Tuesday, June 29, 2010

Sweetness beta 0.8 released

This release has better message formatting, and set up relationships for full archiving. If you already have an older version installed, there is no need to download the update, it should get pushed to your system soon.


Sunday, June 27, 2010

Messing around with CVE-2009-1299


The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.

So what happens? well first touch /home/$user$/test.txt, then make a symlink in the tmp dir called .esd-0 "0 is the uid for root" to /home/$user$/test.txt. now sudo su and run pulseaudio. exit your root shell and check out /home/$user$/test.txt and you will see its ownership has changed from the user you created it under to root:root.

The worst you could do with this little guy is DoS the server and maybe have a little fun :D

Sunday, June 13, 2010


iPillage is a chrome extension that scans any page you are browsing for SQL injection, Local file injection. It has useful information gathering tools like reverse DNS, hashing, and more!

Report bugs and stuff: HERE

Wednesday, June 9, 2010

Sweetness beta 0.7 released

Fixed a few rendering bugs and made a few cosmetic changes as well. If you already have an older version installed, there is no need to download the update, it should get pushed to your system soon.


Friday, June 4, 2010

Stuff of the week.

Here is a list of cool/fun stuff i found this week.

A reminder that CSRF affects more than websites - READ IT HERE

Flag execution for easy local privilege escalation. - READ IT HERE

Cross Site URL Hijacking by using Error Object in Mozilla Firefox. - READ IT HERE

Thursday, June 3, 2010

Sweetness info video

Here is a nice little vid i made, its a howto for installing, setup and use of Sweetness

Check it out HERE

Tuesday, June 1, 2010

Getting your Gmail ID for Sweetness.

In order for Sweetness to operate you need to provide it with some vital information, like you sugar username, password, and server address but it also asks for something called a GMail ID. Getting your GMail ID is nice and easy, just access your gmail account and goto any email, then on the right hand side of the page look for the "Print all" link and click it. It should take you to a URL similar to this:

Your GMail ID is the "ik=xxx..." part of the above url so in this case your GMail ID would be:

Invision Power Board 0-day

IPB is open to right-to-left unicode injection which allows you to obfuscate file names, links, and more. That's not all, because you can inject RTLO while registering you can copy any user name you like! Go to any IPBoard and try to register "& #82 38;nimdA" w/o the quotes and spaces, you will see when you login it displays you as Admin! Now you can go on the forums and run wild as the Admin or any other user you like. No you don't get admin privs. or anything and if anyone looks close at a "spoofed" account its not to hard to spot, but its good for a few lulz and im sure you can get more then one n00b to dl a payload you posted as admin >:) Ok thats all i got, laters.


Plunderoid is a Plunder app for Android! Search and download plundered files right from your phone!!!

Current version: 1.0

Report bugs: HERE


Sweetness is a Google Chrome extension for SugarCRM to archive email from Gmail to Sugar!!

Current version: 1.3 beta

To install just open Chrome and visit http://dealerweb.grandcare.com/Sweetness.crx
Once installed make sure you goto the options to set server address, user name and password. Thats it, a fast little download and a few second set up and your ready to start using Sweetness!

For more info and to report bugs go HERE


Welcome to Solution X.