Monday, November 1, 2010

Site Update since 2010-10-08

2010-11
------------
- Added Metasploit plugin - vhost_scannery.rb

 
2010-10
------------

- Updated HackerWebSearch

- Added XSS attack demo on Joomla! 1.5.20
- Added XSS advisory on Joomla! 1.5.20


2010-09
------------
- Updated modrewrite-securityrule

- Divided new tools section - joint

- Added new tool - inspath [Internal Path Disclosure Finder]
    - http://yehg.net/lab/pr0js/files.php/inspath.zip
 
- Added new article - Path Disclosure Vulnerability
    - http://yehg.net/lab/pr0js/view.php/path_disclosure_vulnerability.txt
   
- Added inj3ct0r in Hacker Web Search

 
2010-08
------------
- Added advisories:
    http://yehg.net/lab/pr0js/advisories/joomla/%5Bcom_bc%5D_cross_site_scripting
    http://yehg.net/lab/pr0js/advisories/joomla/%5Bcom_bcaccount%5D_persistent_cross_site_scripting
    http://yehg.net/lab/pr0js/advisories/joomla/%5Bcom_blastchatc%5D_cross_site_scripting
    http://yehg.net/lab/pr0js/view.php/%5Bphpmyadmin-3.3.5%5D_cross_site_scripting(XSS)
    http://yehg.net/lab/pr0js/view.php/[adbard.net]_xss
    http://yehg.net/lab/pr0js/view.php/[linkbucks.com]_xss,redirect
    http://yehg.net/lab/pr0js/advisories/2wire/%5B2wire%5D_session_hijacking_vulnerability

- Updated Hacker Web Search Aggregator (aka. Ultimate Recon)
    http://yehg.net/q

- Updated PHP Charset Encoder
    http://yehg.net/e

- Added new article - Most Neglected Fact About CSRF
    http://yehg.net/lab/pr0js/view.php/A_Most-Neglected_Fact_About_CSRF.pdf

- Divided advisory section into sub categories - commercial, open-source, web site
    http://yehg.net/lab/#advisories

- Added  xss payload files with different extensions (jpg,css, js,htc) , mostly from from ha.kcers.org
    http://yehg.net/lab/#words

- Added common apache log files location for reference that aids in LFI attack
    http://yehg.net/lab/pr0js/pentest/wordlists/others/apache_logs_loc.txt