To content | To menu | To search

Sunday 29 April 2018

XSS Flexense all Products and versions

Dear Hackers,

About DiskBoss:

DiskBoss is an automated disk space analysis and file management solution allowing one to perform various types of disk space analysis, file classification, duplicate files search, file synchronization, disk change monitoring, file management, file delete and data wiping operations on local disks, network shares, NAS devices and enterprise storage systems. DiskBoss is developed and supported by Flexense Ltd. - an independent software vendor specialized in data management software products for automated disk space analysis, file classification, file synchronization, rule-based file management, server monitoring, file delete and data wiping operations. Flexense Ltd. sells its software products to more than 75 countries around the world and provides full support for all types of customers including consumers, small businesses, large enterprises, educational institutions and governments.

I know Diskboss for their vulnerabilty CVE-2018-5262 This is a Buffer Overflow, always will only use it for the capture the flag or ethical hacking XD. So I decided to research from this vendor.

This XSS in Flexense DiskBoss, affects all versions, tested from DiskBoss Enterprise v7.4.28 to v9.1.16. This attack allows an attacker code execution. The vulnerability affects the confidentiality of personal data, possible theft of confidential information, for example, credentials of session, cookie information, personal information, or a possible loss of control of the PC.

To be able to reproduce the vulnerability, you can view the evidence related:


- Vector attack: /?n0ipr0cs<script>alert('XSS')</script>n0ipr0cs=1

- Attack Type: Remote

- Reference:

The vulnerability has assigned its CVE-2018-10294, I have asked please update the website in Diskboss new 12-Apr-2018 - DiskBoss v9.2, because the vulnerability has been fixed.The new product version (v9.2.18) fixes a number of bugs and security vulnerabilities, this include CVE-2018-10294.

This vulnerability has been discovered by Francisco Javier Santiago Vazquez aka "n0ipr0cs" Linkedin Twitter

See you soon.

UPDATE: The vulnerability which also involves to all products and versions. Asigned have been assigned the CVE:

XSS in Flexense Diskboss, affects all versions CVE-2018-10294

XSS in Flexense SyncBreeze, affects all versions CVE-2018-10563

XSS in Flexense DiskPulse, affects all versions CVE-2018-10564

XSS in Flexense DiskSavvy, affects all versions CVE-2018-10565

XSS in Flexense DupScout, affects all versions CVE-2018-10566

XSS in Flexense VX Search, affects all versions CVE-2018-10567

XSS in Flexense DiskSorter, affects all versions CVE-2018-10568

Monday 12 February 2018

Call for paper br3aking c0de

Dear Hackers,

In this article I want to inform you about br3aking c0de, a hackmeeting & hacklab 👽, an event of hacking alternative and different. Speak freely without censorship. Assistance only for guests or through acceptance of call for paper CFP. We are pleased to present the call for papers for br3akingc0de! We are accepting short talks of 30min and long talks of ~1h.

We acceptance the call for papers until 15 April by br3akingc0de at protonmail dot com I only can say that, are you interested to come to a Spain? If so, we are a hackmeeting & hacklab therefore we have no money because we have no sponsorships.


Different and original research, submit you CFP on topics such as: 3D Printers, Lookpicking, Social Engineering, Reversing, Exploiting, Satellite Hacking, Internet of Things (IoT), Development of Tools, Scripts, Python, Web Security, Anonymity Privacy, Forensics & Anti-Forensics, Hardware Hacking, Wireless Security, Cracking, Cryptography, Steganography, 0-Day, GSM, GPRS and CDMA Security, LeaTestingks, Hacking Radio, Antivirus Evasion, Embedded Systems Technologies, RFID Security, VoIP Security, IPv6 Security, Attack and Defense Techniques, Application, Aplicattion Security, , Fuzzing, Code Auditing, Virtualization Security, Malicious Code, Databases Security, Viruses, Worms, and Trojans, Artificial Intelligence, Big Data, Machine Learning, Data Science, Bio Hacking.

Security services and agencies, there will be Hackers everywhere but we are not cybercriminals. In first edition of br3aking c0de, there was a curiosity, the night before to the event someone up a wireless access point without any authentication…


Only for your eyes, a few beers, a nice meal, friends and nobody else. Nothing will be public and all the things we talk will be privated. More information: br3aking c0de

Se you soon.


Saturday 11 March 2017

Hello World!

Welcome to all.

This is the first post, here you will find information about my research of hacking and security.

I am Javi and you can call me n0ip0cs, I am Security Researcher & Ethical Hacker, I also write within the Community Estación Informática. I have more than 7 years of career and I have been involved in the world of security congress as speaker and as a founder.

Coming soon.

Do not be evil.