www.1337.or.id

Microsoft says hackers attacking energy grids using decades-old software

Ganesha   25 November 2022   20.332 Views
Microsoft said this week that technology discontinued in 2005 is still being used widely and poses threats and vulnerabilities to power grids and the petroleum industry. Malicious hackers, according to the tech giant, are gaining access into secure networks and devices through common Internet of ...

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

Ganesha   21 November 2022   25.055 Views
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib statistics date parameter before outputting it back in an attribute, leading to a Reflected Cross Site Scripting issue Proof of Concept html body ...

Paraminer: Finds hidden parameters.

Ganesha   29 November 2022   23.327 Views
Paraminer is a tool used to search for hidden parameters in a website Main Features GET Request POST Request Usage php paraminer.php u URL w WORDLIST .. images post 6941dbb5d020 64484851 74288d80 d242 11e9 89e5 cf937dd61541.png Link ...

qdPM 9.1 - Remote Code Execution (RCE) (Authenticated)

Ganesha   21 November 2022   21.584 Views
A remote code execution RCE vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users photo preview delete photo feature, allowing bypass of .htaccess protecti...

How to Make a Good Bug Bounty Report

Ganesha   30 November 2022   18.782 Views
Report Title Include the type of vulnerability XSS, CSRF, XXE, SQLi, SSRF, etc . Include sub domain and or with directory path example.com Example of a good title Stored XSS at example.com Via Parameter Name Example of a bad title Stored XSS example.com Report fo...

Binance Eyes $1 Billion Raise for Crypto 'Recovery Fund', Could Buy FTX Assets

Ganesha   25 November 2022   22.980 Views
Binance s founder and CEO said the firm s crypto rescue fund will initially have 1 billion to dole out as it steps into the role of industry white knight. In an interview with Bloomberg, Changpeng CZ Zhao said the fund would have a loose structure and be publicly visible on the blockchain, w...

Reflected XSS on UC Browser Website

Ganesha   05 December 2022   25.486 Views
When I m looking at Alibaba Bug Bounty Programs on HackerOne I am interest in the ucweb.com domain and starting recon. .. images post fb2400f5bb55 alibaba 20domain 20scope.jpg Until I found this URL structure ...

Stored XSS on Chess24.com

Ganesha   26 November 2022   19.546 Views
I signed up on Chess24 and a play couple of games. Then I was thinking about security on the Chess24 website. I enter the user profile page, then I put the payload below as my website address. Request Response a href targe...

phpMyAdmin 4.8.1 - Remote Code Execution (RCE)

Ganesha   21 November 2022   24.456 Views
Security Team ChaMd5 disclose a Local File Inclusion vulnerability in phpMyAdmin latest version 4.8.1. And the exploiting of this vulnerability may lead to Remote Code Execution. usr bin env python import re, requests, sys check python major version if sys.version info.major 3...

CVE-2022-3360 - Unauthenticated PHP Object Injection via REST API

Ganesha   21 November 2022   22.394 Views
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE . To successfully exploit this vulnerability attackers m...

FBI and CISA says Cuba ransomware gang extorted $60M from victims this year

Ganesha   03 December 2022   20.048 Views
The Cuba ransomware gang extorted more than 60 million in ransom payments from victims between December 2021 and August 2022, a joint advisory from CISA and the FBI has warned. The latest advisory is a follow up to a flash alert released by the FBI in December 2021, which revealed that the gang ...

Reflected XSS on sgsg.samsung.com

Ganesha   27 November 2022   21.186 Views
Like I did before, I use Google Dorks, to find some interesting URLs. Google Dork site sgsg.samsung.com I found a very interesting URL, The HTTP response shows every value from the campu...