PoC Silverlight Desktop Application, WCF, RIA, XSS.Cx

PoC Desktop Application by XSS.Cx

Navigation

Anti-Phishing Blog

XSS, LFI, Linksys E4200 Firmware, 0D
Mon, 06 May 2013 15:59:00 +0000
XSS, Javascript Injection, Brother MFC-9970CDW Printer Firmware L, 0D
Mon, 06 May 2013 15:53:00 +0000
CVE-2013-0438, Oracle Java JRE 7u5 SOP Bypass for ZIP-Based Filetypes, XSS, Cross Site Scripting
Wed, 27 Mar 2013 02:46:00 +0000
CVE-2012-1903, Stored XSS, Javascript Injection, Telligent Community 5.6.583.20496
Mon, 25 Mar 2013 16:14:00 +0000
CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, CWE-79, CAPEC-86, Full Disclosure
Wed, 17 Oct 2012 02:16:00 +0000
CVE-2012-1500, JIRA, GreenHopper, Stored XSS, CWE-79, CAPEC-19, Resolved
Mon, 03 Sep 2012 14:35:00 +0000
RESOLVED: SQL Injection, XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, pri.kts-af.net, CWE-89, Database Admin
Wed, 23 May 2012 04:18:00 +0000
RESOLVED: XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, search.lists.apple.com
Wed, 23 May 2012 04:09:00 +0000
apple.com, Resolved, XSS, Cross Site Scripting, Javascript Injection, Shortcut, Bookmark
Sun, 25 Mar 2012 14:05:00 +0000
discussions.apple.com, Resolved, XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Example, PoC, Report
Sun, 25 Mar 2012 14:00:00 +0000
mynews.apple.com, Resolved, HTTP Header Injection, Location Response Splitting, CWE-113, CRLF
Sun, 25 Mar 2012 13:52:00 +0000
CVE-2011-4763, Plesk Site Editor, CPanel 10.2.x, XSS, SQL Injection, CVE-2011-4764, CVE-2011-4765, CVE-2011-4766, CVE-2011-4767, CVE-2011-4768
Mon, 06 Feb 2012 13:34:00 +0000
CVE-2011-5020, Online TV Database, SQL Injection, CWE-89, CAPEC-66
Mon, 06 Feb 2012 12:53:00 +0000
Caveat Emptor, Caveat Venditor, Paros Pro Desktop Version 1.9.12 for Windows, WebAppSec, SCAP Tools
Sat, 28 Jan 2012 14:00:00 +0000
CVE-2011-5018, Koala Framework, XSS, Resolved, Cross Site Scripting, CWE-79, CAPEC-86
Sat, 31 Dec 2011 15:19:00 +0000
CVE-2011-4776, CVE-2011-4777, Parallels Plesk Panel v10.4.4_build20111103.18 os_Windows 2003/2008, XSS, Cross Site Scripting, CWE-79, CAPEC-86
Sat, 31 Dec 2011 13:43:00 +0000
SSO, XSS, CVE-2011-4745, PSA v10.3.1_build1013110726.09 os_RedHat el6, Billing Manager, CVE-2011-4746, CVE-2011-4747, CVE-2009-3555, CVE-2011-4748, CVE-2011-4749
Sun, 11 Dec 2011 23:10:00 +0000
CVE-2011-4750, SmarterTools WebServer, CVE-2011-2151, CVE-2011-2155, CVE-2011-4751, CVE-2011-2154, CVE-2011-2158, CVE-2011-4752
Sun, 11 Dec 2011 22:55:00 +0000
CVE-2011-4734, Plesk Control Panel for Windows Version 10.2.x Build 20110407.20,CVE-2011-4735, CVE-2011-4736, CVE-2011-4737, CVE-2011-4738, CVE-2011-4739, CVE-2011-4740, CVE-2011-4741, CVE-2011-4742, CVE-2011-4743, CVE-2011-4744
Sun, 11 Dec 2011 22:33:00 +0000
CVE-2011-4753, Plesk Control Panel for Windows Version 10.2.0, CVE-2011-4754, CVE-2011-4755, CVE-2011-4756, CVE-2011-4757, CVE-2011-4758, CVE-2011-4759, CVE-2011-4760, CVE-2011-4761, CVE-2011-4762
Sun, 11 Dec 2011 22:22:00 +0000
CVE-2011-4725, Plesk Parallels Panel Version psa v10.2.0_build1011110331.18 os_RedHat el6, CVE-2011-4726, CVE-2011-4727, CVE-2011-4728, CVE-2011-4729, CVE-2011-4730, CVE-2011-4731, CVE-2011-4732, CVE-2011-4733
Sun, 11 Dec 2011 22:06:00 +0000
google.com, XSS, Resolved, Captcha Form, Best Practices, Cross Site Scripting, CWE-79, CAPEC-86
Thu, 08 Dec 2011 18:54:00 +0000
groupon.com, XSS, Resolved, Cross Site Scripting, CWE-79, CAPEC-86
Wed, 30 Nov 2011 20:00:00 +0000
Commentary, Apple, Vulnerability Reporting, Stats, Burp Suite Pro, DOMinator, FuzzDB, Best Practices, Full Disclosure, Metrics, CoTs
Thu, 17 Nov 2011 22:36:00 +0000
wdg2.apple.com, XSS, Resolved, SSO, Cross Site Scripting, CWE-79, CAPEC-86, Best Practices
Thu, 17 Nov 2011 20:21:00 +0000

Desktop Chrome

Source Code and Solution File here.

Proof of Concept, Desktop Application, Silverlight Exploit Framework, Sandbox Testing, Right Click to Install

Loading