Search:

Type: Posts; User: karniv0re

Search: Search took 0.38 seconds.

  1. Multiple Vulnerabilities with the Cisco Developer Network

    I found a bunch of vulnerabilities with Cisco subdomains a couple of weeks ago, some of them were plain old XSS vulnerabilities,while others were more interesting. Cisco is yet to fix some of them...
  2. Replies
    0
    Views
    3,363

    XSS vulnerabilities in Symantec websites

    A couple of weeks ago, while doing some research for a paper I have been working on, I found two XSS vulnerabilities with the Symantec Learning Management System (symlms.symantec.com) and Enterprise...
  3. Article: Twitter Wipe Address Book CSRF Vulnerability

    You can view the page at http://www.garage4hackers.com/content.php?r=125-Twitter-Wipe-Address-Book-CSRF-Vulnerability
  4. Twitter Wipe Address Book CSRF Vulnerability

    I disclosed a CSRF vulnerability with Twitter, that could allow a malicious attacker to wipe the address book of an unsuspecting user. I reported the vulnerability in the beginning of March and they...
  5. Eureka!! Figured it out :D. Will post the...

    Eureka!!
    Figured it out :D. Will post the walkthrough of this case study post c0c0n :)
    See you guys..

    Regards,
    karniv0re
  6. TCP port forwarding over multiple ethernet cards (different networks)

    Hi all,

    This is a setup I am creating for c0c0n. My paper is based on a combination of multiple penetration tests that I have conducted in the past few years. I thought of adding a twist today but...
  7. Deja Vu is a relatively common phenomenon amongst...

    Deja Vu is a relatively common phenomenon amongst the general masses. The human brain is an extremely complex organ and can simulate an environment out of totally unrelated memories. We all have had...
  8. @Hackuin: If I am seeing it right, the image that...

    @Hackuin: If I am seeing it right, the image that you have posted is making requests over HTTP/1.0 in both the cases. here's what I got when I did an HTTP/1.0 with and without the host header and the...
  9. Replies
    3
    Views
    4,495

    My favorite part is when Samy teaches people on...

    My favorite part is when Samy teaches people on how to properly use Bing!
    Its an interesting video, just shows how applications behave deep down and how privacy leak is still one of the biggest...
  10. This actually works. I remember making this at an...

    This actually works. I remember making this at an onsite trip where the hotel wifi was miserable 2 years ago.
  11. This is an interesting thread! Here are 2...

    This is an interesting thread! Here are 2 incidents that stand out in my career:
    1. Several months ago, while performing PT for a bank, I managed to get a SQLi shell via their corporate website....
  12. Replies
    17
    Views
    16,746

    This is a good start. I don't know if you guys...

    This is a good start. I don't know if you guys have considered the following options, but anyways, my few cents on how this could be improved:
    1. Generate rainbow tables using Philippe's time-memory...
  13. Replies
    4
    Views
    3,047

    I set up a CTF every month as part of training...

    I set up a CTF every month as part of training for my junior team mates :). Its quite painful, trust me..
  14. Replies
    6
    Views
    2,960

    woah!! wats this awesome mind and all :) There...

    woah!! wats this awesome mind and all :) There are smarter ass** out there.. some of them that i know have already replied to this list :)

    Anyways, its nice to be here.. looking forward to sharing...
Results 1 to 14 of 16