HackYard_Pentest_Team Posted June 24, 2014 Report Posted June 24, 2014 HackYard Pentest TeamAuthor : Pentest-Team of Hackyard Security GroupRaported: 04.feb.2014 Today 00:17Resolved Issue : ?.?.???? ??:??Issue: Cross-site scripting (reflected)Severity: CriticalConfidence: Certain0day bypass:This filter replace ' with \' and " with \" so HackYard Pentest Team found 0day in this php function known as "magicquotes" to make successful cross side scripting.Host:Web hosting, domain names, VPS - 000webhost.comPath: /bank.php?pro="><script>alert(/HackYard-Pentest-Team!/)</script>Reguest in get parameter:Host: pakistan-gov-biz-tk.comxa.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:26.0) Gecko/20100101 Firefox/26.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePOC : First mail delivered by "pakistanhackteam@legit.biz.tk".This is an automatic response.Referral was submitted pakistan technical department and you will be contacted as soon as possible by a system administrator. If you want to return the details of the complaints please keep the message the same subject, topic including ticket number associated.*** Ticket ID: nwmn-3949-394983*** Subject: [Cross-Side-Scripting] pakistan-gov-biz-tk.comxa.com/ REPORT*** Department: Technical Dept.*** Type: sensing technique*** Status: Open
Elohim Posted June 24, 2014 Report Posted June 24, 2014 http://webcache.googleusercontent.com/search?q=cache:DAUp3VL5OwsJ:www.hackforums.net/showthread.php%3Ftid%3D4039290
AK988 Posted June 24, 2014 Report Posted June 24, 2014 Sper ca ai glumit lolFirst mail delivered by "pakistanhackteam@legit.biz.tk".Code:This is an automatic response.Referral was submitted pakistan technical department and you will be contacted as soon as possible by a system administrator. If you want to return the details of the complaints please keep the message the same subject, topic including ticket number associated.*** Ticket ID: nwmn-3949-394983*** Subject: [Cross-Side-Scripting] pakistan-gov-biz-tk.comxa.com/ REPORT*** Department: Technical Dept.*** Type: sensing technique*** Status: Open
.darky Posted June 24, 2014 Report Posted June 24, 2014 (edited) Iar asalteaza indienii forumul cu 0day-urile lor (<script>alert(/HackYard-Pentest-Team!/)</script>)? Edited June 24, 2014 by .darky
Guest Posted June 24, 2014 Report Posted June 24, 2014 HackYard Pentest TeamAuthor : Pentest-Team of Hackyard Security Groupasta explica tot
Kalashnikov. Posted June 24, 2014 Report Posted June 24, 2014 3. Reclam?: f?r? reclam? la site-uri de securitate/hacking. Indiferent c? sunt alte voastre sau nu.giz?sla host, scrie cumva Web hosting, domain names, VPS - 000webhost.com ?
TheTime Posted June 24, 2014 Report Posted June 24, 2014 Nu stiu ce fel de bug bounty este acesta, dar mie mi se pare trash. Mai ales acel "0 day".Este mai probabil ca cineva sa vrea sa isi bata joc de numele hackyardului si sa faca posturile astea penibile in numele lor.Closed!
