حالة الموضوع:
مغلق
  1. .:: RSS ::.

    .:: RSS ::. عضوية آلية

    الأنتساب:
    ‏9 سبتمبر 2011
    المشاركات:
    14,005
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    36
    الإقامة:
    IQ-T34M
    Inj3ct0r Team found XSS Vulnerability on MSN website من اكتشافي مع فريق 1337day





    السلام عليكم



    كود PHP:

    1
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ####################################### 1 0 MSN.com Site Exploits XSS Vulnerability 1 1 ####################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 # test on windows 7 # browser Opear / Internet Explorer 8 # software:Document Moved # about us: 1337Day.com the first legitimate marketplace for validated, zero-day exploits. # Helping security professionals test MORE vulnerabilities, FASTER. # Greetz: r0073r, CrosS, r4dc0re, D4NB4R, DaOne, Angel Injection, alajman. http://news.de.msn.com/panorama/bilder-des-tages-455#image=''> http://news.de.msn.com/panorama/bilder-des-tages-455#image=''> ''> ''> vidgeo=qa%7C800000000000000000000000%7C%7CFalse; Sample=48; MC1=V=3&GUID=d2c0c90f0d604145a556f02ceb91faf4; MUID=1687557670F26677037A516174F266AF; zip=c:qa; POPUPCHECK=1352895103116 1337Day.com - a marketplace for vulnerability testing. (former milw0rm.com and inj3ct0r.com Team) The goal is to close the capabilities gap between the cyber-criminals and white hats, by enabling defenders to perform more comprehensive testing of their defenses. Domains: 1337day.com - 1337day.org - 1337day.net Contact: [email protected] - [email protected] Twitter: inj3ct0r (inj3ct0r) on Twitter Facebook: http://www.facebook.com/inj3ct0rs Feeds: 1337day.com</title><link>http://1337day.com/</link><description>Inj3ct0r exploit database : vulnerability : 0day : shellcode</description><language>en-us</language><image><title>1337day.com</title><url>http://1337day.com/images/inj3ct0r_wite.gif</url><link>http://1337day.com/</link></image><pubDate>Wed, 14 Nov 2012 16:15:00 GMT</pubDate><lastBuildDate>Wed, 14 Nov 2012 16:15:00 GMT</lastBuildDate><item><title>[web applications] - friendsinwar FAQ Manager SQL Injection (authbypass) Vulnerability</title><link>http://1337day.com/exploits/19743</link><pubDate>Wed, 14 Nov 2012 16:15:00 GMT</pubDate></item><item><title>[web applications] - Myrephp Business Directory Multiple Vulnerabilities</title><link>http://1337day.com/exploits/19742</link><pubDate>Wed, 14 Nov 2012 16:14:36 GMT</pubDate></item><item><title>[dos / poc] - Novell Groupwise Internet Agent LDAP BIND Request Overflow Vulnerability</title><link>http://1337day.com/exploits/19741</link><pubDate>Wed, 14 Nov 2012 16:12:54 GMT</pubDate></item><item><title>[web applications] - MYRE Realty Manager Multiple Vulnerabilities</title><link>http://1337day.com/exploits/19740</link><pubDate>Wed, 14 Nov 2012 16:12:35 GMT</pubDate></item><item><title>[web applications] - MYREphp Vacation Rental Software Multiple Vulnerabilities</title><link>http://1337day.com/exploits/19739</link><pubDate>Wed, 14 Nov 2012 16:11:19 GMT</pubDate></item><item><title>[web applications] - dotProject 7.7.5 execute arbitrary PHP code</title><link>http://1337day.com/exploits/19668</link><pubDate>Wed, 31 Oct 2012 22:00:00 GMT</pubDate></item><item><title>[web applications] - MyBB Follower User Plugin SQL Injection Vulnerability</title><link>http://1337day.com/exploits/19669</link><pubDate>Wed, 31 Oct 2012 22:00:00 GMT</pubDate></item><item><title>[dos / poc] - Konqueror 4.7.3 Memory Corruption</title><link>http://1337day.com/exploits/19663</link><pubDate>Wed, 31 Oct 2012 22:00:00 GMT</pubDate></item><item><title>[dos / poc] - Internet Explorer 9 Memory Corruption PoC Exploit</title><link>http://1337day.com/exploits/19664</link><pubDate>Wed, 31 Oct 2012 22:00:00 GMT</pubDate></item><item><title>[web applications] - Etiko CMS Arbitrary File Upload Vulnerability</title><link>http://1337day.com/exploits/19661</link><pubDate>Wed, 31 Oct 2012 08:35:57 GMT</pubDate></item><item><title>[web applications] - Visual Chile - SQL Injection / Cross-Site Scripting Vulnerabilities</title><link>http://1337day.com/exploits/19657</link><pubDate>Wed, 31 Oct 2012 07:31:22 GMT</pubDate></item><item><title>[web applications] - WordPress FoxyPress 0.4.2.5 XSS / CSRF / SQL Injection</title><link>http://1337day.com/exploits/19658</link><pubDate>Tue, 30 Oct 2012 22:00:00 GMT</pubDate></item><item><title>[web applications] - Joomla Component com_quiz SQL Injection / XSS Vulnerabilities</title><link>http://1337day.com/exploits/19656</link><pubDate>Tue, 30 Oct 2012 19:26:48 GMT</pubDate></item><item><title>[web applications] - DATA Estudio - SQL Injection / Cross-Site Scripting Vulnerabilities</title><link>http://1337day.com/exploits/19655</link><pubDate>Tue, 30 Oct 2012 10:41:06 GMT</pubDate></item><item><title>[web applications] - TP-LINK TL-WR841N Local File Inclusion