Entries tagged as security
Cisco ACL RIPv2 SNMP OpenSSH OpenBSD Sicherheit coding steganographie reverse engineering challenges advisory cross site scripting icinga nagios saarland xss artikel check point nessus lfi HTTPS Intrusion Prevention sql injection full path disclosure metasploit infoserve directory traversal http polipo proxy buffer overflow backdoor denial of service dos bypass cross site request forgery heise owasp adobe omniture open redirection apple.com store.apple.com cheat sheet html5 bug bounty markplaats.nl sicherheit saar sven animal shelters animals cats dogs donate hunde katzen support abra openbsd openssh IPv6
SSCHADV2013-012 - ssl.bing.com - Cross-site Scripting vulnerability
Advisory:
|
ssl.bing.com – Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-012
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on ssl.bing.com
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
The website ‘ssl.bing.com’ is prone to a Cross-site Scripting vulnerability
MARKPLAATS.nl Bug Bounty Program #Bounty received
Today I received my bounty for a vulnerability, which I reported for the MARKPLAATS.nl Bug Bounty Program.
And here it is … my ‘ebay classifieds whitehat’ :-)
![]() |
![]() |
Really nice, isnt’t it :-) ?
In my opinion the MARKPLAATS.nl bug bounty program is one of the good ones, fast feedback and a nice contact, too.
By the way, the vulnerability is not fixed yet, so I will publish the advisory to a later time.
Yahoo Bug Bounty Program Vulnerability #2 Open Redirect
In Dec ’13 I reported a Open Redirect (and two other vulnerabilities, first in Nov ’13) to the Yahoo Bug Bounty Program. Sadly, I’ve got no response or feedback for any of this issues, so I wrote a new message to them (this time via email).
Last week they told me that Open redirects are no longer in scope of the bug bounty programm :-/
So here is my advisory for this issue:
SSCHADV2014-001 - Wordpress Plugin WP-Members Version 2.8.9 - Stored and reflected Cross-site Scripting vulnerabilities
Advisory:
|
Wordpress Plugin WP-Members 2.8.9 – Multiple Cross-site Scripting vulnerabilities
|
Advisory ID:
|
SSCHADV2014-001
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on WP-Members Version 2.8.9
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
The Wordpress plugin "WP-Members 2.8.9" is prone to reflected and stored XSS vulnerabilities
[Video] - Build a backdoor in OpenSSH 6.4p1 with Kali Linux
This time I show you, how to build a "backdoor" in your own OpenSSH 6.4p1 installation under Kali Linux
Continue reading "[Video] - Build a backdoor in OpenSSH 6.4p1 with Kali Linux"