Another one (reflected, not persistent XSS):
http://www.avatarsunited.com//utility/render_popup?localstoken_url=%22%3e%3c%2f%69%66%72%61%6d%65%3e%3c%53%63%52%69%50%54%3e%61%6c%65%72%74%28%22%48%41%49%20%44%41%52%22%29%3c%2f%53%63%52%49%70%54%3e%3c%61%20%68%72%65%66%3d%22&partial=%2Fshared%2Frpx

Also, nice cross domains xml. These guys have a trusted host relationship with meebo.com. Weird eh?

thanks again for finding these vulnerabilities and reporting them to us.

We’ve deployed new versions of the apps that had the XSS vulnerabilities.

Please do let us know if should you find other security related issues!

Regards,…”

< << SURE! <

The exploits shown in the videos are now 'Fixed'...Guess they been reading the blog.. lol Theres more exploits on the 'Groups' and others, which ill keep secret for now...

deadlycodec mind sharing contact details? if so send it to isoz@null.net, thx!

Just want to clarify that I am not encouraging computer crime here. Was talking about procedures for escalation after getting a shell. IMO you should uninstall that and report the vulnerability. If you’re in the US, and they can track you, they’re prob going to prosecute you. Not worth the trouble, and you can get more cred (and maybe a career) by reporting vulns, instead of using them for nefarious ends. These days, convicted blackhats seldom find work in the security community, with the most recent exception being Kevin Mitnick. I guess you could say Max Vision too, but he was getting $100/hr before he got convicted and sent to prison for 18 months for breaking into the Pentagon and other various computer systems. After he got out, he begged and begged for work, and was completely destitute. Later, someone did give him work, for minimum wage in SoCal of all places. He ended up getting involved in this credit card scam with some guys he met in prison and now he’s going away for 13 years with a fine in excess of $25 million. His life is basically ruined, and he’s a shining example for us as to just how broken our system is. The guy is a victim of the system. The punishment didn’t fit the crime, and it seldom does these days.

Hacking is fascinating, and I, of all people, can understand how difficult it can be to learn at a certain point, without being able to experiment in ‘real-world’ scenarios. This is a common problem during the evolution of a hacker, and sadly, it’s where many end up getting into trouble.

Whatever you do though, just don’t damage anything or do anything malicious. Keep a clear conscience.

File inclusion eh? Or code injection? Assuming file inclusion, as that’s one of the most common means for installing PHP shells. Yeah, they’re pretty insecure if you’re able to use that. Man, I set my disable_functions directive in php.ini to disable most php functions that can be used to interact with the underlying OS….keep those open and someone finds a code injection vuln or file inclusion, and you’re owned. After that escalating to root isn’t difficult in most situations. Start checking setuid binaries for bof, if you can nab passwords from server configs, break the encryption if they’re encrypted, rule of password re-use. They might just have a privileged account using the same password. More common than I had thought that first.

Yeah RFI is still pretty common and SQLi is going to become even more common because certain functions for filtering input are going to be removed in PHP 6.

>Please continue to function as an unpaid security consultant to our company.

Nothing wrong with that if you enjoy doing it. God knows I do it, when I have the time <3. Hell, I found some XSS vulns in typepad awhile back. It doesn’t effect blogs using typepad, just their domain. Might have been the sixapart domain. I’ll see if I can dig up the details and send them to Pix in the next week or two, if she wants them. Busy right now working on my server, when I’m not too tired to use a computer.

‘SQL DUMP’ NAW?