Arcabit (Subscription renewal service) vulnerable to XSS

Arcabit (Subscription renewal service) - XSS

Vulnerable page:

"><img src=>

It is enough to insert any XSS code directly into serial field and your code will be executed and displayed immediately.

Note: This is a proof of concept and it doesn't reflect the views or interests of above website.
Posted by Neo on 2017-05-07 20:220 comments3 likes


Changes in
- corrected some plugin calls that were using different calling conventions than expected when compiled with newest versions of gcc (thanks to RoLex and Ruza for reporting this problem)
- added a splitter between the main tree and the configuration page that can be used to resize the configuration page
- if both WindowPos and GuiPlacement3 are found, GuiPlacement3 is used because it stores splitter's position (WindowPos will still be saved to AdvOR.ini)
- messages that are logged before the GUI is created are cached and shown later in the Debug window
- geoip_c.h was updated with GeoIPCountryWhois.csv released on May 2nd; there are 153441 IP ranges having 32 ranges in the fake "A1" country; 31 ranges were approximated to real countries

File information: AdvOR
Posted by advor on 2017-05-05 20:200 comments2 likes


Changes in
- added support for Unicode command line arguments; main() will use argv[] arguments converted from Unicode to UTF-8
- corrected some memory allocation problems that could had caused deallocation of invalid memory regions
- the procedure that searches the memory allocated for xul.dll for a function that can be called to delete cookies from Firefox when changing the identity was removed
- starting with this version, configuration options used by both 0.3x and 0.4x versions of AdvOR will be saved to AdvOR.ini

File information: AdvOR
Posted by advor on 2017-04-27 20:080 comments2 likes


Notice: data/text/motd.txt has changed to welcome.txt, replace as necessary.

Changes in Ragnarok
# (2017.04.19)
    # Added new configurable restrictions != hub minhubs<0/1/2> and maxhubs<0/1/2> (Suggested by RoLex)
    # Added support for L/B in tag. (suggested by RoLex)
    # Complete rewritten and optimised the myinfo and tag parser.
    # Accounts with .enter_when_full set can still enter the hub when the full is full.
    # Added permission .enter_when_full
    # An error will now be shown for invalid != hub configs.
    # Added != hub validatetimeout
    # Fixed socket_timeout configuration.
    # Timeout debug message will now show related error message.
    # Added missing != hub welcome help entry.
    # Changed permission from chg_motd to chg_welcome
    # Changed motd.txt to welcome.txt
    # Fixed failing to run software if motd.txt did not exist in data/text directory.
    # Added != hub option "repamp <true/false>" for replacing incoming & with & (suggested by RoLex)
    # Profiles with .invalid_allowed will not be disconnected for invalid $ commands.
    # Added new permission .invalid_allowed
    # Fixed crash when reloading lua scripts.
    # Hub now sends debug to those that have the permission.
    # Added new permission .can_view_debug
    # Search request will replace incorrect ip and send debug. (Suggested by RoLex)
    # Fixed a BUG FUCKING BUG causing validate timeout for no apparent reason.

File information: NDCH
Posted by ndch on 2017-04-19 04:570 comments3 likes


Changes in
# (2017.04.12)
    # Added new setting != Hub address (suggested by RoLex)
    # Fixed issue with new accounts not being accessible.
    # Another fix to country_code.
    # Bans added and expiry datetime changed internally to uint64 type.
    # Fixed formatting bug in ban list.
    # Ban list now shows added and expiry date/time.
    # Added commands !unban *, !unban */nick and !unban */ip.
    # Bots now use desc and email setting instead of myinfo.
    # Fixed sending hello after myinfo for old clients.
    # Added lua api function Hub.addBot(nick, desc, email)
    # Added lua api function Hub.removeBot(nick)
    # Fixed stopping lua scripts was not calling onUnload.

File information: NDCH
Posted by ndch on 2017-04-12 00:570 comments2 likes
« Back • 3 • Next »