Exploit the possiblities
Showing 1 - 25 of 41 RSS Feed

Files from Rafay Baloch

Email addressrhainfosec at gmail.com
First Active2012-12-24
Last Active2017-11-06
Bypassing Browser Security Policies For Fun And Profit
Posted Nov 6, 2017
Authored by Rafay Baloch

In this paper, the authors present their research about bypassing core security policies implemented inside browsers such as the "Same Origin Policy". They present several bypasses that were found in various mobile browsers. In addition, they also uncover other interesting security flaws found during their research such as Address Bar Spoofing, Content Spoofing, Cross Origin CSS Attacks, Charset Inheritance, CSP Bypass, Mixed Content Bypass etc. as found in Android Browsers. This is from a talk given at BlackHat ASIA 2016.

tags | paper, spoof
MD5 | ae67f5ff17aa89a494c33e64468b75e0
Microsoft Internet Explorer 11 XSS Filter Bypass
Posted Jun 12, 2016
Authored by Rafay Baloch

Microsoft Internet Explorer 11 suffers from a cross site scripting filter bypass vulnerability.

tags | exploit, xss, bypass
MD5 | fef98842089e1bc5d56dce3ff3d7de0d
Drupal 8.0.x-dev Cross Site Scripting
Posted Feb 20, 2016
Authored by Rafay Baloch

Drupal version 8.0.x-dev suffers from a cross site scripting vulnerability on IE8 and older versions.

tags | exploit, xss
MD5 | 4cc115efd3841a52c2e7e21d51879bf3
Shell Shock Auto Exploitation Script
Posted Oct 6, 2015
Authored by Rafay Baloch

This is a small python script that will enumerate through a list of targets and test their user agent for the shellshock vulnerability.

tags | exploit, tool, python
MD5 | 46a727bfeb409d8d5ff59e33fd541e66
Maxthon Browser Address Bar Spoofing
Posted Dec 28, 2014
Authored by Rafay Baloch

Maxthon Browser suffers from an address bar spoofing vulnerability.

tags | exploit, spoof
MD5 | 03f324cbc80f9895fb70716554e95d86
CM Browser SOP Bypass
Posted Sep 16, 2014
Authored by Rafay Baloch

The CM browser suffers from a same-origin bypass vulnerability.

tags | exploit, bypass
MD5 | c7e66ae20b37d92a0f5fc927433a8ef0
Google Chrome 36.0 XSS Auditor Bypass
Posted Sep 1, 2014
Authored by Rafay Baloch

Google chrome XSS auditor was found prone to a bypass when the user input passed though location.hash was being written to the DOM by using document.write property. Normally, XSS auditor checks XSS by comparing the request and response however, it also checks for request itself, if it contains an untrusted input to prevent DOM XSS as well.

tags | exploit, bypass
MD5 | a0c3e8772d87250bb1744ca3f80e0613
Android Browser Same Origin Policy Bypass
Posted Sep 1, 2014
Authored by Rafay Baloch

A SOP bypass occurs when a sitea.com is some how able to access the properties of siteb.com such as cookies, location, response etc. Due to the nature of the issue and potential impact, this is very rarely found in modern browsers. However, they are found once in a while.

tags | exploit, bypass
MD5 | ad8c182335459c502276023ef6987e04
HTML5 Modern Day Attack And Defence Vectors
Posted Jul 2, 2014
Authored by Rafay Baloch

Whitepaper called HTML5 Modern Day Attack and Defence Vectors. This paper analyzes most of the features introduced in HTML5 along with the vulnerabilities each feature introduces.

tags | paper, vulnerability
MD5 | 736a888b30911ba37662aea64668271e
WordPress TimThumb Finder 1.0 Beta
Posted May 25, 2014
Authored by Rafay Baloch

This is a python script that scans a webserver for timthumb.php.

tags | tool, scanner, php, python
systems | unix
MD5 | 27e686e37cd80664c76b7a885d56fe31
Lavarel-Security XSS Filter Bypass
Posted Apr 29, 2014
Authored by Rafay Baloch

Lavarel-Security cross site scripting filter suffers from a bypass vulnerability.

