We were struck by lightning twice at Hack Day in London, and now we’re back for more. We’re pleased to announce that we plan to hold another open Hack Day in Bangalore on October 5th and 6th, 2007 at The Taj Residency: Bangalore Read the rest of this entry »
PHP security underground
30 12 2007–[ variabel global ]
Di PHP kamu tidak usah mendeklarasikan terlebih dahulu variabel yang hendak kamu pakai, itu bisa jadi kemudahan tapi bisa menyebabkan sistem menjadi ga aman. mari kita tengok contoh script di bawah ini: Read the rest of this entry »
Comments : Leave a Comment »
Categories : cRacKinG
Sql Injection in WordPress 2.1.3
30 12 2007Author: Janek Vind “waraxe”
Date: 21. May 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-50.html
Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerable: WordPress 2.1.3
Patched: WordPress 2.2
Vulnerabilities:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. critical sql injection in “admin-ajax.php”
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Let’s have look @ source code of “wp-admin/admin-ajax.php” ~ line 6: Read the rest of this entry »
Comments : Leave a Comment »
Categories : cRacKinG
AuraCMS [Forum Module] – Remote SQL Injection
30 12 2007Exploit yang ditemukan oleh kak k1tk4t ini bener2 keren. Banyak sekali website Indo yang masih memiliki hole ini. Detail exploit dapat dilihat di link di bawah ini :
http://www.milw0rm.com/exploits/4254
Read the rest of this entry »
Comments : 1 Comment »
Categories : cRacKinG
-== schAtzY inSidE ==- 