If You like playing with Burp or Paros, probably You will get the idea
of :
Sunday, 29 July 2012
[EN] 2 codes for building payloads
Hi,
If You like playing with Burp or Paros, probably You will get the idea
of :
/*
and:
Idea is simple, so maybe it will helps ;)
Enjoy o/
If You like playing with Burp or Paros, probably You will get the idea
of :
/*
and:
[EN] Hacking vBulletin 4.2.0 via Google... :)
Hi,
I saw that few of You are watching me from some forums about let's say
'security'. ;)
That's how I found a simple trick to bypass 'authorized view only'
if You're using (last) vBulletin 4.2.0.
Ok, so. Example:
I found at stats few links like:
http://some-security;)-for.um/post-for-logged-in.bla
When I want to copy/paste this link in address bar there will be 'error':
"You are not logged in.", etc, etc...
But :)
...we can try to do one things to check this 'logged-only' content/site:)
1. Copy/paste Your '4logged-only'-link and search it via google.com
2. Next, go after 'copy' link.
3. Tadam! :D Content for logged-in users.
Enjoy ;)
o/
Thursday, 26 July 2012
[EN] phpBB3 SQL Injection - updated (31.07)
Hello :)
After a little break and multiple tasks to do, few minutes ago I found one surprise
in latest phpBB3.
This is 'so called' sql-information-leak via parameter manipulation (related to SQL).
I will not public full information today, because maybe some of You want to test Your installations before.
If so - let me know. Maybe I should help with full webapp pentest.
* updated 10:11 *
- Found second vulnerable parameter :)
* updated 28.07 *
- another two parameters are vulnerable
Cheers ;) o/
After a little break and multiple tasks to do, few minutes ago I found one surprise
in latest phpBB3.
This is 'so called' sql-information-leak via parameter manipulation (related to SQL).
I will not public full information today, because maybe some of You want to test Your installations before.
If so - let me know. Maybe I should help with full webapp pentest.
* updated 10:11 *
- Found second vulnerable parameter :)
* updated 28.07 *
- another two parameters are vulnerable
* updated 31.08 *
Detailed story once again at PacketStorm. Cheers ;) o/
Wednesday, 27 June 2012
vBulletin 4.2 persistent XSS
Because my bug leaked somehow, here you have full detailed info:
[ TITLE ....... ][ Persistent Cross-Site Scripting in vBulletin 4.2
[ DATE ........ ][ 15.06.2012
[ AUTOHR ...... ][ http://hauntit.blogspot.com
[ SOFT LINK ... ][ http://www.vbulletin.com
[ VERSION ..... ][ 4.2
[ TESTED ON ... ][ LAMP
[ ----------------------------------------------------------------------- [
[ 1. What is this?
[ 2. What is the type of vulnerability?
[ 3. Where is bug :)
[ 4. More...
[--------------------------------------------[
[ 1. What is this?
This is very nice CMS, You should try it! ;)
[--------------------------------------------[
[ 2. What is the type of vulnerability?
This is persistent cross-site scripting attack.
Vulnerability can be exploited by normal ("registered") user.
[--------------------------------------------[
[ 3. Where is bug :)
To exploit this vulnerability we need (to create/register) account of normal user:
3.1. Go to Your http://vBullet.in/forum/ and log in as a "normal user". (screen01)
3.2. After login in, we are redirecting to /activity.php (This page is called 'Activity Stream').
3.3. Now (as a registered user), we need to go to our /forum/calendar.php.
3.4. We are now at "HOME-> Calendar ->Default Calendar". Now (on right) we must click
to 'Add new event'. (screen02)
3.5. Vulnerable form here is 'Title'. To check it, type as a title something like:
test-title'><h1>Hi<br>Noam</h1><script>alert(123);</script> (screen03).
3.6. And now. Your 'new event' is added 'as a clear text' - by 'clear text' I mean
'text only, without XSS'. But...
3.7. Logout now, and log-in again. Your added XSS-code, will be presented at
first page (activity.php) for user who will log in.
If You want re-test this bug, You should create 2 users: registered1 and registered2.
Add payload ('add new event') as a registered1, and log out. Now log-in as a registered2,
and after login-page, there should be trigerred XSS.
[--------------------------------------------[
[ 4. More...
- http://hauntit.blogspot.com
- http://www.google.com
- http://portswigger.net
[
[--------------------------------------------[
[ Pentests - mail me.
]
[ Best regards
[
Monday, 4 June 2012
[EN] Persistent XSS for admin in WP 3.3.2 - wanna? ;)
Yes, yes, "for admin only".
...if 'admin' = user who can create something. But 'what'? ;]
I will tell first to all of You, who will send me mail ;)
(And yes, I just want to check, that you 'are' interested (or 'not') for 'bugs' in admin panels too.
Who knows, maybe some of You are paranoid like me ;P and want to 'secure all' ;D
If so, You know when You can find me ;)
Cheers o/
...if 'admin' = user who can create something. But 'what'? ;]
I will tell first to all of You, who will send me mail ;)
(And yes, I just want to check, that you 'are' interested (or 'not') for 'bugs' in admin panels too.
Who knows, maybe some of You are paranoid like me ;P and want to 'secure all' ;D
If so, You know when You can find me ;)
Cheers o/
Sunday, 3 June 2012
[EN] Joomla 2.5.4 - remote user logout bug
Yes, that seems to be, that in (still) latest Joomla (2.5.4) we have a so-called-bug.
By sending malformed request to the user, we are able to "logout" him.
Why this could be used for attack? So, badguy, can change (deface) your companys site,
and add there a password-stealer (to php code for example).
Now he can logout all users like a sniper. ;]
(Yes yes, there is a way from admin panel to do the same, but who cares...? ;))
I want finish some test right now, and for a few hours there will be update here.
...and thanks for watching at all-this-break ;)
Cheers o/
;)
By sending malformed request to the user, we are able to "logout" him.
Why this could be used for attack? So, badguy, can change (deface) your companys site,
and add there a password-stealer (to php code for example).
Now he can logout all users like a sniper. ;]
(Yes yes, there is a way from admin panel to do the same, but who cares...? ;))
I want finish some test right now, and for a few hours there will be update here.
...and thanks for watching at all-this-break ;)
Cheers o/
;)
Thursday, 24 May 2012
[EN] Hi from May ;)
This is very busy week (or month) for me (good!:D), so
right now I just want to thank You for all mails, comments
and talks. Blog will be updated very soon (for 100% before 1.06). So...
See You soon! ;)
o/
right now I just want to thank You for all mails, comments
and talks. Blog will be updated very soon (for 100% before 1.06). So...
See You soon! ;)
o/
Tuesday, 15 May 2012
Friday, 11 May 2012
[EN] Jobs for Denmark and Brazil
Friend of mine is looking for a new people to join to his company as a Suppor Team Member.
I don't know the details but if You want, let me know (via e-mail) and I will contact You directrly.
Enjoy! ;)
o/
I don't know the details but if You want, let me know (via e-mail) and I will contact You directrly.
Enjoy! ;)
o/
Monday, 7 May 2012
[EN] Ohhh, baby...
8.05 - Updated!
In a few days I will add here another 'a little article' about testing webapps.
This time we will try to check a ... aa whatever, You will see soon ... ;D
--
Thanks for watching and regards! o/
Subscribe to:
Posts (Atom)