|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 98
Members: 0
Total: 98
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
|
http://securityreason.com/achievement_exploitalert/1
download from:
http://securityreason.com/expldownload/10/1
peace |
|
|
|
|
i quote from somewhere else
1. Basically all phpBB admin-side options do allow full HTML, including
javascript. That is the intended behaviour, as there are legitimate uses.
phpBB does howe ... |
|
|
|
|
i think, better solusion is CSRF...
adv
http://securityreason.com/achievement_securityalert/31
and simple image exploit
http://securityreason.com/expldownload/10/6
i can public the next ... |
|
|
|
|
My question is this: can I use concatenation o something in order to change the word document?.
Try HTML without semicolons... I am not sure.. but i have tested in IE and works..
document=&a ... |
|
|
|
|
My question is this: can I use concatenation o something in order to change the word document?.
Try HTML without semicolons... I am not sure.. but i have tested in IE and works..
document=&a ... |
|
|
|
|
Yes, it's true. More Phpnuke holes revealed, so stay in touch!
Yeah.. phpnuke something critical? i hope.. i have something in phpnuke.. but i don't like phpnuke... Postnuke is 100% ... |
|
|
|
|
like in 2018..
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0063 |
|
|
|
|
use:
<IMG SRC="jav	ascript:alert('XSS');"
i think the preg_match only search for < ends with > if we use tags with out > all of them works properly:
& ... |
|
|
|
|
works works..
for example simple script.
http://securityreason.com/expldownload/10/4
you need have display_errors On if you wont see PHP errors |
|
|
|
|
http://securityreason.com/achievement_securityalert/26 |
|
|
|
|
www.google.com => http://securityreason.com/achievement_securityalert/23 |
|
|
|
|
http://securityreason.com/achievement_securityalert/25 by sp3x |
|
|
|
|
http://securityreason.com/achievement_securityalert/24 |
|
|
|
|
GeSHi started as a mod for the phpBB forum system, to enable highlighting of more languages than the available (which was 0 ). However, it quickly spawned into an entire project on its own. But now ... |
|
|
Page 1 of 2 |
Goto page 1, 2Next All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|