Tweet
-
I wish you all a happy new year !
-
merry xss-mas, everyone.
-
Command Execution In Paypal Worth 5000$: http://www.rafayhackingarticles.net/2012/12/wow-paypal-sends-me-5000-for-command.html …
Di-retweet oleh David Vieira-KurzBentangkan Ciutkan -
Ebay's Security Team sent me a gift for my continuous support: http://www.majorsecurity.net/images/ebay-bug-bounty-gift.png …
-
Event hijacking due to preventDefault() in JQuery lib: http://labs.neohapsis.com/2012/11/14/browser-event-hijacking/ …
-
I've been also listed on Nokia Siemens Networks Security hall of fame: http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure …
-
Exploitable SQL Injection on
#Ebay - details here: http://blog.majorsecurity.net/2012/11/18/exploitable-sqli-on-ebay-dot-com-analysis/ … CC:@TheHackersNews@Softpedia -
@shafigullin I was thinking on ex*/*/pression or &equiv in older IE version. -
@shafigullin there's still no solution for s1.php in modern browsers. only for s2.php to s6.php -
@shafigullin I think your approach on eval.html is well on disabling js by encoding the dot, equal sign and closing round parenthesis. :) -
@thewildcat your pastebin link is an Unknown Paste ID. can you please upload it once again ? -
@superevr if user-supplied values comes before hidden then in modern browsers hidden has no priority at all. -
@superevr i agree with the order. if hidden comes before any user-supplied argument modern browsers only accepts the first one. -
@superevr by using type/ which in xhtml makes type="" out of it and modern browsers takes the first coming type. -
@soaj1664ashar your welcome :) of course it's okay for me. we have to share knowledge in the sec community. -
@soaj1664ashar check your DM for full vector :)
@secalert masih belum menge-tweet.
Pemuatan tampaknya berlangsung agak lama.
Twitter sedang kelebihan beban atau mengalami sedikit masalah. Coba lagi atau kunjungi Status Twitter untuk informasi selengkapnya.
Tandai media ini
Telah ditandai karena mengandung konten sensitif.
David Vieira-Kurz
Rafay baloch