www.1337.or.id

Search: chess

[CVE-2022-3590] WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding

[CVE-2022-3590] WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding

Ganesha   19 December 2022   26.484 Views
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU Time of check to time of use race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. Below is what a request to t...

XSS on httpstatus.io

XSS on httpstatus.io

Ganesha   27 November 2022   18.590 Views
httpstatus.io is an HTTP Status Code, Header Redirect Checker. For example, if we submit a URL Domain, httpstatus.io will check the HTTP Status Code, where the domain will be redirected if the HTTP Status Code is 301 302 etc. I try with ...

phpMyAdmin 4.8.1 - Remote Code Execution (RCE)

phpMyAdmin 4.8.1 - Remote Code Execution (RCE)

Ganesha   21 November 2022   30.708 Views
Security Team ChaMd5 disclose a Local File Inclusion vulnerability in phpMyAdmin latest version 4.8.1. And the exploiting of this vulnerability may lead to Remote Code Execution. usr bin env python import re, requests, sys check python major version if sys.version info.major 3...

CVE-2022-3360 - Unauthenticated PHP Object Injection via REST API

CVE-2022-3360 - Unauthenticated PHP Object Injection via REST API

Ganesha   21 November 2022   23.591 Views
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE . To successfully exploit this vulnerability attackers m...

Binance Eyes $1 Billion Raise for Crypto 'Recovery Fund', Could Buy FTX Assets

Binance Eyes $1 Billion Raise for Crypto 'Recovery Fund', Could Buy FTX Assets

Ganesha   25 November 2022   25.524 Views
Binance s founder and CEO said the firm s crypto rescue fund will initially have 1 billion to dole out as it steps into the role of industry white knight. In an interview with Bloomberg, Changpeng CZ Zhao said the fund would have a loose structure and be publicly visible on the blockchain, w...

"Black_X12" Hacker Takeover 30 Subdomain of Indonesian Government

Ganesha   05 December 2022   22.767 Views
A hacker who has the nickname Black X12 took over 30 subdomains belonging to the Indonesian Government which had the domain address kolakakab.go.id According to Zone H, a defacements archive website. Black X12 takeover the whole website on November 29th, 2022. Screenshot .. images po...

Stored XSS on LaporBug.id

Stored XSS on LaporBug.id

Ganesha   29 November 2022   22.116 Views
LaporBug.id is a Bug Bounty Platform from Indonesia, for more info about LaporBug.id you can open laporbug.id. I spent a few minutes checking every URL, parameter, and form on LaporBug.id. On this page, we have a form to upload a profile image. ...

Reflected XSS on sgsg.samsung.com

Reflected XSS on sgsg.samsung.com

Ganesha   27 November 2022   22.168 Views
Like I did before, I use Google Dorks, to find some interesting URLs. Google Dork site sgsg.samsung.com I found a very interesting URL, The HTTP response shows every value from the campu...

Stored XSS on Chess24.com

Stored XSS on Chess24.com

Ganesha   26 November 2022   20.565 Views
I signed up on Chess24 and a play couple of games. Then I was thinking about security on the Chess24 website. I enter the user profile page, then I put the payload below as my website address. Request Response a href targe...

Microsoft says hackers attacking energy grids using decades-old software

Microsoft says hackers attacking energy grids using decades-old software

Ganesha   25 November 2022   24.722 Views
Microsoft said this week that technology discontinued in 2005 is still being used widely and poses threats and vulnerabilities to power grids and the petroleum industry. Malicious hackers, according to the tech giant, are gaining access into secure networks and devices through common Internet of ...

1 2 3