E-Books Online     E-Books Download     DokFLeed.Net Tools     Smoking Kills Search The Site
   
Labrova PHP Sheild Protection              
Portal Services
· Home
· PHP JAVA & Poems
· Topics

Users Info
Welcome, AnonyDok
Nickname
Password
(Register)
Membership:
Latest: touch55girl
New Today: 0
New Yesterday: 0
Overall: 48479

People Online:
Visitors: 15
Members: 0
Total: 15

Welcome TO Your Digital Security Portal

We are a team of dedicated experienced individuals trying to make this world a better place , we only offer help , removals and cleaners, no warez or hack stuff that you can find here, but if you have a problem you will find its solution here. We have online diagnosis tools, forums to ask for help on web, coming soon online help with netmeeting for desperate victims.This is totaly free and we ask nothing except your support , this portal is based on the PHP Nuke another free Portal system , check the end of this page, We say give every body the credit they deserve Coming Soon our programmed cleaner tool and our XML backend support

Topic Articles: ChartDirector Critical File Access
 Latest Threats

Advisory No.: ISNSC-0910  
=============
ChartDirector Critical File Access 

Information
======
Author: DokFLeed 
Program Affected: http://www.chartdir.com for .NET 
Severity: Critical.
Type of Advisory: Mid Disclosure.
Affected/Tested Versions: Random

Program Description 
==================
Widely used Chart Component on Financial & Stock Trading websites

Overview 
=========
The query variable "cacheId=" is not sanitized, it will can allow critical files download


Proof Of Concept
================
?ChartDirectorChartImage=chart_WebChartViewer1&cacheId=/../../../../../../../../windows/win.ini


Solution/Fix
============
Upgrade to latest Chart Dir or apply the following patch (ChartDirector for .NET Ver 5.0.1 Patch 2): 
http://www.advsofteng.com/netchartdir501p2.zip

Vendor Status
============
Vendor contacted & replied with "The problem you mentions affect ChartDirector for .NET.
The current version of ChartDirector for .NET on our web site (Ver 5.0.2) already has this issue fixed. 
So this issue no longer occurs with the current version of ChartDirector for .NET.
For people using earlier versions of ChartDirector, it is suggested they upgrade to the latest version. 
They may also apply the following patch (ChartDirector for .NET Ver 5.0.1 Patch 2): 
http://www.advsofteng.com/netchartdir501p2.zip   "

Reference
============
http://dokfleed.net/duh/modules.php?name=News&file=article&sid=48
Posted by DokFLeed on Sunday, September 06 @ 05:17:44 EDT (20070 reads)
(Read More... | Topic Articles | Score: 3.5)



Topic Articles: ActivePerl 5.10
General Handy HowTOs NET-SNMP isn't shipped with the latest ActivePerl 5.10, Adding different Repositories might not find it either.. so try this:

from your DOS/Shell Prompt type

perl -MCPAN -e "install Net::SNMP"

Type yes for dependencies....
Posted by DokFLeed on Tuesday, February 19 @ 00:00:00 EST (2699 reads)
(Read More... | Topic Articles | Score: 4.66)



Topic Articles: DokShell v2.3
Released Tools Download
DISCLAIMER: use it legally and wisely

You must run it on a server where Zend optimizer is installed, most of PHP server support it anyways.
Features:
*Shows you current paths : good for grabbing usernames on *NIX systems.
*Running Shell commands: even on windows!
*Running bat files on Windows, and returning answer from console
*File Editor: On *NIX systems you must have write permissions.
*File Uploader: you can select where to save it on the server, just enter a path. Default is current directory.
*Comes with .htaccess for Apache: Handy to disable magic quotes if you are running Windows type path " ".
*Compiled into binary using Zend: makes it hard to find it by file patterns or signature search.

