florin_darck

Inainte sa integreze programul in hackerone.

E ala din SMS ? PS : Daca e ala, l-am raportat si eu si am luat duplicate... PSS: Daca nu e ala, congrats

Intr-un final au reusit sa fixeze vulnerabilitatea(stergand sters fisierul flash). POC:

La fel si eu, status 'New' de aprx 2 saptamani..

Today’s story is an XSS with an interesting exploit on https://www.google.com/zeitgeist/2012/. It was reported by +Tomasz Bojarski. Zeitgeist 2012 uses the fragment identifier (the part of the URL after #) to load a snippet of HTML from a specified source and inserts it in the DOM. For instance https://www.google.com/zeitgeist/2012/#the-world will load https://www.google.com/zeitgeist/2012/partials/the-world.html So… could we make it load arbitrary URLs? Good question! Alas, this won’t work, because the URL is always constructed relative to the “partials/” directory: 'partials/' + <fragment> + '.html' But, could we use ../ to load another file in a different directory? Well, not exactly: Zeitgeist’s splits on "/", and then just takes the first part of the tokenized string. But not all is lost: +Tomasz Bojarski noticed that Chrome and Internet Explorer both replace "\" with "/" in URLs. So, he could use the "..\" pattern to include files from other directories, say: https://www.google.com/zeitgeist/2012/#\..\..\..\..\robots.txt? Now we have a way to load arbitrary files from www.google.com; Zeitgeist will simply insert them into the DOM as HTML. So how could we load an XSS payload instead of robots.txt? Of course, Tomasz didn’t stop there. He also discovered that Google Correlate allows users to upload structured data and later download it as a CSV file. You probably know where this is going: CSV file format doesn’t support any canonical way of escaping characters such as angle brackets, so Correlate serves them as-is. By itself, that’s not a problem - but if the CSV file is inserted as HTML into another document, we have a straightforward XSS bug: https://www.google.com/zeitgeist/2012/#\..\..\..\..\..\..\trends\correlate\csv?e=id%3aCSVID&t=weekly&p=us& We worked with both Zeitgeist and Correlate to fix this. First, we restricted what the fragment value can be. Secondly, the Correlate team decided to HTML escape the contents of the CSV file for good measure, too. We think this was an interesting exploit that combined a seemingly harmless bug with a legitimate feature to carry out XSS. Nice catch Tomasz!? Source : https://plus.google.com/u/0/+AlexisImperialLegrandGoogle/posts/gJDrVSuteUT

pwd Momentan nu reusesc sa ii dau de cap cu shell-ul..

Kit : Flappy Bird v1.3.apk

Facebook User Enumeration Vulnerability By Bypassing Brute Force Protection ============================== Bug Status - Reported On 3-5-2013 Fixed On - 12-6-2013 Reward - $1000 ============================= Before next if you dont know about User Enumeration Vulnerability then see below User Enumeration is a Technique or Vulnerability which can allow an attacker to enumerate all email , user name or sensitive information about any user which is already exist in that target vulnerable web application So lets move the our testing part if i said about me then i didnt tried for XSS , CSRF or any other common bug .i always try to find some logical ot unique bug so while searching this type of bugs in iphone.facebook.com this is special version for iphone users where they can browse fb on their iphone Now here is the interesting part came You all are know that every web application have his forgot your password and registration form where user can reset their password and create a new account. Lets think that what an attacker can do with this two forms..hmmmmmmmmmmmmmmmmmmm Yaa he can check that which email address are already exist in that web application by performing the Mass Brute Force Attack. So i tried to perform this attack on iphone.facebook.com and m.facebook.com forgot your password but all know that facebook have his internal brute force detection mechanism so no once can easily perform this type of attack as result of this attack i got that after 10 attempts facebook blocking my request so i was unable to perform this attack here.I tried to bypass it but didnt got anything there Then finally i got a flaw of improper request handling on iphone.facebook.com login panel for users. http://1.bp.blogspot.com/-bNNKQenh-2Y/UqU9yFIr7aI/AAAAAAAAAoQ/JQTiOHU6syo/s1600/POC+1.jpg Like in normal web application if you enter only email without giving password then web application will give you an error that " Please Enter Email & Password Or You Entered An Invalid Email Or Password " but in iphone.facebook.com there is some mistake in request & response.If i enter only email in login panel without giving password then i got an error that " We didnt recognize your email address" Hmmmmmmmmmmmm Means we can enumerate the of all email address of existing email id but may facebook also can block our request like last time we do.But this time instead of blocking my request he is giving me "Different Response Code For Existing Or Non Existing Email Id" 200 For Non Existing & 302 For Existing Email http://4.bp.blogspot.com/-ajYYfaFTV_o/UqL8hjsN0wI/AAAAAAAAAnM/fssvqe4zdn8/s1600/POC+4.jpg POC But one think is still in mind that how its possible that facebook brute force mechanism is failed to detect my attempts Because facebook had forgot to add brute force mechanism on this particular log in page thats why i am able to perform this kind of attack here Now the bug is fixed Source : Web And Information Security

