Jump to content

florin_darck

Active Members
  • Posts

    712
  • Joined

  • Last visited

  • Days Won

    4

Everything posted by florin_darck

  1. Daca nu intervine ceva pe la facultate, I'll join
  2. Eu luna trecuta am cumparat cateva ceasuri total 50 euro, free shipping si nu am platit nimic in plus. A venit acasa totul ok..
  3. Nu, daca alegi varianta de shipping care dureaza intre 15-20 de zile sau nu mai retin exact cat. Daca faci comanda si bifezi express delivery atunci comanda va ajunge mai repede, dar vei plati taxa vamala.
  4. Avea un prieten un cont cu ~30 ore jucate si rank Legendary Eagle. Doar CS:GO pe contul ala de steam. Daca il mai are, ce ii dai? Sa stiu cat sa ii spun daca-l mai da.
  5. Eu la apple n-am mai raportat nimic. Am vreo cateva xss-uri dintre care 1 stored, dar astept sa lanseze si ei bugbounty. Poate am noroc si nu le raporteaza nimeni
  6. Frumos ultimul.. Tu chiar nu te mai plictisesti de cautat in mail
  7. How I could delete any video on YouTube March 31, 2015 About Vulnerability Research Grants Few months ago Google announced a new experimental program called Vulnerability Research Grants. It's a definitely good idea, thanks Google for inventing and trying such cool things! How it works: Google's Security team choses regular reporters and send them such emails: http://kamil.hism.ru/img/about-vrg-and-delete-any-youtube-video-issue/email.png Researcher selects product/service from the list and looks into the security of it. The goal of VRG is to support research looking for vulnerabilities, so even no vulnerability is found, researcher will receive reward for an attention and spent time. But if, as a result of the grant, vulnerabilities are found, then person will receive both reward for detected issues and a grant amount itself. Security issue on YouTube As a frequent google reporter, I've received the email above and decided to spend some time on weekends and look into the security of Google products. I selected YouTube Creator Studio as a target and after a few hours I composed two reports. One of them was about easily exploitable, but pretty high severity issue. Here are few words about it. In YouTube Creator Studio I investigated how live_events/broadcasting systems works. I wanted to find there some CSRF or XSS issues, but unexpectedly discovered a logical bug that let me to delete any video on YouTube with just one following request: POST https://www.youtube.com/live_events_edit_status_ajax?action_delete_live_ev ent=1 event_id: ANY_VIDEO_ID session_token: YOUR_TOKEN In response I got: { "success": 1 } And the video got deleted! Here is a POC video: Source : How I could delete any video on YouTube | Kamil Hismatullin
  8. Nici crossdomain-ul din main domain nu este foarte safe. <allow-access-from domain="*.nokia.com"/> <allow-access-from domain="*.nokia.ie"/> <allow-access-from domain="*.nokiausa.com"/> <allow-access-from domain="*.nokia.co.za"/> <allow-access-from domain="*.nokia.fr"/> <allow-access-from domain="*.nokia.it"/> <allow-access-from domain="*.nokia.de"/> <allow-access-from domain="*.nokia.es"/> <allow-access-from domain="*.nokia.nl"/> <allow-access-from domain="*.nokia.co.in"/> <allow-access-from domain="*.nokia.com.sg"/> <allow-access-from domain="*.nokia.be"/> <allow-access-from domain="*.nokia.ru"/> <allow-access-from domain="*.nokia.fi"/> <allow-access-from domain="nokia.fusepump.com"/> Deci se poate exploata si asta prin metoda aplicata in oculus de Paulos YIBELO. Facebook’s Oculus – Cross-Site Content Hijacking (XSCH) to Bypass SOP ~ Paulos Yibelo - Offical Blog
