Information Security News and Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>TomatoCart 1.0.1 Multiple CSRF Vulnerabilities</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================
TomatoCart 1.0.1 Multiple CSRF Vulnerabilities
==============================================
&lt;!—
Title: TomatoCart 1.0.1 Multiple CSRF Vulnerabilities
Author: 10n1z3d &lt;10n1z3d[at]w[dot]cn&gt;
Date: Sun 11 Jul 2010 05:01:51 PM EEST
[...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>TomatoCMS 2.0.5 Multiple CSRF Vulnerabilities</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================
TomatoCMS 2.0.5 Multiple CSRF Vulnerabilities
=============================================
&lt;!—
Title: TomatoCMS 2.0.5 Multiple CSRF Vulnerabilities
Author: 10n1z3d &lt;10n1z3d[at]w[dot]cn&gt;
Date: Sun 11 Jul 2010 03:36:08 PM EEST
[...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Orbis CMS v1.0.2 Multiple CSRF Vulnerabilities</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================
Orbis CMS v1.0.2 Multiple CSRF Vulnerabilities
==============================================
&lt;!—
Title: Orbis CMS 1.0.2 Multiple CSRF Vulnerabilities
Author: 10n1z3d &lt;10n1z3d[at]w[dot]cn&gt;
Date: Sun 11 Jul 2010 08:08:10 PM [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ClanTiger Multiple CSRF Vulnerabilities</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================
ClanTiger Multiple CSRF Vulnerabilities
=======================================
# Exploit Title: ClanTiger 1.3 Multiple CSRF, delete user, shoutbox items, news,
??? ban/unban user, delete forum etc.
# Date: 11 July 2010
# Author: pimpim – pyscripter94@gmail.com
# Software Link: www.clantiger.com, http://www.clantiger.com/files/clantiger/1.1.3/clantiger1.1.3.zip
# Version: 1.3
# [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Granet (index.php) Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
Granet (index.php) Blind SQL Injection Vulnerability
====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Sardus (index.php) Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
Sardus (index.php) Blind SQL Injection Vulnerability
====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

A young Argentinian hacker, known only by his sobriquet Ch Russo, claims to have successfully slipped past The Pirate Bayâ??s defenses, gaining access to the torrent siteâ??s administrative control panel. An SQL injection vulnerability discovered by Ch Russo and a couple of his chums exposed the siteâ??s user database, which is said to contain account [...]

The cyber crime circle of the Federal Investigation Agency (FIA) in a crackdown against website hackers arrested five hackers active in various areas of the country including Islamabad and Rawalpindi.
According to the FIA sources, the operation was conducted on receiving complaints from the national and multi-national organizations regarding hacking of their websites. Taking notice of [...]

It can be argued that no consumer electronics company has captured the publicâ??s fascination the way Apple has. Over the years it has morphed into more than just a company or corporation, but for many it has become a representation of a lifestyle or culture, and a status symbol complete with a larger fan base [...]