www.1337.or.id

Binance Eyes $1 Billion Raise for Crypto 'Recovery Fund', Could Buy FTX Assets

Ganesha   25 November 2022   28.575 Views
Binance s founder and CEO said the firm s crypto rescue fund will initially have 1 billion to dole out as it steps into the role of industry white knight. In an interview with Bloomberg, Changpeng CZ Zhao said the fund would have a loose structure and be publicly visible on the blockchain, w...

$1.000 IDOR

Airlangga   12 December 2022   29.023 Views
Insecure direct object references IDOR are a type of access control vulnerability that arises when an application uses user supplied input to access objects directly. The term IDOR was popularized by its appearance in the OWASP 2007 Top Ten. However, it is just one example of many access control i...

phpMyAdmin 4.8.1 - Remote Code Execution (RCE)

Ganesha   21 November 2022   33.969 Views
Security Team ChaMd5 disclose a Local File Inclusion vulnerability in phpMyAdmin latest version 4.8.1. And the exploiting of this vulnerability may lead to Remote Code Execution. usr bin env python import re, requests, sys check python major version if sys.version info.major 3...

XSS on httpstatus.io

Ganesha   27 November 2022   21.344 Views
httpstatus.io is an HTTP Status Code, Header Redirect Checker. For example, if we submit a URL Domain, httpstatus.io will check the HTTP Status Code, where the domain will be redirected if the HTTP Status Code is 301 302 etc. I try with ...

Reflected XSS on Xiaomi with KNOXSS

Ganesha   28 November 2022   23.750 Views
Xiaomi Bug Bounty Programs When we look at Xiaomi Bug Bounty Program, they accept every subdomains from mi.com and xiaomi.com .. images post d6b1f2098768 xiaomi 20writeup1.jpg And I start looking for a subdomain of mi.com with sublist3r .. images...

XSSRush: An automatic XSS scanner

Ganesha   24 November 2022   27.226 Views
XSSRush is an automatic XSS scanner. Available on Desktop, Chrome Extension, and Web Based. Screenshot Chrome Extension XSSR Chrome Extension .. images post 68747470733a2f2f312e62702e626c6f6773706f742e636f6d2f2d314e6b6766637951526c452f59475363726734476733492f41414141414141414278552...

qdPM 9.1 - Remote Code Execution (RCE) (Authenticated)

Ganesha   21 November 2022   26.697 Views
A remote code execution RCE vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users photo preview delete photo feature, allowing bypass of .htaccess protecti...

Stored XSS on Chess24.com

Ganesha   26 November 2022   23.212 Views
I signed up on Chess24 and a play couple of games. Then I was thinking about security on the Chess24 website. I enter the user profile page, then I put the payload below as my website address. Request Response a href targe...

Elementor < 3.4.8 - DOM Cross-Site-Scripting

Ganesha   21 November 2022   26.325 Views
The plugin does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross Site Scripting issue. The issue was initially fixed in 3.1.4, however re introduced in 3.2.0. action lightbox settings eyJ0eXBlIjoibnV...

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

Ganesha   21 November 2022   29.744 Views
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib statistics date parameter before outputting it back in an attribute, leading to a Reflected Cross Site Scripting issue Proof of Concept html body ...

Reflected XSS on UC Browser Website

Ganesha   05 December 2022   32.042 Views
When I m looking at Alibaba Bug Bounty Programs on HackerOne I am interest in the ucweb.com domain and starting recon. .. images post fb2400f5bb55 alibaba 20domain 20scope.jpg Until I found this URL structure ...