Nmap Scans using Hex Value of Flags

In this article we are going to scan the target machine by sending TCP flags through their hexadecimal value and the actual Flag name can be confirm by analysis of Nmap traffic through Wireshark.

Let’s have a look over Hex value of TCP Flag in given below table which we are going to use in Nmap for port enumeration.

NULL Scan

In this scan we are sending the NONE flag of the tcp by using its hexadecimal value on the target machine to enumerate the state of ports is open, closed or filtered.

Now execute given below command for enumerating state of any port, here we want to identify state for port 21.

nmap -p21 –scanflags 0x00 192.168.1.103

From given below image you can observe we have found port 21 filtered.

When network admin will captured the incoming traffic he will get packet for TCP-NONE flag, here we have used wireshark for network packet analysis and we found that it is showing TCP-NONE packet for hex value 0x00 coming from 192.168.1.104 on port 21 as shown in given below image.

FIN Scan

TCP-FIN flag always used for finished the communication with target network. In this scan we are sending the FIN flag of the tcp by using its hexadecimal value on the target machine to enumerate the state of ports is open, closed or filtered.

Now execute given below command for enumerating state of any port, here we want to identify state for port 21.

nmap -p21 –scanflags 0x01 192.168.1.103

From given below image you can observe we have found port 21 filtered.

When network admin will captured the incoming traffic he will get packet for TCP-FIN flag, here we have used wireshark for network packet analysis and we found that it is showing TCP-FIN packet for hex value 0x01 coming from 192.168.1.104 on port 21 as shown in given below image.

SYN Scan

TCP-SYN flag always initiate communication to establish the connection with target network. In this scan we are sending the SYN flag of the tcp by using its hexadecimal value on the target machine to enumerate the state of ports is open, closed or filtered.

Now execute given below command for enumerating state of any port, here we want to identify state for port 21.

nmap -p21 –scanflags 0x02 192.168.1.103

From given below image you can observe we have successfully found port 21 open.

When network admin will captured the incoming traffic he will get packet for TCP-SYN flag, here we have used wireshark for network packet analysis and we found that it is showing TCP-SYN packet for hex value 0x02 coming from 192.168.1.104 on port 21 as shown in given below image.

Reset Scan

RST flag is used to reset the connection between the sender machine and the target machine. In this scan we are sending the RST flag of the tcp by using its hexadecimal value on the target machine to enumerate the state of ports is open, closed or filtered.

Now execute given below command for enumerating state of any port, here we want to identify state for port 21.

nmap -p21 –scanflags 0x04 192.168.1.103

From given below image you can observe we have found port 21 filtered.

When network admin will captured the incoming traffic he will get packet for TCP-RST flag, here we have used wireshark for network packet analysis and we found that it is showing TCP-RST packet for hex value 0x04 coming from 192.168.1.104 on port 21 as shown in given below image.

PUSH Scan

In this scan we are sending the PSH flag of the tcp by using its hexadecimal value on the target machine to enumerate the state of ports is open, closed or filtered.

Now execute given below command for enumerating state of any port, here we want to identify state for port 21.

nmap -p21 –scanflags 0x08 192.168.1.103

From given below image you can observe we have found port 21 filtered.

When network admin will captured the incoming traffic he will get packet for TCP-PSH flag, here we have used wireshark for network packet analysis and we found that it is showing TCP-PSH packet for hex value 0x08 coming from 192.168.1.104 on port 21 as shown in given below image.

PUSH flag is used to push the process priority higher of the packet to the target machine.

ACK Scan

Ack flag is used to acknowledge the sender machine whether the packet is received or dropped by the target. So that the sender again send the lost or dropped packet on the target network to complete the communication process. Here we are sending the ACK flag of the tcp by using its hexadecimal value on the target machine to enumerate the state of ports is open, closed or filtered.

Now execute given below command for enumerating state of any port, here we want to identify state for port 21.

nmap -p21 –scanflags 0x10 192.168.1.103

From given below image you can observe we have found port 21 closed.

When network admin will captured the incoming traffic he will get packet for TCP-ACK flag, here we have used wireshark for network packet analysis and we found that it is showing TCP-ACK packet for hex value 0x10 coming from 192.168.1.104 on port 21 as shown in given below image.

