Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Ifriends Exploit (ifriendsexploitgmail.com)
Date: Fri Dec 28 2007 - 16:09:23 CST
I noticed this on this site:
Here is a summary of the exploit from that site.
Requirements: A web server (Apache 2), Firefox (preferably 2.0), and
FoxyProxy <https://addons.mozilla.org/firefox/2464/>, either an account on
iFriends or both a flash decompiler and macromedia flash mx.
Download and install Apache 2 from apache.org.
http://httpd.apache.org/download.cgi You probably want the Win32 Binary
We'll get back to Apache later.
Download and install FoxyProxy. https://addons.mozilla.org/firefox/2464/
Once Firefox has restarted, double click on the FoxyProxy logo in the
Firefox tray and then click "Add New Proxy". Make sure "Enabled" is checked,
and give it the name "iFriends", and then click the "Proxy Details" tab, and
for "HTTP Proxy", put "127.0.0.1" (without the quotes), and for the port put
"80" (again, without the quotes) and then click the Patterns tab, click "Add
New Pattern", again, make sure "Enabled" is checked, for pattern name, put
"iFriends", and for pattern put "http?://flash?\.ifriends\.net/.*\.swf.*"
(without quotes), and make sure that both "Whitelist" and "Regular
Expression" are selected. Click "OK" on each window until all the FoxyProxy
windows are gone.
Right click on the FoxyProxy icon and select "Completely disable FoxyProxy".
We need FoxyProxy to be off for the next step.
If you have an iFriends account, look for a chathost utilizing EasyCam who
has a "Free to Private" session going, and enter that session, once inside,
right click the page and goto "View Page Info", and then select the "Media"
tab, you want to look for a file called "LSChatView.swf", once you see it in
the list, click it, and then click "Save As...", and save it somewhere you
can find it later...
If you don't have an iFriends account, and do not wish to get one, find a
chathost utilizing EasyCam, and enter their Guest Chatroom, follow the steps
above, except look for a file named "LSChatViewG.swf" instead... this is the
flash file for guest chats. Once you've downloaded this file, you'll need to
use a Flash decompiler to decompile this file, and then delete the privacy
screen and recompile it.
Once you have your "LSChatView.swf", rename it to "LSChatViewG.swf" and
place it inside your Apache document root. This is usually "C:\program
file\apache\htdocs", but you can find out for sure by reading your apache
configuration file. If you've done everything correctly, you should now be
able to enter any EasyCam chatroom in "Guest Chat" without a privacy screen
to block anything.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/