WARNING: MASSIVE PR0N USE
WARNING: MASSIVE PR0N USE
Google Maps reversato, questa e' la soluzione del primo LugVR Contest con argomento: reverse di Google Maps. Visita l'articolo di inizio contest per maggiori informazioni. Nota: questo reverse di Google Maps e' stato effettuato da zero, ignorando le altre risorse sull'argomento, che comunque trovate listate a fondo articolo.
Il 7 e' terminato il primo LugVR Contest, argomento: reverse di Google Maps. Interessante vero? Per tutti quelli che si sono stancati di usare le API e l'interfaccia ufficiale. Il prossimo articolo sara' la soluzione del contest.
This is a short email i wrote in reply to v9 AT fakehalo.us on [email protected] focused on how to exploit XSS vulnerabilities in the real world.
Milkeyway is a software for the management and administration of internet access within public structures and frameworks, where the service supplying must be submitted to a scrupulous inspection. Nearly all SQL queries are vulnerable to SQL injection vulnerabilities. There are also some XSS vulnerabilities.
J u a n wrote:
> On 3/3/06, Alexander Hristov <[email protected]> wrote:
>> Just tested : http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22
>> javascript%3Aalert%28%27XSS%27%29%3B%22%3E
>> it still works for me
> works for me on internet explorer, didn't work with firefox 1.5
The purpose of this article is to make easily understandable the impact of some vulns exposed in the PmWiki Multiple Vulnerabilities and PHP5 Globals Vulnerability advisories.
This story is mostly funsec, if you can't handle funsec stop reading :) You have just developed you brand new application, it's name is EVIL.EXE. It's a very good application but nobody will install it without good partners.. You need somebody trusted from users that is willing to distribuite it. So.. Let's go! Find out some good partners.
Some service misuse examples.
PHP5 Globals Vulnerability: with ?GLOBALS[foobar] you can set the value of the un-initialized $foobar variable.
This is both a PmWiki and PHP advisory, and works only with register_globals on. I totally missed the PHP GLOBALS[] GPC injection vulnerability and rediscovered that by my own (if just few month before! arg!). Basically in the worst scenario we are in front of two separate vulnerabilities: one regarding arbitrary remote file inclusion and code execution in PmWiki on PHP 5.x with globals on and the other about the reintroduction of a bug that should have been fixed in 5.0.5 but work (at last) on the 2 most recent version of PHP5.
L'articolo e' una traduzione in italiano di Google XSS Example.