Vulnerability</title><link>http://1337day.com/exploits/19654</link><pubDate>Tue, 30 Oct 2012 09:57:47 GMT</pubDate></item><item><title>[web applications] - VICOM STUDIO - SQL Injection / Local File Inclusion Vulnerabilities</title><link>http://1337day.com/exploits/19653</link><pubDate>Tue, 30 Oct 2012 09:55:42 GMT</pubDate></item><item><title>[web applications] - 4ColorDesign - SQL Injection / Cross-Site Scripting Vulnerabilities</title><link>http://1337day.com/exploits/19652</link><pubDate>Tue, 30 Oct 2012 09:53:21 GMT</pubDate></item><item><title>[web applications] - 2Point Solutions - Multiple Vulnerabilities</title><link>http://1337day.com/exploits/19651</link><pubDate>Tue, 30 Oct 2012 09:52:12 GMT</pubDate></item><item><title>[web applications] - Keshav Infotech - SQL Injection / Cross-Site Scripting Vulnerabilities</title><link>http://1337day.com/exploits/19650</link><pubDate>Tue, 30 Oct 2012 09:48:06 GMT</pubDate></item><item><title>[dos / poc] - RealPlayer 15.0.6.14(.3g2) WriteAV Vulnerability</title><link>http://1337day.com/exploits/19649</link><pubDate>Tue, 30 Oct 2012 09:46:05 GMT</pubDate></item><item><title>[web applications] - OneForum Multiple Vulnerabilities</title><link>http://1337day.com/exploits/19648</link><pubDate>Mon, 29 Oct 2012 17:19:02 GMT</pubDate></item><item><title>[web applications] - Joomla Component com_jce remote Code Injecion / Execution Exploit (perl)</title><link>http://1337day.com/exploits/19647</link><pubDate>Mon, 29 Oct 2012 16:02:34 GMT</pubDate></item><item><title>[web applications] - TomatoCart 1.2.0 Alpha 2 Local File Inclusion Vulnerability</title><link>http://1337day.com/exploits/19681</link><pubDate>Sun, 28 Oct 2012 22:00:00 GMT</pubDate></item><item><title>[web applications] - onArcade v2.2 Blind SQL Vulnerability</title><link>http://1337day.com/exploits/19614</link><pubDate>Sun, 28 Oct 2012 20:56:40 GMT</pubDate></item><item><title>[web applications] - PHPEasyData SQL Injection Vulnerability</title><link>http://1337day.com/exploits/19646</link><pubDate>Sun, 28 Oct 2012 19:58:40 GMT</pubDate></item><item><title>[web applications] - Softbiz B2B shopping Sql Injection Exploit (perl)</title><link>http://1337day.com/exploits/19643</link><pubDate>Sun, 28 Oct 2012 18:41:36 GMT</pubDate></item><item><title>[remote exploits] - ManageEngine Security Manager Plus 5.5 build 5505 SQL Injection Vulnerability</title><link>http://1337day.com/exploits/19640</link><pubDate>Sun, 28 Oct 2012 15:34:11 GMT</pubDate></item><item><title>[web applications] - Wordpress Easy Webinar Plugin Blind SQL Injection Vulnerability</title><link>http://1337day.com/exploits/19639</link><pubDate>Sun, 28 Oct 2012 13:21:58 GMT</pubDate></item><item><title>[web applications] - italiainfiera SQL Injection Vulnerability</title><link>http://1337day.com/exploits/19638</link><pubDate>Sun, 28 Oct 2012 10:40:06 GMT</pubDate></item><item><title>[remote exploits] - Aladdin Knowledge System Ltd - PrivAgent.ocx ChooseFilePath BOF</title><link>http://1337day.com/exploits/19594</link><pubDate>Sun, 28 Oct 2012 09:53:39 GMT</pubDate></item><item><title>[dos / poc] - Microsoft Office Excel 2010 memory corruption</title><link>http://1337day.com/exploits/19637</link><pubDate>Sun, 28 Oct 2012 08:06:38 GMT</pubDate></item><item><title>[dos / poc] - hMailServer 5.3.3 IMAP Remote Crash PoC As more corporate assets migrate to the digital world, the quality of the systems that house and protect the data become increasingly important. Cybercriminals utilize exploits predominantly against the thousands of publicly disclosed non-zero-day vulnerabilities to compromise systems. The result is an asymmetric war in which the black hats have more tools at their disposal than the white hats. Security or penetration testing is the most deterministic method of evaluating the actual effectiveness of any protective system, but it is difficult to do properly and can impact production systems. In addition, current pen testing tools only provide coverage for about 10% of the 20,000 published vulnerabilities. Thus, pen tests are neither comprehensive nor adequate for determining the secured state of any system. The Solution 1337Day is a community-driven marketplace made up of a diverse group of expert security researchers contributing to solve the problem. Increase data security and level the playing field by improving security testing resources of white hats Create an economically sustainable ecosystem for ongoing vulnerability testing Support the professionalization of security researchers, and make it economically rational to do good Advance the state of the art of security product development, deployment and testing Copyright آ© 2012 | 1337DAY.com # 1337day.com [2012-11-14]




    [hide]



    http://1337day.com/exploit/19736





    [/hide]
     
حالة الموضوع:
مغلق

مشاركة هذه الصفحة