«
Expand/Collapse
180 items tagged "search"
Related tags:
search version [+],
search plugin [+],
search path [+],
com [+],
sql injection [+],
search api [+],
chaos communication congress [+],
job search [+],
job [+],
ip search [+],
vulnerability [+],
wordpress [+],
network [+],
hostname [+],
enumerator [+],
vbulletin [+],
sql [+],
python [+],
proof of concept [+],
privilege escalation vulnerability [+],
local privilege escalation [+],
ghostscript [+],
forgery [+],
file search [+],
file [+],
effective [+],
api [+],
web [+],
video [+],
seizure [+],
search result [+],
search module [+],
privacy event [+],
path [+],
multisite [+],
mp3 search engine [+],
mobile mp3 [+],
mobile [+],
linux [+],
isabel drost [+],
intelligent search engines [+],
hijacking [+],
germany [+],
exploits [+],
encoding [+],
code execution [+],
brown rob ragan [+],
authors [+],
adversarial environment [+],
zoom [+],
zerboard [+],
yolink [+],
whois search [+],
whois [+],
tyler [+],
third party [+],
siche [+],
search ui [+],
search queries [+],
search network [+],
search engine builder [+],
search and seizure [+],
search activity [+],
ragan [+],
python versions [+],
prh [+],
phpmyadmin [+],
paydutchgroup [+],
network search engine [+],
nasty creature [+],
malicious users [+],
malicious user [+],
jaydeonline [+],
information [+],
image search engine [+],
image [+],
goblin [+],
gggooglescan [+],
expression search [+],
expression [+],
dns servers [+],
dns queries [+],
dns [+],
direct access [+],
destination search [+],
destination [+],
denial of service [+],
database search [+],
database [+],
conduit [+],
communication [+],
builder [+],
boomge [+],
babylon [+],
automatic search [+],
audio [+],
access [+],
cross site scripting [+],
x86 linux [+],
user [+],
untrusted [+],
slides [+],
shellcode [+],
session [+],
service vulnerability [+],
searchlog [+],
search functionality [+],
search field [+],
presentation summaries [+],
pitchford [+],
php files [+],
perfect [+],
openldap [+],
online [+],
module [+],
mining [+],
marco gercke [+],
lecture [+],
ldap search [+],
ldap [+],
knowledge discovery techniques [+],
kleinanzeigenmarkt [+],
key tags [+],
joomla [+],
intensive level [+],
intelligence [+],
handcuffs [+],
google earth [+],
google cache [+],
files search [+],
field [+],
extensive statistical analysis [+],
europe [+],
cybercrime [+],
component search [+],
code [+],
chaos communication camp [+],
cache [+],
bible search [+],
bible [+],
arbitrary html [+],
arbitrary code execution [+],
apple safari [+],
engine [+],
xss [+],
xenon lamp [+],
xenon arc lamp [+],
xenon [+],
world war ii [+],
woc [+],
webedition [+],
warns [+],
virtual interface [+],
viewvc [+],
video search engines [+],
video search [+],
usa [+],
typo [+],
tax [+],
steve dunker [+],
stack overflow [+],
sql query [+],
spotify [+],
sophos [+],
softwares [+],
social engineering [+],
sharepoint [+],
serveur web [+],
serves [+],
security researchers [+],
security centre [+],
security [+],
search warrants [+],
search traffic [+],
search scope [+],
search page [+],
search extension [+],
search engines [+],
search engine v3 [+],
search engine study [+],
search engine script [+],
search engine php [+],
search engine optimisation [+],
search data [+],
search component [+],
search command [+],
search bible [+],
scrutinise [+],
script v1 [+],
script sql [+],
script [+],
safari search [+],
revou [+],
result [+],
researchers [+],
remote [+],
regular expression [+],
quot [+],
python script [+],
post [+],
portal search [+],
portal [+],
poisoned [+],
plugin [+],
pirate web [+],
pirate bay [+],
phpmyfaq [+],
php sql [+],
php nuke [+],
paris [+],
paper [+],
page [+],
news [+],
nbsp [+],
multisite search [+],
multiple [+],
ms security [+],
microsoft sharepoint [+],
microsoft [+],
mercury [+],
memory exhaustion [+],
media monopolies [+],
manu [+],
lord [+],
list [+],
library search path [+],
library [+],
language search [+],
language [+],
lamp [+],
kunena [+],
knowledge base [+],
jim rennie [+],
jevents [+],
isps [+],
information intelligence [+],
information disclosure [+],
imapd [+],
huge list [+],
hosts [+],
hostnames [+],
holders [+],
history search [+],
history [+],
hijack [+],
heavily [+],
health tax [+],
health [+],
hacks [+],
hacking search [+],
hackers [+],
hacker [+],
guide [+],
government search engine [+],
government [+],
google search [+],
glsa [+],
global search [+],
global [+],
func [+],
fbi [+],
explained [+],
eric rachner [+],
engine crawler [+],
edgephp [+],
ecshop [+],
dunker [+],
dorkmaster [+],
disclosure [+],
demand [+],
debutant [+],
day [+],
cruxcms [+],
crackdown [+],
content types [+],
