[AN ALARM CALL TO THE COMUNITY!]

it´s up on you

 

 

=======================================================================
=================                  
| # Title    : Simple Machines Forum 1.1.11 Mullti Vulnerability   
| # Author   : indoushka                                                               
| # email    : indoushka@hotmail.com                                                   
| # Home     : www.sec-war.com                                                                     
| # Web Site : [url="http://www.simplemachines.org/"]http://www.simplemachines.org/[/url]                                                   
| # Dork     : Powered by SMF 1.1.11 | SMF � 2006-2009, Simple Machines LLC                                                                                                              
| # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu)       
| # Bug      : Mullti                                                                     
======================      Exploit By indoushka       =================================
# Exploit  :  

1- Mail List information : 

After Register go to : [url="http://127.0.0.1/smf/index.php?action=mlist"]http://127.0.0.1/smf/index.php?action=mlist[/url]

2- PHPSESSID session fixation:
Vulnerability description
This script is vulnerable to PHPSESSID session fixation attacks.

By injecting a custom PHPSESSID is possible to alter the PHP session cookie. Attackers will normally manipulate cookie values to fraudulently authenticate themselves on a web site.
This vulnerability affects /smf. 
The impact of this vulnerability
By exploiting this vulnerability, an attacker may conduct a session fixation attack. In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server, thereby eliminating the need to obtain the user's session ID afterwards.

Attack details :

GET /smf/?PHPSESSID=smfssionfixation 

How to fix this vulnerability
Set session.use_only_cookies = 1 from php.ini. This option enables administrators to make their users invulnerable to attacks which involve passing session ids in URLs; defaults to 0.

Web references :

[url="http://www.acros.si/papers/session_fixation.pdf"]http://www.acros.si/papers/session_fixation.pdf[/url]

[url="http://www.php.net/session"]http://www.php.net/session[/url]

[url="http://www.owasp.org/index.php/PHP_Top_5"]http://www.owasp.org/index.php/PHP_Top_5[/url] 


Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * n2n ==========================================
Not : Please I need financial assistance in order I make a tax to the 
state treasury before the ruling, final and unconditional access 
my release by mail and transportation Algerian approximately 500 U.S. dollars
ccp:0013791941 Salah Eddine Nekaa
--------------------------------------------------------------------------------------------------------

[CoinOPS 2 (old dev site)]

ah comon guys, not those pm3 looks

[My 1.4ghz 128mb trusty board]

i thought you have to patch the default.xbe´s from games/roms/etc. for playing it.

[The Ressurection has begun....]

goldeneye runs without problems on surreal64 i look later what version im using and settings. i remember it was the us version of it but im not sure.

[MadMab Edition Xport Emu ?]

sorry, i dont wanna flame but for genesis rtfm from madmab.

[NeoGenesis Madmab Edition]

thx

[CoinOPS 2 (old dev site)]

is it possible to include midnight resistance as game?

[NeoGenesis Madmab Edition]

can u reupload all your skins please? i dont like those pm3 dual skins.

[The Ressurection has begun....]

..... same here, that genesis torrent ruins my ratio and no chance for seeding. i got current a ratio from 0.5. can u give us some information when are the snes, mastersystem and other files be uploaded and the important thing when are the xport updates will follow?

 

thx

[The Ressurection has begun....]

yep, i seed to. the only one i found is the nes that you´ve said. but is it also allowed to share this on other 2 big known private trackers because that other one is located in germany and that´s not realy good. im from there and its realy dangerous for hosting there.

[The Ressurection has begun....]

nice work man, but i didn´t find the madmab xport updates on xbins or on xbox-scene.

[Xbox to xbox ftp help]

2late but try this next one, start on both boxes xbmc, setup network correctly on both boxes that match to the other gateway box1/2, connect via crossover cabel and select in setup find other consoles in network. a few seconds later u will get a popup that console xyz (with your selected name in settings) was found and you can copy in the filexplorer whatever u want. it´s important that you plugin the video cable in the second box or she will not boot.

[CoinOps Info]

I've just read through all the posts and also thought that a wiki for CoinOPS would be very helpful. So I've installed a script on a space from me to create a test page. If someone is interested contact me. Skinner, Mods and Fillers are welcome

 

Short blank Preview:

http://xbox-saves.bplaced.net/wiki/index.php?title=Main_Page

[Spikeout Battle Street]

buy it or search an another source. i nuke your source ^^

 

mine works perfect

[Surreal64xxx CE B6.0 svn-03-Jan-2010]

for real?

[State Of Emergency On the Xbox.]

i played it a long time ago on the ps2 and on my xbox.

 

so guys, im searching some people hwo wanna play some games like spikeout battlestreet over xlink and other games. contact me

[New Doom Port Odamex Being Ported To Xbox.]

nice

[Boogie Wings and CoinOps...]

i found an non working game for reignite r4 to. "osman"

[Spikeout Battle Street]

then lets play it on kai/xbc. 2 years ago i found someone from hongkong who played it with me^^

[What size HDDs do you guys/gals have?]

WD Caviar Blue WD5000AAJB 500 GB

 

The newest version of XBPartitioner detects the drive and select the needed cluster for formating.

[playing HD video using XBMC]

what do you think about reading before posting ?!?!

 

in the first link from xbmc.org is an another link to the original xbmc wiki where everything you know about it with programms etc. ...........

[My Blue Fire Arcade skin for Final Burn Legends]

Excellent !

[playing HD video using XBMC]

just try it, otherwise use staxrip

[playing HD video using XBMC]

mkv2vob

 

http://xbmc.org/forum/showthread.php?p=201068

http://www.bitburners.com/articles/convert...g-mkv2vob/4022/

 

[playing HD video using XBMC]

convert your vids to mpg2 in 720p. there is an ps3 app outside that will make this for you. the xbox doesent have enough power for mp4/h.264 etc. ...