0day.today - Biggest Exploits Database and 0day market - The Underground, is one of the world's most popular and comprehensive computer security web sites. Our database is visited by home and enterprise users, universities, government and military institutions on a daily basis. We are comprised of security professionals that are dedicated to provide necessary information to secure application software. We accomplish this goal by publishing new security advisories on the internet. 0day.today staff is made up of a group of highly skilled professionals, all directly engaged in the technical computer and software security arenas. 0day Today provides useful information to people who perform penetration testing, IDS signature development, and exploit research. This project was created to provide information on exploit techniques and to create a useful resource for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only. For the first time the idea of creating 0day.today project appeared on 13 May 2008 The project is devoted to computer security, protection and hacking of computer networks, software and information. 0day.today site, which is a regularly updated database with descriptions of the vulnerabilities and exploits the various software products. The base is divided into sections by type of exploits: local, remote, DoS, etc. Also presented to the division on the platform: BSD, Linux, QNX, OSX, Solaris, Unix, Windows and so on. Latest exploits are designed to exploit newly discovered critical vulnerabilities. This project is designed to receive, deposit and exchange of information between the parties, which are thematically linked to computer activities. One of the priorities is the creation of a unified knowledge base for people interested in the subject, one way or another connected with the computer: be it software or programming languages, network protocols, or security network resources and hardware - all this we seek to explain on the project.

1) You have stable + checked/secure public references with own credits or profile. 2) Our team can help on vulnerability/advisory verification, presentations or security tests. 3) We request CVE/CWE-ID from a pool & inform the vendor on a secure base via encrypted exchange. 4) Members(researcher/analysts) with publications get free access to the zero-day in privat section. 5) Service is 24/7h remote available with E-mail, Jabber, Facebook, Twitter and Skype. 6) The role system of the 0day.today allows to give advanced researcher more access to issue details & lab services. 7) Active researchers can also get free access to partner security events & private anonymous security meetings. 8) The founder who identified a vulnerability can be involved in the vendor notification & payment process. 9) Stable payout, awards- & prize ceremony for commercial bugs.

Go to the contact page and select the admin email address.

If you registered user: go to support in the top of the page when you are logged in. If you not registered: send your ideas to [email protected] 0day.today

If you found an error, please inform the administration. We'll fix it and will be very grateful. This may serve as adding you to our team. We are ready to buy a vulnerability found on our project.

0day.today is a service oriented to whom who works on IT like webmasters, system administrators or just fancier, that thinks that security is fundamental. 0day.today tries to inform you as soon as possible when new security breaches on most softwares, free or not, used on the net. Register to our service is completely free and easy to use. If you register on the project, you will have access to all the features of the project and the secret area. 0day.today is your new friend who will help you avoid security problems day by day. Please keep in mind that BugSearch is not responsible for illegal use of this informations. 0day.today is released without any warranty and it's meant for educational purpose only.

You need go to this link to register and became our member.

If you find your exploits and your nickname, you can activate your account using your email confirmation on e-mail account. If the email address does not exist in your account, you need to contact the administrator. We will give you the password.

Cross Site Scripting (persistent) Vulnerabilities Cross Site Request Forgery Click-Jacking & Cam-Jacking Unrestricted & unauthorized local / remote file include Directory Traversal / Path Traversal Authentication, Filter or Exception Bypass SQL Injection & Blind SQL Injection Input Validation Vulnerabilities (persistent / non-persistent) Stack / Buffer / Heap / Integer / Unicode overflows Local / Remote privilege escalation Format Strings Memory Corruption Division / Divide by Zero Bugs Pointer vulnerabilities (... Null Pointer, Access Violation, Read, Write) Local / Remote command execution Local / Remote code execution Denial of Service & stable Firmware Freeze + Blocks Information leaking & information disclosure Weak algorythm, weak encryption & weak ciphers Misconfiguration of OS, systems & applications Structure & design errors / flows Kernel panic / black & blue screens Stable application- & software-crashes If you have a vulnerability that doesn't belong to one of these categories or you are not sure, you may still submit it for a review and we will evaluate it for you.

If you registered user: Please login or register on 0day.today Click [ add exploit ] in the head of the site when you logged in. Fill the form on the page and press Submit. That's all. After that our Administration check your material and publish it. If there will be any questions - we ask you.