Open and closed ports will both return a RST packet. Nmap then labels them as unfiltered, meaning that they are reachable by the ACK packet, but whether they are open or closed is undetermined. Ports that don’t respond, or send certain ICMP error messages back (type 3, code 0, 1, 2, 3, 9, 10, or 13), are labeled filtered. (Form Nmap.org)

Urgent Scan

URG flag is used to set the high process priority of the packet to the target. So that target machine stops processing the current packet and process the URG Flag packet. In this scan we are sending the Urg flag of the tcp by using its hexadecimal value on the target machine to enumerate the state of ports is open, closed or filtered.

Now execute given below command for enumerating state of any port, here we want to identify state for port 21.

nmap -p21 –scanflags 0x20 192.168.1.103

From given below image you can observe we have found port 21 filtered.

When network admin will captured the incoming traffic he will get packet for TCP-URG flag, here we have used wireshark for network packet analysis and we found that it is showing TCP-URG packet for hex value 0x20 coming from 192.168.1.104 on port 21 as shown in given below image.

XMAS Scan

In this scan we are sending the combination of hexadecimal value of the different flag on the target machine. As we know in Xmas scan combination of three TCP-flags [FIN, PSH, URG] are used to enumerate state of port.

By adding the value of the flag, which is equal to the hexadecimal value of the sender’s hexadecimal value as describe in given below table.

Now execute given below command for enumerating state of any port, here we want to identify state for port 21.

nmap -p21 –scanflags 0x29 192.168.1.103

From given below image you can observe we have found port 21 filtered.

When network admin will captured the incoming traffic he will get packet for TCP flags [FIN, PSH, URG] here we have used wireshark for network packet analysis and we found that it is showing TCP-packet of FIN, PSH, URG for hex value 0x29 coming from 192.168.1.104 on port 21 as shown in given below image.

Manual Combination of Flags [FIN, SYN, PSH]

Let have a quick review over decimal to hexadecimal conversion with the help of following table:

Now repeat the same methodology by changing the combination of flag to enumerate the state of any port.  For example we want to scan any port by sending combination of three flags [FIN, SYN, and PSH] so let identify hex value for sum of three flags.

Now execute given below command for enumerating state of any port, here we want to identify state for port 21.

nmap -p21 –scanflags 0x0B 192.168.1.103

From given below image you can observe we have found port 21 filtered.

When network admin will captured the incoming traffic he will get packet for TCP flags [FIN, SYN and PSH] here we have used wireshark for network packet analysis and we found that it is showing TCP-packet of FIN, SYN,PSH for hex value 0x0B coming from 192.168.1.104 on port 21 as shown in given below image.

Manual Combination of Flags [FIN, RST, PSH]

Now repeat the same methodology by changing the combination of flag to enumerate the state of any port.  For example we want to scan any port by sending combination of three flags [FIN, RST, and PSH] so let identify hex value for sum of three flags.

Now execute given below command for enumerating state of any port, here we want to identify state for port 21.

nmap -p21 –scanflags 0x0D 192.168.1.103

From given below image you can observe we have found port 21 filtered.

When network admin will captured the incoming traffic he will get packet for TCP flags [FIN, RST and PSH] here we have used wireshark for network packet analysis and we found that it is showing TCP-packet of FIN, RST,PSH for hex value 0x0D coming from 192.168.1.104 on port 21 as shown in given below image.

Manual Combination of Flags [FIN, SYN, RST, PSH]

Now repeat the same methodology by changing the combination of flag to enumerate the state of any port.  For example we want to scan any port by sending combination of four flags [FIN, SYN, RST, and PSH] so let identify hex value for sum of four flags.

Now execute given below command for enumerating state of any port, here we want to identify state for port 21.

nmap -p21 –scanflags 0x0F 192.168.1.103

From given below image you can observe we have found port 21 filtered.

When network admin will captured the incoming traffic he will get packet for TCP flags [FIN,SYN, RST and PSH] here we have used wireshark for network packet analysis and we found that it is showing TCP-packet of FIN, SYN, RST,PSH for hex value 0x0Fcoming from 192.168.1.104 on port 21 as shown in given below image.

7 Qualities of Highly Effective Hackers

When asked to write on this topic, I admit that it made me fringe just a bit. Because I don’t consider myself to be a highly effective hacker. I find myself as a noob everywhere that I’m trying to learn new things, or I am frustrated with the most ridiculous “hacker” material on the web, written by school-taught programmers that follow step by step instructions out of a manual that everyone has already read. Then I thought to myself.. “That’s it!” That is Number One!

