 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 296
 Members: 0
 Total: 296
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
|
db6cb849c564d13b194bc210f599fe241d79687c
Based on their history, should be 8 characters, mixed a-z0-9
root:$1$k8wFozcA$p3Nt2EX0APMq4DOR8elmC.:13896:0:99999:7:::
chris:$1$FUak9WV9$VqCjDswWig4DcUPN ... |
|
|
|
| pZourk |
|
| Replies: 6 |
| Views: 15345 |
|
|
 |
|
 |
|
| I decided to look into this. I think I found the site in question, and article.php?sid=1&cid=../../../../../etc/passwd%00 does work, but it looks like shadow is being used, but article.php?sid=1&a ... |
|
|
|
|
I found this some time back and was helpful.
http://www.0x000000.com/index.php?i=357&bin=101100101 |
|
|
|
| pZourk |
|
| Replies: 12 |
| Views: 13180 |
|
|
|
|
|
|
| I think I will call it quits on this one. The best I have gotten there is access to a user that can only see some 'secret' subforums, which is how I found out about the file uploader. Once again thank ... |
|
|
|
| pZourk |
|
| Replies: 12 |
| Views: 13180 |
|
|
|
|
|
|
.htaccess is renamed to 1.htaccess
Thank you for the help though. |
|
|
|
| pZourk |
|
| Replies: 12 |
| Views: 13180 |
|
|
|
|
|
|
is it possible to upload outside of the upload folder? i suspect the webmaster has disabled php execution there.That's exactly my problem. I cannot.
If I was able to, I would have those passwords a l ... |
|
|
|
| pZourk |
|
| Replies: 12 |
| Views: 13180 |
|
|
|
|
|
|
The only working php files on the site are not in the upload folder. The only ones ever in there are ones I hav tried uploading. I had not thought of using cgi. I will try that.
UPDATE:
I tried cg ... |
|
|
|
| pZourk |
|
| Replies: 12 |
| Views: 13180 |
|
|
|
|
|
|
| A site has a file upload cgi script. I am able to upload anything to http://www.example.com/dropbox/files/ (I know of no way to specify the output folder) but also delete any file from example.com and ... |
|
|
| Page 1 of 1 |
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
