesbox 1.0.15 SQL Injection Vulnerability
================================================================
# Date: 2010/07/31
# Author: Exploit.MD5
[...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component Spielothek 1.6.9 Multiple Blind SQL Injection</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================================
Joomla Component Spielothek 1.6.9 Multiple Blind SQL Injection
==============================================================
Spielothek 1.6.9 Joomla Component Multiple Blind SQL Injection
Name Spielothek
[...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Xmyplay 3.5.1 Denial of Service Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================
Xmyplay 3.5.1 Denial of Service Vulnerability
=============================================
#!/usr/bin/perl
# Xmyplay 3.5.1
# Author: s-dz , s-dz@hotmail.fr
# Download : http://us2.un4seen.com/files/xmplay35.zip
# Tested : Windows XP SP2 (fr)
# DATE : [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Xion Audio Player 1.0.125 Denial of Service Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================================
Xion Audio Player 1.0.125 Denial of Service Vulnerability
=========================================================
#!/usr/bin/perl
# Xion Audio Player version: 1.0.125
# Author: hadji samir , s-dz@hotmail.fr
# Download : http://xion.r2.com.au/index.php?page=download
# Tested : [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>SigPlus Pro v3.74 ActiveX LCDWriteString() BoF JIT Spray aslr/dep bypass</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>========================================================================
SigPlus Pro v3.74 ActiveX LCDWriteString() BoF JIT Spray aslr/dep bypass
========================================================================
&lt;html&gt;
&lt;!–
===================================================================================================
SigPlus Pro v3.74 ActiveX Signature Capture LCDWriteString() Remote BoF JIT Spray – aslr/dep bypass
Author: mr_me – @StevenSeeley
Download: http://www.topazsystems.com/Software/download/sigplusactivex.htm
Tested on: [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Digistore Ecommerce V4.0 by Pass / Creat and Download Backup</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================================
Digistore Ecommerce V4.0 by Pass / Creat and Download Backup
============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Digistore Ecommerce V4.0 FCKeditor Remote Upload File / File Disclosure</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================================================
Digistore Ecommerce V4.0 FCKeditor Remote Upload File / File Disclosure
=======================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>After Shopping Cart Backup Dump Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================
After Shopping Cart Backup Dump Vulnerability
=============================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Cube Cart 3.0.19 FCKeditor Remote Upload File Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================================
Cube Cart 3.0.19 FCKeditor Remote Upload File Exploit
=====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>BosDev BosClassifieds (cat_id) SQL Injection Exploit (.py)</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================================
BosDev BosClassifieds (cat_id) SQL Injection Exploit (.py)
==========================================================
#!/usr/bin/env python
#-*- coding:utf-8 -*-
# BosDev BosClassifieds (cat_id) SQL Injection Exploit (.py)
# Found &amp; Coded By ZoRLu
# Tested on my vista proof: http://img24.imageshack.us/img24/2729/bosdev.jpg
# Date: 31/07/2010
# [...]

With 500 million users offering up reams of personal data and ever-shifting and confusing privacy policies, Facebook is a tempting target for phishing and other nefarious activities. And itâ??s no wonder given the companyâ??s attitude to security. When hackers find vulnerabilities in the service, donâ??t expect any help from Facebook, which has adopted a â??blame [...]

In a city filled with slot machines spilling jackpots, it was a â??jackpottedâ? ATM machine that got the most attention Wednesday at the Black Hat security conference, when researcher Barnaby Jack demonstrated two suave hacks against automated teller machines that allowed him to program them to spew out dozens of crisp bills.
The demonstration was greeted [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>PunBB &lt;= 1.3.4 Pun_PM &lt;= v1.2.6 Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================================
PunBB &lt;= 1.3.4 Pun_PM &lt;= v1.2.6 Blind SQL Injection Vulnerability
=================================================================
#!/usr/bin/perl
# [0-Day] PunBB &lt;= 1.3.* Package: Pun_PM &lt;= v1.2.6 Remote Blind SQL Injection Exploit
# Author/s: Dante90, WaRWolFz Crew
# Created: [...]