During the past tree years, Stephen did an awesome job on connecting all sorts of Xen enthusiasts and various companies. Thanks to him normal users and system administrators were able to get to know some of the greatest Xen developers and so many dedicated people. It was always a pleasure to see how he was putting so much work in everything which could possibly be related to Xen.

I think I speak for all members of the Xen.org community when I say “thank you” for everything you have done for both Xen and the Xen.org community.

The image gallery script GaleriaSHQIP suffers from a remote SQL injection vulnerability.

Example URL
index.php?album_id=[SQL Injection]

Affected versions
1.0 full, the lite version may also contain such vulnerabilities

The Joomla component com_golfcourseguide fails to sanitize the user input and therefore suffers from a remote SQL injection vulnerability.

Example URL
index.php?option=com_golfcourseguide&view=golfcourses&cid=1&id=[SQL Injection]

Versions affected
v0.9.6.0 beta, v1 beta

So mobile phones should be very secure, right? If someone would be able to take over control of such devices, it would be possible to track down many areas of our live. So the vendors should be making sure that every mobile phone is highly secure.

Insecure connections
Many mobile phones with Bluetooth abilities accept new incoming connections by default. This means that accessing data on these mobile phones is very easy (I have seen various live hacking demonstrations where the speaker simply hacked the smartphones of the audience without them knowing it).

Keyboard lock? Ehm yeah.
In most cases the keyboard lock of a cellular gets turned on when you don’t use it for a certain amount of time. Sadly this lock is of no use when you connect the mobile device to a computer and start a synchronisation tool. You still can access all the data without even having to enter a PIN or some sort of lock code. Furthermore some devices have a special way of unlocking the keyboard, e.g. by moving a bar from the left to the right. Very secure. If you left your phone let’s say at a restaurant, someone simply has to move the bar and then has access to the device.

Unencrypted data and connections
The files on mobile devices and storage cards are not encrypted in most cases. So are the connections to other phones.

Those are only three points concerning security issues, but at the same time this is already enough to state that the devices which we use daily are not secure enough.

Description
The Specialist Bed and Breakfast Website SQL Injection Exploit takes advantage of a SQL injection vulnerability JaMbA discovered on 30th June 2010. The exploit source code also contains the table structure of the vulnerable product.

About the vulnerability
Learn more about the vulnerability here.

Features
- Check if provided URL is reachable
- Error handling for HTTP requests
- Display current database, MySQL user and the MySQL version
- Display the admin login data
- Easy to use (everything is simple and automated)
- User agent for HTTP requests

Additional information
Written in Python (less than 400 lines).

Usage example
python bed_and_breakfast_sploit.py – u “http://target/site/pages.php?fid=0,1,472&pp_id=84″

Disclaimer
Only use this tool to check websites you are allowed to test (e.g. for penetration testing). Never use this tool on foreign websites! Know and respect your local laws! I am not responsible if you cause any damage or run into trouble. This tool was written for educational purposes only.

It contains all the features from the first released version 0.3 and now contains – in addition – a column fuzzer. Simply start a scan by using python sqli_scanner.py -u “target” and then start fuzzing by using the parameter -fuzz “exploit url”. The exploit url will be provided by the scanner (when a vulnerability was found).

>> #1 SQL Injection
target/view.php?id=[SQL Injection]

>> #1 SQL Injection
target/tellafriend.php?id=[SQL Injection]

>> #1 SQL Injection
target/search.php?submit=Search&keyword=[SQLi]

>> #2 Cross-Site Scripting
target/search.php?submit=Search&keyword=[XSS]

>> #1 SQL Injection
target/search.php?search=Search&keyword=[SQL Injection]