Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 08/13/16 in all areas

  1. E treaba publica, nu te ambala. "Toti nataraii" se vor uita ca mâţa in calendar anyway. LE: @Sandu aka sifon: daca te oboseai sa citesti pana la urma: Regarding the vulnerabilities of VW Group systems, we contacted VW Group first in November 2015. We discussed our findings in a meeting with VW Group and an affected sub-contractor in February 2016, before submitting the paper. VW Group received a draft version of this paper and the final version. VW Group acknowledged the vulnerabilities. As mentioned in the paper, we agreed to leave out amongst others the following details: cryptographic keys, part numbers of vulnerable ECUs, and the used programming devices and details about the reverse-engineering process.
    3 points
  2. 2 points
  3. 30234277 bucati. Sortate, fara dubluri: emails Le-am scos de aici: https://rstforums.com/forum/105503-ashley-madison-db.rst
    1 point
  4. Pwnthecode este o platform? educa?ional? care are ca scop dezvoltarea, responsabilizarea ?i antrenarea pasiona?ilor de securitate. Scopul definit al platformei este s? demonstreze cât de periculoase sunt vulnerabilit??ile web dar ?i s? înve?e utilizatorul despre anumite bre?e de securitate pe care acesta, ulterior, va înv??a s? le repare în vederea îmbun?t??irii securit??ii pe pia?a IT. Platforma se adreseaz? în special celor mai pu?in specializa?i în domeniul IT ?i celor care de?in un website sau care activeaz? în domeniul web. Link: Pwnthecode | Proiect despre Securitatea Web Momentan platforma este la la versiunea BETA, urmând ca în scurt timp s? ad?ugam atât un numar mare de tutoriale pentru vulnerabilit??ile existente (în cadrul platformei) cât ?i câteva tipuri de vulnerabilit??i noi. De asemenea, vom mai ad?uga/modifica examene. User control panelul este în dezvoltare deci este posibil s? întâmpina?i unele probleme. Orice fel de problem? v? rog s? mi-o trimite?i prin PM mie sau lui @danyweb09. Cei care dorest s? sus?in? proiectul pot face o dona?ie (g?si?i pe site mai multe detalii). Dac? cineva doreste s? doneze prin alt? metod? decât PayPal, s? imi trimit? PM. Orice sugestie este bine-venit?!
    1 point
  5. Troll level 9999
    1 point
  6. Vad, si nu intelegeam pentru ce sa mai fie postate daca nu sunt bune ? Mai bine se sterge topicul
    1 point
  7. 1 point
  8. Pluginul pentru dropshipping.
    1 point
  9. Ce face mai exact acel script pentru Woocomerce?
    1 point
  10. O poveste foarte interesanta. Lacheii care cauta metode de facut bani ar trebui sa citeascas asta si sa puna osu la treaba. Nu iti trebuie mai mult de-atat.
    1 point
  11. scuze pt off : un tutorial despre nfc , citire/scriere decodari-encodari etc nu exista? ca as fii interesat de acest subiect , chiar acuma am pus comanda la un ACR 122U ...
    1 point
  12. Hello there. In this blog post I'll tell you how I've managed to read arbitrary files from the Google servers by finding/exploiting a Local-File-Inclusion vulnerability. This flaw was found in one of the Google products, Google Feedburner, and was fastly fixed by Google Security Team. As Wikipedia says, "FeedBurner is a web feed management provider launched in 2004.[...]FeedBurner provides custom RSS feeds and management tools to bloggers, podcasters, and other web-based content publishers." . This product was in the past one of my targets and as I had already discovered a few xss-es in this domain, I realized that there could be more interesting bugs here. So, I did some research and after a while I discovered that FeedBurner had an open API, but it was officially deprecated by Google in 2012. However, even if the documentation files were deleted (https://developers.google.com/feedburner/), the "Wayback Machine" (Internet Archive: Wayback Machine) saved these pages and I was able to read them. This is how I've discovered the link that caught my attention : http://feedburner.google.com/fb/dynamicflares/HelloVisitor.jsp?feedUrl=http://domain.tld/ff.xml (it isn't working anymore) .This script was used for retrieving the content of Dynamic FeedFlare Unit files, which are basically simple xml documents built after a certain scheme . For those who aren't familiar with the FeedFlares, it's important to know that these are more like some kind of addons, used by Feed owners in order to give their readers new methods of interacting with their content. (ex: Hello, Visitor) At first glance, the purpose of this script was to grab the XML document submitted as value for feedUrl parameter and perform a XSL tranformation on it. The problem with this file was that it only appended the content of the provided XML in the context of the page without modifying or even encoding it. My first attempt was only to find an XSS and I succeded by providing an URL that points to a malicious html file. But I felt that there could be a vulnerability with a major impact like reading files from the webserver, so I started my research with some classic payloads, injecting a directory traversal, a method tipically used in LFI attacks ("../../../../../../../etc/passwd"), but it didn't work. Nevertheless,by changing the method and using the file URI scheme, I was able to retrieve files from the server. Unfortunately, not all the files were readable due to the Security policy file, but accessing some log files were enough to prove the existence of this vulnerabiliy. I've submitted this flaw to Google and it was fixed within 10 minutes after the triage. Also, I've uploaded a short Video PoC which demonstrates this issue: --- Articol original: http://ownsecurity.blogspot.ro/2015/08/how-i-found-sweets-inside-google.html Vulnerabilitatea a fost reparat?
    1 point
  13. It's normal ? http://i.imgur.com/Yqk4Fla.png
    1 point
  14. 1 point
  15. In curand va fi adaugat un loc special pentru tutoriale despre Networking / Linux / Unix / Tutoriale PHP , HTML , CSS etc. testate si scrise de echipa PWNTHECODE.
    -1 points
×
×
  • Create New...