Why Audio? Why Not?

Top Priority Sector:  video_surveillance_cctv By Richard Brent It’s 2014 and time for a new way of thinking when it comes to security. Read More….

View full post on The Cyber Wars

The Alyona Show Made to Order Organs


Herkese Hayırlı günler Kanalımıza Abone Olun. Kanalımızdaki İçerikler Oyun Videoları Haberler Oyun Sohbetler islami bilgiler Yabancı haberler Yerli Haberler …

________________________

http://gregorydevans.com – http://gregorydevans.wordpress.com – http://hackerforhire.com – http://hackerforhireusa.com

MICROSOFT HAS PLANNED TO LEAVE window XP and ATMs ON HACKERS MERCY

Microsoft has planned quit from its online support and releasing security updates. Since most of ATM machines run Windows XP, the Microsoft’s decision can bring whole banking sector at stake. Windows XP is due for an “end of life and support retirement” on April 8, 2014. 
According to Symantec Researchers, 95& of ATM, computer system that control access to funds, are still on archiac XP systems. For this matter, Microsoft has already expressed its concerns by calling it a “0day forever”. Yet the banking sector seemed to have paid no heed. Priorly, Redmond security researchers had also pleaded the banks to upgrade XP to more secure systems. 
Unfortunately, all their vocals went unnoticed. According to Symantec, once Microsoft ends releasing its security updates for Win Xp, tricking ATMs into spitting out cash will be “an sms away” for hackers. Symantec told that a backdoor Plotus and its successor, more improved, Plotus-B will do that job for hackers.
 Both of these malwares are already available in Black Markets. This backdoor can be installed and executed on ATMs quite easily. By attaching a mobile phone through USB, a hacker can command an ATM to execute backdoor subsequently enabling the hacker to drop out the cash.On the top of that, this malware can steal user data and PIN number by performing Man-in-the-middle attack. Symantec suggests that this threat can be overcome by upgrading operating system, CCTV monitoring and by full disk encryption.

View full post on Who Got Hacked – Latest Hacking News and Security Updates

Регистрация Gmail com почты


Бесплатный видеоролик о регистрации электронной почты Gmail.com http://valentinegorov.ru/

________________________

http://gregorydevans.com – http://gregorydevans.wordpress.com – http://hackerforhire.com – http://hackerforhireusa.com

Anonymous TAM (Ṫḧḕ Ḧḭṽḕ)


Transcript ▭▭▭▭▭▭▭▭▭▭▭▭▭▭▭▭▭▭▭▭▭▭▭▭▭▭▭▭▭▭ Greetings citizens of the world, Whether you know it or not, humanity has loss an amazing human. theanonmessage is …

________________________

http://gregorydevans.com – http://gregorydevans.wordpress.com – http://hackerforhire.com – http://hackerforhireusa.com

gt advanced tech

________________________

http://gregorydevans.com – http://gregorydevans.wordpress.com – http://hackerforhire.com – http://hackerforhireusa.com

Apple iPhone 7 215

________________________

http://gregorydevans.com – http://gregorydevans.wordpress.com – http://hackerforhire.com – http://hackerforhireusa.com

NCS 12/20/11 – Dec 20,2011

Phishers, credit-card cloners and identity thieves will be busy today, searching for ways to take advantage of interest in the life and sudden death of North Korean dictator Kim Jong Il. Adobe has warned users of a critical vulnerability in its Flash Player that could potentially allow an attacker to take remote control of the compromised system. The biggest draw in television is entering the cyber world. The Super Bowl will be streamed online and to phones for the first time, the NFL announced today. Also check out the job of the day!!

View full post on Daily Cyber Security News

plan the release schedule for the T cycle


plan the release schedule for the T cycle.

________________________

http://gregorydevans.com – http://gregorydevans.wordpress.com – http://hackerforhire.com – http://hackerforhireusa.com

OpenCart highly Vulnerable, Thousands of online shops at high risk

An independent Pakistani cyber security expert Sadat Ullah from Karachi who is previously well known for finding programming flaws in WHMCS , MyBB , Clicksharepro, iscripts, Playsms and many other have recently found a new flaw in OpenCart CMS which is widely used by online shopping stores and the customers data within these online websites have millions of credit card and other financial details.
however Sadat Ullah have submitted 0day to exploit-db and packetstorm.

Details:-

# Exploit Title     : OpenCart <= 1.5.6.1 SQL Injection
# Date              : 2014/3/26
# Exploit Author    : Saadat Ullah , saadi_linux@rocketmail.com
# Software Link     : http://www.opencart.com/index.php?route=download/download
                    : https://github.com/opencart
# Software web      : www.opencart.com
# Author HomePage   : http://security-geeks.blogspot.com/
# Tested on: Server : Apache/2.2.15 PHP/5.3.3
 
#Opencart suffers from multipe SQL injection in ebay.php the bug is more about
privilege escalation as attacker may need openbay module access .
 
Poc
Poorly coded file full of SQLi opencart/system/library/ebay.php
In file opencart/system/library/ebay.php
product_id is used in a SQL query without being sanitize.
 
public function getEbayItemId($product_id) {
        $this->log('getEbayItemId() - Product ID: '.$product_id);
 
        $qry = $this->db->query("SELECT `ebay_item_id` FROM `" . DB_PREFIX . "ebay_listing` WHERE `product_id` = '".$product_id."' AND `status` = '1' LIMIT 1");
..............
Function is called on many locations and paramter is passed without santize.
In opencart\admin\controller\openbay\openbay.php
public function editLoad() {
        ...
        $item_id        = $this->openbay->ebay->getEbayItemId($this->request->get['product_id']);
..............
Where $this->request->get['product_id'] comming from GET field.
Similarly More
 
public function isEbayOrder($id) {
        ...
        $qry = $this->db->query("SELECT `comment` FROM `" . DB_PREFIX . "order_history` WHERE `comment` LIKE '[eBay Import:%]' AND `order_id` = '".$id."' LIMIT 1");
 
In opencart\admin\controller\extension\openbay.php
        public function ajaxOrderInfo()
        ...
        if($this->openbay->ebay->isEbayOrder($this->request->get['order_id']) !== false){
..............
More
public function getProductStockLevel($productId, $sku = '') {
        ...
        $qry = $this->db->query("SELECT `quantity`, `status` FROM `" . DB_PREFIX . "product` WHERE `product_id` = '".$productId."' LIMIT 1");
..............
ebay.php has many more..
User should have openbay module access
http://localhost/opencart/admin/index.php?route=openbay/openbay/editLoad&token=5750af85a1d913aded2f6e2128616cb3&product_id=1'
 
#Independent Pakistani Security Researcher

View full post on Who Got Hacked – Latest Hacking News and Security Updates

Page 20 of 2,136« First...10«1819202122»304050...Last »

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!