 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 471
 Members: 0
 Total: 471
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
uload shell by xss |
|
 Posted: Sat May 31, 2008 11:18 am |
 |
|
| siurek22 |
| Regular user |
 |
|
| Joined: May 31, 2008 |
| Posts: 13 |
|
|
|
 |
|
 |
|
some time ago I've read some article about uploading shell by xss but I don't remeber how do it. How i can do it?
sorry for my English |
|
|
|
|
|
Re: uload shell by xss |
|
| Posted: Sat May 31, 2008 12:29 pm |
|
|
| gibbocool |
| Advanced user |
 |
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
| siurek22 wrote: | some time ago I've read some article about uploading shell by xss but I don't remeber how do it. How i can do it?
sorry for my English |
I don't think it's possible, unless used in conjunction with something like php code execution or sql injection. |
|
|
|
|
| Posted: Sat May 31, 2008 4:06 pm |
|
|
| siurek22 |
| Regular user |
|
|
| Joined: May 31, 2008 |
| Posts: 13 |
|
|
|
|
|
|
|
I don't ask you if this is posible but how do it  I know this is posible per 100% (it doesn't work whenever) |
|
|
|
|
| Posted: Sat May 31, 2008 5:23 pm |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| This is posible if you steal admin hash and upload shell from admin panel. |
|
|
|
|
|
Re: uload shell by xss |
|
| Posted: Sat May 31, 2008 8:34 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| siurek22 wrote: | some time ago I've read some article about uploading shell by xss but I don't remeber how do it. How i can do it?
sorry for my English |
XSS and shell uploading to target server are not directly correlated.
Maybe you meant this thing:
http://www.securiteam.com/tools/6X00120HFO.html |
|
|
|
|
| Posted: Sat May 31, 2008 8:55 pm |
|
|
| siurek22 |
| Regular user |
|
|
| Joined: May 31, 2008 |
| Posts: 13 |
|
|
|
|
|
|
|
"steal admin hash" very funy... Have you ever seen hash from phpbb3? You are good if you crash it ;]
"Maybe you meant this thing: " no i don't think about it. I remeber in this article which I was reading, was very long code of html and when i put them at website i can upload some file |
|
|
|
|
| Posted: Sun Jun 01, 2008 1:18 am |
|
|
| gibbocool |
| Advanced user |
|
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
| You don't understand siurek22, XSS is executing a javascript or other script file from one website on the target website. Javascript has no file manipulation or system manipulation capabilities as it is purely client side. |
|
|
|
|
| Posted: Sun Jun 01, 2008 7:32 am |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| siurek22 wrote: | "steal admin hash" very funy... Have you ever seen hash from phpbb3? You are good if you crash it ;]
"Maybe you meant this thing: " no i don't think about it. I remeber in this article which I was reading, was very long code of html and when i put them at website i can upload some file |
...and you ever seen passwordspro?I love funny guy's like you dude. |
|
|
|
|
| Posted: Sun Jun 01, 2008 8:00 am |
|
|
| siurek22 |
| Regular user |
|
|
| Joined: May 31, 2008 |
| Posts: 13 |
|
|
|
|
|
|
|
yes i've seen passwordspro but when i put hash md5 i had to wait 40h  i have a database where i have 20000 hashes crypted by phpbb_hash() and i want crash only 10 from 20000 but how many time will be done? |
|
|
|
|
| Posted: Sun Jun 01, 2008 10:57 am |
|
|
| lenny |
| Valuable expert |
|
|
| Joined: May 15, 2008 |
| Posts: 275 |
|
|
|
|
|
|
|
Surely you could use a remote file include exploit to run a shell - Its not exactly what you wanted, but you get the same effect  |
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