consulting [+],
cobrascripts [+],
classic [+],
chans [+],
centre search [+],
centre [+],
canoy [+],
blog [+],
blacklist [+],
bing is [+],
ben krasnow [+],
bat signal [+],
autocomplete [+],
auth [+],
audio search [+],
asp [+],
arcade [+],
arbitrary [+],
apartmen [+],
ajax [+],
access security [+],
a blog [+],
Software [+],
Espace [+],
drupal [+],
search engine [+],
google [+],
cross [+],
bing [+],
search parameter [+],
php [+]
-
-
10:00
»
Packet Storm Security Recent Files
This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
-
10:00
»
Packet Storm Security Recent Files
This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
-
10:00
»
Packet Storm Security Tools
This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
-
10:00
»
Packet Storm Security Tools
This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
-
10:00
»
Packet Storm Security Misc. Files
This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
-
10:00
»
Packet Storm Security Misc. Files
This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
-
-
16:00
»
SecuriTeam
Kunena is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
-
-
16:00
»
SecuriTeam
The AJAX Post Search Plugin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
-
-
16:00
»
SecuriTeam
The Search API module for Drupal is prone to a cross-site request-forgery vulnerability.
-
-
21:41
»
SecDocs
Tags:
search engine Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: The session will focus on the influence of search engines on individuals, societies, education and politics. The session will focus on the influence of search engines on individuals, societies, education and politics. The exponential growth and the decentralized structure of the Internet require automated search solutions which now control our access to information and influence our view of life. With several billions indexed pages, search engines are not only the biggest storage systems worldwide, they are also used by millions of users every day. The session will analyze these developments and pay special attention to media monopolies, political implications, censorship, and privacy violations. Several recent case studies, including but not limited to the Google Book Scan program, Google WiFi, Google Earth, and the self proclaimed support of Open Office and other open software frameworks will be used to explore these monopolies and relationships. The session will focus on the problems arising when the availability of information, knowledge, and values becomes dependent from commercial search services. Information which is not accessible through search engines appears to be even non existent for our information society. This session explains the perils of this development and shows the conflicts between commercial interests of search engines, political influence, censorship, advertising, paid rankings and the freedom of information. The presentation will also discuss the dark side of the force, including but not limited to Google bombing, link farms, guestbook/blog/wiki spam, cloaking, Pagerank prostitution, result hijacking etc. The session will discuss the dangerous implications of search engines used to invade the privacy of individual users, focus on user tracking and profiling, and propose methods and techniques to assess and eliminate the threat. The session will further underline the privacy risks and violations caused by search engines, focusing on the digital breadcrumbs, traces, and cookies left by individual users using internet based search/or related services. The session will include entertaining elements and present basic and advanced search methods of Google Hacking and demonstrate how search engines can be misused to identify insecure server and shopping systems, infiltrate networked appliances including webcams and printers, and collect commercial and private information including passwords, credit card data, user account and other personal information. The session will shed some light on upcoming search engine algorithms, technologies, and implications. Search engine technology is still in its infant stages, many resources are still devoted to the analysis, detection and elimination of search engine marketing, webspam, affiliate or duplicate content. There are new and interesting algorithms, technologies, and proposals, as discussed in a recent patent of Google Inc, used in the Open Source search engine Nutch, or proposed by the peer-to-peer search engine Yacy (A search engine Made in Germany), which provide some insight into the future of search engine technology and knowledge management.
