Sunday, March 25, 2012

Vulnerability Found in tatasky.com

Vulnerability Found in tatasky.com


One of most famous satlite based TV site is www.tatasky.com is vulnerable to non-persistent cross site scripting (XSS) attacks.
Site has one of highest traffic by India and many other countries.

Demo: 



One more thing there is also some kind of injection in tatasky.com
and i also got Data Base of site. But there is some kind encryption which is creating problem.

These are Tables of site:
Membres membre connexion nom hachage adresse e-mail arquivo authentification usr_pw userpasswd title telephone pwd1 pswd POWER pe_aduser Numer note musername msn mpassword memberid member_id key glmm adminpsw xar_name about lastname temppasword temp_pass page store4 store1 store spacer sid setting session_member_login_key secretquestion secretanswer search number nick nc last_ip kpro_user ipaddress index images homepage hash group_name full fjalekalimi emer e-mail cvvnumber] customers_password customer crack converge_pass_salt converge_pass_hash contact conf client cc_type cc_owner cc_number authentication authenticate auth aim aid pword punetoret psw privacy personal_key perdorimi passwort passwordsalt passwd passw pass1word pass_w pass_hash p_word myusername mypassword my_name nome mima mempassword member mem_passwd lozinka logo loginkey login_pw login_admin usrs usrpass usrnm usrnam usr_pass usr_name userpw userlogin userip userid user1 user_usernm user_username user_uname user_un user_pwrd user_pwd user_passw user_n user_login user_level user_email uPassword tusername building now un uid u_password u_name adminusername adminuserid adminuser admins adminpaw adminpass adminname adminmail adminlogin administrators administrator_name secret_code code loginpwd loginpass loginpasswd loginpassword tukhoa pas accountname aname u_id ten tennguoidung tenquantri tendn admin_password admin_pass admin_name fldpwd flduserpass fldpassword fldpass accnts access permission pwd login_name user_name uname user password

Just to confirm i am not joking :P

Dr Ninja Logging out!



Monday, March 19, 2012

Robot Pirates Web Scanner

"In the name of Allah the most Gracious the most Merciful"
 
Author : Cfr
Crew   : Robot Pirates
Tool   : Robot Pirates Web Scanner 
Greetz : Dr Trojan, Xtremist, Shadoow Khan & Hitcher
We Are : 3rr0rb0t(Ninja),Cb0t(Reaper), Cos & Zqor

  We have Successfully Created the Robot Pirate Web Scanner. CFR_SCANNER Completed Successfully.. Now You can scan the specific web to check whether the web is SQL vulnerable or XSS Vulnerable.. Software Automatically fetches all the links of the webs.. And You can also Fetch the web list Automatically from the Google, Yahoo, etc and then scan all the webs to check SQL vulnerability and XSS Vulnerability.. Software also store the Webs in Database for backup or future purpose.. Regular Expression are also in it.. You can also change the SQL Inject code.. You can also change the Text to Hex, Hex to Text, And Text to SQL Code. Url Encoding and Decoding is also added.. It's take time but it's good one..

[#] Demo ~


Download Link will soon be Shared.

Friday, March 2, 2012

MadSpot Shell Ver 1.0 By MadSpot Security Team

MadSpot Security Team release their 1st php shell coded by "Ikram Ali". Madspot shell is Multiple function And work on both Windows and Linux servers. Madspot shell is really fast and has many Private tools in it.


Following are some main feature of Madspot shell.
- Process
- Eval
- SQL
- Hash
- Perl and php Back Connect (priva8 version)
- Zone-h mass defacer
- * Powerful DDOS tool
- * Auto Safe mood Off
- * Whole Server Auto Symlink (priva8 version)
- Killcode

Official Blog : http://pcbots.blogspot.com/