tags | exploit, xss, bypass
MD5 | 82d3e66a425cd7e997c924715a185f58
WordPress Infocus Theme Cross Site Scripting
Posted Jan 27, 2014
Authored by Rafay Baloch

WordPress Infocus Theme suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 45e7152bf024a53f3ce62232e75c41a2
phpMyRecipes 1.x.x XSS / CSRF / SQL Injection
Posted Dec 20, 2013
Authored by Rafay Baloch, Sikandar Ali

phpMyRecipes version 1.x.x suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | bccdc737419ad1f7f6b275394eb77113
Bypassing Modern Web Application Firewalls
Posted Dec 14, 2013
Authored by Rafay Baloch

This whitepaper is called Modern Web Application Firewalls Fingerprinting and Bypassing XSS Filters.

tags | paper, web
MD5 | 929bd2711e1c79a08e4a6c59381ac3ec
Joomla Flexicontent Remote Code Execution
Posted Dec 8, 2013
Authored by Rafay Baloch, Deepankar Arora

Joomla Flexicontent component suffers from a code execution vulnerability due to the inclusion of phpthumb.

tags | exploit, code execution
MD5 | 0121156a1173066631397e8ba23274e3
phpThumb 1.7.12 Server Side Request Forgery
Posted Dec 2, 2013
Authored by Rafay Baloch, Deepankar Arora

phpThumb version 1.7.12 allows for arbitrary request forgery server-side that can be used maliciously.

tags | exploit, arbitrary
MD5 | f72ae651fa20b1f14552a64fc575deb6
Joomla JMultimedia Command Execution
Posted Nov 30, 2013
Authored by Rafay Baloch, Deepankar Arora

Joomla JMultimedia component remote shell upload exploit.

tags | exploit, remote, shell
MD5 | ecdaaf7c8edd8fdf3331a44111267169
WordPress Pretty Photo Cross Site Scripting
Posted Nov 20, 2013
Authored by Rafay Baloch

WordPress Pretty Photo plugin suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | efb1df2016a22b2f0ce769614c2b718e
Eclipse.org SQL Injection
Posted Nov 15, 2013
Authored by Rafay Baloch, Shahmeer Amir

Eclipse.org suffers from a remote error-based SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d21f824b487c99dbc0a5b4b7ab2f80f6
OWASP Java Encoder Filter Bypass
Posted Nov 6, 2013
Authored by Rafay Baloch, Alex Infuhr

OWASP Java Encoder suffers from a cross site scripting bypass vulnerability when it comes to the use of backticks.

tags | exploit, java, xss, bypass
MD5 | 68b5a8a5dbc20e0d9105ad855c46b9ae
Google Chrome 31.0 Webkit Auditor Bypass
Posted Sep 24, 2013
Authored by Rafay Baloch, PEPE Vila

Google Chrome version 31.0 suffers from an auditor bypass that allows for cross site scripting attacks to successfully get through.

tags | exploit, xss, bypass
MD5 | 59b33ed589d9ea8d9e202dcd2431989
Mental JS Sandbox Bypass
Posted Sep 20, 2013
Authored by Rafay Baloch, Giuseppe Trotta

Mental JS suffers from a sandbox bypass due to the ability to still execute javascript via document.inner.HTML.

tags | exploit, javascript, bypass
MD5 | 9c4162c118fa0355c9c61252196d47be
Modsecurity Cross Site Scripting Bypass
Posted Aug 31, 2013
Authored by Rafay Baloch

Modsecurity suffers from a cross site scripting bypass vulnerability.

tags | exploit, xss, bypass
MD5 | e94fc45eeeb7a90c685b095d36b2bf62
Link Farm Evolution 1.8.7 Cross Site Scripting
Posted Jul 1, 2013
Authored by Prakhar Prasad, Rafay Baloch

Link Farm Evolution version 1.8.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 92eb8b521f0867ec63d49fbc2dc5ddac
Xorbin Analog Flash Clock 1.0 For Joomla XSS
Posted Jun 30, 2013
Authored by Prakhar Prasad, Rafay Baloch

Xorbin Analog Flash Clock plugin version 1.0 for Joomla suffers from a flash-based cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-4692
MD5 | 3f7ac9003a3fcd1c75083c6aa615a9d3
Page 1 of 2
Back12Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    1 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close