Thursday 30 August 2012

[EN] Persistent XSS in Concrete5.5.2.1 - 31.08 updated

* persistent xss

+ sql leak

... still testing so more - soon! ;]

* updated at 00:33 *

BIG thanks to Concrete5 Team for a fast reply, and fix! :)

* updated at 31.08 *

Check  some changes here and here.
Also You can try new version of Concrete5 here.

Wednesday 29 August 2012

[EN] TomatoCart 1.1.7 vulnerable to XSS

 For example:
           new Ajax.Request('<?php echo $_SERVER['PHP_SELF'] ?>',

Cheers o/

Monday 27 August 2012

[EN] Reflected XSS in latest e107 CMS (1.0.1)

Hi ;)

Some one asked me about this case in mail, so here is the answer:

1. Go to 'register' page:

2. As Your e-mail confirmation, add yourm@il +  code from screen nr 3:

3. View from Burp Proxy:

4. ... and another one, parameters:

Cheers ;)


Saturday 25 August 2012

[EN] phpBB 3.0.10 with 'stopped MySQL' funny one

Hi ;]

Check it out: when You ('for example') have some 'troubles'* with Your database,
then 'me as a pentester' can get some 'usefull' information, when You have also installed phpBB. Idea is crazy but... it's just a talk, so ... ;)

Anyway, looks like this:

... and we can do it like that:

Two (paranoid;)) scenarios:
- first: Your database (port) is ddosed/maybe crashed by some 'time limit'/to-many-connection-from-webapp-situations, and so on...
- second: database stopped in this or other way.

...and now: "plus" 'all above', if You have installed (default) phpBB 3.0.10,
You can get this information: "this maybe is default installed 'all'-server-soft"...

:) So, like I said, this 'could be' valuable information for tester, because now
he/she can 'hit' other "defaults", for example, with DirBuster, nmap, and so on.

How to repair that? Maybe quick-fix should be to remove 'adding' line about
where is .sock-file?

Let me know what do You think :)

Enjoy Your weekend!

Saturday 4 August 2012

[EN] JavaScript Payload - GET Idea (1)


maybe You'll get the idea of 'how XSS can be used at your page'
after a lecture this sample code:)

Enjoy and remember to test Your webapps! ;)

Code @ pastebin

Wednesday 1 August 2012

[EN] This week TODO


to the end of this week, I will publish here few posts about what I'm doing right now. For now, it'll be:
- my new presentation about web security (will be here today/tommorow),
- few examples of XHR attacks,
- maybe some new bugs (if time permits... ;) ).

So - see You soon! ;)

Have a nice day