Information Security News and Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Easy FTP Server v1.7.0.11 MKD Command Remote Buffer Overflow Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================================================
Easy FTP Server v1.7.0.11 MKD Command Remote Buffer Overflow Exploit (Post Auth)
================================================================================
#!/usr/bin/python
import socket,sys
# Tested on XP Pro SP2 [ Eng ] and XP Pro SP3 [ Eng ]
print [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Easy FTP Server v1.7.0.11 LIST Command Remote Buffer Overflow Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================================================
Easy FTP Server v1.7.0.11 LIST Command Remote Buffer Overflow Exploit (Post Auth)
=================================================================================
#!/usr/bin/python
import socket,sys
# Tested on XP Pro SP2 [ Eng ] and XP Pro SP3 [ Eng ]
print [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ClickAndRank Script Authentication Bypass</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================
ClickAndRank Script Authentication Bypass
=========================================
# Exploit Title: ClickAndRank Script Authentication Bypass
# Date: [18/07/2010]
# Author: [walid]
# Software Link: [null]
# Version: [null]
# Tested on: [Windows]
# CVE: [null]
* Found By: WaLiD
* E-mail: Rezultas[at]Gmail[Dot]com
* GreeTZ: [Amine]/[v4-team.com]/[Madjix]
———————————————————
Vendor: http://www.icash.ch/index.html?ClickAndRank/details.asp
———————————————————
Exploit Auth Bypass:
login: [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Kayako eSupport (functions.php) v3.70.02 SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================================
Kayako eSupport (functions.php) v3.70.02 SQL Injection Vulnerability
====================================================================
###########################################################################
Name : Kayako eSupport v3.70.02 SQL Injection Vulnerability
Date : july 18,2010
Vendor urL : http://www.kayako.com/solutions/esupport/
Dork :Find It !!
Author : ScOrPiOn
Greetz : Dr.Dmar &amp; Joker_1 &amp; [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>PHP-Fusion Remote Command Execution Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================
PHP-Fusion Remote Command Execution Vulnerability
=================================================
# Exploit Title: PHP-Fusion Remote Command Execution Vulnerability
# Date: 2010/07/19
# Author: ViRuS Qalaa
# Email: em9@live.com
# My Sites : www.pal-mafia.com &amp; www.vbspiders.com
# Script home: http://www.phpfusion-ar.com
# download Script:
http://www.phpfusion-ar.com/downloads.php?cat_id=1&amp;download_id=91
# Version:all
# [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>rapidCMS V2 Authentication Bypass</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================
rapidCMS V2 Authentication Bypass
=================================
# Exploit Title: rapidCMS V2 Authentication Bypass
# Date: [18/07/2010]
# Author: Mahjong
# Software Link: www.rapidcms.de
# Version: V2
# Tested on: Linux
* Found by: Mahjong
* E-Mail: mahjong@phcn.ws
* Greetings: Puddy, Ancolon
———————————————————-
Exploit Authentication [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Microsoft Windows Automatic LNK Shortcut File Code Execution</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================================
Microsoft Windows Automatic LNK Shortcut File Code Execution
============================================================
1. Unzip the files in ‘C: ‘. Start a DbgView or paste a KD to your VM.
2. Rename ’suckme.lnk_’ to ’suckme.lnk’ and let [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>GhostScript PostScript File Stack Overflow Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==================================================
GhostScript PostScript File Stack Overflow Exploit
==================================================
##########################################################################
# Check Point Software Technologies – Vulnerability Discovery Team (VDT) #
# Rodrigo Rubira Branco – &lt;rbranco *noSPAM* checkpoint.com&gt; #
# [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Easy FTP Server v1.7.0.11 CWD Command Remote Buffer Overflow Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================================================
Easy FTP Server v1.7.0.11 CWD Command Remote Buffer Overflow Exploit (Post Auth)
================================================================================
# Exploit Title: Easy FTP Server v1.7.0.11 CWD Command Remote Buffer Overflow Exploit (Post Auth)
# Date: 2010-07-18
# [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>rpc.pcnfsd Remote Format String Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================
rpc.pcnfsd Remote Format String Exploit
=======================================
/*************************************************************************
* Check Point Software Technologies – Vulnerability Discovery Team (VDT) *
* Rodrigo Rubira Branco – &lt;rbranco *noSPAM* checkpoint.com&gt; *
* [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>AIX5l with FTP-Server Remote Root Hash Disclosure Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================================
AIX5l with FTP-Server Remote Root Hash Disclosure Exploit
=========================================================
### AIXCOREDUMP.PL —
### –== ~ AIX5l w/ FTP-SERVER REMOTE ROOT HASH DISCLOSURE EXPLOIT ~ =–
### CREATES COREDUMP INCLUDING THE ROOT USER HASH FROM [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>VidiScript Sql Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================
VidiScript Sql Injection Vulnerability
======================================
####################################
[+] Title: VidiScript Sql Injection Vulnerability
[+] Software Link: http://www.4shared.com/file/0be1Uy6j/vidiscript.htm
[+] Where : From Remote
####################################
&lt;&lt;-&gt;&gt; D0rk : Powered by : VidiScript
&lt;&lt;-&gt;&gt; Exploit :
[...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>MAXWeb CMS (lang_id) SQL Injection Vulnerability </title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================
MAXWeb CMS (lang_id) SQL Injection Vulnerability
================================================
Author : CoBRa_21
Author Web Page : http://www.ipbul.org
Dork : &quot;Powered by MAXWeb Ltd.&quot;
Script Page : http://www.maxweb.co.il/
########################################################################################
Sql Injection:
http://localhost/[path]/index.php?lang_id=1′ (Sql)
http://localhost/[path]/index.php?lang_id=1&amp;page_id=12′ (Sql)
########################################################################################
# <a href=’http://inj3ct0r.com/’>Inj3ct0r.com</a> [2010-07-19]</pre><script type=’text/javascript’>var gaJsHost = (("https:" [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Hero DVD Buffer Overflow Exploit (meta)</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================
Hero DVD Buffer Overflow Exploit (meta)
=======================================
##################################################################
# [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Omnistar Drive Management System Multiple Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================================
Omnistar Drive Management System Multiple Vulnerability
=======================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>MyWebFTP SQL injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================
MyWebFTP SQL injection Vulnerability
====================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>FaceBook’s servers was hacked again by Inj3ct0r Team [part II]</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================================
FaceBook’s servers was hacked again by Inj3ct0r Team [part II]
==============================================================
Part 1 Original: http://inj3ct0r.com/exploits/11638
Part 2 Original: http://inj3ct0r.com/exploits/13403
[+] English translation
Inj3ct0r official website =&gt; Inj3ct0r.com
[...]

Does the name Sheriff Hashim remind you of anything? Well, if it doesnâ??t have a look here. Sheriff Hashim, is an iPhone hacker who managed to find a new exploit for baseband 05.12.01. Sheriff once again rocked with a new discovery, lets you activate your iPhone 4, 3GS and 3G without the official SIM card. [...]

US federal agents appeared at a hacker conference in New York on Friday morning looking for Julian Assange, the controversial figure who has become the public face of Wikileaks, an organiser said.
Eric Corley, publisher of 2600 Magazine and organiser of The Next HOPE conference in mid-town Manhattan, said five Homeland Security agents appeared at the [...]

The number of Israelis whose personal information was stolen by Turkish Internet hackers has risen to at least 100,000, Haaretz newspaper reported Sunday.
Erez Wolf, an Israeli blogger who operates We-CMS website, reported Friday that tens of thousands of e-mail addresses, passwords and personal details of Israeli web surfers are in the hands of Turkish hackers.
In [...]