General News

Apache released patch for Range Byte Flaw

Apache have released Patch for the recent range bytes request flaw which we published few days ago. This patch fix the Security flaw and

Change Log :

SECURITY: CVE-2011-3192 ( core: Fix handling of byte-range requests
to use less memory, to avoid denial of service. If the sum of all ranges in a
request is larger than the original file, ignore the ranges and send the complete
file. PR 51714.

You can download latest stable release here

If you are running CEntOS, you can update it in this way;

Check update using Yum Utility
yum check-update httpd

Install it
yum update httpd

If don’t want to update it, you can see this post for mitigation techniques.

General News

Almost 1.5 million websites defaced

Today i was reading interesting post by Which says 1.5 million websites were defaced and reported on Zong-h. Most of the attacks were SQL Injections, LFI, RFI, Web Dav and misconfiguration of the web server or application itself.

The report further says, large number of attacks happened on Linux Operating System. We talk too much about Linux kernel but the first thing is code which need to be written in efficient way.

Some interesting numbers in chart is mentioned on this page too, Up to date stats

General News compromised was compromised via amazing blind SQL injection. You can see the database, tables & users informations on full disclosure website.

Vulnerable Target :
Host IP :
Web Server : Apache/2.2.15 (Fedora)
Powered-by : PHP/5.2.13
Injection Type : MySQL Blind
Current DB : web

The worse is they posted passwords dump and hundreds of people have already cracked it. We recommend you to change your password on urgent basis as it is the normal bad practice people use same password for all online portals e.g web mail, paypal and so on.


The good or bad guy who had fun with it is ;

[+] Author: Jackh4xor @ w4ck1ng
[+] Site: