 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 293
 Members: 0
 Total: 293
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
I hate these site's! |
|
 Posted: Thu Nov 25, 2010 5:57 am |
 |
|
| Despotic |
| Active user |
 |
|
| Joined: Nov 17, 2010 |
| Posts: 42 |
|
|
|
 |
|
 |
|
I hate the site's that I've spent an hour hacking only to find that logging in as the admin has no admin panel or the admin/pass for the site isnt the same for the /admin/ section. Fukin pop-up script that asks for another uname/pass. Grrrrrr! 
Good security though  |
|
|
|
|
| Posted: Thu Nov 25, 2010 8:07 am |
|
|
| vince213333 |
| Advanced user |
 |
|
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
Most irritating thing is a htaccess protection, which you probably mean by "pop-up script"  .
Had the same issue a couple of months ago too. Got the admin passwords of some famous cell phone company here, but their admin panel was under construction (login page worked though). Now I can't find the passes anymore :/. |
|
|
|
|
| Posted: Thu Nov 25, 2010 1:50 pm |
|
|
| Despotic |
| Active user |
|
|
| Joined: Nov 17, 2010 |
| Posts: 42 |
|
|
|
|
|
|
|
htaccess protection.... thank you.
I was wondering wtf was happening. |
|
|
|
|
| Posted: Thu Nov 25, 2010 5:44 pm |
|
|
| x3roconf_ |
| Advanced user |
 |
|
| Joined: May 01, 2008 |
| Posts: 101 |
|
|
|
|
|
|
|
| vince213333 wrote: | | Most irritating thing is a htaccess protection.. |
True. |
|
|
|
|
| Posted: Fri Nov 26, 2010 12:38 am |
|
|
| Despotic |
| Active user |
|
|
| Joined: Nov 17, 2010 |
| Posts: 42 |
|
|
|
|
|
|
|
so umm....
Is there a way to overcome this?
I hacked several site's by finding validator.php and could download the .htaccess but there was no uname/pass there. or did I over look something? |
|
|
|
|
| Posted: Fri Nov 26, 2010 12:01 pm |
|
|
| x3roconf_ |
| Advanced user |
|
|
| Joined: May 01, 2008 |
| Posts: 101 |
|
|
|
|
|
|
|
| Despotic wrote: | so umm....
Is there a way to overcome this?
I hacked several site's by finding validator.php and could download the .htaccess but there was no uname/pass there. or did I over look something? |
Password hashes are generally stored in a file called .htpasswd |
|
|
|
|
| Posted: Fri Nov 26, 2010 12:43 pm |
|
|
| vince213333 |
| Advanced user |
|
|
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
Have a look in the htaccess file. There should be a line like this:
| Code: | | AuthUserFile /full/path/to/.htpasswd |
|
|
|
|
|
| Posted: Fri Nov 26, 2010 10:24 pm |
|
|
| Despotic |
| Active user |
|
|
| Joined: Nov 17, 2010 |
| Posts: 42 |
|
|
|
|
|
|
|
Beautiful!!
.htpasswd user/pass was the same for his godaddy account to  |
|
|
|
|
| Posted: Sat Nov 27, 2010 6:01 pm |
|
|
| capt |
| Advanced user |
|
|
| Joined: Nov 04, 2008 |
| Posts: 232 |
|
|
|
|
|
|
|
| oh nice you where able to load the .htpasswd Did you have an LFI or sometype of shell access? |
|
|
|
|
| Posted: Mon Nov 29, 2010 10:00 am |
|
|
| vince213333 |
| Advanced user |
|
|
| Joined: Aug 03, 2009 |
| Posts: 737 |
| Location: Belgium |
|
|
|
|
|
|
| My guess would be he got a backup via the validator list, then got the admin pass, uploaded a shell and got in |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
