Wednesday, 18 December 2013

r0ng's XSS Challenges - Challenge 3

 XSS Challenge is back, challenge No. 3!

Thursday, 31 October 2013

LFI vulnerability + image upload form? You got Remote Code Execution!

An easy RCE when you find a LFI vulnerability and are able to upload images/any other file to the website.

Wednesday, 23 October 2013

[Release!] Backcat - Back-connect Utility [*nix]

[+] Outline:
A simple utility for making life easier when back-connecting from a foreign host where firewall rules are not known.  Run a copy locally specifying a port range to listen on (optionally specify another program to handle the connection). And on the server run a copy specifying the port destination range to try and 'brute-force' (optionally specify a local port range to bind to instead of taking the first available / and optionally specify a program to pass the connection to, e.g. "/bin/sh -i").

Wednesday, 25 September 2013

How to hide XSS in flash movies/games

[Image: Adobe-moves-to-patch-zero-day-XSS-vulner...ge2_70.jpg]

Here is a tutorial on how to rip and edit an existing flash movie/game for use in XSS attacks. The objective is to steal cookies silently without changing the flash movie's behavior from the perspective of the user.

Monday, 16 September 2013

Weaknesses in google Chrome XSSAuditor - a bypass found!

r0ng's XSS Challenges - Challenge 2

Try to solve these challenges and send me your solutions via the comments (moderated), if you are correct I will add you to the solvers list :).

r0ng's XSS Challenges - Challenge 1

Try to solve these challenges and send me your solutions via the comments (moderated), if you are correct I will add you to the solvers list :).

Sunday, 11 August 2013

r0ng's cookie logger script - for silently stealing website cookies

For when you want to steal someone's session cookies but you don't want to raise the alarm!

Saturday, 6 July 2013

Exploiting POST Method XSS Silently

POST HTTP method XSS exploitation without the target filling out a form... SILENTLY

Sunday, 19 May 2013

"One does not simply finds a DOM based XSS without js analysis"

Checkout this cool blog from Prakhar Prasad (http://blog.prakharprasad.com/), they setup an interesting XSS challenge that requires code analysis to solve, here: xss.prakharprasad.com (also thanks to MaXoNe who I think contributed to it).

Saturday, 18 May 2013

CGI-C Shell - PHP disabled functions/Safe Mode Bypass Shell source [Windows/Linux]

When Safe mode is on it can be a pain to do what you want to do on the system. Being able to access CGI solves this problem, and here is my implementation of a shell (safe mode bypass) in C for windows and linux.

Wednesday, 15 May 2013

Persistent XSS in wysiwyg module CKEditor below 4.1 - drupal 6.x 7.x

This persistent XSS vulnerability requires a little bit social engineering to work, see the report below:

Friday, 10 May 2013

How to shell a server via image upload and bypass extension + real image verification

During a website audit, upload forms and other interactive 'user-content' driven facilities are often found to be protected by client side and/or server side security checks. This tutorial presents the methods that can be used to circumvent these security checks. In this case we're specifically considering image uploads that allow JPG files in particular.

Friday, 14 December 2012

C Source Release:

LastDoor - Root Backdoor and Log-Cleaner for Linux

[+] What is it?


A backdoor for retaining root access and a log cleaner with several functions.

Thursday, 1 March 2012

XSS find in Google.com - on the hall of fame at last!

March update:

Google updated their wall of fame for Jan-March (http://www.google.co.uk/about/appsecurity/hall-of-fame/reward/). I disclosed a cross site scripting (XSS) vulnerability last month, and Google were kind enough to put me on their wall (and give me a few pennies to spend at the sweet shop).