... neuere Einträge
Saturday, 27. August 2011
Telecom/Chat Servers <= 2.0.1 .1 Blind Exploitation
Am Saturday, 27. Aug 2011 im Topic 'Vulnerabilities'
using the WQuery injection attack:
WQuery........ ........ ($username)
$userdata = hub#;
if (isPasswordCorrect($username:Bg, $pass:M25)) {
$userdata = Bf%ByLogin($F20); ...
}
{
AS BEGIN
'SELECT:'string=B#(Var char 'FROM''$Status%'varchar(150) Brides'
WHERE 'FrIn'Lw =varchar(50) 'Millix*naire'
ph_status` varchar(20)=Count($Car) > $2000&+'
AND Hs_Status=='3#'
Brth_staus`Varchar(5)= Null;
AND Ss-status' =#Full$
{
$userselect=sxx(>20)
curl_setop="$ch(PRIMARY KEY ) (`dk-enter`)=’$fnm’
isGETCHA =$+`FInLawBal`
) TYPE`=MyFXX`;
}
Various Telecom/ISP servers are vulnerable to this attack.
Highly Vulnerable Softwares:
Pidgin
Meebo
MSN
AIM
Gtalk
Yahoo Messenger
Skype
Vypress
Windows Live Messenger
US Robotics
LG Electronics Routers
Intel Routers
Ericsson Routers
Cisco Routers
BT Telecoms
Win XP
Win Vista
Win Server 2008
Win 7
Win 2003
Firefox
Opera
IE all versions
Chrome Browser
by
FunnyMinds
WQuery........ ........ ($username)
$userdata = hub#;
if (isPasswordCorrect($username:Bg, $pass:M25)) {
$userdata = Bf%ByLogin($F20); ...
}
{
AS BEGIN
'SELECT:'string=B#(Var char 'FROM''$Status%'varchar(150) Brides'
WHERE 'FrIn'Lw =varchar(50) 'Millix*naire'
ph_status` varchar(20)=Count($Car) > $2000&+'
AND Hs_Status=='3#'
Brth_staus`Varchar(5)= Null;
AND Ss-status' =#Full$
{
$userselect=sxx(>20)
curl_setop="$ch(PRIMARY KEY ) (`dk-enter`)=’$fnm’
isGETCHA =$+`FInLawBal`
) TYPE`=MyFXX`;
}
Various Telecom/ISP servers are vulnerable to this attack.
Highly Vulnerable Softwares:
Pidgin
Meebo
MSN
AIM
Gtalk
Yahoo Messenger
Skype
Vypress
Windows Live Messenger
US Robotics
LG Electronics Routers
Intel Routers
Ericsson Routers
Cisco Routers
BT Telecoms
Win XP
Win Vista
Win Server 2008
Win 7
Win 2003
Firefox
Opera
IE all versions
Chrome Browser
by
FunnyMinds
OWASP Tutorial Series
Am Saturday, 27. Aug 2011 im Topic 'Tutorials'
Episode 1: Appsec Basics
Episode 2: SQL Injection
Episode 3: Cross Site Scripting (XSS)
Episode 2: SQL Injection
Episode 3: Cross Site Scripting (XSS)
update: INSECT Pro 2.7
Am Saturday, 27. Aug 2011 im Topic 'Pentest'
This is a partial list of the major changes implented in version 2.7
- Available targets now has a submenu under right-click button
- Check update function added in order to verify current version
- Threading support for GET request
- Module log added and functional
- Sniffer support added
- 50 Remote exploits added
- Project saved on userland - Application Data special folder
- Executed module windows added and functionality for it
- AgentConnect now use telnetlib
Download
http://www.insecurityresearch.com
- Available targets now has a submenu under right-click button
- Check update function added in order to verify current version
- Threading support for GET request
- Module log added and functional
- Sniffer support added
- 50 Remote exploits added
- Project saved on userland - Application Data special folder
- Executed module windows added and functionality for it
- AgentConnect now use telnetlib
Download
http://www.insecurityresearch.com
... ältere Einträge