Paid Advertising
SLA.CKERS.ORG
HA.CKERS SLACKING
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails.
Re: So it begins - Redirects Edition
Posted by: atomino_bruciacarte (IP Logged)
Date: April 24, 2007 11:17AM
Re: So it begins - Redirects Edition
Posted by: CrYpTiC_MauleR (IP Logged)
Date: April 25, 2007 06:31PM
[dw.com.com]
________________________________________________________________________
www.crypticmauler.com
"You must be the change you wish to see in the world."
________________________________________________________________________
www.crypticmauler.com
"You must be the change you wish to see in the world."
Re: So it begins - Redirects Edition
Posted by: CrYpTiC_MauleR (IP Logged)
Date: May 02, 2007 11:25AM
[free.grisoft.com] Redirect
[free.grisoft.com] HTTP Response Splitting
________________________________________________________________________
www.crypticmauler.com
"You must be the change you wish to see in the world."
[free.grisoft.com] HTTP Response Splitting
________________________________________________________________________
www.crypticmauler.com
"You must be the change you wish to see in the world."
Re: So it begins - Redirects Edition
Posted by: /nul (IP Logged)
Date: May 02, 2007 06:17PM
Anyone knows if/where this Joomla! HTTP Response Splitting/Redirection is disclosed:
[www.eurid.eu]
(credited: bill)
Dorked Google (inurl:index2.php?option) and found many vulnerable sites. After a while Google popped-up a nice warning saying that "my query looks like automated request from a computer virus..." so I suppose this is old stuff.
[www.eurid.eu]
(credited: bill)
Dorked Google (inurl:index2.php?option) and found many vulnerable sites. After a while Google popped-up a nice warning saying that "my query looks like automated request from a computer virus..." so I suppose this is old stuff.
Re: So it begins - Redirects Edition
Posted by: tx (IP Logged)
Date: May 04, 2007 02:03PM
@/nul: I haven't heard it before, it's still a valid issue on 1.0.10 (ouch, I was vulnerable), dunno about 1.0.12, yet. Of course eurid.eu is running a pretty outdated joomla install, seeing as how this works: [www.eurid.eu]
I'm betting there's some RFI on that site as well.
-tx @ lowtech-labs.org
I'm betting there's some RFI on that site as well.
-tx @ lowtech-labs.org
Re: So it begins - Redirects Edition
Posted by: FR3DC3RV (IP Logged)
Date: May 08, 2007 02:34PM
[www.imagelink.com.br]
[www.v-w-d.com]
[www.alexandria.lib.va.us]
[clicks.emarketmakers.com]
[mineco.fgov.be]
[www.nhlbi.nih.gov]
-------------------------------
[fr3dc3rv.blogspot.com]
Edited 1 time(s). Last edit at 05/09/2007 08:50AM by FR3DC3RV.
[www.v-w-d.com]
[www.alexandria.lib.va.us]
[clicks.emarketmakers.com]
[mineco.fgov.be]
[www.nhlbi.nih.gov]
-------------------------------
[fr3dc3rv.blogspot.com]
Edited 1 time(s). Last edit at 05/09/2007 08:50AM by FR3DC3RV.
Re: So it begins - Redirects Edition
Posted by: .mario (IP Logged)
Date: May 08, 2007 04:43PM
born for porn
[empornium.us]
---
g:0in~/*for another*/~alert(!!1)
(Å='',[Ç=!(µ=!Å+Å)+{}][Ç[ª=µ[++Å]+µ[Å-Å],È=Å-~Å]+Ç[È+È]+ª])()[Ç[Å]+Ç[Å+Å]+µ[È]+ª](Å)
me || PHPIDS || Twitter || <malicious></markup>
Edited 2 time(s). Last edit at 05/08/2007 04:47PM by .mario.
[empornium.us]
---
g:0in~/*for another*/~alert(!!1)
(Å='',[Ç=!(µ=!Å+Å)+{}][Ç[ª=µ[++Å]+µ[Å-Å],È=Å-~Å]+Ç[È+È]+ª])()[Ç[Å]+Ç[Å+Å]+µ[È]+ª](Å)
me || PHPIDS || Twitter || <malicious></markup>
Edited 2 time(s). Last edit at 05/08/2007 04:47PM by .mario.