  9. Due to the lack of literature about DOM Based XSS identification tools awareness, we decided to write a paper that took the actual tools that are stated to be able to identify DOM Based XSS and test their capabilities when dealing with a real world DOM XSS issue. Minded Security has been the first company to launch a commercial tool aimed to identify DOM Based XSS with a runtime approach: DOMinatorPro. In 2012, as a result of our research on DOM XSS, we released the tainting engine on github.com as an open source project and created a commercial version that let users easily identify several kind of JavaScript vulnerabilities with a pretty high rate of accuracy . Since then, some tools, open source and commercial, have been developed and awareness on this very topic grew among application security experts. The following paper will try to give an unbiased study supported by objective facts about precision and accuracy of existing tools that are stated to identify DOM Based XSS vulnerabilities. Full slide : Comparing DOM XSS Tools On Real World Bug or PDF : https://dominator.mindedsecurity.com/sharedto/ComparingDOMXSSToolOnRealWorldBug.pdf Source : Minded Security Blog: Comparing DOM based XSS Identification Tools on a Real World Vulnerability
  10. Detaliat : https://hackerone.com/reports/46072
  11. Au trecut vremurile alea. Acum sunt mai seriosi.
  12. Someone or some bug decided to crash the original ¯?(º_o)/¯ (it wasn't me) XSS Another Stored XSS in Facebook.com - Break Security Another Stored XSS in Facebook.com | Nir Goldshlager Web Application Security Blog https://nealpoole.com/blog/2011/03/xss-vulnerability-in-facebook-translations/ https://nealpoole.com/blog/2011/08/lessons-from-facebooks-security-bug-bounty-program/ Logic How I Hacked Facebook Employees Secure Files Transfer service (http://files.fb.com ) | Nir Goldshlager Web Application Security Blog PwnDizzle: How to Bypass Facebook's Text Captcha Rate Limits https://www.facebook.com/notes/$500-bug-at-facebook-no-rate-limiting-implemented/686271891408124 Object Reference A blog on Web Application Security: Hacking Facebook.com/thanks Posting on behalf of your friends! fin1te - Hijacking a Facebook Account with SMS Delete any Photo from Facebook by Exploiting Support Dashboard ~ My Blog More vulnerabilities & source : https://www.facebook.com/notes/phwd/facebook-bug-bounties-backup/736808796409147
      • 1
      • Upvote
  13. Mie personal mi se pare absurd ca eu sa fiu considerat vinovat daca am un video cu o vulnerabilitate (PUBLIC)...
  14. Pot cumpara chiar si cei care nu participa la Defcamp ? (eu)
  15. Are cineva din greseala un cupon la asta ? https://www.udemy.com/how-to-become-a-web-developer-from-scratch/ Mersi anticipat.
  16. Hold the power of an x64 platform in the palm of your hand! The Neutron is one of the tiniest Intel powered Window's PCs in the world! The Neutron will change the way you think about a desktop computer. When you normally think of a desktop computer, you usually think of a big, dull, black box that sits on (or under) your desk. The Neutron shatters those perceptions by delivering all that you expect from a high-end desktop tower in an impossibly small and stylish package. Source/more details : https://www.kickstarter.com/projects/atomcomputer/neutron-a-full-blown-windows-pc-in-the-palm-of-you PS : Ce parere aveti ?
  17. WYSIWYG Editors' XSSed Revisiting XSS Sanitization A talk by Ashar Javed Slides : WYSIWYG Editors XSSed by Ashar Javed White paper : https://www.blackhat.com/docs/eu-14/materials/eu-14-Javed-Revisiting-XSS-Sanitization-wp.pdf Source : https://twitter.com/soaj1664ashar/status/523013778326421504
  18. L-ai mai raportat ? Ceva news ?
  19. Errata Security: Bash bug as big as Heartbleed
  20. Si mai pun pariu ca o gramada de baieti au vulnerabilitati si nu le raporteaza, asteptand sa lanseze BB
  21. Interesant si foarte bine explicat
  22. Tare presimt ca pana la sfarsitul anului si Apple se da pe treaba si lanseaza BB
  23. Online Services Bug Bounty Terms PROGRAM DESCRIPTION Microsoft is pleased to announce the launch of the Microsoft Online Services Bug Bounty Program beginning September 23rd, 2014. Through this program, individuals across the globe have the opportunity to earn a bounty on submitted vulnerabilities for participating Online Services provided by Microsoft. Qualified submissions are eligible for a minimum payment of $500 USD. Bounties will be paid out at Microsoft’s discretion based on the impact of the vulnerability. Source&more Details : Online Services Bug Bounty Guidelines
  24. Aveti careva un cont uploaded.net premium din greseala ? Am dat un search mai amanuntit pe google dar nu am gasit nimic bun.
  25. GG, asa da.
×
×
  • Create New...