ere I
found this vulnerability, and developers of VirtueMart.
2015.07.29 - disclosed at my site (http://websecurity.com.ua/7770/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Ful
ut showing of dialog window.
Callisto 821+R3 CSRF.html
http://admin:admin@192.168.1.1";>
http://admin:admin@host";>
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/7916/).
Best wishes & regards,
MustLive
Administrator of Websecurity web
crypted password. The
cipher is simple - this is hex values of chars in reverse order.
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/7975/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http:
ution tool
(http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub: https://github.com/MustLive/DAVOSET
Download DAVOSET v.1.2.6:
http://websecurity.com.ua/uploads/2015/DAVOSET_v.1.2.6.rar
In new version there was added suppo
it in list
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2015-November/009125.html).
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/7663/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecuri
sites execution tool
(http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub: https://github.com/MustLive/DAVOSET
Download DAVOSET v.1.2.7:
http://websecurity.com.ua/uploads/2015/DAVOSET_v.1.2.7.rar
In new version there was added support o
ite
(http://websecurity.com.ua/8090/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archive
r2
http://192.168.0.28/delete?path=%2FFolder
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/8092/).
Best wishes & regards,
Eugene Dokukin aka MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
__
U.
http://websecurity.com.ua/uploads/2008/Opera%20DoS%20Exploit4.html - in
6.0.1, and in 8.4.1 without crash, only consuming 60% CPU.
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/8154/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websec
other vulnerabilities in TimThumb and
hundreds of themes in multiple security lists. Here it is at Full Disclosure
http://seclists.org/fulldisclosure/2011/Apr/227. The same at Packet Storm
and other lists.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.co
Wang's advisories is just repeat of my old advisories. For
PacketStorm's argument, that his advisories are about single theme, unlike
my first advisory - in January 2013 I wrote about only this single theme.
Best wishes & regards,
MustLive
Administrator of Websecurity
ution tool
(http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub: https://github.com/MustLive/DAVOSET
Download DAVOSET v.1.2.8:
http://websecurity.com.ua/uploads/2016/DAVOSET_v.1.2.8.rar
In new version there was added support o
at my site
(http://websecurity.com.ua/8322/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archi
s and
other D-Link devices.
2016.08.27 - disclosed at my site (http://websecurity.com.ua/7722/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
http
pers about vulnerabilities in D-Link DAP-1360.
2014-2016 - informed developers about multiple vulnerabilities in this and
other D-Link devices.
2016.01.27 - disclosed at my site (http://websecurity.com.ua/8120/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://w
ution tool
(http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub: https://github.com/MustLive/DAVOSET
Download DAVOSET v.1.2.9:
http://websecurity.com.ua/uploads/2016/DAVOSET_v.1.2.9.rar
In new version there were added support o
).
--
Details:
--
Cross-Site Scripting (WASC-08):
This is persistent XSS in field "text" in contact form (captcha protected):
http://1"; on onerror="$(’p').text(’Hacked’)" />
At 31.12.2016 I disclosed it at my site (http://websecurity.com.ua/7826/).
/2017/bwa_v.1.0.2.rar
Best wishes & regards,
Eugene Dokukin aka MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Arch
/timthumb.php?src=http://
I have disclosed it at my site (http://websecurity.com.ua/7082/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
http://nmap.org/mai
ution tool
(http://websecurity.com.ua/davoset/). This is Return Of The Bots Edition.
Earlier this month I announced previous version of DAVOSET to old
Full-Disclosure and today announced new version of the tool to new FD.
Taking into account Putin's war against Ukraine
(https://soundcloud.co
ion.inc.php
I wrote about these vulnerabilities at my site
(http://websecurity.com.ua/7087/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
ht
- 1
CMS IT-Project - 1
CodeIgniter - 1
Global Vision CMS - 1
MODx - 1
osCommerce - 1
PHP-Fusion - 1
SmallNuke - 1
vBulletin - 1
Vivvo CMS - 1
WebAsyst Shop-Script - 1
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurit
also must be vulnerable. D-Link ignored
all vulnerabilities in this device (as in other devices, which I informed
them about) and still didn't fix them.
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/7095/).
Best wishes & regards,
MustLive
Administrat
;res_pos=0
CSRF (WASC-09):
In section Firewall / Virtual servers via CSRF it's possible to add, edit
and delete settings of virtual servers.
