Sunday, February 27, 2011

DOERS CMS Multiple Vulnerabilities


Title : DOERS CMS Multiple Vulnerabilities
Web : http://www.doers.in/
Found By: p0pc0rn 28/02/2011
Dork : intext:" powered by DOERS" asp

SQL
---

http://site.com/xxxx.asp?id=[SQL]
http://site.com/xxxx.asp?category=[SQL]
and more..

XSS
---
Parameter can be xss'ed

currentPage=[XSS]
categoryname=[XSS]
page=[XSS]
cate=[XSS]
sub=[XSS]
and more..

POC
---


http://www.1337day.com/exploits/15522

thanks,
-p0pc0rn-

Saturday, February 26, 2011

Site Designed by Hypersoft Solutions is Vulnerable to SQL Injection


Title : Site Designed by Hypersoft Solutions is Vulnerable to SQL Injection
Web : http://www.hypersoftsolutions.com/
Found by: p0pc0rn 26/02/2011
Filetype: asp
Dork
: intext:"By: HypersoftSolutions.Com"
: inurl :"cms.asp?LinkId="


SQL
---
http://site.com/cms.asp?LinkId=[SQL]
http://site.com/cms.asp?CatId=[SQL]

POC
---
http://site.com/cms.asp?LinkId=1 and 1=1 TRUE
http://site.com/cms.asp?LinkId=1 and 1=0 FALSE


http://www.1337day.com/exploits/15514

thanks,
-p0pc0rn-

WebContent CMS Vulnerable to Multiple SQL Injection


Title : WebContent CMS Vulnerable to Multiple SQL Injection
Web : http://www.interbase.com.my/
Found by: p0pc0rn 26/02/2011
Dork
: intext:"Powered By Interbase WebContent"
: inurl:"cms/layout/Printer.asp?ProductID="
: intext:"Powered By WebContent"


SQL - Microsoft JET Database Engine
------------------------------------

http://site.com/cms/AllProduct.asp?CatID=[SQL]
http://site.com/cms/layout/Printer.asp?ProductID=[SQL]
http://site.com/cms/General.asp?ProductID=[SQL]



http://www.1337day.com/exploits/15513

thanks,
-p0pc0rn-

Teme Technical Solutions CMS Vulnerable to SQL Injection


Title : Teme Technical Solutions CMS Vulnerable to SQL Injection
Web : http://www.temetechsolutions.co.uk
Found by: p0pc0rn 25/11/2011
Dork : intext:"powered by Teme Technical Solutions"


SQL
---
Parameter index.asp?pageId=[SQL]

POC
---
TRUE

FALSE

http://www.1337day.com/exploits/15512

thanks
-p0pc0rn-

How to Protect Your Facebook Account From Being a Victim to MiTM Attacker by Activate HTTPS

How to Protect Your Facebook Account From Being a Victim to MiTM Attacker by Activate HTTPS


1 - Login to your facebook account.

2 - Go to Account > Account Settings

3 - Scroll down and at the Account security line, click change

4 - Tick all boxes.Recommended.

5 - Save and done! Your facebook now will be in Https mode.



Addition


At the same line also(Account security) you can check from where your facebook been logged before.

Friday, February 25, 2011

Duo CMS Vulnerable to Non Persistent XSS

Title: Duo CMS Vulnerable to Non Persistent XSS
Web : http://www.duocms.co.uk/
Found By: p0pc0rn 25/02/2011
Dork : intext:"powered by duo cms" "search"

XSS
---
http://site.com/search/?q=[XSS]

POC
---



thanks.
-p0pc0rn-

PhUse™ CMS Vulnerable to Non Persistent XSS


Title : PhUse™ CMS Vulnerable to Non Persistent XSS
Web : http://www.phusecms.com : http://www.phusecms.co.uk
Found by: p0pc0rn 25/02/2011
Dork : intext:"Powered by PhUse™" : filetype:phuse "searchresults"

XSS
---
http://site.com/searchresults.phuse?q=[XSS]