-
21:41
»
SecDocs
Tags:
search engine Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: The session will focus on the influence of search engines on individuals, societies, education and politics. The session will focus on the influence of search engines on individuals, societies, education and politics. The exponential growth and the decentralized structure of the Internet require automated search solutions which now control our access to information and influence our view of life. With several billions indexed pages, search engines are not only the biggest storage systems worldwide, they are also used by millions of users every day. The session will analyze these developments and pay special attention to media monopolies, political implications, censorship, and privacy violations. Several recent case studies, including but not limited to the Google Book Scan program, Google WiFi, Google Earth, and the self proclaimed support of Open Office and other open software frameworks will be used to explore these monopolies and relationships. The session will focus on the problems arising when the availability of information, knowledge, and values becomes dependent from commercial search services. Information which is not accessible through search engines appears to be even non existent for our information society. This session explains the perils of this development and shows the conflicts between commercial interests of search engines, political influence, censorship, advertising, paid rankings and the freedom of information. The presentation will also discuss the dark side of the force, including but not limited to Google bombing, link farms, guestbook/blog/wiki spam, cloaking, Pagerank prostitution, result hijacking etc. The session will discuss the dangerous implications of search engines used to invade the privacy of individual users, focus on user tracking and profiling, and propose methods and techniques to assess and eliminate the threat. The session will further underline the privacy risks and violations caused by search engines, focusing on the digital breadcrumbs, traces, and cookies left by individual users using internet based search/or related services. The session will include entertaining elements and present basic and advanced search methods of Google Hacking and demonstrate how search engines can be misused to identify insecure server and shopping systems, infiltrate networked appliances including webcams and printers, and collect commercial and private information including passwords, credit card data, user account and other personal information. The session will shed some light on upcoming search engine algorithms, technologies, and implications. Search engine technology is still in its infant stages, many resources are still devoted to the analysis, detection and elimination of search engine marketing, webspam, affiliate or duplicate content. There are new and interesting algorithms, technologies, and proposals, as discussed in a recent patent of Google Inc, used in the Open Source search engine Nutch, or proposed by the peer-to-peer search engine Yacy (A search engine Made in Germany), which provide some insight into the future of search engine technology and knowledge management.
-
-
21:38
»
SecDocs
Authors:
Isabel Drost Tags:
search engine Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: The presentation will give a short overview of the architecture of search engines and how machine learning can help improving search engines. In addition some projects you can take part in will be briefly introduced. Developers of search engines today do not only face technical problems such as designing an efficient crawler or distributing search requests among servers. Search has become a problem of identifying reliable information in an adversarial environment. Since the web is used for purposes as diverse as trade, communication, and advertisement search engines need to be able to distinguish different types of web pages. In this paper we describe some common properties of the WWW and social networks. We show one possibility of exploiting these properties for classifying web pages.
-
21:38
»
SecDocs
Authors:
Isabel Drost Tags:
search engine Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: The presentation will give a short overview of the architecture of search engines and how machine learning can help improving search engines. In addition some projects you can take part in will be briefly introduced. Developers of search engines today do not only face technical problems such as designing an efficient crawler or distributing search requests among servers. Search has become a problem of identifying reliable information in an adversarial environment. Since the web is used for purposes as diverse as trade, communication, and advertisement search engines need to be able to distinguish different types of web pages. In this paper we describe some common properties of the WWW and social networks. We show one possibility of exploiting these properties for classifying web pages.
-
21:38
»
SecDocs
Authors:
Isabel Drost Tags:
search engine Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: The presentation will give a short overview of the architecture of search engines and how machine learning can help improving search engines. In addition some projects you can take part in will be briefly introduced. Developers of search engines today do not only face technical problems such as designing an efficient crawler or distributing search requests among servers. Search has become a problem of identifying reliable information in an adversarial environment. Since the web is used for purposes as diverse as trade, communication, and advertisement search engines need to be able to distinguish different types of web pages. In this paper we describe some common properties of the WWW and social networks. We show one possibility of exploiting these properties for classifying web pages.
-
21:38
»
SecDocs
Authors:
Isabel Drost Tags:
search engine Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: The presentation will give a short overview of the architecture of search engines and how machine learning can help improving search engines. In addition some projects you can take part in will be briefly introduced. Developers of search engines today do not only face technical problems such as designing an efficient crawler or distributing search requests among servers. Search has become a problem of identifying reliable information in an adversarial environment. Since the web is used for purposes as diverse as trade, communication, and advertisement search engines need to be able to distinguish different types of web pages. In this paper we describe some common properties of the WWW and social networks. We show one possibility of exploiting these properties for classifying web pages.
-
-
12:22
»
SecDocs
Authors:
Marco Gercke Tags:
cybercrime Event:
Chaos Communication Camp 2007 Abstract: The need for new investigation instruments in the fight against Cybercrime is a topic that is currently discussed on an intensive level – not only in Germany and not only in Europe. One instrument that is in the focus of the law-makers is the online search. Listening to the promoters of such an instruments it is easy to get the impression that the online search is the key to an effective fight against cybercrime – but is it really? The presentation summaries the discussion, highlights potential difficulties and points out alternative solutions. From my point of view it could be interesting to combine the legal issues with a technical approach.
