akkiliON

URL Link: Google Adwords Community Author: akkiliON Vulnerability: Cross-Site-Scripting Type: Reflected Status: still works Vulnerability Submission Form for Google Products - Link: https://www.google.com/appserve/security-bugs/new Reported

It seems you cannot go a day without hearing about someone or some group hacking a website or stealing credit card and other sensitive data from e-commerce sites. The Market of E-commerce is at its boom, and that provides even more opportunities to hackers. There are many readymade e-commerce platforms available on the Internet, that are easy to install and easy to manage at no extra cost and 'Magento' is one of the most popular out of them. Recently security researchers at Securatary reported a critical cross-store vulnerability in the Magento platform that lets attackers to escalation privilege by creating an administrative user on any ' Gostorego ' The authentication bypass vulnerability left 200,000 merchants data vulnerable to hackers before it was patched. To exploit the flaw, an attacker only needed to modify the HOST header to the URI of the target account in the GET request. They dubbed it as "Stealth Mode", allow the attacker to steal store credits and gift coupons, change the price of products and also can manipulate a number of other things in more than 20,000 web stores. "All these requests however “impersonate” the store owner account so action are logged as this user and does not look so suspicious." they said. To demonstrate the vulnerability security researcher has used "Burp Suite", which easily allows an attacker to capture the login request, change the host entry in the header, and all other facilities for adding a new user in targeted store. The Security Company has reported the vulnerability to eBay, who own the Magento project and hence patched. Magento vulnerability allows an attacker to create administrative user - The Hacker News

....16 miliarde USD ! :/

lol.

Func?ioneaz?... doar odat?.

Chiar aveam de gând s? postez. Security | Magento

On the 10th Anniversary of Social networking website Facebook, the hacker group 'Syrian Electronic Army' claimed that they managed to hack into the administrator account of the Facebook's Domain Registrar - MarkMonitor. The hacking group changed the Facebook Domain's contact information to a Syrian email address on the company’s WHOIS domain information page, as shown. Happy Birthday Mark! http://Facebook.com owned by #SEA the group tweeted Mai multe detalii: Facebook domain hacked by Syrian Electronic Army - The Hacker News

Google's Vulnerability Reward Program which started in November 2010, offers a hefty reward to the one who find a good vulnerability in its products. Now Google is getting a little more serious about the security of its Chrome Browser and has expanded its Bug Bounty Program to include all Chrome apps, extensions developed and branded as "by Google". The Internet is a platform which has become a necessary medium for performing our daily tasks like reading news, paying bills, playing games, scheduling meetings and everything we perform on this platform is possible only because of the various applications maintained by the service providers. We think developing Chrome extensions securely is relatively easy, but given that extensions like Hangouts and GMail are widely used, we want to make sure efforts to keep them secure are rewarded accordingly. Google said in blog post. Mai multe detalii: Google adds its Chrome apps and extensions to Bug Bounty Program - The Hacker News

Adobe rolled out an emergency update for Flash Player 12.0.0.43 in order to fix a vulnerability reported as having an exploit in the wild. In a security bulletin published on Tuesday, the company announced that the security glitch identified as CVE-2014-0497 had been corrected. The issue, classified as an integer underflow, can be leveraged by attackers to execute arbitrary code on the affected system and take control of them remotely and has been defined as critical. The update to version 12.0.0.44 (for Windows and Mac) and 11.2.202.336 (for Linux) of Adobe Flash Player has the highest priority level, which means that administrators are recommended to install it as soon as possible. The versions of the product for Google Chrome and Internet Explorer 10 and 11 are updated automatically to the latest build through the respective browser update mechanisms. Surs?: Adobe Flash Player Receives Emergency Update [*] Mai multe detalii: Adobe issues Emergency Flash Player update to patch critical zero-day threat - The Hacker News

Mere oleac?. Bravo

Nu e redirect.

http://www.youtube.com/watch?v=dDIhi2aK4tk

OFF:

Hehe, frumos

Ce mincino?i sunt ??tia de la Paypal. Am g?sit un SQL Error în where.com. Când am g?sit prima dat? problema, mi-au validat-o ca Information Disclosure, iar banii i-am primit. Problema nu a fost bine reparat?, ?i când le-am trimis mesaj din nou de pe contul meu (vechi) mi-au zis c? aceast? vulnerabilitate nu afecteaz? site-ul. Am raportat de pe alt email (nou) ?i mi-au validat problema :/ Asta e a doua oar? când fac a?a cu ei.

E bun atunci c? nu e cel g?sit de mine.

Care ? C? am multe fixate din mail

Nu ?tiu dac? e tot care l-am g?sit ?i eu, dar e self.

https://pbs.twimg.com/media/Be7j7teCAAA2D4K.jpg

Alt fan Tinkode.

Bravo. Am g?sit ?i eu un xss într-un site care apar?in de ei. Faza e c? am raportat bug-ul prima dat? de pe contul meu (vechiul) ?i am primit r?spuns c? e duplicate. Dubios M-am hot?rât s? îmi fac cont nou ?i s? raportez problema din nou. Iar r?spunsul care l-am primit de la ei pe contul creat nou, m-au l?sat masc?. :/ .... Mi-au validat problema ?i trebuie s? primesc 750$.

Prostituata care mergea la produs cu feti?a de mân? a fost prins? în flagrant, în urm? cu pu?in timp! | Actualitate | Spynews.RO ON: