25 matches found
X (Formerly Twitter): Denial of Service | twitter.com & mobile.twitter.com
Hi Team, Detail: I found a DoS that works on twitter.com and mobile.twitter.com, but it doesn't work on the mobile app. The user only needs to view the message or tweet in order to be exposed to this DoS. As far as I can remember, a report similar to this report has been sent to you before, but I...
River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH) Exploit
Exploit Title: River Past Video Cleaner Buffer Overflow SEH Exploit Author: crashmanucoot Contact: twitter.com/crashmanucoot Software Link: https://river-past-video-cleaner.softonic.com/ Version: 7.6.3 Tested on: Windows 10 Pro x64 SPANISH Category: Windows Local Exploit How to use:open the progr...
Scripts Genie Domain Trader (catalog.php, id param) - SQL Injection Vulnerability
No description provided by source. / / / \ / / / / / / / / / / / // / / / / / / // / // / / / / | // / / / / / // / / / // / /,// /////,// ///// , / // Domain Trader Script, MySQL Injection Vulnerabilities Software Page:...
MLMAuction Script (gallery.php, id param) - SQL Injection
No description provided by source. | \ | | | | / | | | | | | | | | | // \ \ / / | | | | | | |/ | ' \ \ \ / / | | | \ \ /\ V / | | || | || | | | | | | / || \| / /||,|||/|| || |/ || MLMAuction Script, SQL Injection Vulnerabilities Product Page:...
City Directory Review and Rating Script (search.php) SQL Injection Vulnerability
No description provided by source. Exploit Title: City Directory Review and Rating Script SQL Injection Vulnerability Date: 22.12.2012 Author: 3spi0n Script Vendor or Software Link: http://b-scripts.com/en/18-city-reviewer-yelp-clone.html Category: WebApps Type: SQL Injection MySQLi Tested On:...
pGB 2.12 kommentar.php SQL Injection Vulnerability
No description provided by source. Exploit Title: pGB 2.12 SQL Injection Vulnerability Date: 18/01/2012 - 03.52 Author: 3spi0n Software Website: http://www.powie.de/ Tested On: BackTrack 5 - Win7 Ultimate Platform: Php $ Vulnerable File: kommentar.php $ Demo Sites:...
X (Formerly Twitter): [mobile.twitter.com / twitter.com] CSRF protection bypass
I shall explain all the steps to create the final PoC in order to be more clear. Part 1. Cookie Injection via Google Analytics 1 Google Analytics sets the cookie to track user source: 123456.123456789.11.2.utmcsr=HOST|utmccn=referral|utmcmd=referral|utmcct=PATH For example:...
Lowest Unique Bid Auction - SQL Injection
| \ | | | | / | | | | | | | | | | // \ \ / / | | | | | | |/ | ' \ \ \ / / | | | \ \ /\ V / | | || | || | | | | | | / || \| / /||,|||/|| || |/ || Lowest unique bid auction, SQLi Vulnerabilities Product Page: http://www.auctionwebsitescript.com/lowestuniqbidauction.html Script Demo:...
MLMAuction Script - 'gallery.php?id' SQL Injection
| \ | | | | / | | | | | | | | | | // \ \ / / | | | | | | |/ | ' \ \ \ / / | | | \ \ /\ V / | | || | || | | | | | | / || \| / /||,|||/|| || |/ || MLMAuction Script, SQL Injection Vulnerabilities Product Page: http://www.auctionwebsitescript.com/mlmauction.html AuthorPentester: 3spi0n On...
MLMAuction Script - gallery.php?id SQL Injection
MLMAuction Script - gallery.php?id SQL Injection | \ | | | | / | | | | | | | | | | // \ \ / / | | | | | | |/ | ' \ \ \ / / | | | \ \ /\ V / | | || | || | | | | | | / || \| / /||,|||/|| || |/ || MLMAuction Script, SQL Injection Vulnerabilities Product Page:...
MLM (Multi Level Marketing) Script - Multiple Vulnerabilities
| \ | | | | / | | | | | | | | | | // \ \ / / | | | | | | |/ | ' \ \ \ / / | | | \ \ /\ V / | | || | || | | | | | | / || \| / /||,|||/|| || |/ || MLM Multi Level Marketing Script, Multiple Vulnerabilities Product Page: http://www.mlmscript.in/ AuthorPentester: 3spi0n On Web:...
Classified Ultra ScriptsGenie Cross Site Scripting / SQL Injection
Exploit Title; Classified Ultra ScriptsGenie Multiple Vulnerabilities Date; 20/1/13 Author; 3spi0n Script Vendor or Software Link; http://www.hotscripts.com/listing/classified-ultra-scriptsgenie/ Category; Webapps Type; SQL Injection MySQLi Tested on; Ubuntu 12.10 / Win7 / Backtrack 5 Demo...
City Directory Review and Rating Script SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: City Directory Review and Rating Script SQL Injection Vulnerability Date: 22.12.2012 Author: 3spi0n Script Vendor or Software Link: http://b-scripts.com/en/18-city-reviewer-yelp-clone.html Category: WebApps Type: SQL Injection...
Mozilla Adding More Stringent HTTPS Enforcement to Firefox
Mozilla is adding an extra layer of security in its Firefox browser by implementing HTTP Strict Transport Security HSTS, a mechanism that will force some sites into establishing a secure, HTTPS connection with the browser if its presented with the right certificate. According to an entry on...
Voila Web Design SQL Injection
Exploit Title; Voila Web Design SQL Injection Vulnerability Date ; 24/6/12 Author ; 3spi0n Script Vendor or Software Link ; http://www.voilasyria.com/ Category ; Webapps Type ; SQL Injection MySQLi Tested on ; Ubuntu / Win7 / Backtrack Demo Analyzing ;...
CVE-2012-0328
Janetter before 3.3.0.0 aka 3.3.0 allows remote attackers to obtain session information for twitter.com web sites via unspecified vectors...
Session fixation
Janetter before 3.3.0.0 aka 3.3.0 allows remote attackers to obtain session information for twitter.com web sites via unspecified vectors...
CVE-2012-0328
Janetter before 3.3.0.0 aka 3.3.0 allows remote attackers to obtain session information for twitter.com web sites via unspecified vectors...
CVE-2012-0328
CVE-2012-0328 affects Janetter, a Twitter client, where Janetter before version 3.3.0.0 is vulnerable to information disclosure. When a malicious page is opened in a browser while Janetter is in use, session information used to communicate with Twitter may be disclosed to an attacker via unspecif...
InsideChannel Web Design SQL Injection
Exploit Title: InsýdeChannel Web Design SQL Injection Vulnerability Date: 04/02/2012 - 14.56 Author: 3spi0n Software Website: www.insidechannel.com/ Tested On: BackTrack 5 - Win7 Ultimate Platform: Php $ Vulnerable File: noticias.php $ Demo Sites: www.bookingcerdanya.com/fr/noticias.php?id=6" SQL...