Trust Ur Knowledge
mardi 11 février 2014
dimanche 1 décembre 2013
XSPA/SSRF - Yahoo! as an Example
Acronyms
XSPA: Cross-Site Port Attacks
SSRF: Server Side Request Forgery
Definition
XSPA allows attackers to abuse available functionality in most web applications to port scan intranet and external Internet facing servers, fingerprint internal (non-Internet exposed) network aware services, perform banner grabbing, identify web application frameworks, exploit vulnerable programs, run code on reachable machines, exploit web application vulnerabilities listening on internal networks, read local files using the file protocol and much more.
Source and more infos: http://www.riyazwalikar.com/2012/11/cross-site-port-attacks-xspa-part-1.html
Example: Yahoo!
By the way i've reported this as a bug (Bug Bounty Program 2013) to Yahoo Security Team, and check their response:
Happy Hacking !!
XSPA: Cross-Site Port Attacks
SSRF: Server Side Request Forgery
Definition
XSPA allows attackers to abuse available functionality in most web applications to port scan intranet and external Internet facing servers, fingerprint internal (non-Internet exposed) network aware services, perform banner grabbing, identify web application frameworks, exploit vulnerable programs, run code on reachable machines, exploit web application vulnerabilities listening on internal networks, read local files using the file protocol and much more.
Source and more infos: http://www.riyazwalikar.com/2012/11/cross-site-port-attacks-xspa-part-1.html
Example: Yahoo!
By the way i've reported this as a bug (Bug Bounty Program 2013) to Yahoo Security Team, and check their response:
Happy Hacking !!
Interspire - Cross Site-Scripting # XSS
Interspire E-mail Marketer suffers from a Cross Site-Scripting vulnerability that allows to inject HTML and malicious scripts.
The vulnerable code is at: /admin/index.php
The vulnerable parameter is: "Page"
Proof of Concept:
http://[domain]/admin/index.php?Page={XSS}&Action=Login
Google Dork:
inurl:admin/index.php?Page= intext:Interspire
Version 6 is vulnerable [tested on v 6.1.0].
The vulnerable code is at: /admin/index.php
The vulnerable parameter is: "Page"
Proof of Concept:
http://[domain]/admin/index.php?Page={XSS}&Action=Login
Google Dork:
inurl:admin/index.php?Page= intext:Interspire
Version 6 is vulnerable [tested on v 6.1.0].
that
can access any cookies, session tokens, or other - See more at:
http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf
that
can access any cookies, session tokens, or other - See more at:
http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf
sensitive information retained by your browser and used with that site -
See more at:
http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf
that allows to inject HTML and malicious scripts that can access any
cookies, session tokens, or other sensitive information retained by your
browser and used with that site. - See more at:
http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf
that allows to inject HTML and malicious scripts that can access any
cookies, session tokens, or other sensitive information retained by your
browser and used with that site. - See more at:
http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/#sthash.LU7Yv3jc.dpuf
mardi 8 octobre 2013
lundi 7 octobre 2013
PMB - Cross Site-Scripting # XSS
The vulnerable code is located at /[pmb]/index.php (includes)
The issue results from insufficient sanitization of user-supplied data through "page" parameter. This could permit a remote attacker to create a malicious URI link that include hostile HTML and script code.
[~] Exploit
http://[site]/[pmb_path]/index.php?lvl=section_see&id=-1&location=1&page=[XSS]&nbr_lignes=1&dcote=&lcote=1&nc=&main=&ssub=&plettreaut=
Nota: Reported on 03/20/2013 - Fixed
The issue results from insufficient sanitization of user-supplied data through "page" parameter. This could permit a remote attacker to create a malicious URI link that include hostile HTML and script code.
[~] Exploit
http://[site]/[pmb_path]/index.php?lvl=section_see&id=-1&location=1&page=[XSS]&nbr_lignes=1&dcote=&lcote=1&nc=&main=&ssub=&plettreaut=
Nota: Reported on 03/20/2013 - Fixed
Ruby - Shell_Reverse_Tcp
A very simple and basic reverse shell backdoor written in Ruby language; When executed in client's machine, you get an interactive shell(/bin/sh).
Payload.rb
Server.rb
NOTA: you can use Netcat (nc -l -p 4444) rather than server.rb.
Source Code: http://pastebin.com/WfrHX94m and http://pastebin.com/vp2ugUEY
Payload.rb
Server.rb
NOTA: you can use Netcat (nc -l -p 4444) rather than server.rb.
Source Code: http://pastebin.com/WfrHX94m and http://pastebin.com/vp2ugUEY
samedi 21 septembre 2013
Got Listed in SoundCloud WhiteHats
I got listed in SoundCloud White Hat page for responsibly disclosed security vulnerabilities.
Inscription à :
Articles (Atom)