I recently found a vulnerability in Zyxel P-660R T1 . Although the impact factor is quite low as it is an XSS (Cross site scripting) but still a vulnerability is a vulnerability . Xc0re Security Research Group Disclaimer: [This code is for Educational Purposes , I would Not be responsible…
Phrack 67 !!
Phrack is one of THE best hacking E-zines in the world !! Phrack’s 67th issue just released ! The most awaited release was a very big disappointment ! Phrack was and is known for its new technically super rich content about the Hidden networks, Compromising new technologies etc but this…
Facebook Attack
Hey all , I was browsing through the net when I came across a Blog , which stated “Return of the Facebook Snatchers” . So naturally I opened the page and found , the ultimate breach of privacy for the Facebook Users ! Any one , even the users not registered…
Xitami/5.0a0 Webserver Denial Of Service Vulnerability
################################################ # Name : Xitami/5.0a0 Denial Of Service # Author: Usman Saeed # Company: Xc0re Security Research Group # Website: http://www.xc0re.net # DATE: 10/05/10 # Tested on Windows 7 ! ################################################ Disclaimer: [This code is for Educational Purposes , I would Not be responsible for any misuse of this code]…
Food for thought !!
Hey every body !! Its been along time i posted on my blog ! I recently had an interview with some security managers of a Multi National Company ! We discussed about alot of Network Security Issues ! Although my mind was kinda rusted because i have lately been working…
Cherokee Web Server 0.5.4 Denial Of Service
####################################################### # # Name : Cherokee Web Server 0.5.4 Denial Of Service # Author: Usman Saeed # Company: Xc0re Security Research Group # Website: Xc0re.net # DATE: 25/10/09 # Tested on Windows ! ####################################################### Disclaimer: [This code is for Educational Purposes , I would Not be responsible for any misuse…
BSR Webweaver 1.33 /script security Bypass vulnerability
BSR Webweaver 1.33 Author : Usman Saeed , Exploit @ Xc0re Security Research Group. [*] Date: 15/09/09 [*] http://www.brswebweaver.com/downloads.html [*] Attack type : Remote [*] Patch Status : Unpatched [*] Description : In ISAPI/CGI path is [%installdirectory%/scripts] and through HTTP the alias is [http://[host]/scripts] ,The access security check is that…
Kolibri+ Webserver 2 Multiple Vulnerabilities
Kolibri+ Webserver 2 suffers from multiple vulnerabilities namely Directory Traversal & Denial OF Service. Vulnerability was reported on 6th of September 2009 by Xc0re Security Research Group. http://xc0re.net/index.php?p=1_19_Kolibri+-Webserver-2-multiple-vulnerabilities An attacker can easily crash the server , or send a crafted http request to escape the root directory and view any…
Web Application firewall bypass !
Web Application security is very important nowadays ! especially due to ecommerce. Hence Web Application firewalls came into being ! which automatically filter out the malicious query string. And many high end technology giants have them installed ! But what IF ???!!! Some one bypasses the WAF (Web Application Firewalls)…
Cisco Subscriber Edge Services Manager Cross Site Scripting And HTML Injection Vulnerabilities
Hello ! recently i found a vulnerability in Cisco Subscriber Edge Services Manager which enables the attacker to exploit the XSS and HTML Injection bug ! Details can be checked on Xc0re I think all the versions are affected !