www.1337.or.id
Search: billion
Ganesha
27 November 2022
24.078 Views
DomaiNesia is a company that serves domain name registration, Web Hosting, VPS, and others. I just found Reflected XSS Vulnerability at DomaiNesia s subdomain We required to upload an official document if buy a special domain, like ac. or. sch. etc. On the...
Reflected XSS on sgsg.samsung.com
Ganesha
27 November 2022
25.514 Views
Like I did before, I use Google Dorks, to find some interesting URLs. Google Dork site sgsg.samsung.com I found a very interesting URL, The HTTP response shows every value from the campu...
"Black_X12" Hacker Takeover 30 Subdomain of Indonesian Government
Ganesha
05 December 2022
27.637 Views
A hacker who has the nickname Black X12 took over 30 subdomains belonging to the Indonesian Government which had the domain address kolakakab.go.id According to Zone H, a defacements archive website. Black X12 takeover the whole website on November 29th, 2022. Screenshot .. images po...
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS
Ganesha
21 November 2022
30.984 Views
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib statistics date parameter before outputting it back in an attribute, leading to a Reflected Cross Site Scripting issue Proof of Concept html body ...
Elementor < 3.4.8 - DOM Cross-Site-Scripting
Ganesha
21 November 2022
26.763 Views
The plugin does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross Site Scripting issue. The issue was initially fixed in 3.1.4, however re introduced in 3.2.0. action lightbox settings eyJ0eXBlIjoibnV...
Ganesha
29 November 2022
26.171 Views
LaporBug.id is a Bug Bounty Platform from Indonesia, for more info about LaporBug.id you can open laporbug.id. I spent a few minutes checking every URL, parameter, and form on LaporBug.id. On this page, we have a form to upload a profile image. ...