Re: So it begins - Redirects Edition
Posted by: CrYpTiC_MauleR (IP Logged)
Date: May 10, 2007 12:53AM
[www.microsoft.com]
________________________________________________________________________
www.crypticmauler.com
"You must be the change you wish to see in the world."
________________________________________________________________________
www.crypticmauler.com
"You must be the change you wish to see in the world."
Re: So it begins - Redirects Edition
Posted by: tx (IP Logged)
Date: May 11, 2007 01:16AM
[adlog.com.com] where 'x' is any character
-tx @ lowtech-labs.org
Edited 1 time(s). Last edit at 05/11/2007 01:17AM by tx.
-tx @ lowtech-labs.org
Edited 1 time(s). Last edit at 05/11/2007 01:17AM by tx.
Re: So it begins - Redirects Edition
Posted by: tx (IP Logged)
Date: August 13, 2007 09:50PM
posted in FD, but I thought it was interesting: [www.google.com] (redirects to the original blog post)
-tx @ lowtech-labs.org
Edited 1 time(s). Last edit at 08/13/2007 09:51PM by tx.
-tx @ lowtech-labs.org
Edited 1 time(s). Last edit at 08/13/2007 09:51PM by tx.
Re: So it begins - Redirects Edition
Posted by: nav (IP Logged)
Date: August 15, 2007 05:46PM
I contacted RBC about this 2 weeks ago. Not a redirect, but opens in a new frame. Could be used as a phish
[www2.rbccm.com]
[www2.rbccm.com]
Re: So it begins - Redirects Edition
Posted by: Anonymous User (IP Logged)
Date: September 25, 2007 02:08AM
lol
Re: So it begins - Redirects Edition
Posted by: Spyware (IP Logged)
Date: September 25, 2007 04:51AM
krazl Wrote:
-------------------------------------------------------
> [www.rpi2u.com]
> Here..
That is not a redirect. It is a XSS hole [www.rpi2u.com]; though, which you could post in the other "So it begins..." forum.
-Spyware | [bitsofspy.net]
-------------------------------------------------------
> [www.rpi2u.com]
> Here..
That is not a redirect. It is a XSS hole [www.rpi2u.com]; though, which you could post in the other "So it begins..." forum.
-Spyware | [bitsofspy.net]
Re: So it begins - Redirects Edition
Posted by: Spyware (IP Logged)
Date: September 26, 2007 03:03PM
Re: So it begins - Redirects Edition
Posted by: thornmaker (IP Logged)
Date: September 26, 2007 10:24PM
both work on other tld's too like .com, .fi, etc
Re: So it begins - Redirects Edition
Posted by: krazl (IP Logged)
Date: December 13, 2007 10:06PM
friendster..
<div id="mylousycode" expr="window.location('http://www.google.com')" style="background:url('javascript:eval(document.all.mylousycode.expr)')"></div>
Edited 1 time(s). Last edit at 12/13/2007 11:39PM by krazl.
<div id="mylousycode" expr="window.location('http://www.google.com')" style="background:url('javascript:eval(document.all.mylousycode.expr)')"></div>
Edited 1 time(s). Last edit at 12/13/2007 11:39PM by krazl.
Re: So it begins - Redirects Edition
Posted by: thrill (IP Logged)
Date: December 17, 2007 01:40PM
Better Business Bureau
--thrill
---
It is not the degrees you hold, but the mind you possess. - thrill
--thrill
---
It is not the degrees you hold, but the mind you possess. - thrill
Re: So it begins - Redirects Edition
Posted by: tx (IP Logged)
Date: February 11, 2008 04:08PM
[www.globalsecurity.org]
EDIT: This appears to affect all versions of Thunderstone's Webinator software: [search.thunderstone.com]
-tx @ lowtech-labs.org
Edited 1 time(s). Last edit at 02/11/2008 04:20PM by tx.
EDIT: This appears to affect all versions of Thunderstone's Webinator software: [search.thunderstone.com]
-tx @ lowtech-labs.org
Edited 1 time(s). Last edit at 02/11/2008 04:20PM by tx.
Sorry, only registered users may post in this forum.
sla.ckers.org RSS feed
Board haX0r3d together by ha.ckers.org, forshizzle.
SecTheory Security Consulting *