Information Security News and Exploits

Providing you with Security News and Exploits from all over the web.

Entries for July 20th, 2010

Caner Hikaye Script SQL Injection Vulnerability

Jul.20, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Caner Hikaye Script SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================
Caner Hikaye Script SQL Injection Vulnerability
===============================================
Author : v0calist
Homepage : http://v0calist.blogspot.com &amp; www.worldhackerz.com
Mail : v0calist[at]hotmail[dot].com
Script : http://scripti.org/indir.php?id=1155
Risk : No Risk
Dork : inurl:hikaye.asp?id=
===================================================
[+] Vulnerable File : http://www.site.com/hikaye.asp?id=123
===================================================
[+] Demo : http://www.site.com/hikaye.asp?id=17′a
===================================================
Greetz : MadConfig, [...]

Leave a Comment

EZ-Oscommerce 3.1 Remote File Upload

Jul.20, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>EZ-Oscommerce 3.1 Remote File Upload</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================
EZ-Oscommerce 3.1 Remote File Upload
====================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

ASP Resources Forum.(beta) Download D-B Vulnerability

Jul.20, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ASP Resources Forum.(beta) Download D-B Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================================
ASP Resources Forum.(beta) Download D-B Vulnerability
=====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

ezAPPAREL by Pass / Creat and Download Backup Vulnerability

Jul.20, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ezAPPAREL by Pass / Creat and Download Backup Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================================================
ezAPPAREL by Pass / Creat and Download Backup Vulnerability
===========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

Leave a Comment

ezAPPAREL Remote File Upload

Jul.20, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ezAPPAREL Remote File Upload</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================
ezAPPAREL Remote File Upload
============================
============================
ezAPPAREL Remote File Upload
============================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

EZ-Oscommerce 2.1 Remote File Upload

Jul.20, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>EZ-Oscommerce 2.1 Remote File Upload</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================
EZ-Oscommerce 2.1 Remote File Upload
====================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

EZ-Oscommerce 2.1 by Pass / Creat and Download Backup Vulnerability

Jul.20, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>EZ-Oscommerce 2.1 by Pass / Creat and Download Backup Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================================
EZ-Oscommerce 2.1 by Pass / Creat and Download Backup Vulnerability
===================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

Leave a Comment

EZ-Oscommerce 3.1 by Pass / Creat and Download Backup Vulnerability

Jul.20, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>EZ-Oscommerce 3.1 by Pass / Creat and Download Backup Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================================
EZ-Oscommerce 3.1 by Pass / Creat and Download Backup Vulnerability
===================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

Leave a Comment

Zainu 3.0 by Pass / Creat and Download Backup Vulnerability

Jul.20, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Zainu 3.0 by Pass / Creat and Download Backup Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================================================
Zainu 3.0 by Pass / Creat and Download Backup Vulnerability
===========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

Leave a Comment

Leech’s News script v0.8 SQL Injection Vulnerability

Jul.20, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Leech’s News script v0.8 SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
Leech’s News script v0.8 SQL Injection Vulnerability
====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

PHP RealEstate Script Cross Site Scripting Vulnerability

Jul.20, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>PHP RealEstate Script Cross Site Scripting Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>========================================================
PHP RealEstate Script Cross Site Scripting Vulnerability
========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

GMDS CMS (index.php) SQL Injection Vulnerability

Jul.20, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>GMDS CMS (index.php) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================
GMDS CMS (index.php) SQL Injection Vulnerability
================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Officine Digitali (testo.php) Blind SQL Injection Vulnerability

Jul.20, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Officine Digitali (testo.php) Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================================
Officine Digitali (testo.php) Blind SQL Injection Vulnerability
===============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Web Professional (default.php) SQL Injection Vulnerability

Jul.20, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Web Professional (default.php) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================================
Web Professional (default.php) SQL Injection Vulnerability
==========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Mayasan Portal v2.0 SQL Injection Vulnerability

Jul.20, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Mayasan Portal v2.0 SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================
Mayasan Portal v2.0 SQL Injection Vulnerability
===============================================
Author : v0calist
Homepage : http://v0calist.blogspot.com &amp; www.worldhackerz.com
Mail : v0calist[at]hotmail[dot].com
Script : http://scripti.org/indir.php?id=632
Risk : No Risk
Dork : inurl:makaledetay.asp?id=
===================================================
[+] Vulnerable File : http://www.site.com/makaledetay.asp?id=123
===================================================
[+] Demo : http://www.site.com/makaledetay.asp?id=15%27a
===================================================
Greetz : MadConfig, [...]

Leave a Comment

SapGUI BI v7100.1.400.8 Heap Corruption Exploit

Jul.20, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>SapGUI BI v7100.1.400.8 Heap Corruption Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================
SapGUI BI v7100.1.400.8 Heap Corruption Exploit
===============================================
&lt;!–
Product: SapGUI BI
File: c:program filessapbusiness explorerbiwadmxhtml.dl
Version: 7100.1.400.8
ClassID: 30DD068D-5AD9-434C-AAAC-46ABE37194EB
RegKey Safe for Script: False
RegKey Safe for Init: False
Implements IObjectSafety: True
IDisp Safe: Safe for untrusted: caller,data
IPersist Safe: Safe [...]

Leave a Comment

New Windows Bug Offers Hackers An Attack Shortcut

Jul.20, 2010 in News

It’s been a rough couple of months for the Microsoft Security Response Center (MSRC). With the year’s two biggest hacker conferences, BlackHat and Defcon, yet to ramp up, Microsoft’s security swat team can likely expect more sleepless nights.
The MSRC has been a major topic of discussion in the security community following the public release of [...]

Leave a Comment

iPhone Dev Team Issues Update on Cydia Behavior

Jul.20, 2010 in News

Entitled â??Blob banter,â? the latest Dev Team post reveals that owners of a jailbroken iPhone 3G or second generation iPod touch will witness Cydia saving their SHSH blobs as a consequence of iOS 4.0 featuring a â??softâ? SHSH blob check. In recent announcements, the Team also confirmed that its updated ultrasn0w unlock tool is on [...]

Leave a Comment

Cyprus: Four arrested for hacking

Jul.20, 2010 in News

POLICE yesterday arrested four people, one of whom is an employee of the telecommunications authority CyTA, in connection with hacking into the server of a company and stealing the personal data of its clients.
Police said they arrested two women and two men from Nicosia, aged between 26 and 47 in connection with hacking into a [...]

Leave a Comment

Focus on cyber crime misses the real threat

Jul.20, 2010 in News

Thanks to tough economic times, the resulting hit on our wallets, and a generous dollop of fear-mongering by some opportunistic profiteers, we’ve all become myopically obsessed with cyber crime. This is not entirely a bad thing. Unless you’ve been living under a rock, everyone knows that technology has created unimaginable opportunity for resourceful crooks.
Trouble is, [...]

Leave a Comment