Information Security News and Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Mayasan Portal v2.0 (makaledetay.asp) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================================
Mayasan Portal v2.0 (makaledetay.asp) SQL Injection Vulnerability
=================================================================
Author : v0calist
Homepage : http://v0calist.blogspot.com &amp; www.worldhackerz.com
Mail : v0calist[at]hotmail[dot].com
Script : http://scripti.org/indir.php?id=632
Risk : No Risk
Dork : inurl:makaledetay.asp?id=
===================================================
[+] Vulnerable File : http://www.site.com/makaledetay.asp?id=123
===================================================
[+] Demo : http://www.site.com/makaledetay.asp?id=15%27a
===================================================
Greetz [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Mayasan Portal v2.0 (haberdetay.asp) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================================
Mayasan Portal v2.0 (haberdetay.asp) SQL Injection Vulnerability
================================================================
Author : CoBRa_21
Author Web Page : http://www.ipbul.org
Download Page : http://scripti.org/indir.php?id=632
########################################################################################
Sql Injection:
http://localhost/[path]/haberdetay.asp?id=29 (Sql)
########################################################################################
# <a href=’http://inj3ct0r.com/’>Inj3ct0r.com</a> [2010-07-20]</pre><script type=’text/javascript’>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>PHP Chat for 123 Flash Chat Remote File Inclusion Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================================
PHP Chat for 123 Flash Chat Remote File Inclusion Vulnerability
===============================================================
# Exploit Title: php_chat Remote File inclusion Vulnerability
# Date: 2010/07/20
# Author: HaCkEr arar
# Email: y.0@hotmail.de
# My Sites [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>libpng &lt;= 1.4.2 Denial of Service Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================
libpng &lt;= 1.4.2 Denial of Service Vulnerability
===============================================
/*
Exploit Title: libpng &lt;= 1.4.2 DoS
Date: [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Interb@se WebContent CMS Multiple SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================================
Interb@se WebContent CMS Multiple SQL Injection Vulnerability
=============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Kaleidoscope System CMS SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================
Kaleidoscope System CMS SQL Injection Vulnerability
===================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>RapidLeech Scrits Remote File Upload (transfer &amp; run shell php)</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================================
RapidLeech Scrits Remote File Upload (transfer &amp; run shell php)
===============================================================
# Exploit Title: RapidLeech Scrits Remote File Upload ( transfer &amp; run shell php )???????????????????
# Date: 21/07/2010????????????????????????????
# Author: H-SK33PY?????????????????????
# [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Cybershop CMS SQL Multiple Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==================================================
Cybershop CMS SQL Multiple Injection Vulnerability
==================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>OpenX (phpAdsNew) Remote File inclusion Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================================
OpenX (phpAdsNew) Remote File inclusion Vulnerability
=====================================================
# Exploit Title: OpenX (phpAdsNew) Remote File inclusion Vulnerability
# Date: 2010/07/20
# Author: ViRuS Qalaa
# Email: em9@live.com
# My Sites : www.pal-mafia.com &amp; www.vbspiders.com
# Script url:
http://www.opensourcescripts.com/dir/PHP/Ad_Management/phpadsnew_11.html
# [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Imagine-cms &lt;= 2.50 SQL Injection Exploit Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================================
Imagine-cms &lt;= 2.50 SQL Injection Exploit Vulnerability
=======================================================
#!/usr/bin/perl
###########################################
#
# Script Name : Imagine-cms 2.50
#
# Version : 2.50
#
# Bug Type : SQL Injection
#
# Found by : Metropolis
#
# Home : http://metropolis.fr.cr
#
# Discovered : 21/07/2010
#
# [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Outlook Web Access 2003 CSRF Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================
Outlook Web Access 2003 CSRF Vulnerability
==========================================
# Exploit Title: Microsoft Office Outlook Web Access for Exchange Server 2003 XSRF Vulnerability
# Date: 07/20/2010
# Author: anonymous
# Tested on: Microsoft Office Outlook Web Access for Exchange [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>QQPlayer asx File Processing Buffer Overflow Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
QQPlayer asx File Processing Buffer Overflow Exploit
====================================================
#################################################################
#
# Title: QQPlayer asx File Processing Buffer Overflow Exploit
# Author: Li Qingshan of Information Security Engineering Center,School of Software and Microelectronics,Peking University
# Vendor: www.qq.com
# Platform: [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>QQPlayer cue File Buffer Overflow Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================
QQPlayer cue File Buffer Overflow Exploit
=========================================
#!/usr/bin/env python
#################################################################
#
# Title: QQPlayer cue File Buffer Overflow Exploit
# Author: Lufeng Li of Neusoft Corporation
# Vendor: www.qq.com
# Platform: Windows XPSP3 Chinese Simplified
# Tested: QQPlayer 2.3.696.400
# Vulnerable: QQPlayer&lt;=2.3.696.400p1
#
#################################################################
# [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ZipCentral (.zip) Buffer Overflow (SEH)</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================
ZipCentral (.zip) Buffer Overflow (SEH)
=======================================
# Author : Jiten Pathy
# July 21 2010
#Thanks to the http://en.wikipedia.org/wiki/PKZIP page for heelping me understand zip file format
#Thanks to corelanc0d3r for shredding light on these type of exploits [...]

Prime minister David Cameron said last night he hoped "a way through" could be found over the fate of computer hacker Gary McKinnon, but remained diplomatic as he spoke of his discussion of the case with the US president.
The prime minister said he had talked with Barack Obama about the case of McKinnon, 43, who [...]

Italian police say they have arrested 12 people and broken up a ring of hackers that allegedly used cloned credit cards for purchases and scams online.
Police said Tuesday the suspects were arrested in Rome and other cities. Another seven were placed under custody but not behind bars.
Police say it is one of the largest such [...]

"There’s nothing you can do about it, ever, no matter how hard you try, no matter who you contact. You’re just a failure of life, accept it. You’ve been trolled, you’ve lost, have a nice day."
This quote, taken from a 2007 YouTube clip, shows Andrew Auernheimer at his most menacing. He’s sitting in a dark [...]

The former leaders of IBM’s Visual Communications Lab have been hard at work on a "summer project" — desktop software that will display large amounts of information in a number of visual formats.
Fernanda Viégas and Martin Wattenberg touted version "0.5" of their Time Flow tool as a way to create visual timelines from textual data. [...]

Name the vulnerability and thieves will use it to steal access to their electronically stored funds or to pose as their victims when they establish credit using purloined credentials.
Imagine a thief who hangs out in a supermarket, looking for the most harried and ditzy shopper. That individual falls in line behind the shopper, watching as [...]

Before last January’s Chinese cyberspying scandal, "Google hacking" meant something rather different. For years, hackers have used the search engine to probe for security vulnerabilities around the Web: Search for certain lines of buggy code, and Google’s results turn up hundreds of sites that are ripe for exploits.
Now two researchers hope to revive Google hacking [...]