Waraxe IT Security Portal
Login or Register
December 22, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 139
Members: 0
Total: 139
Full disclosure
CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205
Stored XSS with Filter Bypass - blogenginev3.3.8
[SYSS-2024-085]: Broadcom CA Client Automation - Improper Privilege Management (CWE-269)
[KIS-2024-07] GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities
RansomLordNG - anti-ransomware exploit tool
APPLE-SA-12-11-2024-9 Safari 18.2
APPLE-SA-12-11-2024-8 visionOS 2.2
APPLE-SA-12-11-2024-7 tvOS 18.2
APPLE-SA-12-11-2024-6 watchOS 11.2
APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2
APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2
APPLE-SA-12-11-2024-3 macOS Sequoia 15.2
APPLE-SA-12-11-2024-2 iPadOS 17.7.3
APPLE-SA-12-11-2024-1 iOS 18.2 and iPadOS 18.2
SEC Consult SA-20241211-0 :: Reflected Cross-Site Scripting in Numerix License Server Administration System Login
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index
Search found 29 matches
Can you help me? my forum has been hacked
PostForum:How to fix Posted: Fri Mar 04, 2005 6:20 pm Subject: A simple guide to secure a forum
Zeelock
Replies: 10
Views: 23519




- First use .htaccess for protection admin directory and admin files

- Second use only one admin

- Disable System() and any other dangerous function (if not used)

- Third For forums only use ...
Postnuke all versions + pnphpbb <=1.2 sql injection
PostForum:PostNuke Posted: Fri Mar 04, 2005 12:20 pm Subject: Postnuke all versions + pnphpbb <=1.2 sql injection
Zeelock
Replies: 5
Views: 16487




It's a bug in old Phpbb. Of course if you use old phpbb versions...
Howto Find bugs?
PostForum:Newbies corner Posted: Fri Mar 04, 2005 11:43 am Subject: Howto Find bugs?
Zeelock
Replies: 4
Views: 10247




Really good is to use a debugger.

Using Zend is amazing what you can find...
phpbb v. 2.0.12 and earlier authendication bypass
PostForum:PhpBB Posted: Mon Feb 28, 2005 1:53 pm Subject: phpbb v. 2.0.12 and earlier authendication bypass
Zeelock
Replies: 15
Views: 40855




If you want I'll censor the info as well
Debugging with ZEND
PostForum:Php Posted: Mon Feb 28, 2005 1:52 pm Subject: Debugging with ZEND
Zeelock
Replies: 0
Views: 6762




I'm using since a while Zend STudio.

Yesterday I tryed for the first time version 4.0 and I was impressed.

Auditing and debugging is far away easier!
phpbb v. 2.0.12 and earlier authendication bypass
PostForum:PhpBB Posted: Mon Feb 28, 2005 11:03 am Subject: phpbb v. 2.0.12 and earlier authendication bypass
Zeelock
Replies: 15
Views: 40855




I think that Janek censored the message, because it's really harmful at the moment
MercuryBoard v1.1.2
PostForum:All other software Posted: Mon Feb 28, 2005 9:14 am Subject: MercuryBoard v1.1.2
Zeelock
Replies: 2
Views: 9074




For the code injection you need to have Magic Quotes disabled. If you have the protection On, you should be safe

To fix the sql Injection Change:

if (!$mercury->perms->is_guest) &# ...
phpbb v. 2.0.12 and earlier authendication bypass
PostForum:PhpBB Posted: Mon Feb 28, 2005 8:40 am Subject: For comparing Strings use ===
Zeelock
Replies: 15
Views: 40855




Heintz Great Job.

Even if it's a common trick and well documented I didn't notice it yet ( Shocked ).

This error is very common in converting perl scripts into php.

For more info:

http://www.ph ...
MercuryBoard v1.1.2
PostForum:All other software Posted: Mon Feb 28, 2005 8:35 am Subject: Blind SQL-Injection
Zeelock
Replies: 2
Views: 9074




I already have made a template-tutorial for blind injection in MercuryBoard.

Anyway this is not a Select, it's a replace.

You can change the active item:

You have an error in your SQL syntax. ...
XSS remote control
PostForum:Cross-site scripting aka XSS Posted: Fri Feb 25, 2005 8:46 am Subject: XSS remote control
Zeelock
Replies: 4
Views: 12410




The guy that developed it is Anton Rager.

To have more info about there is his paper about:
http://xss-proxy.sourceforge.net/Advanced_XSS_Control.txt

I found it very interesting, even if the gu ...
vBulletin 3.0.6 and prior versions Exec commands in server
PostForum:Shell commands injection Posted: Thu Feb 24, 2005 10:43 am Subject: vBulletin 3.0.6 and prior versions Exec commands in server
Zeelock
Replies: 12
Views: 27092




Original Link: http://www.milw0rm.com/id.php?id=832

Made by Pokleyzz
Vulns in Phpbb 2.0.11
PostForum:PhpBB Posted: Wed Feb 23, 2005 8:51 am Subject: Unink ()
Zeelock
Replies: 10
Views: 16783




Just for deleting files,

Quote from Idefense:

Remote exploitation of an input validation vulnerability in the phpBB
Group's phpBB2 bulletin board system allows attackers to unlink (delete)
ar ...
Vulns in Phpbb 2.0.11
PostForum:PhpBB Posted: Mon Feb 21, 2005 8:53 am Subject: These Exploits
Zeelock
Replies: 10
Views: 16783




This kind of stuff is good because it gives information about table prefixes.

In the errors you can acknowlegdge the full name of the table.

There is another issue here:

http://www.site.com/ ...
Vulns in Phpbb 2.0.11
PostForum:PhpBB Posted: Fri Feb 18, 2005 6:20 pm Subject: Magic Quotes
Zeelock
Replies: 10
Views: 16783




it doesn't seem to be exploitable :-]

Yep It deals with the magic quotes and the backslash.


From the manual:

When magic_quotes are on, all ' (single-quote), " (double quote), (backslash) an ...
Phishing with Unicode Tricks
PostForum:All other security holes Posted: Fri Feb 18, 2005 11:50 am Subject: Phishing with Unicode Tricks
Zeelock
Replies: 0
Views: 7515




http://www.schneier.com/blog/archives/2005/02/unicode_url_hac_1.html
Page 1 of 2 Goto page 1, 2Next
All times are GMT


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.049 Seconds