NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Website Feedback - XSS vulnerability

WARNING!
Due to the number of SCAMS going on in the PAID forum, PLEASE ask an ADMIN or MODERATOR to verify ALL found passwords to ensure you are not being SCAMMED.
DO NOT PAY until an ADMIN or MOD has verified them for you!


5 Results - Page 1 of 1 -
1
Author Message
Avatar
Shifterovich

Status: n/a
Joined: Sat, 09 Apr 2016
Posts: 17
Team:
Reputation: 0 Reputation
Offline
Tue, 09 Aug 2016 @ 16:29:59

Please fix the XSS @ https://hashkiller.co.uk/hash-min-max.aspx, as the alert suggests.


protip: be careful with your RAM when working with own rainbow tables, lol

Avatar
Jumpforce

Status: Cracker
Joined: Fri, 18 Mar 2016
Posts: 152
Team:
Reputation: 129 Reputation
Offline
Tue, 09 Aug 2016 @ 22:00:25

May I suggest you to NOT post found vulnerability of a site in a public forum. Just contact a mod or admin via irc or forum messages.
I don't speak for the forum, but please regard this next time if you find something like this.


Donations to the forum please!
IRC: Jumpforce

Avatar
Chick3nman
Moderator
Status: Trusted
Joined: Wed, 28 Jan 2015
Posts: 546
Team:
Reputation: 582 Reputation
Offline
Tue, 09 Aug 2016 @ 22:56:59

Jumpforce said:

May I suggest you to NOT post found vulnerability of a site in a public forum. Just contact a mod or admin via irc or forum messages.
I don't speak for the forum, but please regard this next time if you find something like this.

It was exploited by the user hashes.org it seems.


My PGP key is available for security and identity verification here: https://keybase.io/chick3nman

Hardware: 1x D-WAVE 2000Q

BTC: 1Chick3nMTco6sBEByKuvmAzYTBsGN5KzD

Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3036
Team: HashKiller
Reputation: 4061 Reputation
Offline
Tue, 09 Aug 2016 @ 23:08:25

Yeah, I put that page together quickly so not suprised. Issue is only on the text field as new URL encoding. Sorted now although, I do not appreciate the length hashes.org went in order to exploit it.


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
Shifterovich

Status: n/a
Joined: Sat, 09 Apr 2016
Posts: 17
Team:
Reputation: 0 Reputation
Offline
Wed, 10 Aug 2016 @ 23:48:44

Jumpforce said:

May I suggest you to NOT post found vulnerability of a site in a public forum. Just contact a mod or admin via irc or forum messages.
I don't speak for the forum, but please regard this next time if you find something like this.

I'd disclose it responsibly, but it had an alert and a redirect already

As I said "Please fix the XSS @ https://hashkiller.co.uk/hash-min-max.aspx, as the alert suggests."


protip: be careful with your RAM when working with own rainbow tables, lol


5 Results - Page 1 of 1 -
1

We have a total of 163681 messages in 20541 topics.
We have a total of 19308 registered users.
Our newest registered member is WeeJobbieMilzo.