This entry through the RSS Full Text of service – it is your content and i t you read elsewhere, please read our FAQ fivefilters. Org / glad / faq.php
Five filters appears in Article"Peace Envoy" Blair Gets a bed of roses in the Independent.

Do you often get curious whether your online buddies are hiding from you or not ? don’t you want to be able to detect invisible buddies on your IM ? The answer is simple , you can go to any site which provides the services to detect invisible yahoo buddies like vizgin.com. The other way is to host your own yahoo invisible detector script.

Yahoo detector script is developed in PHP, so it needs a server with PHP running on it to make it works. Instead of being able to detect yahoo invisible buddies , it’s able to detect msn invisible buddies too! So, just download yahoo invisible detector script here (which is not free):
http://forums.digitalpoint.com/showthread.php?t=1381348

Related articles by Zemanta

• PHP Security: Fortifying Your Website- Power Tips, Tools & How to’s (noupe.com)
• Also Of Community (leftontheweb.com)
• XAMPP, PHP 5.3, PEAR, and PHAR (what a mess) (nofluffjuststuff.com)

As all of you might know , phpbb is one of the most used open source forum engine. Phpbb might have millions of users , and Phpbb should protect their users from being hacked. And the fact is that the official site of phpbb , which is phpbb.com was hacked within few days ago ! and phpbb.com is still under maintenance up to now. The hacking of phpbb.com started when the attacker spotted a ‘gateway’ to attempt the break-in through phpList exploit (http://www.milw0rm.com/exploits/7778) . Well it’s not a how to hack phpbb forum , but it’s still good to be read.

Here’s the exceprt of the phpbb.com hacking story :

And eventually found my way to their error log /home/logs/phpbb.com/error_log. After a little looking I figured out that their forums were running off /home/virtual/phpbb.com/community/ well it has been known for some time that you can include code in the error log. So I wanted to run some code, well in PHPBB3 the avatars are located in a folder called /home/virtual/phpbb.com/community/images/avatars/upload and your avatar is called (secret hash)_userid.jpg. But I didn’t know what the secret has was to include my picture (that had my own code in it) so by using the error log I injected code
And figured out that their hash is f51ee61fe7a83fdf72780912bced0855. So now every time I want to upload run code against the server I can include this: /../../../../../../home/virtual/phpbb.com/community/images/avatars/upload/f51ee61fe7a83fdf72780912bced0855_ID.jpg

Read the rest of the story here : http://hackedphpbb.blogspot.com/

Random articles:

• toksta* integration now available for phpBB3 (toksta.com)
• What we can learn from yesterday’s phpBB.com hack (leftontheweb.com)

Image via Wikipedia

Just stumbled across to packet storm security’s tools collection , and I’ve just found an interesting tool to be discussed here , especially if you’re interested in Browser exploitation. The tool itself is called Browser Rider. It’s a hacking framework to build payloads that exploit your browser. Sounds similar to bEEF ? Well , yes it does! the developer’s purpose of developing this tool is to provide you with the more reliable browser hacking framework than just those other unmaintained tools out there nice..

However , here’s the excerpt from their official project site :

Browser Rider is not a new concept. Similar tools such as BeEF or Backframe exploited the same concept. However most of the other existing tools out there are unmainted, not updated and not documented. Browser Rider wants to fill those gaps by providing a better alternative.
What are the features?

^ Easily create powerful payloads and plugins
^ Manage payloads automatically with plugins
^ All data can be saved in a database
^ Obfuscation
^ Polymorphisme
^ Control more than one zombie at a time
^ Simple administration panel
Why create Browser Rider?

› Fun
› The challenge of creating something better than what is already existing
› Browser Rider can be used as a better XSS tunnel than the other tools during a pentest
› General hacking
Technical requirements

› PHP 5, with json installed
› Mysql
› Apache with url_rewrite on
› Targets must have Javascript turned on

You can also try the online demo of Browser Rider by following these steps :
- Open http://ultratopcool.free.fr/xss_remotedomain.html , and do not close it.
- Then go to http://www.engineeringforfun.com/BrowserRiderDemo/ , and you should see your ip in the zombie list

Watch the video & Read more about this project here !

Related article :

• WordPress update kyboshes XSS flaw