XSS (WASC-08):
These are persistent XSS. The code will execute in section Firewall /
Virtual servers. The attack occurs via add and edit functio
nced at my site.
2013.11.26 - informed developer.
2013.11.28 - developer answered and promised to fix his software. But the
last version of CU3ER is still vulnerable.
2014.04.17 - disclosed at my site (http://websecurity.com.ua/6885/).
Best wishes & regards,
MustLive
Administrator of Websec
config_id=58&res_buf={%22url%22:%22%3Cscript%3Ealert(document.cookie)%3C/script%3E%22,%20%22enable%22:%22%22}&res_pos=-1
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/7112/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
ormed developer.
2013.11.26 - announced at my site about plugins. Later informed developers
of the plugins.
2014.04.18 - disclosed at my site (http://websecurity.com.ua/6893/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http:/
site about plugins for different CMS.
2014.04.19 - disclosed at my site about plugins for WP
(http://websecurity.com.ua/7122/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the F
ins. Later informed developers
of the plugins and themes.
2014.04.18 - disclosed at my site about plugins for different CMS.
2014.04.22 - disclosed at my site about themes for WP
(http://websecurity.com.ua/7125/).
Best wishes & regards,
MustLive
Administrator of Websecurity
e 200 zombie-services in the list, which are ready to
strike against dictatorship.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
http://nmap.or
p;res_json=y&res_data_type=json&res_config_action=3&res_config_id=16&res_struct_size=0&res_buf={%22ips%22:%22%3Cscript%3Ealert(document.cookie)%3C/script%3E%22,%20%22source_mask%22:%22%3Cscript%3Ealert(document.cookie)%3C/script%3E%
(http://websecurity.com.ua/7141/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives &a
o=1.jpg&logoLink=javascript:alert(document.cookie)
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/7183/).
Best wishes & regards,
Eugene Dokukin aka MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
with using of my BWA.
Yesterday I released new version Backdoored Web Application v.1.0.1
(http://websecurity.com.ua/7190/). In which to PHP-version I added
Perl-version of BWA. This will allow to better test backdoors scanners.
Best wishes & regards,
Eugene Dokukin aka MustLive
Administrato
developers. Ignored.
2014.05.30 - disclosed at my site (http://websecurity.com.ua/7033/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
http://nm
tem will block terrorists accounts. Users of this EPS can tell PayPal
what they think about this topic.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
htt
cookie)%3E
Timeline:
2014.04.11 - announced at my site. Later informed Zyxel, but vendor ignored.
2014.06.21 - disclosed at my site (http://websecurity.com.ua/7102/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Frame.html (refresh is turned on every 5
seconds by default, it's just needed to open this page)
Timeline:
2014.04.12 - announced at my site. Later informed Zyxel, but vendor ignored.
2014.06.24 - disclosed at my site (http://websecurity.com.ua/710
t my site.
2014.05.09 - informed developer, but he ignored.
2014.07.12 - disclosed at my site (http://websecurity.com.ua/7152/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Fu
ble versions of HP Release Control can be used for attacks on
other sites via XXE Injection.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
http:/
ize:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E
Code will execute after click. It's strictly social XSS
(http://websecurity.com.ua/5476/). Also it's possible to conduct (like in
WP-Cumulus) HTML Injection attack.
I mentioned about this vulnerability at my site
(http://websecurity
bilities at my site
(http://websecurity.com.ua/7276/).
Best wishes & regards,
Eugene Dokukin aka MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
http://nmap.or
0 - disclosed to the lists the second part of vulnerable themes by
RocketTheme for WordPress.
2014.09.27 - disclosed at my site about Refraction theme
(http://websecurity.com.ua/7369/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
14.10.16 - disclosed these two holes at my site
(http://websecurity.com.ua/7398/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
http://n
ution tool
(http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
Also yesterday I opened a repository for DAVOSET:
https://github.com/MustLive/DAVOSET
Download DAVOSET v.1.2.1:
http://websecurity.com.ua/uploads/2014/DAVOSET_v.1.2.1.ra
t my site (http://websecurity.com.ua/7168/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web A
ution tool
(http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub: https://github.com/MustLive/DAVOSET
Download DAVOSET v.1.2.2:
http://websecurity.com.ua/uploads/2014/DAVOSET_v.1.2.2.rar
In new version there was added support of
22MaxStaNum%22:%220%22}
Timeline:
2014.05.22 - informed developer about multiple vulnerabilities.
