E-Books Online     E-Books Download     DokFLeed.Net Tools     Smoking Kills Search The Site
Labrova PHP Sheild Protection              
Portal Services
· Home
· PHP JAVA & Poems
· Topics

Users Info
Welcome, AnonyDok
Latest: touch55girl
New Today: 0
New Yesterday: 0
Overall: 48479

People Online:
Visitors: 17
Members: 0
Total: 17

Welcome TO Your Digital Security Portal

We are a team of dedicated experienced individuals trying to make this world a better place , we only offer help , removals and cleaners, no warez or hack stuff that you can find here, but if you have a problem you will find its solution here. We have online diagnosis tools, forums to ask for help on web, coming soon online help with netmeeting for desperate victims.This is totaly free and we ask nothing except your support , this portal is based on the PHP Nuke another free Portal system , check the end of this page, We say give every body the credit they deserve Coming Soon our programmed cleaner tool and our XML backend support

Topic Articles: ChartDirector Critical File Access
 Latest Threats

Advisory No.: ISNSC-0910  
ChartDirector Critical File Access 

Author: DokFLeed 
Program Affected: http://www.chartdir.com for .NET 
Severity: Critical.
Type of Advisory: Mid Disclosure.
Affected/Tested Versions: Random

Program Description 
Widely used Chart Component on Financial & Stock Trading websites

The query variable "cacheId=" is not sanitized, it will can allow critical files download

Proof Of Concept

Upgrade to latest Chart Dir or apply the following patch (ChartDirector for .NET Ver 5.0.1 Patch 2): 

Vendor Status
Vendor contacted & replied with "The problem you mentions affect ChartDirector for .NET.
The current version of ChartDirector for .NET on our web site (Ver 5.0.2) already has this issue fixed. 
So this issue no longer occurs with the current version of ChartDirector for .NET.
For people using earlier versions of ChartDirector, it is suggested they upgrade to the latest version. 
They may also apply the following patch (ChartDirector for .NET Ver 5.0.1 Patch 2): 
http://www.advsofteng.com/netchartdir501p2.zip   "

Posted by DokFLeed on Sunday, September 06 @ 05:17:44 UTC (20987 reads)
(Read More... | Topic Articles | Score: 3.5)

Topic Articles: ActivePerl 5.10
General Handy HowTOs NET-SNMP isn't shipped with the latest ActivePerl 5.10, Adding different Repositories might not find it either.. so try this:

from your DOS/Shell Prompt type

perl -MCPAN -e "install Net::SNMP"

Type yes for dependencies....
Posted by DokFLeed on Tuesday, February 19 @ 00:00:00 UTC (2827 reads)
(Read More... | Topic Articles | Score: 4.66)

Topic Articles: DokShell v2.3
Released Tools Download
DISCLAIMER: use it legally and wisely

You must run it on a server where Zend optimizer is installed, most of PHP server support it anyways.
*Shows you current paths : good for grabbing usernames on *NIX systems.
*Running Shell commands: even on windows!
*Running bat files on Windows, and returning answer from console
*File Editor: On *NIX systems you must have write permissions.
*File Uploader: you can select where to save it on the server, just enter a path. Default is current directory.
*Comes with .htaccess for Apache: Handy to disable magic quotes if you are running Windows type path " ".
*Compiled into binary using Zend: makes it hard to find it by file patterns or signature search.

Posted by DokFleed on Monday, May 29 @ 06:42:38 UTC (4509 reads)
(Read More... | Topic Articles | Score: 4.5)

Topic Articles: Brutus with BAD files
General Handy HowTOs Brutus, is a protocol bruteforce / dictionary attacker. the project is no longer supported and lost its website, this is a download for all the fans!!
includes Brutus Files BAD

Posted by DokFLeed on Thursday, April 27 @ 23:54:53 UTC (15187 reads)
(Read More... | Topic Articles | Score: 4.7)

