Facebook .exe File Upload Vulnerability Flaw By security Pentest

1. Summary:

When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment.

2. Description:

When attaching an executable file, Facebook will return an error message stating:

"Error Uploading: You cannot attach files of that type."

When uploading a file attachment to Facebook we captured the web browsers POST request being sent to the web server. Inside this POST request reads the line:

Content-Disposition: form-data; name="attachment"; filename="cmd.exe"

It was discovered the variable 'filename' was being parsed to determine if the file type is allowed or not.

To subvert the security mechanisms to allow an .exe file type, we modified the POST request by appending a space to our filename variable like so:

filename="cmd.exe "

This was enough to trick the parser and allow our executable file to be attached and sent in a

3. Impact:

Potentially allow an attacker to compromise a victim’s computer system.an Attacker can directly send a Rat,trojan to victim which is a very serious threat >!!!!!

4. Affected Products:


5. Time Table:

09/30/2011 Reported Vulnerability to the Vendor
10/26/2011 Vendor Acknowledged Vulnerability
10/27/2011 Publicly Disclosed

6. Credits:

Discovered by Nathan Power
[Read More...]

TuneUp Utilities 2012 12.0.2030.10 full Keygen|Free Download

TuneUp Utilities 2012 can quickly make your Windows operating system faster, easier to use, and more secure. And all operations performed on the operating system are completely safe, because all changes are monitored by TuneUp Rescue Center and can be undone at any time. All TuneUp Utilities modules can be accessed through a common interface that is divided into six categories. In addition, the main window also has three general buttons in a dark gray bar to the right at the top of the window. Pressing the first button starts the TuneUp Rescue Center module. The second button starts the TuneUp Update Wizard, which can be used to update TuneUp Utilities 2009 to the latest version over the Internet. The last button provides help and settings that you can use to customize the software package to meet your needs.

The new Start page
TuneUp Utilities 2011 welcomes you with a completely redesigned Start page, which tells you about the status of your computer. If problems or nonoptimal settings are found, you are only a mouse-click away from resolving them. The Start page also tells you when new tips for increasing computer performance are available and warns you if maintenance tasks are not being taken care of automatically. The Start page also shows you whether new automatic startup programs have been added to Windows since the last time you ran TuneUp Utilities. You can decide whether these programs that start up automatically are really necessary.

TuneUp Speed Optimizer
Which settings slow your computer down? Which unnecessary services or programs are running in the background? Is your Internet connection optimally configured? TuneUp Speed Optimizer knows the answers to all these questions. It examines your entire system for bottlenecks, superfluous background programs, and incorrect settings. Great: with just one click you can carry out most optimizations very quickly. In addition, TuneUp Speed Optimizer provides suggestions for speeding up your system.

TuneUp Shortcut Cleaner
Cleaning up your working environment is tedious: removing invalid shortcuts from the Start menu, the Desktop, and the Quick Launch bar is very time-consuming. TuneUp ShortCut Cleaner now does the work for you. It checks whether all shortcuts are valid and removes the orphaned ones with just a click of a button. At the same time, empty folders are removed from the Start menu. TuneUp ShortCut Cleaner also checks frequently used programs and cleans up the list of recently opened files.

Support for the Opera browser
After hard disk defragmentation, which we introduced in TuneUp Utilities 2009, the feature most requested by customers was support for the Opera browser. TuneUp Utilities 2010 now also includes full support for Opera. Via several special Opera settings, TuneUp System Control now allows you to change the number of Speed Dial entries, conveniently choose your default search engine, and reenable fast backward and forward navigation. Internet optimization lets you optimize Opera's performance for your Internet connection. Free up disk space lets you delete the Opera cache.

TuneUp Styler
Now you can also change the Vista logo animation which appears just before logon. You can download a whole series of great animations from the TuneUp website. Or, if you prefer, you can choose your own personal image to display while Vista starts up. With Vista, you can also add your own images to Vista's logon screen: With just a few mouse clicks you can create a truly personal logon experience.

TuneUp Uninstall Manager
Redesigned from the ground up, TuneUp Install Manager now runs much faster and has a new, even more intuitive interface so that it is even easier to uninstall unnecessary programs. Unnecessary programs often are forgotten because they were installed a long time ago and then not used. TuneUp Utilities 2009 shows you a list of programs not used for a long time so that you can target for uninstallation those applications that use valuable disk space and in certain circumstances even slow your system down.

