Entries of November, 2010

For English speaking readers: This is one of the few German blog posts, be ensured that most of the upcoming content remains in English Heute Mittag genoss ich die Gelegenheit, mein brand neues HTC Desire Z aus dem O2 Shop abzuholen. In den vergangenen 7 Tagen habe ich mir viele Gedanken zu einem möglichen neuen […]

(Continue reading…)

I just uploaded a new version of the Simple Local File Inclusion Exploiter, version 1.1. It was updated with some new user agents, “interesting files” and now creates a small log file. Just visit the “My Tools” section for the download link.

(Continue reading…)

Today I am releasing my Simple Local File Inclusion Exploiter 1.0 (21th November 2010). [Download] Description The Simple Local File Inclusion Exploiter helps you to exploit LFI vulnerabilities. After you found one, simply pass the URL of the affected website and the vulnerable parameter to this tool. You can also use this tool to scan […]

(Continue reading…)

I am currently working on a very exciting tool which is related to local file inclusion vulnerabilities. Basically it is some kind of automated LFI exploiter with many features, such as a LFI scanner and – as I call it – an “interesting file dumper”. Currently, the tool is still beta (version 0.8). I guess […]

(Continue reading…)

Please view the original advisory/exploit here. The South Korean Community/Website/Content Management System UTW suffers from various vulnerabilities. Local File Inclusion Script: utw_lib/get_file.php Parameters: file, rfile Example: utw_lib/get_file.php?rfile=<local path>&file=<local file name> The script get_file.php is vulnerable to local file inclusion attacks. Arbitrary files can be viewed by combining the values for the rfile and file parameters. […]

(Continue reading…)

I have been interested in IT-Security since I was 16 or 17. Back then I was fascinated by basic concepts and the idea of exploiting weaknesses within a network, piece of software or simply human stupidity. It was exciting to see that the Internet is full of amazing websites, providing security enthusiasts with tools, source […]

(Continue reading…)

When you buy the Acer Aspire One netbook in a shop it is usually equipped with a Windows XP, which drains too much power from the battery and often causes lags. I decided to install the Ubuntu distribution EasyPeasy, which still drains much power from the battery, but still is better than XP in my […]

(Continue reading…)

Just a few minutes ago I received a Google alert concerning packetstormsecururity.org. After a visit, clearly a very cool new website could be viewed. packetstormsecurity.org is now equipped with a modern look (new design + layout), pages for authors and profiles (registering is possible). Furthermore the start page and files organisation got over-worked. For me, […]

(Continue reading…)

Please view the original advisory/exploit here. The web app OneOrZero AIMS Members Edition suffers from multiple remote vulnerabilities. SQL Injection Multiple scripts and parameters are affected by remote SQL injection vulnerabilities. You can also manipulate SQL queries with the help of various search fields of this web app. Some example URLs: index.php?controller=app_oneorzerohelpdesk_main&subcontroller=search_management_manage&option=saved_search&global=1&id=[SQL Injection] index.php?controller=app_oneorzerohelpdesk_main&subcontroller=search_management_manage&option=show_item_search&item_types=[SQL Injection] […]

(Continue reading…)

I just received notice from bugsearch.net that they closed the XSS vulnerability I discovered a few hours ago. That was fast

(Continue reading…)