akkiliON

Merry Christmas and Happy New Year to everyone.

Exploit: Waze (Google Acquisition) - Cross-Site-Scripting Reflected URL Link: https://waze.com Reported PoC:

Facebook - Thanks Page (White Hat) Finally !

$200,000 to the one who breaks Telegram

)

off: ?i pentru c? ... fan html.

Am primit ce am cerut. Mersi.

Un tip merge la un prieten informatician s?-i cear? bani împrumut. - Cît s?-?i dau? - 500 de dolari. - ?tii ce, î?i dau 512 s? fie rotund

Modific? (42) cu (document.cookie) ori (document.domain).

Uit?te atent la el.

Weeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee )

Se încadreaz? la 3000$

Bine b??.

During a CBS Interview show "60 Minutes" National Security Agency (NSA) officials claimed that China has developed a BIOS based malware that can remotely destroy any computer. Obviously NSA is struggling to repair its image and in an effort to justify their extensive Surveillance programs, The NSA Director General Keith Alexander and Information Assurance Director Debora Plunkett made a number of claims. During that interview NSA officials said that they had foiled a malware attack that could have taken down the U.S. economy. "One of our analysts actually saw that the nation state had the intention to develop and to deliver, to actually use this capability to destroy computers," Plunkett said. They have mentioned that this malware was distributed via social engineering and targeted emails, although the NSA director mentioned that their researchers worked with computer manufacturers and able to close the respective vulnerability. This is the BIOS system which starts most computers. The attack would have been disguised as a request for a software update. If the user agreed, the virus would've infected the computer. Think about the impact of that across the entire globe. It could literally take down the U.S. economy. (BULLSHIT) If this Malware was intentionally born to threat U.S Economy, then what about DNS Changer malware or Zeus banking Trojan or infomous CryptoLocker ransomware that extensively spread across USA? So, Why NSA's Surveillance programs are failed to defend us from similar known threats ? Complete Interview Video: http://www.cbsnews.com/videos/the-snowden-affair/ The BIOS malware is not new in the cyber world, and really not a big threat, but if NSA seriously justifying their Surveillance program by saying that this so called BIOS malwarewas one of the biggest threat they has taken down, then LET ME LAUGH. (Score Card = Snowden : 3, NSA: 0) Surs?: BIOS Malware that can remotely destroy any computer, NSA claimed

Ai P.M. ! Mersi

(Double-Post) Finally! https://www.paypal.com/us/webapps/mpp/security-tools/wall-of-fame-honorable-mention

Un mesaj de la AT&T. Scuze de double-post. Am raportat multe vulnerabilit??i.

Hehe, ?i eu ?tiam de un Blind MySQL + XSS Flash într-un subdomeniu. SQLi a fost reparat repede din câte ?tiu. Dar de XSS, nu mai ?in minte.

A German Security researcher has demonstrated a critical vulnerability on Ebay website, world's biggest eStore. According to David Vieira-Kurz discovered Remote code execution flaw "due to a type-cast issue in combination with complex curly syntax", that allows an attacker to execute arbitrary code on the eBay's web server. In a demo video, he exploited this RCE flaw on EBay website, and managed to display output of phpinfo() PHP function on the web page, just by modifying the URL and injecting code in that. According to an explanation on his blog, he noticed a legitimate URL on eBay: https://sea.ebay.com/search/?q=david&catidd=1 ..and modified the URL to pass any array values including a payload: https://sea.ebay.com/search/?q[0]=david&q[1]=sec{${[COLOR="#FF0000"]phpinfo()[/COLOR]}}&catidd=1 Video Demonstration: But it is not clear at this moment that where the flaw resides on Ebay server, because how a static GET parameter can be converted to accept like an array values ? According to me, it is possible only if the 'search' page is receiving "q" parameter value using some LOOP function like "foreach()". Most probably code at the server end should be something like: foreach($_GET['q'] as $data) { If $data is successfully able to bypass some input filter functions { eval("execute thing here with $data"); } } David has already reported the flaw responsibly to the Ebay Security Team and they have patched it early this week.

Ai P.M !

Warning: urlencode() expects parameter 1 to be string, array given in /home/vremeain/public_html/index.php on line 14 Ai stricat pagina, ?igane. http://www.vremeainpulamea.ro/?oras[]=brasov ON: Cum e vremea la mine in oras -3°C??!!! E FRIG, B?GA-MI-A? PULA