Jump to content

Search the Community

Showing results for tags 'http'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 14 results

  1. ###### Info ###### Title : Beyond SQLi: Obfuscate and Bypass Author : "ZeQ3uL" (Prathan Phongthiproek) and "Suphot Boonchamnan" Team : CWH Underground [http://www.exploit-db.com/author/?a=1275] Date : 2011-10-06 ########## Contents ########## [0x00] - Introduction [0x01] - Filter Evasion (Mysql) [0x01a] - Bypass Functions and Keywords Filtering [0x01b] - Bypass Regular Expression Filtering [0x02] - Normally Bypassing Techniques [0x03] - Advanced Bypassing Techniques [0x03a] - HTTP Parameter Pollution: Split and Join [0x03b] - HTTP Pa
  2. Hi all?? Baidu Security Team found a vulnerability in extjs,with this vulnerability we can read arbitrary file and request internal http services File: /examples/feed-viewer/feed-proxy.php line:3-line:6 $feed = $_REQUEST['feed']; if($feed != '' && strpos($feed, 'http') === 0){ header('Content-Type: text/xml'); $xml = file_get_contents($feed); When we request like this url http://dev.sencha.com/extjs/5.0.0/examples/feed-viewer/feed-proxy.php?feed=http://10.1.1.1 if the resource exist,we can get internal http services info ??strpos($feed, 'http') === 0?? we can re
  3. What is an HTTP VERB? Hypertext transfer protocol (HTTP) gives you list of methods that can be used to perform actions on the web server. Many of these methods are designed to help developers in deploying and testing HTTP applications in development or debugging phase. These HTTP methods can be used for nefarious purposes if the web server is misconfigured. Also, some high vulnerability like Cross Site Tracing (XST), a form of cross site scripting using the server’s HTTP TRACE method, is examined. In HTTP methods, GET and POST are most commonly used by developers to access information provided
  4. Introduction When it comes to anonymizing activities in digital world, it can be referred to in various ways. Researchers might take it to identify various malicious activities and for back trailing, whereas hackers can anonymize their activities so as to build up a cover around their malicious activities. These anonymizing activities can really increase the work of researchers, as they can’t trust the attributes mentioned in the logs like IP address, user agent, etc. as such attributes will only give you false information. In this article series, we will learn about anonymizing activities fro
  5. Insecure sites relegated to Firefox Stone Age Insecure websites will be barred from using new hardware features and could have existing tools revoked, if Mozilla goes ahead with a push towards HTTPS. Webmasters that don't turn on HTTPS could be excluded from the new features list under a Mozilla initiative designed to rid the net of careless clear text gaffes, sending a "message" to developers that their web properties need to be secured, regardless of content served. Precisely which features could be held back are subject to debate, Mozilla security chief Richard Barnes says. "For example, o
  6. Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification. Sniffs URLs visited POST loads sent HTTP form logins/passwords HTTP basic auth logins/passwords HTTP searches FTP logins/passwords IRC logins/passwords POP logins/passwords IMAP logins/passwords Telnet logins/passwords SMTP logins/passwords SNMP community string NTLMv1/v2 all supported protocols like HTTP, SMB, LDAP, etc Kerberos SOURCE
  7. This is a general-purpose module for exploiting conditions where a HTTP request triggers a DLL load from an specified SMB share. This Metasploit module serves payloads as DLLs over an SMB service and allows an arbitrary HTTP URL to be called that would trigger the load of the DLL. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::SMB::Server::Sha
  8. Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification. Download: https://github.com/DanMcInerney/net-creds Source: https://github.com/DanMcInerney/net-creds
  9. Am primit mesajul asta pe Steam: BookerDoit: Hi man,i want trade with you. My offer in screen:vk.cc/3vSUBs Check this, and message me if you want.thx [root@x] ~/temp $ wget http://vk.cc/3vSUBs -O dubios --2015-02-27 09:13:51-- http://vk.cc/3vSUBs Resolving vk.cc (vk.cc)... 95.213.4.230, 95.213.4.231, 95.213.4.232 Connecting to vk.cc (vk.cc)|95.213.4.230|:80... connected. HTTP request sent, awaiting response... 302 Found Location: http://goo.gl/L5YY7p [following] --2015-02-27 09:13:51-- http://goo.gl/L5YY7p Resolving goo.gl (goo.gl)... 216.58.209.206, 2a00:1450:400d:807::200e Connecting to
  10. Cisco Ironport AsyncOS HTTP Header Injection Vendor: Cisco Product webpage: http://www.cisco.com Affected version(s): Cisco Ironport ESA - AsyncOS 8.0.1-023 Cisco Ironport WSA - AsyncOS 8.5.5-021 Cisco Ironport SMA - AsyncOS 8.4.0-138 Date: 24/02/2015 Credits: Glafkos Charalambous CVE: CVE-2015-0624 Disclosure Timeline: 28-10-2014: Vendor Notification 28-10-2014: Vendor Response/Feedback 22-01-2015: Vendor Fix/Patch 20-02-2015: Vendor Advisory Release 24-02-2015: Public Disclosure Description: Cisco AsyncOS is vulnerable to unauthenticated HTTP Header Injection, caused by improper val
  11. Good news for Internet folks! Get Ready as the entire web you know is about to change. The new and long-awaited version of HTTP took a major step toward becoming a reality on Wednesday – It is been officially finalized and approved. Mark Nottingham, chairman of the Internet Engineering Task Force (IETF) working group behind creating the standards, announced in a blog post that the HTTP 2.0 specifications have been formally approved. Now, the specifications will go through a last formality – Request for comment and editorial processes – before being published as a standard. LARGEST CHANGE IN HT
  12. # Exploit Title: Bsplayer HTTP Response BOF # Date: Jan 17 ,2015 # Exploit Author: Fady Mohamed Osman (@fady_osman) # Vendor Homepage: www.bsplayer.com # Software Link: http://www.bsplayer.com/bsplayer-english/download-free.html # Version: current (2.68). # Tested on: Windows 7 sp1 x86 version. # Exploit-db : http://www.exploit-db.com/author/?a=2986 # Youtube : https://www.youtube.com/user/cutehack3r Exploit: http://www.exploit-db.com/sploits/35841.tar.gz Bsplayer suffers from a buffer overflow vulnerability when processing the HTTP response when opening a URL. In order to exploit this bug I
  13. Description: MorXBrute is a customizable HTTP dictionary-based password cracking tool written in Perl. MorXBrute comes with a few payloads for some of the most popular softwares and additionally let you add your own payload for your favorite HTTP software or website. MorXBrute supports both GET and POST brute forcing. MorXBrute was written for educational, demonstration and testing purposes only. Author cannot be held responsible for any malicious use or damage. You can redistribute it and/or modify it under the same terms as Perl itself. Author: Simo Ben youssef <Simo_at_morxploit_dot_com&
  14. Just place it in HTTPS.FILTER, then compile it using "etterfilter" with the command : etterfilter https.filter -o https.ef Then You good to go with : ettercap -T -q -F https.ef -M ARP:remote /GATEWAY/ /TARGET_IP/ . ## # # This filter will substitute the word 'https' with 'http' on # both HTTP requests and responses. # # based on the discussion (and contained code) on forum thread # http://forums.remote-exploit.org/backtrack-v2-0-final/8126-ettercap-filter-3.html # ## ########################## ## Zap Content Encoding ## ########################## if (ip.proto == TCP && tc
×
×
  • Create New...