모의해킹157 TimThumb vulnerability (WordPress plugins) Recently a new high risk vulnerability was discovered in the highly popular TimThumb script. TimThumb is a “A small php script for cropping, zooming and resizing web images (jpg, png, gif). Perfect for use on blogs and other applications.“ TimThumb is included in a lot of WordPress plugins and themes (free and paid). Exploiting this vulnerabilityan attacker can upload and excute a PHP file of hi.. 2011. 11. 11. Run POST Modules On All Sessions Jcran recently blogged about an easy way to run a post module on all sessions: http://blog.pentestify.com/simple-framework-domain-token-scanner msf> use post/windows/gather/enum_domain_tokens msf enum_domain_tokens> irb framework.sessions.count.each do |session| run_single("set SESSION #{session.first}") run_single("run") sleep 1 end You use the POST module, drop to IRB and run those 4 lines, an.. 2011. 11. 4. HTTP Parameter Pollution Vulnerabilities HTTP 매개변수 오염(Parameter Pollution) 취약점 이슈 발표자료 : 관련자료 : 2011. 10. 30. DoS Attack Tool Targeting SSL Servers A hacker group has released a proof-of-concept tool that exploits how encryption keys can be renegotiated to launch a distributed denial of service attack against Secure Sockets Layer servers. A tool designed to launch denial of service attacks can bring down Secure Sockets Layer servers using just a laptop computer and a standard DSL connection. Developed by a German group called The Hacker's C.. 2011. 10. 27. Released Messenger Password Decryptor v4.5 Messenger Password Decryptor (formerly IMPasswordDecryptor) is the FREE all-in-one software to instantly recover passwords from popular Messengers including GTalk, MSN, AOL, Trillian, Pidgin, Digsby etc. Here is the complete list of support messengers Google Talk Windows Live Messenger MSN Messenger AOL Messenger (AIM) Digsby IM PaltalkScene Trillian Trillian Astra Pidgin (Formerly Gaim) MySpace.. 2011. 10. 26. 이전 1 ··· 10 11 12 13 14 15 16 ··· 32 다음 728x90