... neuere Einträge
Monday, 18. July 2011
Wordlist Generator
Am Monday, 18. Jul 2011 im Topic 'Dictionaries & Wordlists '
This a a pretty pimp little tool that will help you build effiencent password cracking dictionaries:
http://code.google.com/p/l517/
http://code.google.com/p/l517/
TinyBrowser - Code Execution
Am Monday, 18. Jul 2011 im Topic 'Vulnerabilities'
-------------------------
Affected products:
-------------------------
Vulnerable are TinyBrowser v1.42 and previous versions (and all web
applications which are using it, such as TinyMCE). Developer fixed these
holes in the next version 1.43 already in February, after my informing, but
this version still was not released. So contact developer for new version.
----------
Details:
----------
Code Execution (WASC-31):
Execution of arbitrary code is possible due to bypass of program's security
filters (on web servers IIS and Apache).
Code will execute via file uploading. Program is vulnerable to three methods
of code execution:
1. Via using of symbol ";" (1.asp;.txt) in file name (IIS).
2. Via "1.asp" in folder name (IIS).
3. Via double extension (1.php.txt) (Apache with special configuration).
by
MustLive
Affected products:
-------------------------
Vulnerable are TinyBrowser v1.42 and previous versions (and all web
applications which are using it, such as TinyMCE). Developer fixed these
holes in the next version 1.43 already in February, after my informing, but
this version still was not released. So contact developer for new version.
----------
Details:
----------
Code Execution (WASC-31):
Execution of arbitrary code is possible due to bypass of program's security
filters (on web servers IIS and Apache).
Code will execute via file uploading. Program is vulnerable to three methods
of code execution:
1. Via using of symbol ";" (1.asp;.txt) in file name (IIS).
2. Via "1.asp" in folder name (IIS).
3. Via double extension (1.php.txt) (Apache with special configuration).
by
MustLive
CryptoBin - Secure Pastebin
Am Monday, 18. Jul 2011 im Topic 'News'
"CryptoBin is a secure pastebin service with origins dating back to 2005 as a privately used project. After noticing the lack of a public secure, stable and clean pastebin service, CryptoBin was re-coded and launched publicly in May 2011."
Source
https://cryptobin.org/
Source
https://cryptobin.org/
Damn Small SQLi Scanner - Python
Am Monday, 18. Jul 2011 im Topic 'Source Code'
Source
http://pastebin.com/dRe1wn3g
http://pastebin.com/dRe1wn3g
4shared.com, Multiupload, Fileserve, Speedyshare..... – XSS
Am Monday, 18. Jul 2011 im Topic 'Vulnerabilities'
4shared.com does not filter their filename input which allows us to inject HTML code into the filename variable, being shown on the “Upload succes” page. This page is (by going to the page’s URL) viewable for other people as well. I’m not sure how long this page remains visible.
This kind of XSS probably works at a lot more upload services (as proven below)!
Source
http://pastebin.com/Yx8qihha
This kind of XSS probably works at a lot more upload services (as proven below)!
Source
http://pastebin.com/Yx8qihha
Blackhole exploit - Java
Am Monday, 18. Jul 2011 im Topic 'Source Code'
OWASP Appsec Tutorial Series - Cross Site Scripting (XSS)
Am Monday, 18. Jul 2011 im Topic 'Tutorials'
Security Concepts - online Book
Am Monday, 18. Jul 2011 im Topic 'Books change the World'
"This is an online book about computer, network, technical, physical, information and cryptographic security. It is a labor of love, incomplete until the day I am finished."
Book
http://www.subspacefield.org/security/security_concepts/index.html
Book
http://www.subspacefield.org/security/security_concepts/index.html
A summary of PDF tricks
Am Monday, 18. Jul 2011 im Topic 'Pentest'
This is a summary of PDF tricks, either based on data encodings, JavaScript, or PDF structure.
Source
http://code.google.com/p/corkami/wiki/PDFTricks
Source
http://code.google.com/p/corkami/wiki/PDFTricks
AntiSecShell - PHP SHELL
Am Monday, 18. Jul 2011 im Topic 'Source Code'
"AntiSecShell(ASS) was built by the underground hacking communityand groups like h0no, ac1db1tch3z and others who wish to remain anonymous, have helped altogether to create this new shell. It has many functions but most important of all - it bypasses ALL security of web servers. It is not only a php shell it is a symbol of
freedom and the anti-sec movement which we, the hacking underground, approve and support. Await more news from us,wh173h475 ph33r u5"
Source
http://pastebin.com/aWenLZxr
freedom and the anti-sec movement which we, the hacking underground, approve and support. Await more news from us,wh173h475 ph33r u5"
Source
http://pastebin.com/aWenLZxr
NMapSi4 v0.2.86 Alpha2
Am Monday, 18. Jul 2011 im Topic 'Tools'
“NmapSi4 is a complete Qt-based Gui with the design goals to provide a complete nmap interface for users, in order to management all options of this powerful security net scanner!“
Download
http://code.google.com/p/nmapsi4/downloads/list
Nmap Free Security Scanner For Network Exploration & Hacking
http://nmap.org/
Download
http://code.google.com/p/nmapsi4/downloads/list
Nmap Free Security Scanner For Network Exploration & Hacking
http://nmap.org/
Windows XP die in 1000 days
Am Monday, 18. Jul 2011 im Topic 'News'
Finally, the count down begins for Windows XP. The software giant Microsoft said that it will stop support for Windows XP, the world's most popular operating system, after three years.
Microsoft began countdown to the end for Windows X on Monday, Jul 11 and will be end on 1000th day. The company also said that it will not any kind of support to the old operating system. Microsoft is aiming to boost the sale of Windows 7, the latest version.
Microsoft began countdown to the end for Windows X on Monday, Jul 11 and will be end on 1000th day. The company also said that it will not any kind of support to the old operating system. Microsoft is aiming to boost the sale of Windows 7, the latest version.
Picture Editor - Online
Am Monday, 18. Jul 2011 im Topic 'Tools'
Source
http://pixlr.com/editor/
http://pixlr.com/editor/
How to write an Exploit
Am Monday, 18. Jul 2011 im Topic 'Tutorials'
Part 1
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part1.pdf
Part 2
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part2.pdf
Part 3
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part3.pdf
Part 4
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part4.pdf
Part 5
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part5.pdf
Part 6
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part6.pdf
Part 7
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part7.pdf
Part 8
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part8.pdf
by corelanc0d3r
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part1.pdf
Part 2
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part2.pdf
Part 3
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part3.pdf
Part 4
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part4.pdf
Part 5
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part5.pdf
Part 6
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part6.pdf
Part 7
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part7.pdf
Part 8
http://www.ihteam.net/papers/How-To-Write-an-Exploit-Part8.pdf
by corelanc0d3r
Blind Sql Injection with Regular Expressions
Am Monday, 18. Jul 2011 im Topic 'Tutorials'
Generator XSS
Am Monday, 18. Jul 2011 im Topic 'Vulnerabilities'
Javascript html redirection - Java
Am Monday, 18. Jul 2011 im Topic 'Source Code'
Source
http://pastebin.com/EMY6RJK3
http://pastebin.com/EMY6RJK3
... ältere Einträge