Download
Posted by DokFleed on Monday, May 29 @ 06:42:38 EDT (4173 reads)
(Read More... | Topic Articles | Score: 4.5)



Topic Articles: Brutus with BAD files
General Handy HowTOs Brutus, is a protocol bruteforce / dictionary attacker. the project is no longer supported and lost its website, this is a download for all the fans!!
includes Brutus Files BAD

Download
Posted by DokFLeed on Thursday, April 27 @ 23:54:53 EDT (13069 reads)
(Read More... | Topic Articles | Score: 4.7)



Topic Articles: POP3 Server provided with the CPanel suite
Latest Xploits POP3 Server provided with the CPanel suite tested on version [cppop 20.0], ingores full length of email login password. it only counts the first 8 characters. this reduces the work factor to crack an email account.
Posted by DokFLeed on Sunday, September 04 @ 11:18:31 EDT (4281 reads)
(Read More... | 14 comments | Topic Articles | Score: 3)



Announcement: Labrova Web IDS/IPS Started
DokFLeed.Net News IDSs are considered one of the most effective Technical Access Control Systems. Their function varies among being Detective controls only or Detective and Preventative (IPS) as well. Apart from that, there is a fact that Businesses are migrating most of their services and operations to be Web-Enabled. This fact enhanced the trend of attacks known as Web-Attacks including SQL Injections methods. Combining the facts about IDS and the increasing amount of Web Attacks, a new type of IDS should be developed. IRAX project is officially started on http://www.dokfleed.net/labrova/ , taking after the former CGI-Shield. IRAX (project name) is capable of acting as a Deterrent, Detective and Preventative Control against web attacks. It intercepts all submitted parameters and compares them with its Knowledge-base, if parameters passed are identified as a threat, values will be blocked, report will be shown to the attacker and the attack details will be logged into the IRAX database. Applying this solution, even if a web application is vulnerable, still it can not be exploited, since the malicious values can not be passed to the application. When this solution is widely spread, a banner on the website noting that it uses IRAX services, will deter most of the attacks , since they know IP and other machine information will be logged. Even if an attacker desguises using a HTTP Proxy, the attack will be detected and prevented. The IRAX knowledge base is extendable and will be updated periodically and only requires a web server with PHP enabled.
Posted by DokFLeed on Saturday, February 12 @ 12:55:26 EST (4738 reads)
(Read More... | Announcement | Score: 4.33)



Topic Articles: Oracle TNSLSNR Full Client
Latest Xploits Most of admins neglect setting password on TNSlsnr Clients for Oracle databases. Oracle ensures that you can either connect to TNSlsnr on a localhost or through mapping to a remote Oracle database using .ora files.
This is not the case anymore Based on Jwa perl client.
This client is a FULL client, with Packet crafting reassembled.
Supports all the commands as the version that is shipped with Oracle.
Allow you to totally control an unprotected Oracle Database Server remotelly , without having to map or install Oracle.
Download Here

Commands Supported
ping , version , service , status change_password, help, reload, save_config, set connect_timout set display_mode, set log_directory , set log_file , set log_status , show , spawn stop


this version works on Oracle9i.
On Oracle 10g only "version" command is working.


This is feedback i got from Pete Finnigan Oracle Security
The 10g listener is by default protected by local authentication rather than by a password like in the 9i and lower listener. This means that because it is protected you cannot use commands like status which can only be used on an un-protected listener. This is the reason that the version command still works, because it can be executed on a password or locally authenticated listener. To be able to get the lsnrctl tool to work remotely you need to disable local authentication.

Currently, i am working on 10g version with D.O.S check , well if you can't own it see if you can bring it down!!



If you have Oracle10g on a public IP and want to share it for testing let me know , just send me the IP by Email
Posted by DokFLeed on Monday, September 27 @ 11:02:02 EDT (49573 reads)
(Read More... | 3403 bytes more | Topic Articles | Score: 4.26)



ICAT Scanner
Search for Vulnerabilities
Enter vendor, software, or keyword

Virus Alert

Encyclopedia
· Networks
· Scripting Languages
· Programming
· Mail
· Terminology
· Servers
· HTTP

Google Search
Google


Hotmail
MSN




Top10 Downloads
· 1: DokScript
· 2: IIS URL Scan
· 3: FixSbigF
· 4: Stinger
· 5: Anti Trojan
· 6: Sniff
· 7: Aphex Worm Removal
· 8: mIRC Worms & Trojan Scanner
· 9: ICMP Monitor
· 10: Aplore APhex Cleaner

Forums


DokFLeed.Net --Security Portal Forums



 

You can syndicate our news using the file backend.php or ultramode.txt