---

If you not registered: please send you exploit on support mail [email protected] 0day.today and read rules. If you not respect rules , we not publish your material!

We will NOT accept, process, or post any exploits/vulnerabilities which are targeted against live websites.

To speed up your submission, please follow these simple guidelines:

1) Send one exploit per email, with the email subject as the exploit title. 2) Send your exploit as a file attachment (.zip, .tgz, .gz, .rar, .c, .py, .txt, .pl, .html, etc). 3) Include a link to the vulnerable software if possible.

Please read the following submission-specific guidelines carefully:

1) We will not accept non-persistent XSS vulnerabilities. 2) We will not accept XSS vulnerabilities for minor applications. 3) We will not accept vulnerabilities that do not obtain site data/details. 4) We will not accept exploits for software which is not widely used. 5) We will not accept duplicate exploits that are simply written in a different language.

Please enter as much information about the vulnerability to speed up the verification process. When submitting an exploit, you should include at least these main points:

# Exploit Title: [title] # Date: [date discovered] # Author: [author] # Vendor or Software Link: [download link if available] # Version: [version of the product] # Category: [remote, local, webapps, dos, etc] # Google Keywords: [inurl: and intext:] # Tested on: [operating systems (os)] # Demo site: [minimum of 3 vulnerable sites -- the more sites, the better, as it will speed up your exploit's verification] An example of a published exploit/vulnerability is (15057).

How can I benefit by sending you my exploits/vulnerabilities?

The 0day.today provides you with many benefits if you use 0day Today for the disclosure of your vulnerabilities. In 0day Today, you can publish the material completely free of charge (that means no gold is required). However, gold is required and used to open the hidden material of other vulnerabilities that are not available to those who have no gold. Before publishing your vulnerability, you can specify if your vulnerability will be free-to-view or gold-to-view (you can set a reasonable price if you select gold). Every vulnerability is checked by the Administration of 0day.today and then published. However, if the vulnerability you send is fake, the Administration will ban your account. If your material is being sold for gold, solely you will receive the gold from the sales.

Why you should publish exploits/vulnerabilities on 0day.today?

1) You will have stable and checked/secure public references with your profile. 2) Our team can help you with vulnerability/advisory verification, presentations and/or security tests. 3) We request CVE/CWE-ID from a pool and inform the vendor on a secure base through an encrypted exchange - your name does not come up. 4) Members (such as researchers and analysts) with publications get free access to the Zero-day area in the Private Section. 5) Our team can be contacted 24/7 either using E-mail, Jabber, Facebook, Twitter and Skype. 6) The rank system of 0day.today allows the Administration to give advanced researchers more access to issue details and lab services. 7) Active researchers can also get free access to partner security events and anonymous private security meetings. 8) You will get a stable payout, and possibly awards and prizes during our ceremonies for commercial bugs.

---

If the vulnerability was properly described and criteria requirements are met, the vulnerability will be sent to verified. As soon as the vulnerability status changes to "verified", you exploit will be published and be released in the appropriate category and classified with the specific IDs & reference links.

If you submit material, and did not read the rules F.A.Q. chapter 10: How do I publish my exploit? , we will not publish your material. Please fill in as much as possible to speed up the verification. When submitting an exploit, you should include at least these headers: # Exploit Title: [title] # Date: [date] # Author: [author] # Vendor or Software Link: [download link if available] # Version: [version of the product] # Category: [remote, local, webapps, dos, etc..] # Google dork: [inurl: + intext:] # Tested on: [relevant os] # Demo site: [3 vulnerable site, this will speed up check] OR Screenshot The published advisories in the following format: (Example http://0day.today/exploits/18906)

We will block your account and will not take your exploits in the future.

0day.today Gold is the currency of 0day.today project. It used for paying for the services, buying exploits, earning money, etc. To get Gold read F.A.Q. chapters:

• How to buy 0day.today Gold?
• How to earn 0day.today Gold?

How I can fund my account? Go to the payment page

To earn 0day.today Gold you can:

• sell exploits
• help with cracking hashes
• New ways to earn Gold will be avaliable soon.

How I can buy private exploit?

• Each material has a field - :: GOLD. It has two types. FREE or GOLD
• Every public exploit has no price. You can open it just clicking on Open button on decription page.
• Every private exploit has it price. You can see it price on description page in [ price ] block.
  

