Search: Security

Elementor < 3.4.8 - DOM Cross-Site-Scripting

Ganesha 21 November 2022 26.777 Views
The plugin does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross Site Scripting issue. The issue was initially fixed in 3.1.4, however re introduced in 3.2.0. action lightbox settings eyJ0eXBlIjoibnV...

POST Based XSS on DomaiNesia

Ganesha 28 November 2022 27.809 Views
DomaiNesia is a company that serves domain name registration, Web Hosting, VPS, and others, the vulnerability I found was POST based XSS. It takes me a few minutes to go through each page, check each URL and parameter, try to enter some code character in the form, etc. Finally on the page ...

Reflected XSS on sgsg.samsung.com

Ganesha 27 November 2022 25.522 Views
Like I did before, I use Google Dorks, to find some interesting URLs. Google Dork site sgsg.samsung.com I found a very interesting URL, The HTTP response shows every value from the campu...

phpMyAdmin 4.8.1 - Remote Code Execution (RCE)

Ganesha 21 November 2022 34.933 Views
Security Team ChaMd5 disclose a Local File Inclusion vulnerability in phpMyAdmin latest version 4.8.1. And the exploiting of this vulnerability may lead to Remote Code Execution. usr bin env python import re, requests, sys check python major version if sys.version info.major 3...

Stored XSS on Chess24.com

Ganesha 26 November 2022 23.706 Views
I signed up on Chess24 and a play couple of games. Then I was thinking about security on the Chess24 website. I enter the user profile page, then I put the payload below as my website address. Request Response a href targe...

XSSRush: An automatic XSS scanner

Ganesha 24 November 2022 28.596 Views
XSSRush is an automatic XSS scanner. Available on Desktop, Chrome Extension, and Web Based. Screenshot Chrome Extension XSSR Chrome Extension .. images post 68747470733a2f2f312e62702e626c6f6773706f742e636f6d2f2d314e6b6766637951526c452f59475363726734476733492f41414141414141414278552...

Reflected XSS on Xiaomi with KNOXSS

Ganesha 28 November 2022 24.222 Views
Xiaomi Bug Bounty Programs When we look at Xiaomi Bug Bounty Program, they accept every subdomains from mi.com and xiaomi.com .. images post d6b1f2098768 xiaomi 20writeup1.jpg And I start looking for a subdomain of mi.com with sublist3r .. images...

Dynamic Content for Elementor < 1.9.6 - Authenticated RCE

Airlangga 10 February 2023 19.488 Views
The PHP Raw Widget dynamic.ooo widget php raw of the Dynamic Content for Elementor plugin before 1.9.6 did not properly check for user permissions, allowing accounts with a role as low as editor to perform RCE attacks. Proof of Concept POST wp admin admin ajax.php HTTP 1.1 Host exam...

CVE-2022-3360 - Unauthenticated PHP Object Injection via REST API

Ganesha 21 November 2022 27.161 Views
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE . To successfully exploit this vulnerability attackers m...

[CVE-2022-3590] WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding

Ganesha 19 December 2022 31.456 Views
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU Time of check to time of use race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. Below is what a request to t...

www.1337.or.id