TuneUp StartUp Manager
A smooth-running system results when there are no unnecessary autostart applications. The improved TuneUp Startup Manager organizes your programs into groups and provides clear explanations to make it easier for you to identify those programs that are not needed.New automatic startup programs are now highlighted so that you can disable unwanted entries more easily. System start tasks are now also listed in TuneUp StartUp Manager In Vista, in particular, scheduled tasks are used in place of autostart entries.

Free up disk space
The already rapid display of disk space to be freed up is now even faster on NTFS drives. And now it is so easy to delete even more unnecessary files, like the backup files for the first Windows Vista service pack and the Opera and Safari caches. The second "Free up disk space" module that helps you turn off Windows functions that use excessive disk space has also been enhanced. The Windows Search index can now be disabled and deleted with a single click. This makes particular sense if you are already using a different search engine. In addition, TuneUp Disk Space Explorer now runs faster and no longer requires that an entire drive be analyzed. You can now specify that only those folders be analyzed that you are really interested in.

Lots more improvements
Along with the totally new features, there are a series of improvements that are not immediately visible. There are small improvements like Tooltips in the main window, a substantial increase in the number of problems that can be found byTuneUp Registry Cleaner, and better progress feedback from TuneUp Drive Defrag. But there are also big improvements "under the hood". Two good examples are a completely reworked installation program and significant improvements in our update technology.

Download : Click Here
[Read More...]

How to make your Window 7 Genuine With RemoveWAT

RemoveWAT can crack windows 7 sp1, windows 7 ultimate, enterprise, professional, home, Basic, etc. It’s 100% work and tested. RemoveWAT (Windows Activation Technologies) completely from the OS, whilst still retaining OS genuine status and receiving all updates. RemoveWAT works like windows 7 loader. So that users can validate the illegal pirated copies of Windows 7 as genuine status forever and permanently. Also allows you to download windows update.

How it works:

  1. Close all antivirus and firewalls, and then run the program with administrator privileges (from the internet need not be switched off)
  2. Click “Remove WAT” and wait until you see the message on successful completion of the procedure
  3. Computer will restart automatically
  4. All the system is activated.
    Download Here
[Read More...]

How to hack facebook+Email account through Indirect phishing VIDEO [Tut] | 100% Working

How to hack facebook through gmail phishing Tutorial

[Read More...]

How to hack facebook+Email account through Indirect phishing [Tut] | 100% Working


Hey guyzz as you know many newbies are finding difficulties to hack facebook accounts through facebook phishing.because facebook scam filters are very secured now they block phishing just after u send the url to victim & phisher gets detected.
this post is for those who think that facebook cant be hacked through phishing now,but no one can save facebook from phishing.
you can visit my previous post of facebook phishing which worked for almost every one:

How Can I Hack A Facebook Account With Smart Facebook Phishing.....100%working by devendr@..!!!

Here i will share a tut how to hack facebook through indirect phishing. that means i wil tel you there is no need to phish facebook of victim you can phish Email id of the victim .then through email id we will hack facebook account its very easy just follow these simple instructions:

1.)First step we will find the email Id[it can be yahoo,gmaill,hotmail,AOl..etc] of victim which may be available at the info tab of his/her facebook profile.
2.)make phisher[fake login page according to the mail id]

you goto this link & see how to make your own fake login page:

How to setup your own phisher/fake login page?[noobs friendly]

3.) now u have to become a good social engineer  to trap your victim to enter username & passwrd into the fake login pgae without getting caught:D it depends upon you.

4.)after compromising Email ID through phishing first change the victim passwrd & security question so that he cannot recompromise it again.

 5.)Now here Our trick lies that goto www.facebook.com enter victims gmail id & any random password. here i will take Email id as victim@gmail.com

6.) Now facebook will respond wrong username password. now you will see a button request a new one ,see in the screen shots. click on it.

7. then you will be redirected ta verification page which says enter your email id , enter victims email id on it.

8.then click on search,enter captcha.

9.) check there the profile of victim  there may be 2-3 profiles click on the one which is our victim "this is my account".

10.)then click on send verification links & code to gmail id.

11.)TADAA!!! goto gmail ibox u will find a facebook password recover link now recover your passwrd ..