POC
---



thanks.
-p0pc0rn-

RaksoCT Web Design Vulnerable to Multiples SQL Injection

Title : RaksoCT Web Design Vulnerable to Multiples SQL Injection
Web : http://raksoct.com/
Found By: p0pc0rn 25/02/2011


Blind SQL
----------
1 - Parameter gallery_details.asp?a_id=[Blind SQL]

POC
---
http://site.com//gallery_details.asp?a_id=12' and '1'='1 TRUE
http://site.com//gallery_details.asp?a_id=12' and '0'='1 FALSE


2 - Parameter news.asp?intSeq=[Blind SQL]

POC
---
http://www.site.com/news/news.asp?intSeq=69' and '1'='1 TRUE
http://www.site.com/news/news.asp?intSeq=69' and '0'='1 FALSE



3 - Parameter news.asp?id=[Blind SQL]

POC
---
http://www.site.com/news/news.asp?id=256 and 1=1 TRUE
http://www.site.com/news/news.asp?id=256 and 1=0 FALSE





http://www.exploit-db.com/exploits/16241/

Thanks
-p0pc0rn-

Thursday, February 24, 2011

JuiceAPac CMS Multiple Vulnerabilities

Title    : Multiple Vulnerabilities in JuiceAPac CMS
Found by: p0pc0rn 24/02/2011
Web     : http://www.juiceapac.com
Dork     : intext:"Powered by JuiceAPac" filetype:cfm

SQL
---

http://site.com/xxxx.cfm?xxx=[SQL]


XSS
---

http://site.com/search.cfm
POST: THE_KEYWORDS=[XSS]&year=[XSS]

http://site.com/news.cfm?NewsID=[XSS]
//maybe other parameter can be xss'ed too.


POC
---

http://www.1337day.com/exploits/15499

thanks
-p0pc0rn-

Wednesday, February 23, 2011

Non-Persistent in Tuugo Free company and business search engine

Title : Non-Persistent in Tuugo Free company and business search engine
Web : http://www.tuugo.com
Found by: p0pc0rn 23/2/2011

XSS
---
Tuugo Search Engine is Vulnerable Non Persistent XSS at parameter search=&nearto=

POC
---

http://site.com/CompaniesForProductByLoc?search=[XSS]&nearto=[XSS]

SQL and XSS in DIY Web CMS

SQL and XSS in DIY Web CMS

found by : p0pc0rn 22/2/2011
web : http://www.mydiyweb.com.my
dork : intext:"powered by DiyWeb"

SQL - Microsoft JET Database Engine error
-----------------------------------------

http://site.com/template.asp?menuid=[SQL]
http://site.com/viewcatalog.asp?id=[SQL]
http://site.com/xxx.asp?id=[SQL]

XSS
---
http://site.com/diyweb/login.asp?msg=[XSS] -- login page



http://www.exploit-db.com/exploits/16205/

thanks
-p0pc0rn-

Monday, February 14, 2011

CMS Powered by sen9.com Multiple Vulnerabilities

CMS Powered by sen9.com Multiple Vulnerabilities

SQL

http://site.com/productDetail.php?P_Id=[sql]
http://site.com/subPage.php?SP_Id=[sql]
http://site.com/videoDetail.php?V_Id=[sql]
http://site.com/journal.php?J_Id=[sql]



screenshot:

XSS

http://site.com/x.php?V_Name=[xss]&SE_Name=[xss]




Directory Listing


there are more vuln found.
I just highlight the high risk vuln

status:reported

thanks
-p0pc0rn-

Thursday, February 10, 2011

How to Enable Telnet in Windows 7

1 - Start > Control Panel

2 - Click Programs


3 - At the "Programs and Features", click “Turn Windows features on or off


4 - New box will pop up..scroll down to find "Telnet Client"..tick and OK! DONE!


alternatively

using cmd prompt

start / w pkgmgr /iu:"TelnetClient"

Monday, February 7, 2011

How to Play Snake in Youtube for fun!

How to Play Snake in Youtube

1 - Go to youtube.com

2 - Find any video

3 - Scroll the timeline to 0:00 and click pause

4 - Hold left arrow button on your keyboard for a while...then push up arrow button..

5 - The snake will appear and u are on game! :D