Monday, August 24, 2015

Get Remote Code Injeciton Feedback Online

Hi there, i've launched specific service, that may help you to test Remote Command Injection ONLINE. (simple and dirty, without cool design :)

Why do we need it?

Let's say, you're behind a NAT and you forgot password to your router for configuring port forwarding? :)

If you're in situation without a public IP and you can't listen to ICMP Ping requests (for example) from web-server you're testing right now, try out this service.

http://rci.sudo.co.il

Hmm... I'm not responsible for any illegal use of this service.
If you've seen this IP or domain name in logs, pay attention, somebody is testing your website for Command Injection Vulnerability.

Oh.. one more thing.. the service may disclose IPs with this vulnerability to the public.
Think twice before using it.

Thursday, August 6, 2015

URL encoding in Firefox :(

Just a little angry note...
I'm using Firefox in my web-app testing, and it fails to render DOM XSS, because of Firefox rendering document.location URL encoded. Switching to Chrome.

Good bye Firefox.