Jump to content

Search the Community

Showing results for tags 'insert'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 2 results

  1. HackerOne, the popular security response and bug bounty platform, rewarded a researcher with with a $5,000 bounty for identifying a severe cross-site scripting (XSS) vulnerability. HackerOne hosts bug bounty programs for several organizations, but the company also runs a program for its own services. So far, HackerOne has thanked 54 hackers for helping the company keep its services secure, but Trello developer Daniel LeCheminant is the first to find a flaw rated “severe.” The researcher discovered that he could insert arbitrary HTML code into bug reports and other pages that use Markdown, a markup language designed for text-to-HTML conversions. “While being able to insert persistent, arbitrary HTML is often game over, HackerOne uses Content Security Policy (CSP) headers that made a lot of the fun stuff ineffective; e.g. I could insert a <script> tag or an element with an event handler, but it wouldn't run because these unsafe inline scripts were blocked by their CSP,” LeCheminant explained in a blog post. “Fortunately (for me) not all browsers have full support for CSP headers (e.g. Internet Explorer 11), so it wasn't hard to make a case that being able to run arbitrary script when someone attempted to view a bug that I'd submitted qualified as something that ‘might grant unauthorized access to confidential bug descriptions’,” he added. An attacker couldn’t have exploited the vulnerability to run arbitrary scripts, but as the expert demonstrated, the bug was serious enough. LeCheminant managed to change visual elements on the page (e.g. color of the links) because HackerOne’s CSP allows inline styles, and even insert an image into his submission. According to the researcher, an attacker could have also inserted other elements, such as text areas, and he could have redirected visitors of the page to an arbitrary website by using the meta refresh method. When users click on links found in bug reports, they are redirected to a warning page where they are informed that they are about leave HackerOne and visit a potentially unsafe website. However, by leveraging the XSS found by LeCheminant, a malicious actor could have bypassed the warning page and take users directly to a potentially harmful site. The vulnerability was reported just three days ago and it was resolved by HackerOne one day later. Source: securityweek.com
  2. Codurile sunt lifetime INSERT INTO `coduri_sms6` VALUES ('002gjece'); INSERT INTO `coduri_sms6` VALUES ('002gjeeq'); INSERT INTO `coduri_sms6` VALUES ('002gjif4'); INSERT INTO `coduri_sms6` VALUES ('002gjnem'); INSERT INTO `coduri_sms6` VALUES ('002gjpta'); INSERT INTO `coduri_sms6` VALUES ('002gjs24'); INSERT INTO `coduri_sms6` VALUES ('002gk2rp'); INSERT INTO `coduri_sms6` VALUES ('002gk562'); INSERT INTO `coduri_sms6` VALUES ('002gk58v'); INSERT INTO `coduri_sms6` VALUES ('002gkb7h'); INSERT INTO `coduri_sms6` VALUES ('002gkcm6'); INSERT INTO `coduri_sms6` VALUES ('002gkhkk'); INSERT INTO `coduri_sms6` VALUES ('002gkq74'); INSERT INTO `coduri_sms6` VALUES ('002gks8s'); INSERT INTO `coduri_sms6` VALUES ('002gkvh8'); INSERT INTO `coduri_sms6` VALUES ('002gkx5m'); INSERT INTO `coduri_sms6` VALUES ('002gkx5w'); INSERT INTO `coduri_sms6` VALUES ('002gm5t6'); INSERT INTO `coduri_sms6` VALUES ('002gm8zt'); INSERT INTO `coduri_sms6` VALUES ('002gm9ry'); INSERT INTO `coduri_sms6` VALUES ('002gmbex'); INSERT INTO `coduri_sms6` VALUES ('002gmcai'); INSERT INTO `coduri_sms6` VALUES ('002gmcr7'); INSERT INTO `coduri_sms6` VALUES ('002gmgks'); INSERT INTO `coduri_sms6` VALUES ('002gmkge'); INSERT INTO `coduri_sms6` VALUES ('002gmppa'); INSERT INTO `coduri_sms6` VALUES ('002gmqxm'); INSERT INTO `coduri_sms6` VALUES ('002gmqzu'); INSERT INTO `coduri_sms6` VALUES ('002gmsb4'); INSERT INTO `coduri_sms6` VALUES ('002gmth2'); INSERT INTO `coduri_sms6` VALUES ('002gmwdk'); INSERT INTO `coduri_sms6` VALUES ('002gnb53'); INSERT INTO `coduri_sms6` VALUES ('002gnity'); INSERT INTO `coduri_sms6` VALUES ('002gnqwc'); INSERT INTO `coduri_sms6` VALUES ('002gnud7'); INSERT INTO `coduri_sms6` VALUES ('002gnvjv'); INSERT INTO `coduri_sms6` VALUES ('002gp55f'); INSERT INTO `coduri_sms6` VALUES ('002gp6s8'); INSERT INTO `coduri_sms6` VALUES ('002gpbgh'); INSERT INTO `coduri_sms6` VALUES ('002gpg73'); INSERT INTO `coduri_sms6` VALUES ('002gpgyc'); INSERT INTO `coduri_sms6` VALUES ('002gpvrb'); INSERT INTO `coduri_sms6` VALUES ('002gq6rk'); INSERT INTO `coduri_sms6` VALUES ('002gqger'); INSERT INTO `coduri_sms6` VALUES ('002gqghg'); INSERT INTO `coduri_sms6` VALUES ('002gqqje'); INSERT INTO `coduri_sms6` VALUES ('002gqt7n');
×
×
  • Create New...