Quality One- Always A N00b

Yea. You heard it, and it sounds crazy, but do you ever wonder why on the forums and comments you always see the trolls calling the weakest link a noob and picking on them.. and then THEY are revealed to be newbies also? Well guess what? I am ALWAYS in over my head, trying to learn things that are too much for me. When I go through phases where I only visit sites and forums where I already am adept at the subject or skill level, at hand, I find that not only have months gone by without me learning anything new.

I have also gotten rusty at things I was beginning to learn. So as crazy as it sounds, I believe that a highly effective hacker is always in places where he is a noob. Always learning things he had no idea of and constantly finding things that overwhelm his mind, until a week later when he is now teaching others how to do it and busy with something else he doesn’t yet understand. This is the way of intellectual progress. When you see guys on these forums and blog comments, picking on newbies and boasting the same skills with nothing new, know that they are at their peak. Their time has come and gone because they have settled for what they know and are satisfied with it in an ever evolving and changing world of technology.

Quality Two- Curiosity

Do you think for a moment that the l33t ones out there, finding new exploits and breaking into systems are just following step by step guides or motivated by their job or a pay check? If so, I am sorry to rain on your parade, but an effective hacker has an obsessive curiosity.

These personal drives will bring a person farther in skill than the need for a promotion or recognition will. “I wonder what would happen if I tried to..” “What do you suppose they keep in here..” “OMG! What if I trick it into running this as a…” These are the basic thought patterns of an effective hacker. Not just when he has a job to do. I mean always. For example when you were a kid (or even now) played a video game and found a weird glitch (not necessarily a ‘cheat’) that you thought was funny. “Oh wow. If I walk in this corner backward he kinda gets stuck there.. UPSIDE DOWN! LOL”, “What would happen if I do that and try to jump at the same time? Oh weird! It drops my character where I’m not even supposed to be yet!”. OK This is the curiosity that intrigues an effective hacker. He wants to make things work in ways they were not originally intended to.

Quality Three- Enjoys being places he doesn’t belong

Hey sorry all you white-hats out there, but it’s true. I won’t condone trespassing, but many of the most effective hackers get serious pleasure out of being places they do not belong. I once read that everything that drives a man is a form of penetration, of inserting what he feels is himself into something he feels is not himself. I don’t know about all that, but some of these guys get pleasure in the same way that a voyeur enjoys watching what he is not allowed to. They enjoy getting into places they are not supposed to be. Now I am not encouraging this behaviour, just laying out the facts. The reason these people find ways to get into things is because these fundamental, basic drives compel them to. It closes the gap of all the things he must learn in order to achieve what he wants.

Quality Four-An unbalanced lifestyle

I often find myself engorged in a project (not just computer related) and nothing else exists. If you ever see these skinny or fat guys beating at their computer at 3 in the morning with empty coke cans and full ashtrays all around until they finally call it a day.. and then it’s time to go back in to work. That’s them. LOL Now I am not saying that being an effective hacker means they do not have a life (though some may not). Alot of very successful people get obsessed with what they are working on and do nothing but that.. For a while. Then they go through a phase where they are obsessed with something different.

Quality Five- Likes to break things

Come on guys! We’re hackers! We love to smash things apart and see what happens. Because face it, it’s much easier to break something than to make it and it rewards a valuable opportunity to put it back together in a different way.

Quality Six- Well Organized

In the beginning, it’s ok to have files, folders, projects, and programs littered amongst temporary directories, hard drives and OS’s. But eventually that’s going to be a huge problem. The most efficient hackers have definitely learned to become very well organized multitaskers. You’ll see varions windows and terminals open, seperate directories for everything, that are well categorized, a task manager changing process priorities as he’s bouncing from one project to the other, across his screen.

Quality Seven- Everything is Insecure until… Never.

The most efficient hackers know that all software, hardware, and access controls are man made and riddled with flaws, predictabilities, and unpredictabilities, a reflection of the creators. People. Nothing can ever be completely trusted, just as no person can be completely trusted.

Breaking The Great Wall of Web – XSS WAF Evasion CheatSheet

I think it’s mandatory to give back to Security community from where we learn cutting edge techniques and information. Therefore after months of effort i am presenting to you a new WhitePaper titled “Breaking Great Wall of Web” without any strings attached.

Acknowledgements

I would like to thank the Acunetix Team for helping with proof-reading of the document.

