Hi , today OpenCart .
Just setup Opencart to give it a pen-test and here is initial results.
Oka Bug
OpenCart Disclose the Local Path Of server on many location , Some of them are . .
http://localhost/opencart/upload/catalog/controller/account/address.php
http://localhost/opencart/upload/catalog/controller/account/account.php
http://localhost/opencart/upload/catalog/controller/account/order.php...
Hi , today concrete
Concrete is a famous Content management system.
For more
www.concrete5.org
So i was just pen-testing it a bit and initially just found that It is not using any security token to protect making
admin/users logout (CSRF).
http://localhost/concrete/index.php/login/logout/
In...
Hi , for today Free hosting manager.Free hosting manager is a free script to install and run your hosting.
Its includes clients register their and then order hosting and blah blah..so the script is highly vulnerable plus if you successfully upload the shell or have server access you do symlink to get the root whm logins.
Free hosting manager store root logins in config.php
So...
Hi , some days ago found a XSS bug in Paypal Services but was not eligible to get the bounty ,well no worries will try again :D . . .
It was subdomain of billmelater.com
Bug Can be used for like phishing attacks etc
domain: http://wwwb.search.billmelater.com
They...
Hi , just browsing Sourceforge and see a script having more than 1 thousand downloads per week , so not bad to give it a pentest and found some stuff in it :)
Exploit Links
http://www.exploit-db.com/exploits/24849
http://1337day.com/exploit/20513
http://packetstormsecurity.com/files/120828/DaloRadius-CSRF-XSS-SQL-Injection.html
Exploit
-------------------------------------------------------------------------
#...
Exploit Links:
http://www.exploit-db.com/exploits/24742/
http://packetstormsecurity.com/files/120760/Web-Cookbook-SQL-Injection.html
http://1337day.com/exploit/20501
Exploit
# Exploit Title: Web Cookbook Multiple SQL Injection
# Date: 2013/3/12
# Exploit Author: Saadat Ullah , saadi_linux@rocketmail.com
# Software Link: http://sourceforge.net/projects/webcookbook/
# Author...
Hi Today Nconf v1.3 ,Ahh script is highly insecure so just Reported Few of them..
Exploit Links:
http://1337day.com/exploit/20475
http://packetstormsecurity.com/files/120628/Nconf-1.3-SQL-Injection-Cross-Site-Scripting.html
# Exploit Title: nconf handle_item.php,Modify_attr.php etc Multiple Sql injection
# Date: 2013/3/4
# Exploit Author: Saadat Ullah,saadi_linux@rocketmail.com
#...
hi , 2 days back my friend need a cms on image gallery so after finding one i Pentest Script and Found highly Insecure.
Complete Exploit Can be View Here.
1337day : http://1337day.com/exploit/20470
PacketStrome: http://packetstormsecurity.com/files/120619/PloggerGallery-1.0-RC1-CSRF-XSS-SQL-Injection.html
P0c
-------------------------------------------------------------------------
#...
I was working on some mybb plugins and found some vulns in that..
So for now PRO STAT .
Vendors: http://prostats.wordpress.com
Pro stat is Well known Mybb plugin and vuln to sql injection Inside admin panel and Change viewer.
ITs not much exploitable but bcz u want admin logins but...
Sallam ,
I was thinking to make an blog for my security findings and updates so,
All my security updates gona come here..
Cheers
Sa...