Topic Articles: POP3 Server provided with the CPanel suite
Latest Xploits POP3 Server provided with the CPanel suite tested on version [cppop 20.0], ingores full length of email login password. it only counts the first 8 characters. this reduces the work factor to crack an email account.
Posted by DokFLeed on Sunday, September 04 @ 11:18:31 UTC (4462 reads)
(Read More... | 14 comments | Topic Articles | Score: 3)

Announcement: Labrova Web IDS/IPS Started
DokFLeed.Net News IDSs are considered one of the most effective Technical Access Control Systems. Their function varies among being Detective controls only or Detective and Preventative (IPS) as well. Apart from that, there is a fact that Businesses are migrating most of their services and operations to be Web-Enabled. This fact enhanced the trend of attacks known as Web-Attacks including SQL Injections methods. Combining the facts about IDS and the increasing amount of Web Attacks, a new type of IDS should be developed. IRAX project is officially started on http://www.dokfleed.net/labrova/ , taking after the former CGI-Shield. IRAX (project name) is capable of acting as a Deterrent, Detective and Preventative Control against web attacks. It intercepts all submitted parameters and compares them with its Knowledge-base, if parameters passed are identified as a threat, values will be blocked, report will be shown to the attacker and the attack details will be logged into the IRAX database. Applying this solution, even if a web application is vulnerable, still it can not be exploited, since the malicious values can not be passed to the application. When this solution is widely spread, a banner on the website noting that it uses IRAX services, will deter most of the attacks , since they know IP and other machine information will be logged. Even if an attacker desguises using a HTTP Proxy, the attack will be detected and prevented. The IRAX knowledge base is extendable and will be updated periodically and only requires a web server with PHP enabled.
Posted by DokFLeed on Saturday, February 12 @ 12:55:26 UTC (4924 reads)
(Read More... | Announcement | Score: 4.33)

Topic Articles: Oracle TNSLSNR Full Client
Latest Xploits Most of admins neglect setting password on TNSlsnr Clients for Oracle databases. Oracle ensures that you can either connect to TNSlsnr on a localhost or through mapping to a remote Oracle database using .ora files.
This is not the case anymore Based on Jwa perl client.
This client is a FULL client, with Packet crafting reassembled.
Supports all the commands as the version that is shipped with Oracle.
Allow you to totally control an unprotected Oracle Database Server remotelly , without having to map or install Oracle.
Download Here

Commands Supported
ping , version , service , status change_password, help, reload, save_config, set connect_timout set display_mode, set log_directory , set log_file , set log_status , show , spawn stop

this version works on Oracle9i.
On Oracle 10g only "version" command is working.

This is feedback i got from Pete Finnigan Oracle Security
The 10g listener is by default protected by local authentication rather than by a password like in the 9i and lower listener. This means that because it is protected you cannot use commands like status which can only be used on an un-protected listener. This is the reason that the version command still works, because it can be executed on a password or locally authenticated listener. To be able to get the lsnrctl tool to work remotely you need to disable local authentication.

Currently, i am working on 10g version with D.O.S check , well if you can't own it see if you can bring it down!!

If you have Oracle10g on a public IP and want to share it for testing let me know , just send me the IP by Email
Posted by DokFLeed on Monday, September 27 @ 11:02:02 UTC (52573 reads)
(Read More... | 3403 bytes more | Topic Articles | Score: 4.26)

ICAT Scanner
Search for Vulnerabilities
Enter vendor, software, or keyword

Virus Alert

· Networks
· Scripting Languages
· Programming
· Mail
· Terminology
· Servers

Google Search


Top10 Downloads
· 1: DokScript
· 2: IIS URL Scan
· 3: FixSbigF
· 4: Stinger
· 5: Anti Trojan
· 6: Sniff
· 7: Aphex Worm Removal
· 8: mIRC Worms & Trojan Scanner
· 9: ICMP Monitor
· 10: Aplore APhex Cleaner


DokFLeed.Net --Security Portal Forums


You can syndicate our news using the file backend.php or ultramode.txt