Home - Website Feedback - XSS vulnerability


5 Results - Page 1 of 1 -
1
Author Message
Avatar
Shifterovich

Status: n/a
Joined: Sat, 09 Apr 2016
Posts: 17
Team:
Reputation: 0 Reputation
Offline
Tue, 09 Aug 2016 @ 16:29:59

Please fix the XSS @ https://hashkiller.co.uk/hash-min-max.aspx, as the alert suggests.


protip: be careful with your RAM when working with own rainbow tables, lol

Avatar
Jumpforce

Status: Cracker
Joined: Fri, 18 Mar 2016
Posts: 149
Team:
Reputation: 119 Reputation
Offline
Tue, 09 Aug 2016 @ 22:00:25

May I suggest you to NOT post found vulnerability of a site in a public forum. Just contact a mod or admin via irc or forum messages.
I don't speak for the forum, but please regard this next time if you find something like this.


Donations to the forum please!

Avatar
Chick3nman
Moderator
Status: Trusted
Joined: Wed, 28 Jan 2015
Posts: 534
Team:
Reputation: 572 Reputation
Offline
Tue, 09 Aug 2016 @ 22:56:59

Jumpforce said:

May I suggest you to NOT post found vulnerability of a site in a public forum. Just contact a mod or admin via irc or forum messages.
I don't speak for the forum, but please regard this next time if you find something like this.

It was exploited by the user hashes.org it seems.


My PGP key is available for security and identity verification here: https://keybase.io/chick3nman

Hardware: 1x D-WAVE 2000Q

BTC: 1Chick3nMTco6sBEByKuvmAzYTBsGN5KzD

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 2902
Team: HashKiller
Reputation: 3880 Reputation
Offline
Tue, 09 Aug 2016 @ 23:08:25

Yeah, I put that page together quickly so not suprised. Issue is only on the text field as new URL encoding. Sorted now although, I do not appreciate the length hashes.org went in order to exploit it.


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 7x GeForce GTX 1070 and My Brain

Avatar
Shifterovich

Status: n/a
Joined: Sat, 09 Apr 2016
Posts: 17
Team:
Reputation: 0 Reputation
Offline
Wed, 10 Aug 2016 @ 23:48:44

Jumpforce said:

May I suggest you to NOT post found vulnerability of a site in a public forum. Just contact a mod or admin via irc or forum messages.
I don't speak for the forum, but please regard this next time if you find something like this.

I'd disclose it responsibly, but it had an alert and a redirect already

As I said "Please fix the XSS @ https://hashkiller.co.uk/hash-min-max.aspx, as the alert suggests."


protip: be careful with your RAM when working with own rainbow tables, lol


5 Results - Page 1 of 1 -
1

We have a total of 145839 messages in 18008 topics.
We have a total of 17979 registered users.
Our newest registered member is jisanx.