12)thats it you have hacked your victim without actually phishing the facebook..

so guuyzz i hope you liked my Tut please comment if u got any query :)..!!!!
with regards Devendra

NOTE: When ever your make a account on free php webhosting dont upload your phisher just after making account,w8 for  2-3 days this wiill give a good life to your account .
[Read More...]

Online premium Link generators | Leech Sites

  1. http://premiumlinkgenerator.ws
  2. http://frendzleech.com
  3. http://rapid8.com
  4. http://rapidgen.net
  5. http://plgdown.com/
  6. http://rapidrar.com/
  7. http://www.gigaleecher.com/
  8. http://www.rsmaker.com/
  9. http://www.rsfox.com/
  10. http://www.hlusoe.info/
  11. http://www.premiumleecher.com/
  12. http://justleechus.co.cc/ 
  13. http://mystikmomo.free.fr/rapidleech/
  14. http://www.foxleech.com/
  15. http://www.rsdad.com/index.php 
  16. http://www.onleech.net/
  17. http://mccallbrewery.com/
  18. http://www.descargasrapidshare.com/
  19. http://www.downloadspremium.com/
  20. http://www.leechking.com/ 
  21. http://leechtube.com/ 
  22. http://public.rapidgen.net/ 
  23. http://www.monsterleech.eu/ 
  24. http://www.megaleech.us/  
  25. http://exrapidleech.info/ 
  26. http://www.perfectleech.com/ 
  27. http://www.megaleech.us/index.php 
  28. http://www.leechmaster.com/ 
  29. http://expressleech.com/ 
  30. http://www.h-leech.com/ 
  31. http://leech.co.cc 
  32. http://afilehost.co.cc 
  33. http://premiumdl.net 
  34. http://liquidnet.com.nu 
  35. http://www.nowgames.com.ar/rapid1/ 
  36. http://hossa.org 
  37. http://leechpro.in 
  38. http://rapidthe.net 
  39. http://freddys189.host.sk 
  40. http://rs.gr0wl.com/ 
  41. http://hf.gr0wl.com/ 
  42. http://mu.gr0wl.com/ 
  43. http://fs.gr0wl.com/ 
  44. http://fsc.gr0wl.com/ 
  45. http://wu.gr0wl.com/ 
  46. http://rl.pkleech.com 
  47. http://megahotserved.com 
  48. http://rsmaker.com 
  49. http://leechhelper.info 
  50. http://h-leech.com 
  51. http://www.leechmod.biz/ 
  52. http://afterburnerleech.com 
  53. http://www.premiummu.com/premiumlinkgenerator.php 
  54. http://www.premium4.us/ 
  55. http://leechpremium.org/index.php 
  56. http://polygemdesigns.net/logs/ 
[Read More...]

Free Comodo Internet Security Pro 2012 one year license key

Follow below steps to get Free Comodo Internet Security Pro 2012 one year license key.

-Download Comodo Internet Security Pro 2011 Here 

2370-comodo_internet_security_pro_2011 )-> one-year special installer

-Install and start Comodo 2011. Navigate to “More” -> “About” -> Serial Number -> “Copy”.

-Save the serial number on your PC, you will need this serial to activate the 2012 version.

-Download and Install Free Comodo Internet Security Pro 2012 


alone/cispro_installer_x86.exe ). 

During installation, enter the serial number that you received from the 2011 version.

Note: The installer will connect to the internet and automatically activate your subscription 

for 1 year (365 days).

Credits: My friend Ankit
[Read More...]

New Friendly Sms Spoofing Site | Only For Indian Users

- Send SMS without Registration orLogin
- Support Unlimited 160 CharactersSms.
- You can verify Message Delivery Instantly.
- Send SMS Without Ads
- Very High Speed Message Delivery 

click here>>>>www.sms2number.com
after evry sent message there will be ad of this website :
like: - via sms2number.com

so dont use this site for any crime/hacking purpose its just fr FUN..!!!!!

its is made by one of my friend.:)>>!!!!!
[Read More...]

Latest From us

Saiyanfactory.com Launches its Products | Dragon Ball z merchandising

https://myspace.com/saiyanfactory35 https://en.gravatar.com/saiyanfactory81 https://foursquare.com/user/583500174 ht...




Stay Connected

Return to top of page Copyright © 2011 | Platinum Theme Converted into Blogger Template by devzcyberarena