Gnew 2018.1 - Cross-Site Request Forgery

Exploit Title: Gnew 2018.1 - Cross-Site Request Forgery Date: 26/01/2018 Exploit Author: Cyril Vallicari / HTTPCS - ZIWIT Vendor website : http://gnew.xyz/ Software download : http://www.gnew.xyz/pages/download.php Version: 2018.1 Tested on: Windows 10 Home x64 / Kali Linux Product description :...

RBKmoney: Text manipulation in https://checkout.rbk.money

Phishing / social engineering via text manipulation on html form labels...

VehicleWorkshop - Arbitrary File Upload

VehicleWorkshop - Arbitrary File Upload Exploit Title: VehicleWorkshop Unrestricted File Upload or Shell Upload Exploit Author: Touhid M.Shaikh Date: 1/08/2017 Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Tested on : Kali Linux 2.0 64 bit and Windows 7 ===================...

VehicleWorkshop Arbitrary File Upload

Exploit Title: VehicleWorkshop Unrestricted File Upload or Shell Upload Exploit Author: Touhid M.Shaikh Date: 1/08/2017 Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Tested on : Kali Linux 2.0 64 bit and Windows 7 =================== Vulnerable Page: ===================...

VehicleWorkshop - Arbitrary File Upload

Exploit Title: VehicleWorkshop Unrestricted File Upload or Shell Upload Exploit Author: Touhid M.Shaikh Date: 1/08/2017 Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Tested on : Kali Linux 2.0 64 bit and Windows 7 =================== Vulnerable Page: ===================...

VehicleWorkshop - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: VehicleWorkshop Unrestricted File Upload or Shell Upload Exploit Author: Touhid M.Shaikh Date: 1/08/2017 Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Tested on : Kali Linux 2.0 64 bit and Windows 7...

Password Field With Auto-Complete

In typical form-based web applications, it is common practice for developers to allow autocomplete within the HTML form to improve the usability of the page. With autocomplete enabled default, the browser is allowed to cache previously entered form values. For legitimate purposes, this allows the...

Files.com: CSRF @ configuration

Enter the support PIN from your test site if applicable: Enter the name of your test site if applicable: gaming2 Enter the subdomain from your test site if applicable: gaming2 Fill in the rest of your report below: ---- Greeting guys , i found a CSRF Bug at the configuration - General form in all...

Harvest: Cross-Site Request Forgery (CSRF)

Hello, I Found Cross-Site Request Forgery CSRF while made new Category POC : just put user site and the name of the category on this HTML Form and the category will be created to this account. there is no any token to validate the request here so the attacker can use this to made a CSRF attack to...

██████: Cross-site request forgery vulnerability resulting in the deletion of a user's account.

One of the first cross-site request forgery vulnerabilities that I discovered on █████ allowed me to delete an unsuspecting user's account. In order to exploit this issue, I crafted a simple HTML form that sent a POST request to the /unregister endpoint when a user loaded the malicious page. html...

Uber: Newsroom.uber HTML form without CSRF protection

Hi, The link that exists CSRF vulnerability https://newsroom.uber.com/india/how-to-refer/ Attack details Form name: Empty Form action: https://newsroom.uber.com/india/wp-login.php?action=postpass&wpe-login=ubernewblog Form method: POST Reproduction Steps 1-Create a file named submit.html 2-Write...

Microsoft Internet Explorer HTML form Element Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

OpenMRS 2.3 (1.11.4) - Multiple Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications OpenMRS 2.3 1.11.4 Multiple Cross-Site Scripting Vulnerabilities Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenM...

CVE-2015-5906

The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character...

Hardcoded credentials

The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character...

CVE-2015-5906

The CVE-2015-5906 issue affects WebKit in Apple iOS up to version 9, where the password input context handling allowed QuickType to infer the last character of a password. This is a WebKit input-context vulnerability that could aid password disclosure. The concrete detail is that the vulnerabilit...

Cross site request forgery vulnerability in Linksys WAG120N

Hello all, i want to share a problem that i found with Linksys router WAG120N. It could be possible to modify router's configuration when a user visit a webpage with an specific form it is a similar problem that i sent some days ago with Comtrend routers:...

Syria2u You Shop 1.0 Cross Site Request Forgery / Cross Site Scripting

| Title : Syria2u You Shop v1.0 Mullti Vulnerability | Author : indoushka | email : [email protected] | Dork : سكربت يوشــوب للتسوق عبر الانترنت , قم باختيار المدينة ثم تمتع بالتسوق في مدينتك من أي مكان | Tested on: win8.1 Fr V.Pro 15:39 23/05/2015 | Bug : Mullti | Download :...

Syria2u Arbahtube 1.0 Cross Site Request Forgery / Cross Site Scripting

| Title : Syria2u Arbahtube v1.0 Mullti Vulnerability | Author : indoushka | email : [email protected] | Dork : Copyright ©2014 script syria2u version1. All Rights Reserved. | Tested on: win8.1 Fr V.Pro 15:39 22/05/2015 | Bug : Mullti | Download : http://www.syria2u.com/...

Simple Invoice 2011.1 Cross Site Request Forgery

Affected software: simple invoice Type of vulnerability:adding admin user via csrf URL:simpleinvoices.org Discovered by: provensec Website: provensec.com version:2011.1 Proof of concept...