Hacked Joomla! v. [1.6.x] [1.7.x] [2.5.0-2.5.2] - Escalation of Privileges

This vulnerability allows us to escalate privileges joomla for registering a new user, for 1.6.x/1.7.x versions have not been issued so far no patch versions and 1.0.x/1.5.x/2.5.3 + are not vulnerable. but for our comfort the v. 1.5.x (which is not patched) joomla has the well-known bug of the token, you can change the admin pass, well that's another topic.




Let us focus on our own and

Wordpress all Version full Path Disclosure Vulnerability By KinG Of PiraTeS

================================================================================
____ _ _ ____ _ _ ____ _ _ ___ ____ ____
|__| | | |__| |__| |__| |_/ |__] |__| |__/ I Love Palestine
| | |___ |___ | | | | | | | \_ |__] | | | \

================================================================================
##

Using beef plugin with Metasploit

1. Run the beef service
$/pentest/web/beef/beef -x -v

2. In another console, Run the Metasploit Console
$msfconsole

3. Download beef plugin from https://github.com/xntrik/beefmetasploitplugin.git
$git clone https://github.com/xntrik/beefmetasploitplugin.git

4. Move file beef.rb to msf/plugins and lib/beef to msf/lib

5. Install hpricot gem
$gem install hpricot

6. In the Metasploit console,

Webhoneypot - Web Application Honeypot

DShield.org is offering this honeypot for users to capture automated web application exploits. It is a very simple "semi interactive" honeypot implemented in PHP. 


Source: https://code.google.com/p/webhoneypot/

If you like my blog, Please Donate Me




One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

WordPress Application Firewall. Protects against current and future attacks.

WordPress Application Firewall. Protects against current and future attacks. Email notification is disabled by default, notification can be activated and configured in Settings > WP WAF. Go to your WP WAF configuration page.


Source: https://wordpress.org/extend/plugins/wp-waf/

If you like my blog, Please Donate Me




One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

AT&T And Hostgator was hack.

<==============================>Target: ATT.comVulnerable Link: REDACTEDVuln. Type: Error-BasedVulnerable paramater: sb=DB: prod<==============================>Well; it just goes to show you, anything is vulnerable. You just have to know where to look. This DB has A LOT of information in it: names, addresses, mobile numbersect..  The information in this dump isn't even 1% of whats in here, I just

Browsers Anti-XSS methods in ASP (classic) have been defeated!

If you want to see full article,please go to the Source.

Browsers Anti-XSS methods in ASP (classic) have been defeated!This time, I want to start with the summary section first to break the rules!SummaryThe intention of this paper is to prove the client-side XSS protection methods must have rules for different web application languages, otherwise they will be bypassed. This research is based on

ภัยที่เรียกว่าคนกลาง