While crawling few websites in search of XSS i was able to find one on Odesk, unfortunately i was unable to report the vulnerability was it is not on odesk.com , the security bug report program is being run by bugcrowd.com.
Any how i have emailed them about this vulnerability, as soon as i get a Positive reply i will post the vulnerability. It has been almost a month now, lets see how how they take to reply.
🙂
# Exploit Title: VLD Personals – Cross Site Scripting ( Reflective ) with admin authentication.
# Notified VLD Personals Date: 02/FEB/2015
# Exploit Author: Mr T
# Exploit Authors Website: http://www.securitypentester.ninja
# Vendor Homepage: http://www.vldpersonals.com/
# Software Link: http://www.vldpersonals.com/clients/downloads.php
# Vulnerable Version: 2.7.1
# Fixed Version 2.7.2
# Tested on: Windows / Linux
XSS in “what” Parameter
Adobe released a security update for its Flash Player software as it is being actively exploited in the wild. This latest exploit is packed in Angler Exploit kit (also known as Angler EK) being used by malicious hackers for exploiting flash player, in the past this exploit pack was packed with Sliverlight exploit.
In my everyday malware reverse engineering experience i come across multiple websites injections by malware, these malware are very much unique and cannot be found easily using search strings . Recently i was given a task to clean malware from a infected website. The website was using the very famous wordpress cms, when i search the internet i found multiple exploits which can be used to upload a backdoor into any website which is vulnerable due to outdated Slider plugin.
Every website needs to be trusted by its users for it to be successful. Growing concerns about fake sites, viruses, and identity theft has made consumers reluctant to do business online or post their information on websites that have not followed any security measures.
Malware is not going away any time soon. Malware is growing, developing and constantly evolving. It is becoming more difficult to detect, and even harder to remove. Your computer is constantly at risk from infection by malware in the form of viruses, worms, trojans, rootkits, dialers and spyware.
Recently a vulnerability has been discovered in a widely used mobile application “WhatsApp” , This application is being used by million’s of mobile phone users for messaging.
Two young security researchers have found a vulnerability which can remotely crash whatsapp by sending a specially crafted message of 2000 words ( 2 KB ) in size.
I have recently become a huge fan of SDR, taking a 12$ USB dongle which is intended to receive FM and TV channels into a whole new world of listening to open frequencies , un-encrypted wireless handsets or ATC.
After getting into SDR in my learning phase i managed to listen to different frequencies and perfecting them making customized antennas using things i find at home.
This bash script is to deauth all clients on wifi, The script is using Aircrack-ng suite to deauth clients, feel free to modify and use this script as it is.
aircrack-ng with showing all clients connected.
Shellshock, is also know as Bashdoor, this bug was first disclosed on 24th September 2014. This bug let malicious hackers craft certain requests allowing them to execute arbitrary commands to the vulnerable version of bash.
CVE:
CVE-2014-6277
CVE-2014-6278
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187