Background

The WhitePaper not only contains sophisticated XSS vectors but it aims at also explaining the methodology behind bypassing a WAF.  The previous paper on this subject “Bypassing Modern WAF’s XSS Filters – Cheat Sheet” was released 3 years back. A lot has changed and evolved during these years, especially with the advent of ECMA Script a new horizon for evasion/obfuscation have been opened. I have already discussed/demonstrated several techniques presented in this whitepaper in my recent Webcast hosted by Garage4hackers team namely “Bypassing Modern WAF’s Exemplified At XSS“.

Abstract

Input Validation flaws such as XSS are the most prevailing security threats affecting modern Web Applications. In order to mitigate these attacks Web Application Firewalls (WAF’s) are used, which inspect HTTP requests for malicious transactions. Nevertheless, they can be easily bypassed due to the complexity of JavaScript in Modern browsers. In this paper we will discusses several techniques that can be used to circumvent WAF’s exemplified at XSS.

This will paper talk about the concepts of WAF’s in general, identifying and fingerprinting WAF’s and various methodologies for constructing a bypass. The paper discusses well known techniques such as Brute Forcing, Regular expression reversing and browser bugs for bypassing WAF’s.

Whatsapp 4G VIP SCAM – Technical Analysis

This is a short blog post describing about a recent hoax pertaining the WhatsApp 4.0 version. I would like to clearly highlight that there is no such application as ‘Whatsapp 4G‘. The version promises users  unrealistic features video calling, new whatsapp themes, delete sent messages from both sides etc

The following is how the message is being propagated:

 

Technical Analysis

Upon visiting the link you would be taken to a page where you would be asked to invite 15 friends before you can download the version, upon clicking the invite button, it would use WhatsApp scheme (whatspp://) in order send messages to your friends, and hence you would be promoting a hoax on behalf of the scammers:

The entire business logic is based upon the following client side script – http://new-4g-whatsapp.ga/invite.js.

Upon examining invite.js it was discovered that the code sets a cookie and checks if 15 invites have been sent on the client side:

 

Once, the counter has reached up to 15 invites or above, you would be redirected to the download link:

From the above source code, if the value of c is greater or equal to ’15‘, window.location.href would be set to “ur” variable which hosts the following download link – http://ta3.co/new-4G-whatsapp/install.php

The installation link seems to be dead, normally in such scams you would be asked to fill in surveys or installing *free apps* which would not be free as they might be shipped with Malware/adwares.

Update (Whatsapp Gold)

A new variation of Whatsapp 4G VIP scam has recently came into notice with name of “Whatsapp Gold”, which basically works on the same principle as above. The only thing that has changed the interface design and name.

Hack Admin Access of Remote windows 10 PC using Eventvwr Registry Key Exploit

First of all, to learn to how to hack victim’s PC click here. After hacking when you have gained a meterpreter session then type:

getprivs

using this command you will confirm the fact that you have not entered the administrator yet. So now, there is no need to worry.

Now use the following exploit

This module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows Event Viewer is launched. It will spawn a second shell that has the UAC flag turned off. This module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess () after starting your payload in a separate process.

As the command will make our file execute we will have a session with administrator privileges as shown

WordPress Penetration Testing using Symposium Plugin SQL Injection

WP Symposium turns a WordPress website into a Social Network! It is a WordPress plugin that provides a forum, activity (similar to Facebook wall), member directory, private mail, notification panel, chat windows, profile page, social widgets, activity alerts, RSS activity feeds, Groups, Events, Gallery, Facebook Connect and Mobile support! You simply choose which you want to activate! Certain features are optional to members to protect their privacy.”

WordPress plugin wp-symposium version 15.5.1 (and probably all existing previous versions) suffers from an unauthenticated SQL Injection in get_album_item.php parameter ‘size’. The issue is exploitable even if the plugin is deactivated.

The SQL injection allows (very easily) to retrieve all the database content, which includes users details and password hashes. An attacker may be able to crack users’ password hashes and log in as them. If an administrator user password is obtained, then the attacker could take complete control of the WordPress installation. Collected information may also allow further attacks.

https://www.exploit-db.com/exploits/37824

 Attacker: kali Linux

Target: wordpress

Let start!!!!

Start WPSCAN in kali from following step:

Now scan the target IP for scanning any wordpress application and type following command

Through this command we are scanning current plugin installed for any wordpress website.

./wpscan.rb –url http://192.1681.0.104 –enumerate p

The red sign indicating wp symposium 15.5.1 is vulnerable and suffers from an unauthenticated SQL Injection although blue sign shows version 15.8 if fixed which is not vulnerable till now.

