Jump to content

Search the Community

Showing results for tags 'xss'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

  1. Cisco has released security updates to fix multiple vulnerabilities in various products, including two remote code execution flaws in Webex Player. The two remote code execution vulnerabilities fixed by Cisco have been tracked CVE-2020-3127 and CVE-2020-3128 respectively. The vulnerabilities have been rated as high severity and received a CVSS score of 7.8. The vulnerabilities are caused by the insufficient validation of elements within a Webex recording stored as ARF (Advanced Recording Format) or WRF (Webex Recording Format). A remote attacker could
  2. XSpear - Official Link Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser (with Selenium) Testing request/response for XSS protection bypass and reflected params Reflected Params Filtered test event handler HTML tag Special Char Useful code Testing Blind XSS (with XSS Hunter , ezXSS, HBXSS, Etc all url base blind test...) Dynamic/Static Analysis Find SQL Error pattern Analysis Security headers(CSP HSTS X-frame-options, XSS-protection etc.. ) Analysi
  3. URL Dumper is an Online scanner SQLi,XSS. Used too get XSS and SQL Injections vulns.. supports multi search engine, trash system, etc.. Features: -Get all page links by advanced technique with regular expression; -XSS Scanner (auto check all page links); -SQLInjection Scanner (auto check all page links); -Multi-Thread engine; -Get many links by search (google/Yahoo/Live Search/Altavista/Terravista) -Search in the page source by regular expression; -View Source (Code/Browser); -Trash system -Database in SQLite to organize the URL’s -Enabled Proxy server Descarca Cod sursa
  4. MySQL Smart Reports version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities. # Exploit Title: MySQL Smart Reports 1.0 - SQL Injection / Cross-Site Scripting # Dork: N/A # Date: 22.05.2018 # Exploit Author: Azkan Mustafa AkkuA (AkkuS) # Vendor Homepage: https://codecanyon.net/item/mysql-smart-reports-online-report-generator-with-existing-data/16836503 # Version: 1.0 # Category: Webapps # Tested on: Kali linux # Description : It is actually a post request sent by the user to update. You do not need to use post data. You can injection like GET me
  5. https://leanpub.com/xss by https://twitter.com/brutelogic
  6. FortiGate SSL VPN Portal versions 5.6.2 and below, 5.4.6 and below, 5.2.12 and below, and 5.0 and below suffer from a cross site scripting vulnerability. ======================================================================= title: FortiGate SSL VPN Portal XSS Vulnerability product: Fortinet FortiOS vulnerable version: see: Vulnerable / tested versions fixed version: see: Solution CVE number: CVE-2017-14186 impact: Medium homepage: https://www.fortinet.com found: 2017-10-02 by: Stefan V
  7. Recent am testat o aplicatie web si am intalnit urmatoarea situatie: doi parametri pe care ii puteam controla erau inclusi intr-un 'href' parametrii respectivi aveau o lungime maxima destul de restrictiva, sa zicem 15 caractere orice continea semnul mai mic (<, inclusiv variante Unicode gen full-length angle bracket) urmat de o litera iti termina sesiunea caracterele speciale nu erau filtrate si nu se folosea HTML-encoding cand valorile respective erau folosite Cam asa arata codul HTML: <a href="https://mataigrasa.com/?param1=XXX&param2=YYY&
  8. WordPress User Login History plugin version 1.5.2 suffers from a cross site scripting vulnerability. Product: User Login History Wordpress Plugin - https://wordpress.org/plugins/user-login-history/ Vendor: Er Faiyaz Alam Tested version: 1.5.2 CVE ID: CVE-2017-15867 ** CVE description ** Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) browser, (7) operating_system, or (8) ip_addres
  9. Afian AB FileRun version 2017.03.18 suffers from cross site request forgery, cross site scripting, open redirection, remote shell upload, and various other vulnerabilities. SEC Consult Vulnerability Lab Security Advisory < 20171018-0 > ======================================================================= title: Multiple vulnerabilities product: Afian AB FileRun vulnerable version: 2017.03.18 fixed version: 2017.09.18 impact: critical homepage: https://www.filerun.com | https://afian.se found: 2017-08-28
  10. WordPress version 4.5.3 Audio Playlist suffers from a cross site scripting vulnerability. CODE: ------------------------------------------------------------------------ WordPress audio playlist functionality is affected by Cross-Site Scripting ------------------------------------------------------------------------ Yorick Koster, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ Two Cross-Site Scripting vulnerabilities exists in the playlist functionality of WordPress. T
  11. Title: XSS and SQLi in huge IT gallery v1.1.5 for Joomla Fixed: v1.1.7 Author: Larry W. Cashdollar, @_larry0 and Elitza Neytcheva, @ElitzaNeytcheva Date: 2016-07-14 Download Site: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro Vendor: huge-it.com Vendor Notified: 2016-07-15, fixed 2016-07-23 Vendor Contact: info@huge-it.com Description: The plugin allows you to add multiple images to the gallery, create countless galleries, add a description to each of them, as well as make the same things with video links. Vulnerability: The attacker must be logged in
  12. STATE:DUPLICATE bugbounty:https://hackerone.com/pornhub
  13. sleed

