www.1337.or.id

Search: poc

Stored XSS on LaporBug.id

Stored XSS on LaporBug.id

Ganesha   29 November 2022   22.816 Views
LaporBug.id is a Bug Bounty Platform from Indonesia, for more info about LaporBug.id you can open laporbug.id. I spent a few minutes checking every URL, parameter, and form on LaporBug.id. On this page, we have a form to upload a profile image. ...

POST Based XSS on DomaiNesia

POST Based XSS on DomaiNesia

Ganesha   28 November 2022   24.544 Views
DomaiNesia is a company that serves domain name registration, Web Hosting, VPS, and others, the vulnerability I found was POST based XSS. It takes me a few minutes to go through each page, check each URL and parameter, try to enter some code character in the form, etc. Finally on the page ...

Reflected XSS on Xiaomi with KNOXSS

Reflected XSS on Xiaomi with KNOXSS

Ganesha   28 November 2022   21.500 Views
Xiaomi Bug Bounty Programs When we look at Xiaomi Bug Bounty Program, they accept every subdomains from mi.com and xiaomi.com .. images post d6b1f2098768 xiaomi 20writeup1.jpg And I start looking for a subdomain of mi.com with sublist3r .. images...

Reflected XSS on sgsg.samsung.com

Reflected XSS on sgsg.samsung.com

Ganesha   27 November 2022   22.709 Views
Like I did before, I use Google Dorks, to find some interesting URLs. Google Dork site sgsg.samsung.com I found a very interesting URL, The HTTP response shows every value from the campu...

XSS on httpstatus.io

XSS on httpstatus.io

Ganesha   27 November 2022   19.137 Views
httpstatus.io is an HTTP Status Code, Header Redirect Checker. For example, if we submit a URL Domain, httpstatus.io will check the HTTP Status Code, where the domain will be redirected if the HTTP Status Code is 301 302 etc. I try with ...

Reflected XSS on DomaiNesia

Reflected XSS on DomaiNesia

Ganesha   27 November 2022   21.355 Views
DomaiNesia is a company that serves domain name registration, Web Hosting, VPS, and others. I just found Reflected XSS Vulnerability at DomaiNesia s subdomain We required to upload an official document if buy a special domain, like ac. or. sch. etc. On the...

Stored XSS on Chess24.com

Stored XSS on Chess24.com

Ganesha   26 November 2022   20.946 Views
I signed up on Chess24 and a play couple of games. Then I was thinking about security on the Chess24 website. I enter the user profile page, then I put the payload below as my website address. Request Response a href targe...

Elementor < 3.4.8 - DOM Cross-Site-Scripting

Elementor < 3.4.8 - DOM Cross-Site-Scripting

Ganesha   21 November 2022   24.046 Views
The plugin does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross Site Scripting issue. The issue was initially fixed in 3.1.4, however re introduced in 3.2.0. action lightbox settings eyJ0eXBlIjoibnV...

How to Make a Good Bug Bounty Report

How to Make a Good Bug Bounty Report

Ganesha   30 November 2022   21.016 Views
Report Title Include the type of vulnerability XSS, CSRF, XXE, SQLi, SSRF, etc . Include sub domain and or with directory path example.com Example of a good title Stored XSS at example.com Via Parameter Name Example of a bad title Stored XSS example.com Report fo...

phpMyAdmin 4.8.1 - Remote Code Execution (RCE)

phpMyAdmin 4.8.1 - Remote Code Execution (RCE)

Ganesha   21 November 2022   31.498 Views
Security Team ChaMd5 disclose a Local File Inclusion vulnerability in phpMyAdmin latest version 4.8.1. And the exploiting of this vulnerability may lead to Remote Code Execution. usr bin env python import re, requests, sys check python major version if sys.version info.major 3...

Paraminer: Finds hidden parameters.

Paraminer: Finds hidden parameters.

Ganesha   29 November 2022   26.823 Views
Paraminer is a tool used to search for hidden parameters in a website Main Features GET Request POST Request Usage php paraminer.php u URL w WORDLIST .. images post 6941dbb5d020 64484851 74288d80 d242 11e9 89e5 cf937dd61541.png Link ...

qdPM 9.1 - Remote Code Execution (RCE) (Authenticated)

qdPM 9.1 - Remote Code Execution (RCE) (Authenticated)

Ganesha   21 November 2022   24.375 Views
A remote code execution RCE vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users photo preview delete photo feature, allowing bypass of .htaccess protecti...

$1.000 IDOR

$1.000 IDOR

Airlangga   12 December 2022   26.286 Views
Insecure direct object references IDOR are a type of access control vulnerability that arises when an application uses user supplied input to access objects directly. The term IDOR was popularized by its appearance in the OWASP 2007 Top Ten. However, it is just one example of many access control i...

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

Ganesha   21 November 2022   27.456 Views
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib statistics date parameter before outputting it back in an attribute, leading to a Reflected Cross Site Scripting issue Proof of Concept html body ...

[CVE-2022-3590] WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding

[CVE-2022-3590] WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding

Ganesha   19 December 2022   27.306 Views
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU Time of check to time of use race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. Below is what a request to t...

XSSRush: An automatic XSS scanner

XSSRush: An automatic XSS scanner

Ganesha   24 November 2022   25.004 Views
XSSRush is an automatic XSS scanner. Available on Desktop, Chrome Extension, and Web Based. Screenshot Chrome Extension XSSR Chrome Extension .. images post 68747470733a2f2f312e62702e626c6f6773706f742e636f6d2f2d314e6b6766637951526c452f59475363726734476733492f41414141414141414278552...

1337.or.id Vulnerability Disclosure Program

1337.or.id Vulnerability Disclosure Program

Ganesha   30 November 2022   21.964 Views
No technology is perfect, and 1337.or.id believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you ve found a security issue in our product or service, we encourage you to notify us. We welcome working with you...

1 2 3