2014.05.24 - announced at my site about new vulnerabilities in DAP-1360.
2014.11.01 - disclosed at my site (http://websecurity.com
http://www.youtube.com/playlist?list=PLk7NS9SMadnj7fwAQJgkbKQdCGTKAFI9Q.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman
sites execution tool
(http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub: https://github.com/MustLive/DAVOSET
Download DAVOSET v.1.2.3:
http://websecurity.com.ua/uploads/2014/DAVOSET_v.1.2.3.rar
In new version there were added new ser
ig_action=3&res_config_id=41&res_struct_size=0&res_buf=[%22%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%22]
Code will execute at http://192.168.0.50/index.cgi#wifi/mac.
Timeline:
2014.05.22 - informed developer about multiple vulnerabilities.
2014.06.
into Quick search. This is
Strictly Social XSS.
Timeline:
2014.05.22 - informed developer about multiple vulnerabilities.
2014.06.28 - announced at my site about new vulnerabilities in DAP-1360.
2014.11.29 - disclosed at my site (http://websecurity.com.ua/7234/).
Bes
conflict: Hackers take sides in virtual war
http://www.bbc.com/news/world-europe-30453069
Best wishes & regards,
Eugene Dokukin aka MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing
ite
(http://websecurity.com.ua/7513/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: h
Timeline:
2014.08.02 - announced at my site.
2014.08.09 - informed developers.
2014.08.12 - informed developers again.
2014.12.26 - disclosed at my site (http://websecurity.com.ua/7292/).
Best wishes & regards,
MustLive
Administrator of Websecu
#x27;s possible to
waste paper and cartridge of the printer.
http://site/info_specialPages.html?tab=Home&menu=InfoPages
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/7589/).
Best wishes & regards,
MustLive
Administrator of Websecurity w
-February/009077.html).
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/7272/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mai
?action_script=%27%2balert%28document.cookie%29%2b%27
http://site/start_apply.htm?flag=%27%2balert%28document.cookie%29%2b%27
These vulnerabilities work as via GET, as via POST (work even without
authorization).
ASUS RT-G32 XSS-1.html
ASUS RT-G32 XSS exploit (C) 2015 MustLive
http://site/start_apply.htm
/pipermail/websecurity_lists.webappsec.org/2015-February/009077.html).
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/7308/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Se
://site/news/%22%201
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/7694/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mai
(WASC-08):
ASUS RT-G32 XSS-2.html
ASUS RT-G32 XSS exploit (C) 2015 MustLive
http://site/start_apply.htm"; method="post">
ASUS RT-G32 XSS-3.html
ASUS RT-G32 XSS exploit (C) 2015 MustLive
http://site/start_apply.htm"; method="post">
Cross-S
(http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub: https://github.com/MustLive/DAVOSET
Download DAVOSET v.1.2.4:
http://websecurity.com.ua/uploads/2015/DAVOSET_v.1.2.4.rar
In new version there were added support of site's
/2015-April/009090.html).
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/7346/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosur
/2015-April/009090.html).
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/7405/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosur
n holes and don't interested in this XSS.
- During 15.02.2013-26.04.2013 I disclosed at my site about previous
vulnerabilities IBM Lotus Domino.
- At 26.05.2015 I've disclosed this vulnerability at my site
(http://websecurity.com.ua/7783/).
Best wishes & regards,
MustLive
Administr
Ukraine and also I took under
control web cameras in Russia
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2015-May/009101.html).
I mentioned about this vulnerability at my site
(http://websecurity.com.ua/7640/).
Best wishes & regards,
MustLive
Administrato
of obtaining a hotfix for your environment.
Best wishes & regards,
Eugene Dokukin aka MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/list
s it's possible to conduct DDoS attacks). And my tool DAVOSET can be
used for conducting such attacks via XXE vulnerabilities.
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
So all vulnerable versions of NetIQ Access Manager can be used for attacks
on other si
(http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub: https://github.com/MustLive/DAVOSET
Download DAVOSET v.1.2.5:
http://websecurity.com.ua/uploads/2015/DAVOSET_v.1.2.5.rar
In new version there was added support of cache bypass a
hemes.
2015.07.02 - disclosed at my site about Vulcan theme.
