Keamanan siber, sejak 2007.
Keamanan siber, sejak 2007.
Sometimes when you want to config something, it contains the comments from the developer which will help us to figured out which options of arguments will be used. But if you are already familiar with the configuration, comments are so…
QuickShare File Server is prone to a FTP directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to modify files outside the destination directory and possibly gain access to the system. Software…
A vulnerability has been discovered in FTPGetter, which can be exploited by malicious people to compromise a user’s system. The issue is likely due to insufficient bounds checking and presents itself when the affected FTP client makes a connection to…
SolarFTP Server 2.0 is prone to a denial of service condition. It fails to properly sanitize user-supplied input resulting in a denial of service. With a specially crafted ‘USER’, ‘APPE’, ‘GET’, ‘PUT’, and ‘NLST’ command, a remote attacker can potentially…
Finally, my first win32 shellcode.. This will execute notepad.exe when loaded. Run on Windows XP SP3 English.
I have created a script that contains of local privilege escalation exploits that was published by Tavis Ormandy via Exploit-DB.com between October – November 2010. Take a look at here 201011-0day-linux-exploit *Update 1: I rename the file and make the…
Written in Python, i try to make a simple fuzzer for FTP server. This script will try to fuzz the commands like APPE, USER, LIST, CWD, etc..you can find all commands here 😉 This script is simply a modified version…
SQLMap is the tool to automate SQL Injection vulnerability exploitation. This tool is very popular to exploit the SQL Injection vulnerability. While most of web hacker enthusiast knew about this tool to gather information and retrieves the tables information, i…
ModSecurity is a good starting point to secure your web site. OWASP provides the core rule set (CRS) for ModSecurity rules against the most critical web application attack. From OWASP: ModSecurity is an Apache web server module that provides a…
Iseng-iseng nyari aplikasi yang bisa diotak-atik buat maenan SEH, dapet juga aplikasi Batch Audio Converter <= v.0.4.0.0 dan berhasil di eksploitasi dengan sukses melalui SEH Overflow (tulisan mengenai SEH secara jelas bisa dilihat di situs Peter Van Eeckhoutte dan situs…