This site uses cookies. In order to read how we handle cookies please click here. Click on this message to accept and hide.
Go to top
18.97.9.173.US.SSL

Webroot's polish online shop vulnerable to the same XSS for 5 years

I discovered XSS vulnerability on Webroot's polish online shop 5 years ago. Today I thought that maybe I should check whether they learn from past mistakes. I have checked the same page: http://wrpolska.pl/sklep/search.php and it turned out to be still vulnerable to the same XSS I found 5 years ago...

PoC:

Code
http://wrpolska.pl/sklep/search.php?orderby=position&orderway=desc&search_query="><h1>XSS found by Team Elite</h1>

Code
http://wrpolska.pl/sklep/search.php?orderby=position&orderway=desc&search_query="><img src=http://te-home.net/images/logo.png>

XSS
XSS


Webroot has an article on their website titled: What exactly is Cross Site Scripting (XSS). Maybe it's time to use knowledge from this article to protect yourself?

Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by Neo on 2018-11-08 21:50 0 comments 3 likes

FlylinkDC++ FlylinkDC++ r504

This official FlylinkDC++ r504 installer was put into ZIP archive due to unavailability of sharing pure executable files on our website.

Changes in r504
https://github.com/pavel-pimenov/flylinkdc-r5xx/commits/master

File information: FlylinkDC++ r504
Posted by flylinkdc on 2018-11-03 13:51 0 comments 1 like

StrongDC++ StrongDC++ 2.42

These official StrongDC++ 2.42 x86 + x64 installers were put into ZIP archive due to unavailability of sharing pure executable files on our website.

Changes in 2.42
* DC++ 0.777 core synchronization
* added automatic incoming connection type detection
* stability fixes
* added option to disable Explorer theming in listviews and treeviews
* hopefully fixed throttling with very large speeds
* DHT fixes
* updated internal libraries (OpenSSL, BZip2, ZLIB, boost) - fixes some security issues
* removed STLPort dependency
* performance tweaks
* added support to set favorite hub encoding
* DC++ emulation is off by default (for non-favorite hubs)
* webserver encoding changed to utf-8
* webserver session timeout changed to 10 minutes

File information: StrongDC++ 2.42
Posted by strongdc on 2018-11-03 12:31 0 comments 1 like

EiskaltDC++ EiskaltDC++ 2.2.9

This official EiskaltDC++ 2.2.9 x86 installer was put into ZIP archive due to unavailability of sharing pure executable files on our website.

Changes in 2.2.9
*** common changes ***

* Fixed build with GCC < 4.6 and Clang < 3.1. This is the last release with support of old compilers.
* Fixed cmake rules for building with sr@latin localization.
* Small code refactoring and optimisation.

*** eiskaltdcpp-qt ***

* Improvements in search widget: now progress bar works as expected.
* Fixed segmentation fault on right click at some nicknames in public chats.
* Fixed SIGABRT during closing Tic-Tac-Toe QML widget.
* Fixed SIGABRT on program exit when QtScript "LogManager View" is active.
* A number of improvements for Mac OS X:
- disabled system tray functionality (it never worked there as expected)
- added special program menu to the dock icon
- now program is hided into dock instead of exiting by the click on window close button
- added platform-specific code to handle left click on program icon in dock (now it works as in native Mac OS X programs)
- added dock icon jumping when there are new unread personal messages
- added support for Retina displays (fonts are rendered in high resolution when program built with Qt 4.8.x) [Thanks to Dmitry Arkhipov who showed developers how Mac OS X looks like]
* Some platform-specific improvements in settings dialog: hided options which do not work in Mac OS X, MS Windows or Haiku.

*** eiskaltdcpp-gtk ***

* Improvements in search widget: now progress bar works as expected.
* Fixed SIGABRT when gdk_display_get_default() returns NULL.

*** eiskaltdcpp-daemon ***

* Fixed check of log file existence in daemon mode (see --syslog and --log command-line options).

*** eiskaltdcpp-cli ***

* Fixed work with libjson-rpc-perl >= 1.00 (module JSON::RPC::Client was moved to JSON::RPC::Legacy::Client there). [Thanks to Damyan Ivanov]

File information: EiskaltDC++ 2.2.9
Posted by eiskaltdc on 2018-11-03 12:14 0 comments 1 like

DC++ DC++ 0.867

This official DC++ 0.867 installer was put into ZIP archive due to unavailability of sharing pure executable files on our website.

Changes in 0.867
[L#1722364] Prevent remote crashes from malevolent UDP data (maksis)

File information: DC++ 0.867
Posted by dcpp on 2018-10-29 22:03 0 comments 1 like