Even more stable.

Changes in
Commit log:

File information: Verlihub
Posted by verlihub on 2017-05-22 12:410 comments9 likes


Changes in
[ 36] Fixed: Errors on configuration conversion from string to number and vice versa, report by Alexandr
[ 38] Fixed: Lua 5.3 number to string conversions in MySQL queries
[ 39] Fixed: Missing default password value when adding new PM block entry
[ 37] Added: Optional reason to country code gag
[ 40] Added: Optional filter parameter to word ranks command, request by Meka][Meka
[ 41] Added: Split help texts and send on hub help command execution
[ 42] Added: Replacer debug configuration repldebug, request by KCAHDEP
[ 43] Added: IP gag now supports single IP, range or LRE, request by KCAHDEP
[ 44] Added: Forbidden chat nick MyINFO check
[ 45] Added: Column support to Team Elite hublist user search
[ 46] Added: Default type and limit parameters to user logger command, idea by Lord_Zero

File information: Ledokol
Posted by ledokol on 2017-05-22 12:340 comments8 likes

They never learn: Symantec support page search form XSS bug

Vulnerable page:

PoC"><img src=>

You can either include any XSS code in search input box, or request any XSS code directly using GET method and keyword parameter.

Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by RoLex on 2017-05-22 01:160 comments10 likes


Changes in
- when a client uses an unrecognized Socks5 login, the request will be allowed; however, a warning will be shown that contains the username and the password to allow users to find bad configuration settings (this solves the problem with replacing Tor with AdvOR in the Tor Browser Bundle)
- the files Help\Firefox\readme.txt and Help\Firefox\AdvOR.ini were updated to work with the 6.5.2 version of Tor Browser
- updated language strings: 3262, 3263

File information: AdvOR
Posted by advor on 2017-05-14 20:420 comments2 likes

Arcabit (Subscription renewal service) vulnerable to XSS

Arcabit (Subscription renewal service) - XSS

Vulnerable page:

"><img src=>

It is enough to insert any XSS code directly into serial field and your code will be executed and displayed immediately.

Note: This is a proof of concept and it doesn't reflect the views or interests of above website.
Posted by Neo on 2017-05-07 20:220 comments3 likes
« Back • 2 • Next »