www.1337.or.id

Search: cracker

FBI and CISA says Cuba ransomware gang extorted $60M from victims this year

FBI and CISA says Cuba ransomware gang extorted $60M from victims this year

Ganesha   03 December 2022   20.048 Views
The Cuba ransomware gang extorted more than 60 million in ransom payments from victims between December 2021 and August 2022, a joint advisory from CISA and the FBI has warned. The latest advisory is a follow up to a flash alert released by the FBI in December 2021, which revealed that the gang ...

POST Based XSS on DomaiNesia

POST Based XSS on DomaiNesia

Ganesha   28 November 2022   22.046 Views
DomaiNesia is a company that serves domain name registration, Web Hosting, VPS, and others, the vulnerability I found was POST based XSS. It takes me a few minutes to go through each page, check each URL and parameter, try to enter some code character in the form, etc. Finally on the page ...

Paraminer: Finds hidden parameters.

Paraminer: Finds hidden parameters.

Ganesha   29 November 2022   23.327 Views
Paraminer is a tool used to search for hidden parameters in a website Main Features GET Request POST Request Usage php paraminer.php u URL w WORDLIST .. images post 6941dbb5d020 64484851 74288d80 d242 11e9 89e5 cf937dd61541.png Link ...

Reflected XSS on DomaiNesia

Reflected XSS on DomaiNesia

Ganesha   27 November 2022   19.972 Views
DomaiNesia is a company that serves domain name registration, Web Hosting, VPS, and others. I just found Reflected XSS Vulnerability at DomaiNesia s subdomain We required to upload an official document if buy a special domain, like ac. or. sch. etc. On the...

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

Ganesha   21 November 2022   25.055 Views
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib statistics date parameter before outputting it back in an attribute, leading to a Reflected Cross Site Scripting issue Proof of Concept html body ...

phpMyAdmin 4.8.1 - Remote Code Execution (RCE)

phpMyAdmin 4.8.1 - Remote Code Execution (RCE)

Ganesha   21 November 2022   24.456 Views
Security Team ChaMd5 disclose a Local File Inclusion vulnerability in phpMyAdmin latest version 4.8.1. And the exploiting of this vulnerability may lead to Remote Code Execution. usr bin env python import re, requests, sys check python major version if sys.version info.major 3...

1337.or.id Vulnerability Disclosure Program

1337.or.id Vulnerability Disclosure Program

Ganesha   30 November 2022   19.186 Views
No technology is perfect, and 1337.or.id believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you ve found a security issue in our product or service, we encourage you to notify us. We welcome working with you...

Reflected XSS on sgsg.samsung.com

Reflected XSS on sgsg.samsung.com

Ganesha   27 November 2022   21.186 Views
Like I did before, I use Google Dorks, to find some interesting URLs. Google Dork site sgsg.samsung.com I found a very interesting URL, The HTTP response shows every value from the campu...

Elementor < 3.4.8 - DOM Cross-Site-Scripting

Elementor < 3.4.8 - DOM Cross-Site-Scripting

Ganesha   21 November 2022   22.607 Views
The plugin does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross Site Scripting issue. The issue was initially fixed in 3.1.4, however re introduced in 3.2.0. action lightbox settings eyJ0eXBlIjoibnV...

Russian Cybercrime Groups Stole Over 50 Million Passwords with Stealer Malware

Russian Cybercrime Groups Stole Over 50 Million Passwords with Stealer Malware

Ganesha   24 November 2022   17.670 Views
Security researchers have warned of a password theft epidemic after revealing that Russian groups are using off the shelf info stealing malware to devastating effect. Group IB said its analysis revealed 34 Telegram groups used by threat actors to organize their efforts, and that they d infected o...

Stored XSS on Chess24.com

Stored XSS on Chess24.com

Ganesha   26 November 2022   19.546 Views
I signed up on Chess24 and a play couple of games. Then I was thinking about security on the Chess24 website. I enter the user profile page, then I put the payload below as my website address. Request Response a href targe...

1 2 3