Now start metasploit for attack and type msfconsole on terminal in kali Linux.

msf > use auxiliary/admin/http/wp_symposium_sql_injection

 msf auxiliary(wp_symposium_sql_injection) >set rhost 192.1681.0.104

msf auxiliary(wp_symposium_sql_injection) >set rport 80

msf auxiliary(wp_symposium_sql_injection) >exploit

Nice!!! Here we found the relevant username and password as user: raj respectively.

A

Hack Remote PC using PSEXEC Injection in SET Toolkit

Attacker machine: kali Linux

 In this article I am going to make powershell injection attack though SEToolkit; for this attack it is necessary that SMB service must be running and you should aware of username and password of your target pc to get the Meterpreter session.

Let’s Begin The Game!!!

Scan the victim IP from NMAP by typing following command on terminal in kali Linux

Nmap –sV 192.168.1.104

Under version scan it shows port 445 is open and if you are not aware from port protocol services then let me tell you that port 445 is use for SMB protocol for making communication between two different operating systems like as we have Linux and windows.

Now Click Applications > Exploitation Tools > Social Engineering Toolkit > setoolkit.

A new terminal gets open for setoolkit framework and now you have to follow these steps for making attack on target.

From screenshot you can perceive that it through a menu to select following approach for attack.

Choose penetration testing (fast-track) and type2 for this method.

Fast-Track is an automated penetration suite for penetration testers. So from next screenshot again we have following option, choose PSEXEC Powershell Injection and type 6 for it.

PSEXEC Powershell Injection Attack: This attack will inject a meterpreter backdoor through powershell memory injection. This will avoid Anti-Virus since we will never touch disk or memory. Will require Powershell to be installed on the remote victim machine. You can use either straight passwords or hash values.

Now give following information to execute attack on victim pc.

Enter remote IP as rhost: 192.168.1.104

Enter username: administrator

Enter password: Ignite@1234

If you don’t know the domain name hit enter only for this and same for random select to number of threads hit enter.

Enter listener IP as lhost: 192.168.1.3

Enter port number: 445

Now this will generate a payload for powershell injection and start loading metasploit framework itself. From below image you will found that through alphabetic shellcode we have got meterpreter session1 open.

Now type sessions to view active session

Further Type sessions –I 1 to get inside meterpreter mode.

Meterpreter> sysinfo

{NOTE: This attack is depending upon the version of SMB PROTOCOL; if version is updated of 2.1 then may be this attack is not successful. Use aggressive scanning method for version detail.}

Computer Virus

Each file and folder have the following attributes:

1).  Archive A

2).  Read Only R

3).  Hidden H

4).  System S

-(minus) sign before an attribute it means removing attributes and +(plus) sign mean giving attributes to the file or folder.

example ) attrib -r -a -s -h file.txt  this will remove all attributes from file.txt  and attrib +r +a +s +h file.txt  will give all attributes to file.txt .

If pen drive or other hard drive is infected by virus ,Command prompt is the best option.Follow the steps given below.

1).  Go to the command prompt by start>all programs>accessories>command prompt or press windows key+r and enter cmd .

2).  Go to the drive where you want to delete virus example write d: to go to D drive .

3).  Type “attrib -r -s -h *.* /s /d” without quotations  and press enter .

4)press dir /a .

5).  Delete all the .inf, .exe , .dll, .log extension file if they are not your files by using dos del command .

Example:

del autorun.inf

if any file is not deleting rename that file by rename command

Example:  rename dst.exe ms.bak this will rename dst.exe to ms.bak

 

Now Your pen drive is virus free .

How to Crack a Wpa2-Psk Password with Windows

It,s very common question on the internet to How to hack a Facebook account password and how to hack a WiFi password. Even if you search on YouTube you will find a lots of tutorial to How to hack a WiFi password using backtrack. However, backtrack OS is not most handy OS for normal users. yesterday my one Facebook friend Lovito Tsuqu Kiho ask me to how to hack WiFi using commview using aircrack-ng.

Today i am going to show you how to a crack a Wp2-psk password with windows machine.

Software Requirement for this lab :-

1. CommView for Wifi ( Download)

http://download.cnet.com/CommView-for-WiFi/3000-2085_4-10218782.html

2. Elcomsoft Wireless Security Auditor (Download)

http://www.elcomsoft.com/ewsa.html

Presently i am connected with my own wifi network Virusfound and i want to hack the password of Ultimate that is secured with Wpa2-psk encryption.

