Category Archives: 0Day

KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug

Posted on 28/08/2015 by WhiteHole

KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug   Exploit Title: KnowledgeTree login.php &errorMessage parameter Reflected XSS Web Security Vulnerability Product: Knowledge Tree Document Management System Vendor: Knowledge Inc Vulnerable Versions: OSS 3.0.3b Tested Version: OSS … Continue reading

Posted in 0Day, XSS Vulnerability | Tagged , , , , , | Leave a comment

eBay Covert Redirect Web Security Bugs Based on Googleads.g.doubleclick.net

Posted on 25/06/2015 by WhiteHole

eBay Covert Redirect Vulnerability Based on Googleads.g.doubleclick.net (1) WebSite: ebay.com “eBay Inc. (stylized as ebay, formerly eBay) is an American multinational corporation and e-commerce company, providing consumer to consumer & business to consumer sales services via Internet. It is headquartered … Continue reading

Posted in 0Day, Covert Redirect Vulnerability, Website Testing | Tagged , , , , , , , , , | Leave a comment

Google Covert Redirect Web Security Bugs Based on Googleads.g.doubleclick.net

Posted on 25/06/2015 by WhiteHole

  Bypass Google Open Redirect Filter Based on Googleads.g.doubleclick.net — Google Covert Redirect Vulnerability Based on Googleads.g.doubleclick.net       (1) WebSite: google.com   “Google is an American multinational technology company specializing in Internet-related services and products. These include online … Continue reading

Posted in 0Day, Covert Redirect Vulnerability, Website Testing | Tagged , , , , , , , , , , | Leave a comment

OSVDB 119342, 119323 NetCat CMS Multiple HTTP Response Splitting (CRLF) Web Security Vulnerabilities

Posted on 14/06/2015 by WhiteHole

  OSVDB 119342, 119323 NetCat CMS Multiple HTTP Response Splitting (CRLF) Web Security Vulnerabilities   Exploit Title: NetCat CMS Multiple CRLF Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 … Continue reading

Posted in 0Day, HTTP Response Splitting (CRLF), Web Application | Tagged , , , , , , , , , , , , , , , , | Leave a comment

Bugtraq ID 75176 – 6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities

Posted on 14/06/2015 by WhiteHole

Bugtraq ID 75176 – 6kbbs v8.0 Weak Encryption Cryptography Security Vulnerabilities Exploit Title: 6kbbs Weak Encryption Web Security Vulnerabilities Vendor: 6kbbs Product: 6kbbs Vulnerable Versions: v7.1 v8.0 Tested Version: v7.1 v8.0 Advisory Publication: June 08, 2015 Latest Update: June 10, … Continue reading

Posted in 0Day, Bugtraq, Weak Encryption, Web Application | Tagged , , , , , , , , , , , , , , , , | Leave a comment

The Weather Channel weather.com Almost All Links Vulnerable to XSS Attacks

Posted on 04/12/2014 by WhiteHole

      The Weather Channel at Least 76.3% Links Vulnerable to XSS Attacks     Domain Description: http://www.weather.com/   “The Weather Channel is an American basic cable and satellite television channel which broadcasts weather forecasts and weather-related news and … Continue reading

Posted in 0Day, Web Security, XSS Vulnerability | Tagged , , , , , , , , , , , , , , , , | 2 Comments

Covert Redirect – Knowledge

Posted on 04/12/2014 by WhiteHole

Covert Redirect is a class of security bugs disclosed in May 2014. It is an application that takes a parameter and redirects a user to the parameter value without sufficient validation.     Covert Redirect is also related to single … Continue reading

Posted in 0Day, Computer Security | Tagged , , , , , , | Leave a comment

New York Times nytimes.com Page Design XSS Vulnerability (Almost all Article Pages Before 2013 are Affected)

Posted on 01/11/2014 by WhiteHole

      Domain: http://www.nytimes.com/   “The New York Times (NYT) is an American daily newspaper, founded and continuously published in New York City since September 18, 1851, by the New York Times Company. It has won 114 Pulitzer Prizes, … Continue reading

Posted in 0Day, Website Testing, XSS Vulnerability | Tagged , , , , , , , , , , , , , , , , , | Leave a comment

Odnoklassniki.ru (OK.RU) Online Website Covert Redirect Web Security Bugs Based on Google.com

Posted on 15/10/2014 by WhiteHole

  Odnoklassniki.ru (OK.RU) Online Website Covert Redirect Web Security Bugs Based on Google.com   (1) Domain: Odnoklassniki.ru   “Odnoklassniki, OK.ru (Russian: Одноклассники -Classmates) is a social network service for classmates and old friends. It is popular in Russia and former … Continue reading

Posted in 0Day, Covert Redirect Vulnerability, Website Testing | Tagged , , , , , , , , , , , , , , , , , | Leave a comment

优酷 (Youku) 网站 隐蔽重定向(Covert Redirect) 网路安全漏洞 基于 百度 (Baidu.com)

Posted on 15/10/2014 by WhiteHole

      优酷 (Youku) 网站 隐蔽重定向 (Covert Redirect) 网络安全漏洞 基于 百度 (Baidu.com)   (1) 域名: youku.com   ” 优酷是中国领先的视频分享网站,由古永锵在2006年6月21日创立,优酷网以 “快者为王”为产品理念,注重用户体验,不断完善服务策略,其卓尔不群的“快速播放,快速发布,快速搜索”的产品特性,充分满足用户日益增长的多元化互动 需求,使之成为中国视频网站中的领军势力。优酷网现已成为互联网拍客聚集的阵营。美国东部时间2010年12月8日,优酷网成功在纽约证券交易所挂牌上 市。2014年4月28日,优酷土豆集团宣布与阿里巴巴(滚动资讯)集团建立战略投资与合作伙伴关系。2014年,优酷正式宣布多屏日视频播放量(VV) 突破6亿,截至2014年6月,中国网络视频用户规模达4.39亿。” (百度百科)       (2) 漏洞描述: 优酷网站有有一个计算机安全问题,黑客可以对它用隐蔽重定向 (Covert Redirect) 网络攻击。     这 个漏洞不需要用户登录,测试是基于微软 Windows 8 … Continue reading

Posted in 0Day, Covert Redirect Vulnerability, Website Testing | Tagged , , , , , , , | Leave a comment