    MailChimp

    Vendor: Mailchimp.com Type of Vuln.: XSS Stored Reported. PoC * :
  14. Nu am de gand sa discut despre bill well, dal in zmau, dar nu e tot ala, si cu chrome a ceva aiurea de tot,
  15. Un mic XSS ca ne plictisim cu totii asa... 63:61:72:74:69:64:65:6a:6f:63:2e:72:6f
  16. Vendor: Barracuda [ Principal Domain ] XSS Stored Status Raported PoC*:
  17. Exploit that uses a WordPress cross site scripting flaw to execute code as the administrator. /* Author: @evex_1337 Title: Wordpress XSS to RCE Description: This Exploit Uses XSS Vulnerabilities in Wordpress Plugins/Themes/Core To End Up Executing Code After The Being Triggered With Administrator Previliged User. ¯\_(?)_/¯ Reference: [url]http://research.evex.pw/?vuln=14[/url] Enjoy. */ //Installed Plugins Page plugins = (window.location['href'].indexOf('/wp-admin/') != - 1) ? 'plugins.php' : 'wp-admin/plugins.php'; //Inject "XSS" Div jQuery('body').append('<div id="xss" ></div>'
  18. Advisory ID: HTB23253 Product: FreePBX Vendor: Sangoma Technologies Vulnerable Version(s): 12.0.43 and probably prior Tested Version: 12.0.43 Advisory Publication: March 18, 2015 [without technical details] Vendor Notification: March 18, 2015 Vendor Patch: March 27, 2015 Public Disclosure: April 22, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2015-2690 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) ---
  19. Am mai raportat unul acum 5 zile abia azi a venit raspunsul. Nu e mult dar merge. XSS-ul era in form-ul de adaugare a unui anunt.
  20. ###################################################################### # Exploit Title: Synology.com sub-domain OAuth exchange Reflected XSS (RXSS) # Date: 03/04/2014 # Author: Yann CAM @ Synetis - ASafety # Vendor or Software Link: Synology - Network Attached Storage (NAS) # Version: / # Category: Reflected Cross Site Scripting # Google dork: # Tested on: Synology.com update sub-domain ###################################################################### Synology description : ====================================================================== Synology Inc., is a Taiwanese corporation tha
  21. I was doing my RASP (Runtime Application Self-Protection) module testing on the latest version of Project Pier i.e. 0.8.8 SP2 yesterday and found an XSS vulnerability in search. http://<server>/public/index.php?c=project&a=search&1427642606&active_project=1&search_for=%3CScRiPt%3Eprompt%28%22This%20website%20has%20simple%20exploitable%20XSS.%22%29%3C%2FScRiPt%3E <http://www.prop.com/public/index.php?c=project&a=search&1427642606&active_project=1&search_for=%3CScRiPt%3Eprompt%28%22This%20website%20has%20simple%20exploitable%20XSS.%22%29%3C%2FScRiPt%3E&g
  22. Nu am stat sa fac poza am sa postez doar raspunsul lor. Pm cine vrea sa stie unde era si alte detalii. 2x XSS si CSRF. Foarte de treaba baietii ( si fetele ) au raspuns rapid si in vreo 30 min era totul fixat.
  23. ###################################################################### # Exploit Title: Java.com RXSS and DOM-XSS # Date: 01/04/2015 # Author: Yann CAM @ Synetis - ASafety # Vendor or Software Link: java.com: Java + You # Version: / # Category: Reflected Cross Site Scripting and DOM based XSS # Google dork: # Tested on: Java.com main domain ###################################################################### Java description : ====================================================================== As of 2015, Java is one of the most popular programming languages in use, particularly for clien
×
×
  • Create New...