Hack Facebook/Twitter Or Any Email Account With Session Hijacking

When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests.  It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking")...

Read More

Simple Mail Server - SMTP Authentication Bypass Vulnerability

Title: Simple Mail Server - SMTP Authentication Bypass Vulnerability Software : Simple Mail Server Software Version : 2011-12-30 Vendor: http://simplemailsvr.sourceforge.net/ Class:  Origin Validation Error   CVE: Remote:  Yes   Local:  No &nbs...

Read More

MS11-100 DoS PoC exploit published

MS11-100 DoS PoC exploit published   If you have not patched yet for vulnerability MS11-100 you might want to do it ASAP, because the DoS PoC exploit for this vulnerability has been published three days ago. More information about the vulnerability and patches at   http://technet.microsoft.com/en-us/security/bulletin/ms11-100...

Read More