If you all think XSS, even reflected or DOM-based sucks..probably you don't
know the BeEF project.
I would suggest you to take a look at http://beefproject.com , try it, and
see yourself what you can do :-)
Cheers
antisnatchor
On 10 Oct 2011 02:56, xD 0x41 sec...@gmail.com wrote:
YEP!
When ya
Hello Michele,
I will take a look, because honestly, I dont see anything good about NON
persistent xss, so i will have a look and see, thanks :)
cheers
xd
On 10 October 2011 17:24, Michele Orru antisnatc...@gmail.com wrote:
If you all think XSS, even reflected or DOM-based sucks..probably you
it seems that you aren't familiar what Clickjacking means then...
On Sat, Oct 8, 2011 at 10:01 PM, xD 0x41 sec...@gmail.com wrote:
Thats just lame dude if you could remove OTHER poples accounts, then id
say 8clap clap*... but own account... whjat about just clicking close
account , and
seems that you aren't familiar what Clickjacking means then...
No,... and am happy not to know :-) , like XSS , i do not waste time with
ninoritiy bugs such as 'clickjacking' and these new such terms wich are
total BS.
anyhow... call it what you like, it is bs (just like the win32 dll crap and
On Mon, 10 Oct 2011 09:36:17 +1100, xD 0x41 said:
No,... and am happy not to know :-) , like XSS , i do not waste time with
ninoritiy bugs such as 'clickjacking' and these new such terms wich are
total BS.
It's all total BS till you discover you're a victim of the attack.
pgpCPOQkny2eq.pgp
No, i have been through these, and only an idiot would fall for any of these
attacks... Persistent XSS maybe harder, but, forget the rest :)
Im to old for that.
Never been a victim yet, in *any* way, and, certainly, those bugs wont be
starting a trend..
cheer.
xd
On 10 October 2011 10:27,
Yeah guys, XSS is nonsense. Exploiting anchor text is where it's at, right
secn3t?
http://seclists.org/fulldisclosure/2011/Jun/215
On Sun, Oct 9, 2011 at 7:10 PM, xD 0x41 sec...@gmail.com wrote:
No, i have been through these, and only an idiot would fall for any of
these attacks... Persistent
YEP!
When ya do it right, dang right it is!
I did never reproduce the EXACT ethod wich made the x41's happen... but, i
dun really care for that bug, or you call it a feature..well, i dont know
feratures wich have x41's al;l over the emails when made in a special way...
so, it was low-level to :)
On 10/7/2011 9:06 PM, hfux0r wrote:
Yeah, because it is totally safe to open up anything behind a
Shortened URL. The fact that the FBI is on your ass is the only
reason I might find this safe :)
On Oct 7, 2011, at 9:36 PM, Laurelai laure...@oneechan.org
mailto:laure...@oneechan.org
Be logged into Linkedin, in firefox
Create a HTML page using the below code
Open the created HTML page in a new firefox tab
Play the simple game
html
head
style
button.dummy1{position:absolute;top:75px;left:177px;z-index:-10}
button.dummy3{position:absolute;top:214px;left:177px;z-index:-10}
Yeah, because it is totally safe to open up anything behind a Shortened URL.
The fact that the FBI is on your ass is the only reason I might find this safe
:)
On Oct 7, 2011, at 9:36 PM, Laurelai laure...@oneechan.org wrote:
On 10/7/2011 3:23 PM, Naresh Jha wrote:
Guys - Correct me if
Thats just lame dude if you could remove OTHER poples accounts, then id
say 8clap clap*... but own account... whjat about just clicking close
account , and lets skip creating a html page, for this... :) cheers
On 8 October 2011 17:06, asish agarwalla asishagarwa...@gmail.com wrote:
Be
Password to access the report is: *8nj98F4h9AW*
*
*
Regards
Asish
On Fri, Oct 7, 2011 at 5:18 PM, asish agarwalla asishagarwa...@gmail.comwrote:
Hi,
LinkedIn_User Account Delete using Click jacking.
