www.1337.or.id
Search: CZ
Binance Eyes $1 Billion Raise for Crypto 'Recovery Fund', Could Buy FTX Assets
Ganesha
25 November 2022
22.980 Views
Binance s founder and CEO said the firm s crypto rescue fund will initially have 1 billion to dole out as it steps into the role of industry white knight. In an interview with Bloomberg, Changpeng CZ Zhao said the fund would have a loose structure and be publicly visible on the blockchain, w...
FBI and CISA says Cuba ransomware gang extorted $60M from victims this year
Ganesha
03 December 2022
20.048 Views
The Cuba ransomware gang extorted more than 60 million in ransom payments from victims between December 2021 and August 2022, a joint advisory from CISA and the FBI has warned. The latest advisory is a follow up to a flash alert released by the FBI in December 2021, which revealed that the gang ...
CVE-2022-3360 - Unauthenticated PHP Object Injection via REST API
Ganesha
21 November 2022
22.394 Views
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE . To successfully exploit this vulnerability attackers m...
Ganesha
26 November 2022
19.546 Views
I signed up on Chess24 and a play couple of games. Then I was thinking about security on the Chess24 website. I enter the user profile page, then I put the payload below as my website address. Request Response a href targe...
Elementor < 3.4.8 - DOM Cross-Site-Scripting
Ganesha
21 November 2022
22.607 Views
The plugin does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross Site Scripting issue. The issue was initially fixed in 3.1.4, however re introduced in 3.2.0. action lightbox settings eyJ0eXBlIjoibnV...
Ganesha
27 November 2022
17.526 Views
httpstatus.io is an HTTP Status Code, Header Redirect Checker. For example, if we submit a URL Domain, httpstatus.io will check the HTTP Status Code, where the domain will be redirected if the HTTP Status Code is 301 302 etc. I try with ...
Stored DOM-based XSS on VPSServer.com
Airlangga
10 December 2022
23.635 Views
VPSServer.com is a company that sells Virtual Private Servers VPS . A virtual private server VPS is a virtual machine sold as a service by an Internet hosting service. The virtual dedicated server VDS also has a similar meaning. Now let me share how I found a Stored DOM based XSS Vulnerab...
Airlangga
12 December 2022
23.302 Views
Insecure direct object references IDOR are a type of access control vulnerability that arises when an application uses user supplied input to access objects directly. The term IDOR was popularized by its appearance in the OWASP 2007 Top Ten. However, it is just one example of many access control i...
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS
Ganesha
21 November 2022
25.055 Views
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib statistics date parameter before outputting it back in an attribute, leading to a Reflected Cross Site Scripting issue Proof of Concept html body ...
qdPM 9.1 - Remote Code Execution (RCE) (Authenticated)
Ganesha
21 November 2022
21.584 Views
A remote code execution RCE vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users photo preview delete photo feature, allowing bypass of .htaccess protecti...
XSSRush: An automatic XSS scanner
Ganesha
24 November 2022
21.169 Views
XSSRush is an automatic XSS scanner. Available on Desktop, Chrome Extension, and Web Based. Screenshot Chrome Extension XSSR Chrome Extension .. images post 68747470733a2f2f312e62702e626c6f6773706f742e636f6d2f2d314e6b6766637951526c452f59475363726734476733492f41414141414141414278552...