HTC Desire Z mit Android 2.2 (Froyo): Erster Eindruck

For English speaking readers: This is one of the few German blog posts, be ensured that most of the upcoming content remains in English 🙂 Heute Mittag genoss ich die Gelegenheit, mein brand neues HTC Desire Z aus dem O2 Shop abzuholen. In den vergangenen 7 Tagen habe ich mir viele Gedanken zu einem möglichen […]... Read More

Simple Local File Inclusion Exploiter version 1.1 released

I just uploaded a new version of the Simple Local File Inclusion Exploiter, version 1.1. It was updated with some new user agents, “interesting files” and now creates a small log file. Just visit the “My Tools” section for the download link.... Read More

Simple Local File Inclusion Exploiter version 1.0 released

Today I am releasing my Simple Local File Inclusion Exploiter 1.0 (21th November 2010). [Download] Description The Simple Local File Inclusion Exploiter helps you to exploit LFI vulnerabilities. After you found one, simply pass the URL of the affected website and the vulnerable parameter to this tool. You can also use this tool to scan […]... Read More

New security tool to be released soon

I am currently working on a very exciting tool which is related to local file inclusion vulnerabilities. Basically it is some kind of automated LFI exploiter with many features, such as a LFI scanner and – as I call it – an “interesting file dumper”. Currently, the tool is still beta (version 0.8). I guess […]... Read More

South Korean UTW CMS Multiple Vulnerabilities

Please view the original advisory/exploit here. The South Korean Community/Website/Content Management System UTW suffers from various vulnerabilities. Local File Inclusion Script: utw_lib/get_file.php Parameters: file, rfile Example: utw_lib/get_file.php?rfile=<local path>&file=<local file name> The script get_file.php is vulnerable to local file inclusion attacks. Arbitrary files can be viewed by combining the values for the rfile and file parameters. […]... Read More

Not yet another Full Disclosure vs Responsible Disclosure debate

I have been interested in IT-Security since I was 16 or 17. Back then I was fascinated by basic concepts and the idea of exploiting weaknesses within a network, piece of software or simply human stupidity. It was exciting to see that the Internet is full of amazing websites, providing security enthusiasts with tools, source […]... Read More

Tutorial: WLAN on Acer Aspire One with EasyPeasy Linux (based on Ubuntu)

When you buy the Acer Aspire One netbook in a shop it is usually equipped with a Windows XP, which drains too much power from the battery and often causes lags. I decided to install the Ubuntu distribution EasyPeasy, which still drains much power from the battery, but still is better than XP in my […]... Read More’s awesome relaunch

Just a few minutes ago I received a Google alert concerning After a visit, clearly a very cool new website could be viewed. is now equipped with a modern look (new design + layout), pages for authors and profiles (registering is possible). Furthermore the start page and files organisation got over-worked. For me, […]... Read More

OneOrZero AIMS v2.6.0 Members Edition Multiple Vulnerabilities

Please view the original advisory/exploit here. The web app OneOrZero AIMS Members Edition suffers from multiple remote vulnerabilities. SQL Injection Multiple scripts and parameters are affected by remote SQL injection vulnerabilities. You can also manipulate SQL queries with the help of various search fields of this web app. Some example URLs: index.php?controller=app_oneorzerohelpdesk_main&subcontroller=search_management_manage&option=saved_search&global=1&id=[SQL Injection] index.php?controller=app_oneorzerohelpdesk_main&subcontroller=search_management_manage&option=show_item_search&item_types=[SQL Injection] […]... Read More