Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

24 Excellent

About xenonxsc

  • Rank

Profile Information

  • Gender
  • Location
    : localhost

Recent Profile Visitors

1919 profile views
  1. xenonxsc


    -dublu post inutil-
  2. Abstract Server Side Request Forgery (SSRF) is known to every security researcher for a long time. However, because its exploitation always depends on the vulnerabilities in the intranet rather than the target itself, its damage is ignored by many researcher. The ignorance leads to the lack of SSRF attack tools. But we should not belittle this attack, there are many examples of gaining intranet control through SSRF (For example, Wooyun identifier: WooYun-2015–0163792, WooYun-2015–099070). To help security research utilizes the vulnerability, this research would propose details to i
  3. xenonxsc


    Oricum nu ai cum sa scoti XSS acolo cel putin nu cu vectorul ala. http://test.playready.microsoft.com/service/rightsmanager.asmx?cfg=<ceva> este default blocat de ASP. In schimb te poti lauda cu un Self XSS in rst daca dai link-ul cu vectorul in el
  4. macOS . (Poti sa faci un poll )
  5. A command injection is a class of vulnerabilities where the attacker can control one or multiple commands that are being executed on a system. This post will go over the impact, how to test for it, defeating mitigations, and caveats. Before diving into command injections, let’s get something out of the way: a command injection is not the same as a remote code execution (RCE). The difference is that with an RCE, actual programming code is executed, whereas with a command injection, it’s an (OS) command being executed. In terms of possible impact, this is a minor difference, but the key
  6. Probabil se aplica la utilizatorii care au trecut recent la high sierra, deoarece eu am trecut de ceva timp si nu pot sa reproduc ,,exploit-ul'' . Foarte urata gafa comisa de apple, daca intradevar e o gafa ( greu de crezut ) !
  7. What is the main purpose of security.txt? The main purpose of security.txt is to help make things easier for companies and security researchers when trying to secure platforms. Thanks to security.txt, security researchers can easily get in touch with companies about security issues. https://securitytxt.org/ https://github.com/securitytxt/securitytxt.org/ The idea of EdOverflow.
  8. O lista cu referinte catre blog-uri ce contin write-up-uri despre bug-uri gasite in companii ce au un program bug bounty. https://github.com/ngalongc/bug-bounty-reference
  9. xenonxsc

    xss facebook

    Zile de nervi, insistente Prin cine face platiile facebook ?
  10. https://speakerdeck.com/filedescriptor/exploiting-the-unexploitable-with-lesser-known-browser-tricks
  11. xenonxsc

    xss facebook

    (facepalm) postul asta e la troll, chiar credeai ca tipul ala a gasit xss in facebook ? :)))))))))))
  12. xenonxsc

    xss facebook

    Lol, chiar credeam ca tipu a facut public un XSS in facebook. Mersi de elucidare Sherlock
  13. XSS 101 1. What is XSS? Cross-site scripting (XSS) is both the name of the most common vulnerability in web applications and the exploitation method performed against it. XSS attacks abuse the dynamic way websites interact with their clients, the browsers. It makes possible, for an attacker, to control the victim’s browser and his/her interaction with a given vulnerable website. To display back content provided or controlled by an user, like an URL parameter or an input field, a flawed application opens the door to manipulation of this content. This manipulation, generi
  14. https://pbs.twimg.com/media/C7yEwJVWsAAAI7Z.jpg:large
  15. Mai am si eu un invite in caz de ceva : https://www.elearnsecurity.com/affiliate/redeem SIH-BRO
  • Create New...