www.1337.or.id

Search: ucweb

Reflected XSS on UC Browser Website

Reflected XSS on UC Browser Website

Ganesha   05 December 2022   28.498 Views
When I m looking at Alibaba Bug Bounty Programs on HackerOne I am interest in the ucweb.com domain and starting recon. .. images post fb2400f5bb55 alibaba 20domain 20scope.jpg Until I found this URL structure ...

$1.000 IDOR

$1.000 IDOR

Airlangga   12 December 2022   25.072 Views
Insecure direct object references IDOR are a type of access control vulnerability that arises when an application uses user supplied input to access objects directly. The term IDOR was popularized by its appearance in the OWASP 2007 Top Ten. However, it is just one example of many access control i...

Reflected XSS on sgsg.samsung.com

Reflected XSS on sgsg.samsung.com

Ganesha   27 November 2022   21.989 Views
Like I did before, I use Google Dorks, to find some interesting URLs. Google Dork site sgsg.samsung.com I found a very interesting URL, The HTTP response shows every value from the campu...

Paraminer: Finds hidden parameters.

Paraminer: Finds hidden parameters.

Ganesha   29 November 2022   25.479 Views
Paraminer is a tool used to search for hidden parameters in a website Main Features GET Request POST Request Usage php paraminer.php u URL w WORDLIST .. images post 6941dbb5d020 64484851 74288d80 d242 11e9 89e5 cf937dd61541.png Link ...

Microsoft says hackers attacking energy grids using decades-old software

Microsoft says hackers attacking energy grids using decades-old software

Ganesha   25 November 2022   24.564 Views
Microsoft said this week that technology discontinued in 2005 is still being used widely and poses threats and vulnerabilities to power grids and the petroleum industry. Malicious hackers, according to the tech giant, are gaining access into secure networks and devices through common Internet of ...

Reflected XSS on DomaiNesia

Reflected XSS on DomaiNesia

Ganesha   27 November 2022   20.820 Views
DomaiNesia is a company that serves domain name registration, Web Hosting, VPS, and others. I just found Reflected XSS Vulnerability at DomaiNesia s subdomain We required to upload an official document if buy a special domain, like ac. or. sch. etc. On the...

POST Based XSS on DomaiNesia

POST Based XSS on DomaiNesia

Ganesha   28 November 2022   23.427 Views
DomaiNesia is a company that serves domain name registration, Web Hosting, VPS, and others, the vulnerability I found was POST based XSS. It takes me a few minutes to go through each page, check each URL and parameter, try to enter some code character in the form, etc. Finally on the page ...

Elementor < 3.4.8 - DOM Cross-Site-Scripting

Elementor < 3.4.8 - DOM Cross-Site-Scripting

Ganesha   21 November 2022   23.398 Views
The plugin does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross Site Scripting issue. The issue was initially fixed in 3.1.4, however re introduced in 3.2.0. action lightbox settings eyJ0eXBlIjoibnV...

CVE-2022-3360 - Unauthenticated PHP Object Injection via REST API

CVE-2022-3360 - Unauthenticated PHP Object Injection via REST API

Ganesha   21 November 2022   23.382 Views
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE . To successfully exploit this vulnerability attackers m...

FBI and CISA says Cuba ransomware gang extorted $60M from victims this year

FBI and CISA says Cuba ransomware gang extorted $60M from victims this year

Ganesha   03 December 2022   21.915 Views
The Cuba ransomware gang extorted more than 60 million in ransom payments from victims between December 2021 and August 2022, a joint advisory from CISA and the FBI has warned. The latest advisory is a follow up to a flash alert released by the FBI in December 2021, which revealed that the gang ...

Russian Cybercrime Groups Stole Over 50 Million Passwords with Stealer Malware

Russian Cybercrime Groups Stole Over 50 Million Passwords with Stealer Malware

Ganesha   24 November 2022   18.505 Views
Security researchers have warned of a password theft epidemic after revealing that Russian groups are using off the shelf info stealing malware to devastating effect. Group IB said its analysis revealed 34 Telegram groups used by threat actors to organize their efforts, and that they d infected o...

1 2 3