This Vulnerability is accepted by LinkedIn they are in a process
to patched it but not yet
Why would you post this as a word document?
Thanks but no thanks.
On 7/10/2011 7:52 PM, asish agarwalla wrote:
Password to access the report is: *8nj98F4h9AW*
*
*
Regards
Asish
On Fri, Oct 7, 2011 at 5:18 PM, asish agarwalla
asishagarwa...@gmail.com mailto:asishagarwa...@gmail.com wrote:
I doubt if anyone on this list is dumb enough to open a .docx attachment!
Gary Baribault
Courriel: g...@baribault.net
GPG Key: 0x685430d1
Signature: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1
On 10/07/2011 11:33 AM, BH wrote:
Why would you post this as a word document?
Thanks but no
Screw you dude, attaching executable doc files , and then pushing out a few
*0days*
I wont be looking at *any* thing attached as a doc, thats just common sense.
nowdays, and there is abs NO need on this list for it, it is FD, your meant
to put it in the BODY of email, or atleast maybe next time,
if I get it right this dude is supposed to be
- Senior Security Analyst at iViZ Techno Solutions Pvt.
Ltd.http://www.linkedin.com/company/iviz-techno-solutions-pvt.-ltd.?trk=ppro_cprof
Whatever happened on protocol's for responsible disclosure ?
On Fri, Oct 7, 2011 at 3:05 PM, xD 0x41
Hi,
Another security expert... sheesh... and they cannot do simplest of tasks,
makes me wonder really how do they get anything atall coded, but then again
i doubt there is code... I bet theyre all some persistent xss etc... wich
would req some fuzz tool... well, cewrtainly see better people like
On 10/7/2011 4:48 AM, asish agarwalla wrote:
Hi,
LinkedIn_User Account Delete using Click jacking.
This Vulnerability is accepted by LinkedIn they are in a process
to patched it but not yet patched.
Please find the document describing the vulnerability.
Regards
Asish
On 10/7/2011 12:30 PM, xD 0x41 wrote:
Hi,
Another security expert... sheesh... and they cannot do simplest of
tasks, makes me wonder really how do they get anything atall coded,
but then again i doubt there is code... I bet theyre all some
persistent xss etc... wich would req some fuzz
On 10/7/2011 12:30 PM, xD 0x41 wrote:
Hi,
Another security expert... sheesh... and they cannot do simplest of
tasks, makes me wonder really how do they get anything atall coded,
but then again i doubt there is code... I bet theyre all some
persistent xss etc... wich would req some fuzz
The document appears to be password protected as well. Ive tried to open it
in a VM and it prompts for a password.
it seems that you missed it:
Password to access the report is: 8nj98F4h9AW
--
Ferenc Kovács
@Tyr43l - http://tyrael.hu
___
Guys - Correct me if I am wrong but wouldn't macro enabled document be like
.docm as per Word 2007+???
I mean its a docx file right like zip file ... we can extract the
contents after changing it into zip ...can't we ???
JT
On Fri, Oct 7, 2011 at 5:41 PM, Ferenc Kovacs tyr...@gmail.com
Funny..
On 10/7/11 9:23 AM, Gary Baribault g...@baribault.net wrote:
I doubt if anyone on this list is dumb enough to open a .docx attachment!
Gary Baribault
Courriel: g...@baribault.net
GPG Key: 0x685430d1
Signature: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1
On 10/07/2011 11:33 AM,
On 10/7/2011 3:23 PM, Naresh Jha wrote:
Guys - Correct me if I am wrong but wouldn't macro enabled document be
like .docm as per Word 2007+???
I mean its a docx file right like zip file ... we can extract the
contents after changing it into zip ...can't we ???
JT
On Fri, Oct 7, 2011 at
25 matches
Mail list logo