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/7850/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Se
n the anniversary of cyberwar
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2017-March/010839.html).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub: https://github.com/MustLive/DAVOSET
Download DAVOSET v.1.3:
http://websecurity.com.ua/uploads
lities in Transcend Wi-Fi SD Card 16 GB.
2015.08.01 - announced at my site. Later informed developers.
2017.01.28 - disclosed at my site (http://websecurity.com.ua/7900/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub: https://github.com/MustLive/DAVOSET
Download DAVOSET v.1.3.1:
http://websecurity.com.ua/uploads/2017/DAVOSET_v.1.3.1.rar
In new version there were added security bypass by using cookies at
appropriate sites. Also
Timeline:
2014.05.22 - informed developers about vulnerabilities in D-Link DAP-1360.
2014-2017 - informed developers about multiple vulnerabilities in this and
other D-Link devices.
2017.03.03 - disclosed at my site (http://websecurity.com.ua/8525/).
Best wishes & regards,
Mus
-100 CSRF.html
D-Link DIR-100 CSRF exploit (C) 2017 MustLive.
http://websecurity.com.ua
http://site/postlogin.xgi"; method="post">
Cross-Site Request Forgery (WASC-09):
Change admin's password:
http://site/Tools/tools_admin.xgi?SET/sys/account/superUserNam
ution tool (http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub: https://github.com/MustLive/DAVOSET
Download DAVOSET v.1.3.5:
http://websecurity.com.ua/uploads/2017/DAVOSET_v.1.3.5.rar
In version 1.3.4 there was added support o
s password:
D-Link DVG-5402SP CSRF-1.html
D-Link DVG-5402SP CSRF exploit (C) 2016 MustLive.
http://websecurity.com.ua
http://site/goform/AspPost"; method="post">
Change user's password:
D-Link DVG-5402SP CSRF-2.html
D-Link DVG-5402SP CSRF exploit (C) 2016 Mus
entioned about this kind of attacks in my 2008's article
Classification of DoS vulnerabilities in browsers.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure ma
- informed about them one USA company with bug bounty program -
they were interested in this device, but not in these vulnerabilities. Later
informed D-Link about them.
2017.09.16 - disclosed at my site (http://websecurity.com.ua/8698/).
Best wishes & regards,
MustLive
Administrator of Websec
Read about it
in the list
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2018-January/010926.html).
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/8267/).
Best wishes & regards,
MustLive
Administrator of Websecurit
by visiting
of the page http://site/Tools/vs.htm.
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/8021/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent t
D-Link DGS-3000-10TC CSRF exploit (C) 2017 MustLive.
http://websecurity.com.ua
http://site/form/userAccountSettingForm";
method="post">
Change password in new admin:
D-Link DGS-3000-10TC CSRF-2.html
D-Link DGS-3000-10TC CSRF exploit (C) 20
vulnerabilities in admin panel.
Cross-Site Request Forgery (WASC-09):
Logout from admin panel via request to page http://192.168.0.1.
http://192.168.0.1";>
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/8485/).
Best wishes & regards,
Eugene Dokukin ak
2016.03.17 - announced at my site about vulnerabilities in DIR-300.
2016.08.27 - disclosed at my site previous advisory about DIR-300.
2017.09.30 - disclosed this advisory (http://websecurity.com.ua/8165/).
2014-2018 - informed developers about multiple vul
Read about it in the list
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2018-August/012727.html).
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/8134/).
Best wishes & regards,
MustLive
Administrator of Websecurit
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub: https://github.com/MustLive/DAVOSET
Download DAVOSET v.1.3.6:
http://websecurity.com.ua/uploads/2018/DAVOSET_v.1.3.6.rar
In new version there was added support of SSRF vulnerability in Splunk
Enterprise. Also there were
r.
2018.05.12 - disclosed at my site (http://websecurity.com.ua/8533/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisc
http://www.youtube.com/watch?v=RKi35-f346I
GitHub: https://github.com/MustLive/DAVOSET
Download DAVOSET v.1.3.7:
http://websecurity.com.ua/uploads/2018/DAVOSET_v.1.3.7.rar
In new version there was added verbose mode and added SSRF vulnerability in
Microsoft Forefront Unified Access Gateway 2010.
er CSRF attacks.
Cross-Site Request Forgery (WASC-09):
Logout from admin panel via request to page http://192.168.0.1.
http://192.168.0.1";>
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/8407/).
Best wishes & regards,
Eugene Dokukin aka Mus
89 matches
Mail list logo
