News
Work
Network
Forum
Gallery
Hublist
Tools
Statistics
About
Login
Arcabit (Subscription renewal service) vulnerable to XSS
Arcabit (Subscription renewal service) - XSSVulnerable page: https://www.arcabit.pl/pre-renew.html
PoC
"><img src=http://www.te-home.net/gallery/xssd_by_teamelite.png>
It is enough to insert any XSS code directly into serial field and your code will be executed and displayed immediately.
Note: This is a proof of concept and it doesn't reflect the views or interests of above website.
AdvOR 0.3.1.2
Changes in 0.3.1.2
- corrected some plugin calls that were using different calling conventions than expected when compiled with newest versions of gcc (thanks to RoLex and Ruza for reporting this problem)- added a splitter between the main tree and the configuration page that can be used to resize the configuration page
- if both WindowPos and GuiPlacement3 are found, GuiPlacement3 is used because it stores splitter's position (WindowPos will still be saved to AdvOR.ini)
- messages that are logged before the GUI is created are cached and shown later in the Debug window
- geoip_c.h was updated with GeoIPCountryWhois.csv released on May 2nd; there are 153441 IP ranges having 32 ranges in the fake "A1" country; 31 ranges were approximated to real countries
File information: AdvOR 0.3.1.2
AdvOR 0.3.1.1
Changes in 0.3.1.1
- added support for Unicode command line arguments; main() will use argv[] arguments converted from Unicode to UTF-8- corrected some memory allocation problems that could had caused deallocation of invalid memory regions
- the procedure that searches the memory allocated for xul.dll for a function that can be called to delete cookies from Firefox when changing the identity was removed
- starting with this version, configuration options used by both 0.3x and 0.4x versions of AdvOR will be saved to AdvOR.ini
File information: AdvOR 0.3.1.1
NDCH 0.0.1.7
Notice: data/text/motd.txt has changed to welcome.txt, replace as necessary.Changes in 0.0.1.7 Ragnarok
# 0.0.1.7 (2017.04.19)# Added new configurable restrictions != hub minhubs<0/1/2> and maxhubs<0/1/2> (Suggested by RoLex)
# Added support for L/B in tag. (suggested by RoLex)
# Complete rewritten and optimised the myinfo and tag parser.
# Accounts with .enter_when_full set can still enter the hub when the full is full.
# Added permission .enter_when_full
# An error will now be shown for invalid != hub configs.
# Added != hub validatetimeout
# Fixed socket_timeout configuration.
# Timeout debug message will now show related error message.
# Added missing != hub welcome help entry.
# Changed permission from chg_motd to chg_welcome
# Changed motd.txt to welcome.txt
# Fixed failing to run software if motd.txt did not exist in data/text directory.
# Added != hub option "repamp <true/false>" for replacing incoming & with & (suggested by RoLex)
# Profiles with .invalid_allowed will not be disconnected for invalid $ commands.
# Added new permission .invalid_allowed
# Fixed crash when reloading lua scripts.
# Hub now sends debug to those that have the permission.
# Added new permission .can_view_debug
# Search request will replace incorrect ip and send debug. (Suggested by RoLex)
# Fixed a BUG FUCKING BUG causing validate timeout for no apparent reason.
File information: NDCH 0.0.1.7
NDCH 0.0.1.6
Changes in 0.0.1.6
# 0.0.1.6 (2017.04.12)# Added new setting != Hub address (suggested by RoLex)
# Fixed issue with new accounts not being accessible.
# Another fix to country_code.
# Bans added and expiry datetime changed internally to uint64 type.
# Fixed formatting bug in ban list.
# Ban list now shows added and expiry date/time.
# Added commands !unban *, !unban */nick and !unban */ip.
# Bots now use desc and email setting instead of myinfo.
# Fixed sending hello after myinfo for old clients.
# Added lua api function Hub.addBot(nick, desc, email)
# Added lua api function Hub.removeBot(nick)
# Fixed stopping lua scripts was not calling onUnload.
File information: NDCH 0.0.1.6