Wednesday 26 November 2014

One RCE Being exposed in which affects Microsoft company, Yahoo and Orange

1 comment


Ebrahim Hegazy, some sort of Pester Bounty Rogue via Egypt, provides determined some sort of stability vulnerability in which helped your pet to be able to chop Microsoft, Google in addition to Orange.
While he's within the seek out some sort of stability bug with Google domain names, he found some sort of website page in which helped your pet to be able to add. aspx document in addition to change the previous aspx data.

You possibly can simply develop a new document by simply transmitting WRITE-UP demand on the WEBSITE "http: //mx. horoscopo. bing. net/ymx/editor/inc/GenerateFile. asp" while using pursuing article content: "FileName=New_File_Name. aspx&FileContent=File_Content_Here".
Ebrahim provides purely uploaded some sort of document called 'zigoo. aspx' using 'zigoo' since content. To find out additional Google domain names that had been troubled by the same vulnerability, examiner performed some sort of Yahoo seek. The subsequent domain names ended up furthermore troubled by this particular bug: **. horoscopo. bing. internet, astrocentro. latino. live messenger. com, horoscopo. es. live messenger. com, astrologia. latino. live messenger. com, horoscopos. natural born player. live messenger. com in addition to astrocentro. mujer. fruit. es. Useful actuality concerning this vulnerability can be how the page developed with Google site mirrored with additional domain names more. "It’s Some sort of CDN(Content Delivery Network) Service regarding astrology in which cashes the same content to be able to give the item for that bass speaker domain names of their mentioned susceptible domain names, Consequently almost all data on one site will be demonstrated on all the domain names within the server.

Specialist claims. After canceling to be able to Google, Google provides compensated this examiner using some resources. While usual, Ms didn't give just about any prize on the examiner. Earlier this holiday season, Ebrahim found a vital Remote control PHP Program code Injection vulnerability with one of several Google domain names.




1 comment:

  1. **HACKING TOOLS WITH TUTORIALS & FULLZ AVAILABLE**
    (High Quality, Genuine Seller)

    =>Contact 24/7<=
    Telegram> @leadsupplier
    ICQ> 752822040

    Fullz info included
    NAME+SSN+DOB+DL+DL-STATE+ADDRESS
    Employee & Bank details included
    High credit fullz with DL 700+
    (bulk order negotiable)
    **Payment in all crypto currencies will be accepted**

    ->You can buy few for testing
    ->Invalid or wrong info will be replaced
    ->Serious buyers needed for long term

    TOOLS & TUTORIALS AVAILABLE FOR:

    "SPAMMING" "HACKING" "CARDING" "CASH OUT"
    "KALI LINUX" "BLOCKCHAIN BLUE PRINTS"

    **TOOLS & TUTORIALS LIST**

    ->Ethical Hacking Tools & Tutorials
    ->Kali Linux
    ->Keylogger & Keystroke Logger
    ->Facebook & Google Hacking
    ->Bitcoin Flasher
    ->SQL Injector
    ->Paypal Logins
    ->Bitcoin Cracker
    ->SMTP Linux Root
    ->DUMPS with pins track 1 and 2
    ->SMTP's, Safe Socks, Rdp's brute, VPN
    ->Php mailer
    ->SMS Sender & Email Blaster
    ->Cpanel
    ->Server I.P's & Proxies
    ->Viruses
    ->Premium Accounts (netflix cracker, paypal logins, pornhub, amazon)
    ->HQ Email Combo

    If you are searching for a valid vendor, it's very prime chance.
    You'll never be disappointed.
    **You should try at least once**

    Contact 24/7
    Telegram> @leadsupplier
    ICQ> 752822040

    ReplyDelete