First you need to be capture the Wpa2, four-way handsake with CommView.

Open commView and click on the Start option

then click on the capture option to start the capture

now it will show you all available AP, Now click on the Tools > Select the Node Reassoication option ( if Node Rassociation is not working , then use WiFi Alfa card )

now select your target AP in the Send a deauthentication request from this AP option. it will show you all available client option.

now click on the Send Now option to send the packet for 4-way authentication. wait for some time so it will capture the packet.

now click on the Save option and choose your file format Commview Capture Files (*.ncf)

you capture work is done.

Now open Elcomsoft Wireless Security Auditor to crack your wifi password.

Click on the Import Data tab > select the Import CommViewLog option.

now it will show you information about AP and Multiple Handshake selection information. Click on Ok.

now click on the Start attack option and select the Dictionary Attack option. However you have other attack options are also available.

now within minutes it will found your password and it will show you the password.

Enjoy Wifi Hacking with Windows machine

Joomla 3.4.5 Critical SQL Injection Vulnerability Found

 

SQL injection found in joomla 3.4.5

The Joomla team just fixed a new Joomla version (3.4.5) to fix some serious security vulnerabilities in joomla. The most critical one is a remote and unauthenticated SQL injection on the com_contenthistory module (included by default) that allows for a full take over of the vulnerable site complete database.By using this vulnerability Joomla site database can be hacked completely.

Joomla – one of the most popular open source Content Management System (CMS) software packages for website development, has reportedly patched three critical vulnerabilities in its software package.This is the complete Tutorial for this joomla sql injection vulnerability.

The flaws, exist in the Joomla version 3.2 to 3.4.4, include SQL injection vulnerabilities that could allow hackers to take admin privileges on most customer websites and they can hack complete joomla site database.

The patch was an upgrade to Joomla version 3.4.5 and only contained security fixes which are recently patched.

The vulnerability, discovered by Trustwave SpiderLabs researcher Asaf Orpani and Netanel Rubin of PerimeterX, could be exploited to attack a website with SQL injections.

SQL injection (SQLi) is an injection attack wherein a black hack can inject/insert malicious SQL commands/query (malicious payloads) through the input data from the client to the application.

The vulnerability is one of the oldest, most powerful and most dangerous flaw that could affect any website or web application that uses an SQL-based database.

The recent SQLi in Joomla discovered by Orpani are:

• CVE-2015-7297

• CVE-2015-7857

• CVE-2015-7858

1. Exploit the vulnerability to gain the administrator session key

1. On executing the request on Joomla site returns the admin session key

1. Using the admin key to hijack the session and further gaining:

• Access to the /administrator/ folder

• Administrator privileges

• Access to the administrator Control Panel

CVE-2015-7857 enables an unauthorized remote attacker to gain administrator privileges by hijacking the admin session. Once exploited, the attacker may gain full control of the website and execute additional attacks.

The vulnerability discovered in a core module that doesn’t require any extensions, therefore, all the websites that use Joomla versions 3.2 (released in November 2013) and above are vulnerable.

Researchers also discovered the related vulnerabilities, CVE-2015-7858 and CVE-2015-7297, as part of their research.

Actually the Joomla code resided in /administrator /components /com_contenthistory/ models/history.php was vulnerable to SQL injection.

Orpani came across many weak links in this code, that could:

Vulnerability in DRUPAL

The popular CMS Drupal has also patched an Open Redirect vulnerability in the Overlay module in its Core project (7.x versions prior to 7.41).

The Overlay module in Drupal core project displays administrative pages as a layer on the current page, rather than replacing the page in the browser window.

However, the module doesn’t sufficiently validate URLs prior to displaying their contents, which leads to an open redirect vulnerability, according to Drupal’s official blog.

joomla released officially :-

Joomla! 3.4.5 is now available. This is a security release for the 3.x series of Joomla which addresses a critical security vulnerability. We strongly recommend that you update your sites immediately. This release only contains the security fixes; no other changes have been made compared to the Joomla 3.4.4 release.

The vulnerability affected the site users with administrative rights; i.e. if only the “Access the administrative overlay” permission is enabled the vulnerability could be exploited.

The fix for the open redirect vulnerability was released and required the sites to upgrade to Drupal version 7.41.You can patch your Drupal from official drupal website.

If you were not aware of these vulnerabilities, do not panic you can fix your CMS now!