-
-
21:50
»
SecDocs
Authors:
Marco Gercke Tags:
cybercrime Event:
Chaos Communication Camp 2007 Abstract: The need for new investigation instruments in the fight against Cybercrime is a topic that is currently discussed on an intensive level – not only in Germany and not only in Europe. One instrument that is in the focus of the law-makers is the online search. Listening to the promoters of such an instruments it is easy to get the impression that the online search is the key to an effective fight against cybercrime – but is it really? The presentation summaries the discussion, highlights potential difficulties and points out alternative solutions. From my point of view it could be interesting to combine the legal issues with a technical approach.
-
-
21:31
»
SecDocs
Tags:
data mining Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: AOL recently published over 34M weakly anonymized search queries from their users by intension. This lecture gives an overview on the results of an extensive statistical analysis and data mining procedure on this dataset. Thereby, a methodology for frequency analysis, search trend mining, topic detection and even user profiling and identification will be presented. The lecture will give an overview on knowledge discovery techniques on a sample dataset of real search queries released by AOL. Although AOL anonymized the records by hiding the user name of the sender, this lecture will show how much knowledge you can already gain out of those web logs. The lecture targets on showing the dangers of progressional data collection and aggregation, particulary of rich user profile mining from search query logs.
-
21:31
»
SecDocs
Tags:
data mining Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: AOL recently published over 34M weakly anonymized search queries from their users by intension. This lecture gives an overview on the results of an extensive statistical analysis and data mining procedure on this dataset. Thereby, a methodology for frequency analysis, search trend mining, topic detection and even user profiling and identification will be presented. The lecture will give an overview on knowledge discovery techniques on a sample dataset of real search queries released by AOL. Although AOL anonymized the records by hiding the user name of the sender, this lecture will show how much knowledge you can already gain out of those web logs. The lecture targets on showing the dangers of progressional data collection and aggregation, particulary of rich user profile mining from search query logs.
-
-
17:00
»
SecuriTeam
Microsoft SharePoint is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input.
-
-
17:00
»
SecuriTeam
The Search Autocomplete module for Drupal is prone to a security-bypass vulnerability
-
-
15:29
»
Packet Storm Security Advisories
UC PayDutchGroup / WeDeal payment integrates the PayDutchGroup / WeDeal payment gateway with Ubercart. The module exposes account credentials for the store's PayDutchGroup account under certain circumstances allowing a malicious user to login to the PayDutchGroup site as the store owner and manage the store owner's account. The vulnerability is mitigated by an attacker needing to gain an account with the ability to checkout of the store. Multisite Search allows you to index and search content from all sites in a Multisite configuration. The module doesn't sufficiently escape user input when constructing queries. The vulnerability is mitigated by the fact that in order to execute arbitrary sql injection malicious users must have the ability to administer multisite search.
-
15:29
»
Packet Storm Security Recent Files
UC PayDutchGroup / WeDeal payment integrates the PayDutchGroup / WeDeal payment gateway with Ubercart. The module exposes account credentials for the store's PayDutchGroup account under certain circumstances allowing a malicious user to login to the PayDutchGroup site as the store owner and manage the store owner's account. The vulnerability is mitigated by an attacker needing to gain an account with the ability to checkout of the store. Multisite Search allows you to index and search content from all sites in a Multisite configuration. The module doesn't sufficiently escape user input when constructing queries. The vulnerability is mitigated by the fact that in order to execute arbitrary sql injection malicious users must have the ability to administer multisite search.
-
15:29
»
Packet Storm Security Misc. Files
UC PayDutchGroup / WeDeal payment integrates the PayDutchGroup / WeDeal payment gateway with Ubercart. The module exposes account credentials for the store's PayDutchGroup account under certain circumstances allowing a malicious user to login to the PayDutchGroup site as the store owner and manage the store owner's account. The vulnerability is mitigated by an attacker needing to gain an account with the ability to checkout of the store. Multisite Search allows you to index and search content from all sites in a Multisite configuration. The module doesn't sufficiently escape user input when constructing queries. The vulnerability is mitigated by the fact that in order to execute arbitrary sql injection malicious users must have the ability to administer multisite search.
-
-
17:07
»
Packet Storm Security Recent Files
This shellcode writes down your code in the end of found files. Your code will be added only .html and .php files. Search for files is carried out recursively.
-
17:07
»
Packet Storm Security Misc. Files
This shellcode writes down your code in the end of found files. Your code will be added only .html and .php files. Search for files is carried out recursively.
