Posts

Showing posts from November, 2010

Eclipse Source Code Disclosure

Funny Eclipse Source Code Disclosure   [View Online | Download]

This is not to describe source code disclosure as a vulnerability for the open-source Eclipse. Java web servers have been notoriously known for source code disclosure flaw. This is a demo of this kind in the recent Eclipse Help Server "Helios" version. The flaw seems to be due to Eclipse adaptor linked with OSGI framework.Who else might be vulnerable?

Encoded XSS Attack Demonstration on Joomla! 1.5.20

Encoded XSS Attack Demonstration on Joomla! 1.5.20   [View Online | Download]


Site Update since 2010-10-08

Image
2010-11
------------
- Added Metasploit plugin - vhost_scannery.rb


2010-10
------------

- Updated HackerWebSearch

- Added XSS attack demo on Joomla! 1.5.20
- Added XSS advisory on Joomla! 1.5.20


2010-09
------------
- Updated modrewrite-securityrule

- Divided new tools section - joint

- Added new tool - inspath [Internal Path Disclosure Finder]
    - http://yehg.net/lab/pr0js/files.php/inspath.zip

- Added new article - Path Disclosure Vulnerability
    - http://yehg.net/lab/pr0js/view.php/path_disclosure_vulnerability.txt

- Added inj3ct0r in Hacker Web Search


2010-08
------------
- Added advisories:
    http://yehg.net/lab/pr0js/advisories/joomla/%5Bcom_bc%5D_cross_site_scripting
    http://yehg.net/lab/pr0js/advisories/joomla/%5Bcom_bcaccount%5D_persistent_cross_site_scripting
    http://yehg.net/lab/pr0js/advisories/joomla/%5Bcom_blastchatc%5D_cross_site_scripting
    http://yehg.net/lab/pr0js/view.php/%5Bphpmyadmin-3.3.5%5D_cross_site_scripting(XSS)
    http://yehg.net/lab/pr0js/view.php/[adbard.net]_xss