www.1337.or.id

Search: Changpeng

Binance Eyes $1 Billion Raise for Crypto 'Recovery Fund', Could Buy FTX Assets

Binance Eyes $1 Billion Raise for Crypto 'Recovery Fund', Could Buy FTX Assets

Ganesha   25 November 2022   27.463 Views
Binance s founder and CEO said the firm s crypto rescue fund will initially have 1 billion to dole out as it steps into the role of industry white knight. In an interview with Bloomberg, Changpeng CZ Zhao said the fund would have a loose structure and be publicly visible on the blockchain, w...

Reflected XSS on DomaiNesia

Reflected XSS on DomaiNesia

Ganesha   27 November 2022   22.540 Views
DomaiNesia is a company that serves domain name registration, Web Hosting, VPS, and others. I just found Reflected XSS Vulnerability at DomaiNesia s subdomain We required to upload an official document if buy a special domain, like ac. or. sch. etc. On the...

Microsoft says hackers attacking energy grids using decades-old software

Microsoft says hackers attacking energy grids using decades-old software

Ganesha   25 November 2022   26.402 Views
Microsoft said this week that technology discontinued in 2005 is still being used widely and poses threats and vulnerabilities to power grids and the petroleum industry. Malicious hackers, according to the tech giant, are gaining access into secure networks and devices through common Internet of ...

Reflected XSS on UC Browser Website

Reflected XSS on UC Browser Website

Ganesha   05 December 2022   30.789 Views
When I m looking at Alibaba Bug Bounty Programs on HackerOne I am interest in the ucweb.com domain and starting recon. .. images post fb2400f5bb55 alibaba 20domain 20scope.jpg Until I found this URL structure ...

Dynamic Content for Elementor < 1.9.6 - Authenticated RCE

Dynamic Content for Elementor < 1.9.6 - Authenticated RCE

Airlangga   10 February 2023   17.514 Views
The PHP Raw Widget dynamic.ooo widget php raw of the Dynamic Content for Elementor plugin before 1.9.6 did not properly check for user permissions, allowing accounts with a role as low as editor to perform RCE attacks. Proof of Concept POST wp admin admin ajax.php HTTP 1.1 Host exam...

FBI and CISA says Cuba ransomware gang extorted $60M from victims this year

FBI and CISA says Cuba ransomware gang extorted $60M from victims this year

Ganesha   03 December 2022   23.983 Views
The Cuba ransomware gang extorted more than 60 million in ransom payments from victims between December 2021 and August 2022, a joint advisory from CISA and the FBI has warned. The latest advisory is a follow up to a flash alert released by the FBI in December 2021, which revealed that the gang ...

CVE-2022-3360 - Unauthenticated PHP Object Injection via REST API

CVE-2022-3360 - Unauthenticated PHP Object Injection via REST API

Ganesha   21 November 2022   25.241 Views
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE . To successfully exploit this vulnerability attackers m...

Elementor < 3.4.8 - DOM Cross-Site-Scripting

Elementor < 3.4.8 - DOM Cross-Site-Scripting

Ganesha   21 November 2022   25.192 Views
The plugin does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross Site Scripting issue. The issue was initially fixed in 3.1.4, however re introduced in 3.2.0. action lightbox settings eyJ0eXBlIjoibnV...

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

Ganesha   21 November 2022   28.629 Views
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib statistics date parameter before outputting it back in an attribute, leading to a Reflected Cross Site Scripting issue Proof of Concept html body ...

Stored DOM-based XSS on VPSServer.com

Stored DOM-based XSS on VPSServer.com

Airlangga   10 December 2022   27.837 Views
VPSServer.com is a company that sells Virtual Private Servers VPS . A virtual private server VPS is a virtual machine sold as a service by an Internet hosting service. The virtual dedicated server VDS also has a similar meaning. Now let me share how I found a Stored DOM based XSS Vulnerab...

[CVE-2022-3590] WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding

[CVE-2022-3590] WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding

Ganesha   19 December 2022   28.601 Views
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU Time of check to time of use race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. Below is what a request to t...

1 2 3