#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
SaaS Security

Search results for Ucha Gobejishvili | Breaking Cybersecurity News | The Hacker News

Cross Site Scripting (XSS) Vulnerability in Google

Cross Site Scripting (XSS) Vulnerability in Google

Jan 26, 2012
Cross Site Scripting (XSS) Vulnerability in Google Ucha Gobejishvili Hacker with codename " longrifle0x " discovered another Cross Site Scripting (XSS) Vulnerability in Google's Website. He already reported about the Vulnerability to Google Security Experts. Proof of Concept: Open https://www.google.com/a/cpanel/premier/new3?hl=en  and Click Find Domain . Put xss code: <IFRAME SRC="javascript:alert('XSS');"></IFRAME> Another XSS Vulnerabilities Discovered by longrifle0x  https://xssed.com/archive/author=longrifle0x/special=1/
URL redirection Vulnerability in Google & Facebook

URL redirection Vulnerability in Google & Facebook

Jan 13, 2012
URL redirection Vulnerability in Google An open redirect is a vulnerability that exists when a script allows redirectionto an external site by directly calling a specific URL in an unfiltered,unmanaged fashion, which could be used to redirect victims to unintended,malicious web sites. A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. A similar vulnerability is reported in Google by " Ucha Gobejishvili ( longrifle0x ) ".  This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers. Url: https://accounts.google.com/o/oauth2/auth?redirect_uri=https://www.something.com Same vulnerability in Facebook, Discovered by  ZeRtOx from Devitel group : https://www.facebook.com/l.php?h=5AQH8ROsPAQEOTSTw7sgoW1LhviRUBr6iFCcj4C8YmUcC8A&u=www.something.com Impact of Vulnerability  : The user may be redirected to an untrusted page that contains malware which may then comprom
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Sun Microsystems (Print) - Cross Site Scripting Vulnerabilities

Sun Microsystems (Print) - Cross Site Scripting Vulnerabilities

Feb 05, 2012
Sun Microsystems (Print) - Cross Site Scripting Vulnerabilities Today Ucha Gobejishvili ( longrifle0x ) a Pentester from Georgia reported 3 More important Cross Site Scripting Vulnerabilities in Sun Microsystem's and Java Printer Webpages. Java's Vulnerable Link   : Click Here Sun's Vulnerable Link 1 :  Click Here Sun's Vulnerable Link 2 :  Click Here Cross-Site Scripting occurs when an attacker can send a malicious script to a different user by relaying the script from an otherwise trusted or innocuous server. These flaws are extensive on the Web and allow an attacker to place malicious code that can execute attacks against other users in the security context of the web servers of the trusted host. Previous vulnerabilities  reported by longrifle0x : Click here to Read or Mirrors .
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Multiple Cross Site Scripting ( #XSS ) Vulnerabilities in Forbes

Multiple Cross Site Scripting ( #XSS ) Vulnerabilities in Forbes

Jan 19, 2012
Multiple Cross Site Scripting ( #XSS ) Vulnerabilities in Forbes Ucha Gobejishvili ( longrifle0x ) , A Georgian Security Researcher Discover two Cross Site Scripting ( XSS ) Vulnerabilities on the Official website of Forbes , an American publishing and media company. Cross-Site Scripting occurs when an attacker can send a malicious script to a different user by relaying the script from an otherwise trusted or innocuous server. These flaws are extensive on the Web and allow an attacker to place malicious code that can execute attacks against other users in the security context of the web servers of the trusted host. 1.) First Vulnerable Link : Click Here 2.) Second Vulnerable Link : Click Here Cross-Site Scripting typically involves executing commands in a user's browser to display unintended content, or with the intent of stealing the user's login credentials or other personal information. This information can then be used by the attacker to access web sites and services
Corruption and Persistent Vulnerability in Skype 5.8 and 5.5 [Video POC]

Corruption and Persistent Vulnerability in Skype 5.8 and 5.5 [Video POC]

Mar 29, 2012
Corruption & Persistent Vulnerability in Skype 5.8 and 5.5 Ucha Gobejishvili ( longrifle0x ) Benjamin Kunz Mejri (Rem0ve)&Alexander Fuchs (f0x23) , security Experts from The Vulnerability-Lab Team discovered a remote pointer corruption with persistent weakness on Skypes v5.8.0.156 Windows 7 & MacOS v5.5.2340. The security risk of the remote denial of service vulnerability via pointer corruption is estimated as high(-). Skype is a software application that allows users to make voice and video calls and chats over the Internet. Calls to other users within theSkype service are free, while calls to both traditional landline telephones and mobile phones can be made for a fee using a debit-baseduser account system. According to Expert, Vulnerability was reported to Vendor on 2012-02-24,  and Vendor Fix/Patch by Check on 2012-03-20. Affected versions are Skype - Windows, MacOs & Linux v5.8.0.156, 5.5.0.2340, 2.2 Beta. The exploitation method will work Remotely. A pointer
[POC] Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37

[POC] Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37

Mar 11, 2012
Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37 Ucha Gobejishvili (longrifle0x)  from The Vulnerability Laboratory Research Team  discover Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37. GOM Player (Gretech Online Movie Player) is a 32/64-bit media player for Microsoft Windows, distributed by the Gretech Corporation of South Korea. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In this case, The vulnerability can be exploited by local or remote attackers and Vulnerable module is GomU+0x125cb7. Proof of Concept :
Vulnerability in Google Earth Software exposed by longrifle0x

Vulnerability in Google Earth Software exposed by longrifle0x

Mar 20, 2012
Vulnerability in Google Earth Software exposed by longrifle0x Ucha Gobejishvili, Security researcher also known as Longrifle0x , found another Interesting Security issue in one of the most famous software called,  Google Earth. He found a critical code execution vulnerability on google earth software client. For Proof of Concept , One can download any version of Google Earth, Then open "Click Placemark" , Put a malicious code there as one sample given below and Execute your code. Another past bug hunting by  Longrifle0x : 1.)  Cross Site Scripting (XSS) Vulnerability in Google 2.)  Skype Cross Site Vulnerabilities, user accounts can be Hijacked 3.) [POC] Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37 and More..
Skype Cross Site Vulnerabilities, user accounts can be Hijacked

Skype Cross Site Vulnerabilities, user accounts can be Hijacked

Feb 24, 2012
Skype Cross Site Vulnerabilities , user accounts can be Hijacked The independent security researcher Ucha Gobejishvili has detected a cross site scripting (XSS) vulnerabilities affecting shop.skype.com and api.skype.com . According to a blog post on 1337 Blog , the XSS flaw discovered on these sites could allow an attacker to hijack cookies if he manages to convince the potential victim to click on a specially designed link. If exploited successfully, a hacker could hijack the user's session and even steal his/her account. Skype has been informed of the vulnerabilities and is currently investigating. Other XSS discovered by him are listed  here .
Cybersecurity Resources