-
-
12:03
»
SecDocs
Authors:
Francis Brown Rob Ragan Tags:
intelligence Event:
Black Hat USA 2010 Abstract: During World War II the CIA created a special information intelligence unit to exploit information gathered from openly available sources. One classic example of the team’s resourcefulness was the ability to determine whether Allied forces had successfully bombed bridges leading into Paris based on increasing orange prices. Since then OSINT sources have surged in number and diversity, but none can compare to the wealth of information provided by the Internet. Attackers have been clever enough in the past to take advantage of search engines to filter this information to identify vulnerabilities. However, current search hacking techniques have been stymied by search provider efforts to curb this type of behavior. Not anymore - our demonstration-heavy presentation picks up the subtle art of search engine hacking at the current state and discusses why these techniques fail. We will then reveal several new search engine hacking techniques that have resulted in remarkable breakthroughs against both Google and Bing. Come ready to engage with us as we release two new tools, GoogleDiggity and BingDiggity, which take full advantage of the new hacking techniques. We’ll also be releasing the first ever “live vulnerability feed”, which will quickly become the new standard on how to detect and protect yourself against these types of attacks. This presentation will change the way you've previously thought about search engine hacking, so put on your helmets. We don't want a mess when we blow your minds.
-
-
17:50
»
Packet Storm Security Recent Files
GGGooglescan is a Google scraper which performs automated searches and returns results of search queries in the form of URLs or hostnames. Datamining Google's search index is useful for many applications. Despite this, Google makes it difficult for researchers to perform automatic search queries. The aim of GGGooglescan is to make automated searches possible by avoiding the search activity that is detected as bot behavior.
-
17:50
»
Packet Storm Security Tools
GGGooglescan is a Google scraper which performs automated searches and returns results of search queries in the form of URLs or hostnames. Datamining Google's search index is useful for many applications. Despite this, Google makes it difficult for researchers to perform automatic search queries. The aim of GGGooglescan is to make automated searches possible by avoiding the search activity that is detected as bot behavior.
-
17:50
»
Packet Storm Security Misc. Files
GGGooglescan is a Google scraper which performs automated searches and returns results of search queries in the form of URLs or hostnames. Datamining Google's search index is useful for many applications. Despite this, Google makes it difficult for researchers to perform automatic search queries. The aim of GGGooglescan is to make automated searches possible by avoiding the search activity that is detected as bot behavior.
-
-
8:00
»
Hack a Day
Forget flashlights, and leave those burning lasers at home, [Ben Krasnow] built a search light using a 1000W xenon arc lamp. That box you see on the side of the trash-can housing countains a starting circuit that shoots 30 kilovolts through the xenon lamp to get it started but it is separate from the power [...]
-
-
19:51
»
Packet Storm Security Tools
Dorkmaster is a python script that crawls Google and Bing results looking for various pieces of software that has historically had vulnerabilities. This is useful for verifying that your company is in compliance with software run on a given site.
-
-
21:03
»
Packet Storm Security Tools
Download Indexed Cache is a proof of concept script that implements the Google SOAP Search API to retrieve content indexed within the Google Cache to support the Search Engine Reconnaissance section of the OWASP Testing Guide version 3.
-
21:02
»
Packet Storm Security Recent Files
Download Indexed Cache is a proof of concept script that implements the Google SOAP Search API to retrieve content indexed within the Google Cache to support the Search Engine Reconnaissance section of the OWASP Testing Guide version 3.
-
-
21:00
»
Packet Storm Security Tools
This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
-
-
10:00
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in ViewVC, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the regular expression search functionality is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that the regular expression search functionality is enabled (disabled by default).
-
10:00
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in ViewVC, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the regular expression search functionality is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that the regular expression search functionality is enabled (disabled by default).
-
-
4:46
»
remote-exploit & backtrack
Bonjour.
J'ai un petit soucis avec etterfilter. quand je veux utiliser al fonction search(), il ne found rien.
Par exemple. J'ai deux Vm's, un client et un serveur web, sur deux subnet différents (deux virtual interface) et mon pc entre les deux qui fait routeur.
Voici un exemple de script qui ne fonctionne pas :
Code:
if (search(DATA.data, "<title>")){
msg("! \n");
}
else{
msg(". \n");
}
Je lance ettercap comme cela :
Code:
ettercap -T -F ~/Filtre.ef -i vboxnet0 -q
Alors que en regardant avec wireshark, j'ai bien des paquets contenant "<title>" qui circulent.
Ca fait une semaine que je galère avec ça.
J'ai déja demandé sur des chans irc (dont le backtrackfr), forums et amis...
Rien.
Si quelqu'un a une solution
Merci d'avance
Manu404