Author Archives: Pichaya Morimoto

OLX.co.th – XSS to Account Take Over

November 16th, 2014 📆 | 2941 Views ⚑

@author: LongCat Date: August 14, 2014 For education purpose only! Demonstrate how a XSS exposed risk to session hijacking. https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29

Tagged with:




Drupal 7.31 Pre-Auth SQL Injection (CVE-2014-3704)

October 16th, 2014 📆 | 3715 Views ⚑

Drupal 7.x SQL Injection SA-CORE-2014-005 (CVE-2014-3704) Report by: Stefan Horst https://www.drupal.org/SA-CORE-2014-005 Exploit: #Creditz to https://www.reddit.com/user/fyukyuk https://raw.githubusercontent.com/cvangysel/gitexd-drupalorg/master/drupalorg/drupalpass.py http://pastebin.com/nDwLFV3v ผลกระทบจากช่องโหว่นี้ไม่ได้หยุดอยู่แค่การเปลี่ยนรหัสผ่านแอดมิน ผู้โจมตีสามารถอัพเดทค่า callback

Tagged with: