6 matches found
CVE-2021-33570
Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and...
CVE-2021-33570
creationtimestamp| type| source ---|---|--- 2021-05-28 01:19:23+00:00| seen| https://t.me/pwnwikizhchannel/515...
Postbird 0.8.4 - Javascript Injection Exploit
Exploit Title: Postbird 0.8.4 - Javascript Injection Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload PostgreSQL Password...
Postbird 0.8.4 Cross Site Scripting / Local File Inclusion
Exploit Title: Postbird 0.8.4 - Javascript Injection Date: 26 May 2021 Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload...
Postbird 0.8.4 - Javascript Injection
Exploit Title: Postbird 0.8.4 - Javascript Injection Date: 26 May 2021 Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload...
CVE-2021-33570
Postbird 0.8.4 is affected by a stored XSS via the IMG onerror attribute in any PostgreSQL table. The vulnerability can lead to local-file access via XMLHttpRequest and file://, and to credential exposure via window.localStorage/savedConnections. Exploitation examples and proof-of-concept payload...