Posted by Avik Sarkar
On 9/01/2011 04:01:00 pm
The official Website of Ministry Of Home Affairs Of Bangladesh is Vulnerable to SQL-i said Team T!g3R. w3bd3f4c3r, n3ll@!s@mur4!, r00t, burn3r 3 members of (Team T!g3R) hacked into the DB of that site and exposed DB info including DB name, tables, online user details, admin credentials
Server Info:-
Target : http://www.mha.gov.bd/index5.php?category=105
Host IP : 202.79.16.14
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.1.6
DB Server : MySQL >=5
Resp. Time(avg):7161 ms
Current User: mha@localhost
Sql Version: 5.0.77
Current DB : mha
System User: mha@localhost
Host Name : webstar
Installation dir:/usr/
DB User : 'mha'@'localhost'
Admin Details:-
USERNAME : behari
PASSWORD : bbn19741
For More Information and see the hacked DB Click
Here
Here are some screen shots Submitted By the Hacker:-
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 9/01/2011 04:01:00 pm
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 9/01/2011 03:37:00 pm
Federally Administered Tribal Areas (FATA) of Pakistan and Afghanistan database hacked by Team Open Fire & Team Blacklisted. They Hacked into the DB of FATA's website and exposed lots of credential information like DB name, tables, cities, config files, user names passwords, GOV secretes and so on.
Here are some screen shots submitted by the hacker to prove the Data Breach:-
To see the hacked DB click
Here
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 9/01/2011 03:37:00 pm
This afternoon the Apache Foundation released an awaited fix to the denial of service (DoS) vulnerability reported a few days ago. The fixes in version 2.2.20 of the Apache httpd server reduce the amount of memory that is used by range requests. If the total bytes of a file requested exceed the total file size, httpd will return the entire file. This follows closely on the heels of a tool released to the Full Disclosure mailing list this week that exploits the flaw. Apache web administrators are encouraged to apply this fix immediately. Unfortunately, as we see all too frequently, many Linux and Unix administrators "set and forget" their installations and never bother to look after their servers.
The Apache team should be applauded for testing and releasing an important security fix so quickly. Now it is up to you, the IT administrators who are using Apache, to follow through and apply these fixes.
For More information, to see the official release of Apache notes and patches of that vulnerability click
Here
-News Source (NS & Apache)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 8/31/2011 07:04:00 pm
Slowhttptest is a Slow HTTP DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed.
Supported features for Slowhttptest:-
- Slowing down either the header or the body section of the request
- Any HTTP verb can be used in the request
- Configurable Content-Length header
- Random size of follow-up chunks, limited by optional value
- Random header names and values
- Random message body data
- Configurable interval between follow-up data chunks
- Support for SSL
- Support for hosts names resolved to IPv6
- Verbosity levels in reporting
- Connection state change tracking
- Variable connection rate
Detailed statistics available in CSV format and as a chart generated as HTML file using Google Chart Tools. This tool actively tests if it’s possible to acquire enough resources on an HTTP server by slowing down requests to get denial of service at the application layer. Thanks to Sergey Shekyan, Developer Web Application Scanning at Qualys
How to Use:-
./slowhttptest -c 1000 -B -g -o my_server_stats -i 110 -r 200 -s 8192 -t FAKEVERB -u https://example/resources/index.html -x 10
To Download Slowhttptest Click Here
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 8/31/2011 01:17:00 pm
A man has been arrested in connection with the hacking of Facebook accounts of the son and daughter of a BJP leader, who was slapped by local SSP Raghubir Lal after he complained of delay in police action, an official said on Sunday. Jagan Bansal, a resident of Panipat, was apprehended on Saturday and sent to 14-day judicial custody for allegedly breaking into the Facebook accounts of the offsprings of BJP media executive SP Singh two months ago, SHO Kotwali Vivek Ranjan Rai said.
Rai said police are searching for Bansal’s son Vishal, who is also suspected to be involved in the crime. SSP Ghaziabad Raghubir Lal on Friday had slapped Singh who went to the former’s office to complain about delay in the police action in the case. The incident sparked protests by partymen following which Lal rendered an unconditional apology.
-News Source (Hindustan Times)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 8/31/2011 01:17:00 pm
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
