www.1337.or.id

Search: zone-h

"Black_X12" Hacker Takeover 30 Subdomain of Indonesian Government

Ganesha   05 December 2022   22.320 Views
A hacker who has the nickname Black X12 took over 30 subdomains belonging to the Indonesian Government which had the domain address kolakakab.go.id According to Zone H, a defacements archive website. Black X12 takeover the whole website on November 29th, 2022. Screenshot .. images po...

XSSRush: An automatic XSS scanner

XSSRush: An automatic XSS scanner

Ganesha   24 November 2022   23.223 Views
XSSRush is an automatic XSS scanner. Available on Desktop, Chrome Extension, and Web Based. Screenshot Chrome Extension XSSR Chrome Extension .. images post 68747470733a2f2f312e62702e626c6f6773706f742e636f6d2f2d314e6b6766637951526c452f59475363726734476733492f41414141414141414278552...

Reflected XSS on DomaiNesia

Reflected XSS on DomaiNesia

Ganesha   27 November 2022   20.820 Views
DomaiNesia is a company that serves domain name registration, Web Hosting, VPS, and others. I just found Reflected XSS Vulnerability at DomaiNesia s subdomain We required to upload an official document if buy a special domain, like ac. or. sch. etc. On the...

$1.000 IDOR

$1.000 IDOR

Airlangga   12 December 2022   25.072 Views
Insecure direct object references IDOR are a type of access control vulnerability that arises when an application uses user supplied input to access objects directly. The term IDOR was popularized by its appearance in the OWASP 2007 Top Ten. However, it is just one example of many access control i...

Reflected XSS on sgsg.samsung.com

Reflected XSS on sgsg.samsung.com

Ganesha   27 November 2022   21.989 Views
Like I did before, I use Google Dorks, to find some interesting URLs. Google Dork site sgsg.samsung.com I found a very interesting URL, The HTTP response shows every value from the campu...

Reflected XSS on Xiaomi with KNOXSS

Reflected XSS on Xiaomi with KNOXSS

Ganesha   28 November 2022   20.691 Views
Xiaomi Bug Bounty Programs When we look at Xiaomi Bug Bounty Program, they accept every subdomains from mi.com and xiaomi.com .. images post d6b1f2098768 xiaomi 20writeup1.jpg And I start looking for a subdomain of mi.com with sublist3r .. images...

FBI and CISA says Cuba ransomware gang extorted $60M from victims this year

FBI and CISA says Cuba ransomware gang extorted $60M from victims this year

Ganesha   03 December 2022   21.915 Views
The Cuba ransomware gang extorted more than 60 million in ransom payments from victims between December 2021 and August 2022, a joint advisory from CISA and the FBI has warned. The latest advisory is a follow up to a flash alert released by the FBI in December 2021, which revealed that the gang ...

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

Ganesha   21 November 2022   26.596 Views
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib statistics date parameter before outputting it back in an attribute, leading to a Reflected Cross Site Scripting issue Proof of Concept html body ...

phpMyAdmin 4.8.1 - Remote Code Execution (RCE)

phpMyAdmin 4.8.1 - Remote Code Execution (RCE)

Ganesha   21 November 2022   30.456 Views
Security Team ChaMd5 disclose a Local File Inclusion vulnerability in phpMyAdmin latest version 4.8.1. And the exploiting of this vulnerability may lead to Remote Code Execution. usr bin env python import re, requests, sys check python major version if sys.version info.major 3...

POST Based XSS on DomaiNesia

POST Based XSS on DomaiNesia

Ganesha   28 November 2022   23.427 Views
DomaiNesia is a company that serves domain name registration, Web Hosting, VPS, and others, the vulnerability I found was POST based XSS. It takes me a few minutes to go through each page, check each URL and parameter, try to enter some code character in the form, etc. Finally on the page ...

Stored XSS on LaporBug.id

Stored XSS on LaporBug.id

Ganesha   29 November 2022   21.888 Views
LaporBug.id is a Bug Bounty Platform from Indonesia, for more info about LaporBug.id you can open laporbug.id. I spent a few minutes checking every URL, parameter, and form on LaporBug.id. On this page, we have a form to upload a profile image. ...

1 2 3