Tumblr Bug Bounty Program | Tumblr

Mersi baieti !

Target : Home | Nokia Developers Proof: http://i.imgur.com/grREiow.png Reward : HoF Acknowledgements - Nokia http://i.imgur.com/NJ81jKM.png XSS-ul este prezent in majoritatea forumurilor VBulletin 4.2.0 (In RST nu mai cautati degeaba ca Nytro a sters fisierul de la primul XSS) Regards, Florin

https://pbs.twimg.com/media/BfpDXYYCMAABDkB.png

Merge chestia, dar nu e open redirect. Foarte buna modalitate pentru phishing sau alte chestii de genul

Yahoo BB new version Yahoo - Bug Bounty Program Rules Yahoo Bug Bounty Program 2.0

http://damnvulnerableiosapp.com/wp-content/uploads/2014/02/a.png A vulnerable app to test your IOS Penetration Testing Skills Damn Vulnerable IOS App (DVIA) is an IOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their IOS penetration testing skills in a legal environment. This application covers all the common vulnerabilities found in IOS applications (following OWASP top 10 mobile risks) and contains several challenges that the user can try. This application also contains a section where a user can read various articles on IOS application security. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested upto IOS 7.0.4 .Get it for free from here! Sper ca nu am gresit categoria. DVIA (Damn Vulnerable IOS App) - To unleash the hacker inside you

Elementary OS Recunosc, dual boot cu win 8. Nu am nevoie de rep.

Cool 404

https://twitter.com/AskPayPal/status/428572043378835457

Carder ?

Din ce stiu eu, cel despre care zici tu a fost fixat de mult timp.. Corecteaza-ma daca gresesc Despre cel din body zic, cel care l-am raportat si eu

PHP Code Injection vulnerability A Web application penetration tester, Ebrahim Hegazy, has discovered a critical remote PHP code injection vulnerability in the Yahoo website that could allowed hackers to inject and execute any php code on the Yahoo server. The vulnerability exists in the Taiwan sub-domain of the Yahoo " http://tw.user.mall.yahoo.com/rating/list?sid=[code_Injection]". The 'sid' parameter allows to inject PHP code. According to his blog post, the sid parameter might have been directly passed to an eval() function that results in the code Injection. In his demo, Ebrahim showed how he to get the directories list and process list by injecting the following code: http://tw.user.mall.yahoo.com/rating/list?sid=${@print(system(“dir”))} http://tw.user.mall.yahoo.com/rating/list?sid=${@print(system(“ps”))} He also found out that Yahoo server is using an outdated kernel which is vulnerable to "Local Privilege escalation" vulnerability. Yahoo immediately fixed the issue after getting the notification from the researcher. However, he is still waiting for the Bug bounty reward for the bug. Google pays $20,000 for such kind of vulnerabilities. Yahoo sets the maximum bounty amount as "$15,000". Let us see how much bounty Yahoo offers for this vulnerability. Source : E Hacking News [ EHN ] - The Latest IT Security News | Hacker News

Am luat 250 $ pe url redirection. Dar cel mai probabil va fi duplicate

Private Messaging App Vendor Wickr Offers Hackers $100,000 for Bugs | Threatpost - English - Global - threatpost.com

In .net sau .com ?