Information Security News and Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================================
WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities
==============================================================
Name WhiteBoard
Vendor [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>XT-Commerce Version 3.0.4 SQL Injection Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================
XT-Commerce Version 3.0.4 SQL Injection Exploit
===============================================
&lt;?php
# Exploit Title: XT-Commerce
# Date: 25/7/2010
# Author: TA4G – S8T@hotmail.com
# Software Link: http://www.xt-commerce.info/index.php?_m=downloads&amp;_a=viewdownload&amp;downloaditemid=19
# Version: 3.0.4
# Google dork : n/a
# Platform / Tested on: Ubuntu Linux
# Category: webapps/0day
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Freeway CMS 1.4.3.210 SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================
Freeway CMS 1.4.3.210 SQL Injection Vulnerability
=================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_joomla-visites RFI Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================================
Joomla Component com_joomla-visites RFI Vulnerability
=====================================================
[...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Media Player Classic Heap Overflow/DoS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
Media Player Classic Heap Overflow/DoS Vulnerability
====================================================
Tested on:
Media Player Classic – Home Cinema
Build number: 1.3.1333.0
MPC Compiler: VS 2008
FFmpeg Compiler: GCC 4.4.1
###################CRASH REPORT START##################
ModLoad: 77be0000 77bf5000 C:WINDOWSsystem32MSACM32.dll
ModLoad: 77bd0000 77bd7000 C:WINDOWSsystem32midimap.dll
ModLoad: [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Yahoo! messenger (v10.0.0.525-us beta) yt.dll ActiveX Remote Code</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================================================
Yahoo! messenger (v10.0.0.525-us beta) yt.dll ActiveX Remote Code Execution 0day
================================================================================
##################################{In The Name Of Allah The Mercifull}######################
# Title : Yahoo! messenger (V 10.0.0.525-us)beta (yt.dll) 0day suffer from ActiveX Remote Code [...]

Yahoo is considering investing in hackers with good ideas and technologies, a company executive said on Saturday.
"We are open to many ways of having a stake in creative young companies," said Jeff Kinder, Yahoo’s senior vice president for media products and solutions, on the sidelines of a Yahoo Open Hack Day in Bangalore.
The Internet company [...]

Just as important as what’s revealed each summer at the Black Hat hacker confab in Las Vegas may be what isn’t. Among the talks conspicuously absent from this year’s schedule: a presentation exposing security vulnerabilities in banks’ high-speed trading systems.
The talk, planned by security researchers Varun Uppal and Gyan Chawdhary, would have dealt with methods [...]

Anti-carbon trading activists shut down the website of the European Climate Exchange (ECX), over the weekend, replacing the site with a spoof page lampooning the industry.
The website of the London-based carbon credit trading platform was hacked at close to midnight on Friday and showed the spoof homepage for around 22 hours. It then took technical [...]

The more I use the HTC Incredible, the more I like it. And the thing that really makes the Incredible, er, incredible is its operating system, Android.
Android, as I’m sure you must know by now, was developed by Google, and is open in a way that the system it is most commonly compared to, iPhone’s [...]

Instead of cussing out the computer the next time data comes up missing, you should point the blame at yourself, according to a recent survey by Kroll Ontrack. The data recovery software vendor found that human error is the cause for 40 percent of the cases of data loss, compared to 29 percent for hardware [...]

Data security specialist Imperva claims to have uncovered a new type of automated phishing kit that uses cloud computing technology to maximise its efficiency â?? as well as rip off third-party hackers.
According to Amichai Shulman, CTO for Imperva, two master hackers wrote and then posted a phishing kit onto the hacker forums. Then, when other [...]

The United States Government, at the request of the Electronic Frontier Foundation, has announced what amounts to a blanket exemption to the controversial Digital Millennium Copyright Act (DCMA) for activities that all under the Fair Use doctrine of U.S. Copyright law.
This announcement, and subsequent change in DCMA enforcement policy, has wide-ranging implications for consumers of [...]

Two premiere security conferences — Black Hat and DefCon — run back-to-back in Las Vegas this week, each with their own distinct flavor. But even these events don’t meet the needs of all computer security pros, setting the stage for a widening set of satellite events.
Some of these alternatives are corporate sponsored and some are [...]

In an effort to work more amicably with security researchers who feel Microsoft too often ignores them, the software giant announced it is tweaking its security approach regarding when security researchers disclose new exploits to vendors, hackers, and security administrators.
At the same time, Microsoft (NASDAQ: MSFT) released a "Fixit" program that will automatically implement one [...]

Australia is not free of computer hackers on the dark side of the force, the black hat hackers who use their skills for criminal purposes, as opposed to the white hat hackers (or even the â??realâ? hacker) whose journeys on the light side of the force lead them to help secure computer systems, networks and [...]

In the first piece in this series we looked at an iPhone vulnerability which makes it easy for a hacker to hijack an iPhone’s data connection, and the serious security implications this could have for your network.
But the iPhone is by no means unique in being susceptible to data hijacking — weaknesses in Android’s UI [...]

Is your company’s data under surveillance by foreign spybots looking for any competitive advantages or weaknesses they can exploit? This might sound farfetched, but such electronic espionage is real. It’s an insidious security threat that’s a lot more common than you probably realize.
As an IT or security executive, determining whether your organization is under attack [...]

In my life I’ve probably written a few hundred thousand lines of Perl. I’ve modified and debugged roughly the same amount. Over the past few years, though, I don’t think I’ve written more than a smattering of Perl code.
There’s no doubt that Perl is the duct tape that holds the Internet together, functioning as everything [...]

Potential evidence has been uncovered regarding Android 3.0 (codenamed Gingerbread). Although most of the Android world is still awaiting an update to version 2.2 of Google’s mobile operating system, the folks over at Phandroid have discovered what looks to be a Nexus One running a previously unseen version of Android. The validity of the image [...]