There are two ways to buy required exploit: As Anonymous

• Click on anonymous button and follow instructions to save your time and do not register on our site.
  

As Registered 0day.today member

• Check your balance in the top of the page, when you are logged in. You need to have no less than price of exploit, which you want to buy.
  
• Click on Buy button to buy required exploit.
• If you don't have the required amount of Gold you can buy Gold or earn Gold

How I can fund my account? Go to the payment page

How I can sell my exploit?

• First of all read the submissions rules F.A.Q. chapter 10: How do I publish my exploit?
• After that you click on [ add exploit ] on the top of the page, when you are logged in and fill the form and send your exploit to us for checking.

Three important fields that make exploit private:

• Enter price field: Enter material's price (max 1000, for public 0)
• Add screenshot field: Select images (to proof your material; only *.jpg; max: 3 pics)
• Add YouTube video field: Enter youtube video links (only youtube.com) *

If you send material with the price more than 0, administration check material and approves a reasonable price for the material (if we do not agree with the price we will contact you and we shall discuss the price), after which the material will be published and will be the following: Your material can't buy people whose gold is less cost of goods. If a person buys stuff for that amount, we transfer it to your account. You can cash the money and delegation when you have at least 2000 gold to replenish the account and buy yourself another material http://0day.today/gold If we see your exploit on the Internet, we will remove price and you exploit became free! To take the gold out of the system, please contact our support. In this case you receive 90% of your balance. Minimal summ to take out of the system is 2000 gold.

How I can make my exploit more popular [ Highlight ] ?

• If you want to take your exploit in the rating category click [ highlight ] near the title of exploit on description page.
• After clicking, your exploit will be dublicated into highlighted category
  Service costs 10 Gold After 10 days, exploit will disappear from this category or until new exploits will fill all the empty space before your exploit.

To take the gold out of the system, please contact our support. In this case you receive 90% of your balance Minimal summ to take out of the system is 2000 Gold

Penetration testing is what we do, and we take it very seriously. We won't play games, and we don't pull punches. If you read about 0day Today Team on the Internet, you know what we can offer in terms of your penetration test. Once access to the target systems is obtained, that is when the real work begins of demonstrating the exposure the organization would face if this was truly a malicious situation. More than just the benefit of identification of possible holes in your defenses, we strive to give you the confidence that even if you some day face an adverse event, you will have the experience necessary to properly handle the situation. Where appropriate, we can work with your development team as part of your application lifecycle to ensure that security issues are discovered early on where they are cheaper to correct. Post assessment, we work with you to identify what could have been in place to help prevent, identify, and recover from any malicious actions that could have been taken against your organization. If you need a penetration test, we want to talk with you. This is what you can expect:

• Rules of engagement will be set that meet the goals that you defined.
• The work will be conducted and we will be sure to keep you informed every step of the way.
• A report will be created that informs you as to what was discovered and what we suggest to correct any issues.
• We will work with you to make sure that you understand the results and have the knowledge needed to take any actions that you may need to take.

0day.today takes this work seriously. If you are ready for a serious penetration test, follow these steps:

• Check your balance How much does it cost? 1) Pentest of your site costs 700 Gold. You have to put ash banner on its website for pentest 2) If you want to check any site, you have to pay 1000 Gold. How to get money on the balance of my profile? see 22) How to buy? How can i pay for material or pay for the service
• After your payment you should fill the form on this page How to do that? 1) Enter url of the site, which should be checked by us. 2) Select owner of it. If you is the owner of the website, which you entered, you should prove this. You need to locate our banner on your website while we will checking it. This is the key for us to start checking. We do not start checking until confirmed ownership.
• After that we receive information of the website and begin checking. You receive our detailed report in a week or more.

Hash Cracker service offers you the means to test stability of various types of hashes (SHA1, 32 bit MD5, MD4, mysql, etc. ). How to get cracked hash? How to add hash to crack? You must be a registered user and have at least 5 Gold. You need to go to the hash cracker page and fill the form for adding a new hash. After the another user submited password from hash, the administration checks it and notify you about cracked hash. If the author is a liar, his account will be banned. If you see button [ buy password ] its mean that the password from hash is 100% workable. How to sell password from hash? Users can get Gold helping other users cracking hashes. User that first find password from a hash and sells to us became an owner of hash. He gets the gold with every purchase of his password.