Multiple XSS Vulnerability on Pixie 1.0.4

# Exploit Title: Multiple XSS Vulnerability on Pixie 1.0.4# Google Dork: no# Date: 29-03-2017# Exploit Author: @rungga_reksya, @dickysofficial# Vendor Homepage: http://www.getpixie.co.uk# Software Link: https://us.softpedia-secure-download.com/dl/44791fdde14260bc7a8d08df65bcd048/58db4b5c/700044699/webscripts/php/pixie_v1.04.zip# Version: 1.0.4# Tested on: Windows Server 2012 Datacenter EvaluationI. Background:Pixie is a free, open source web application that will help quickly create your own website. Many people refer to this type of software as...

Read More

Remote File Upload Vulnerability in b2evolution 6.8.8

# Exploit Title: Remote File Upload Vulnerability in b2evolution 6.8.8# Google Dork: no# Date: 14-03-2017# Exploit Author: @rungga_reksya, @dvnrcy, @yokoacc# Vendor Homepage: http://b2evolution.net# Software Link: http://b2evolution.net/downloads/6-8-8?download=6883# Version: 6.8.8 Stable# Tested on: Windows Server 2012 Datacenter Evaluation# CVE : noI. Background:b2evolution is a tool that allows you to build your own website. This ranges from just...

Read More

XSS Vulnerability on Agora-Project 3.2.2

# Exploit Title: XSS Vulnerability on Agora-Project 3.2.2# Google Dork: no# Date: 23-02-2017# Exploit Author: @rungga_reksya, @AdyWikradinata, @yokoacc# Vendor Homepage: https://www.agora-project.net# Software Link: https://www.agora-project.net/?ctrl=offline&action=download# Software Link Mirror: https://jaist.dl.sourceforge.net/project/agora-project/agora_project_3.2.2.zip # Version: 3.2.2# Tested on: Windows Server 2012 Datacenter Evaluation# CVE : CVE-2017-6559, CVE-2017-6560, CVE-2017-6561, CVE-2017-6562I. Background:Agora-Project is a...

Read More

Privilege Escalation (Manipulation of User Group) Vulnerability on Fiyo CMS 2.0.6.1

# Exploit Title: Privilege Escalation (Manipulation of User Group) Vulnerability on Fiyo CMS 2.0.6.1# Google Dork: no# Date: 11-03-2017# Exploit Author: @rungga_reksya, @dvnrcy# Vendor Homepage: http://www.fiyo.org# Software Link: https://sourceforge.net/projects/fiyo-cms# Version: 2.0.6.1# Tested on: Windows Server 2012 Datacenter Evaluation# CVE : CVE-2017-6823I. Background:Fiyo CMS dikembangkan dan dibuat pertama kali oleh mantan seorang pelajar...

Read More

Information Security Look Like Football

Information security inside an organization look like a football game. Each person has different role and responsibility but having a common goal. The goal is to securing data and information of organization from technical level to strategic level. We can map the roles exists in football to each member of IT security team, such as: - The goal keeper and defender, they are the sysadmin and infrastructure network team. Protecting the assets...

Read More