r0ng's XSS Challenges - Challenge 3

 XSS Challenge is back, challenge No. 3!

LFI vulnerability + image upload form? You got Remote Code Execution!

An easy RCE when you find a LFI vulnerability and are able to upload images/any other file to the website.

[Release!] Backcat - Back-connect Utility [*nix]

[+] Outline:
A simple utility for making life easier when back-connecting from a foreign host where firewall rules are not known.  Run a copy locally specifying a port range to listen on (optionally specify another program to handle the connection). And on the server run a copy specifying the port destination range to try and 'brute-force' (optionally specify a local port range to bind to instead of taking the first available / and optionally specify a program to pass the connection to, e.g. "/bin/sh -i").

How to hide XSS in flash movies/games

Here is a tutorial on how to rip and edit an existing flash movie/game for use in XSS attacks. The objective is to steal cookies silently without changing the flash movie's behavior from the perspective of the user.

Weaknesses in google Chrome XSSAuditor - a bypass found!

r0ng's XSS Challenges - Challenge 2

Try to solve these challenges and send me your solutions via the comments (moderated), if you are correct I will add you to the solvers list :).

r0ng's XSS Challenges - Challenge 1

Try to solve these challenges and send me your solutions via the comments (moderated), if you are correct I will add you to the solvers list :).

r0ng's cookie logger script - for silently stealing website cookies

For when you want to steal someone's session cookies but you don't want to raise the alarm!

Exploiting POST Method XSS Silently

POST HTTP method XSS exploitation without the target filling out a form... SILENTLY

"One does not simply finds a DOM based XSS without js analysis"

Checkout this cool blog from Prakhar Prasad (http://blog.prakharprasad.com/), they setup an interesting XSS challenge that requires code analysis to solve, here: xss.prakharprasad.com (also thanks to MaXoNe who I think contributed to it).

CGI-C Shell - PHP disabled functions/Safe Mode Bypass Shell source [Windows/Linux]

When Safe mode is on it can be a pain to do what you want to do on the system. Being able to access CGI solves this problem, and here is my implementation of a shell (safe mode bypass) in C for windows and linux.

Persistent XSS in wysiwyg module CKEditor below 4.1 - drupal 6.x 7.x

This persistent XSS vulnerability requires a little bit social engineering to work, see the report below:

How to shell a server via image upload and bypass extension + real image verification

During a website audit, upload forms and other interactive 'user-content' driven facilities are often found to be protected by client side and/or server side security checks. This tutorial presents the methods that can be used to circumvent these security checks. In this case we're specifically considering image uploads that allow JPG files in particular.

2nd Cross-site-scripting vulnerability find in Microsoft.com

Another Microsoft find for the wall! http://technet.microsoft.com/en-us/security/cc308589.aspx

C Source Release:

C Source Release:

LastDoor - Root Backdoor and Log-Cleaner for Linux

[+] What is it?

 

A backdoor for retaining root access and a log cleaner with several functions.

XSS find in Google.com - on the hall of fame at last!

March update:

Google updated their wall of fame for Jan-March (http://www.google.co.uk/about/appsecurity/hall-of-fame/reward/). I disclosed a cross site scripting (XSS) vulnerability last month, and Google were kind enough to put me on their wall (and give me a few pennies to spend at the sweet shop).