25 matches found
CVE-2019-7687
cgi-bin/qcmapwebcgi on JioFi 4 jmr1140 AmtelJMR1140R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data...
CVE-2019-7687
cgi-bin/qcmapwebcgi on JioFi 4 jmr1140 AmtelJMR1140R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data...
Shopify: POST-based XSS on apps.shopify.com
Hello Shopify team! I found a post-based XSS which may be shared to other users and occurs in firefox, IE, Edge. How to reproduce: 1. at partners.shopify.com go to apps - choose one - more actions - create shopify app store listing 2. you will get redirected to url with ?signature parameter. Full...
Oracle Cross Site Scripting
Exploit Title: POST BASED XSS at ORACLE Date: 18 Oct 2017 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.oracle.com/ Software Link: Oracle App Service Version: Oracle App Service - XXX2017OCXXX Tested on: Chrome / FireFox / Opera / IE / Safari Browser Description : This script is...
phpyun绕过360艰难的SQL注射
简要描述: 想在PHP云里进行一次SQL注射,真的是好难。 详细说明: 我首先发现了一个SQL注射,这个过程也不轻松。 在phpyun/model/class/action.class.php中 function getadminusershell if$SESSION'auid' && $SESSION'ashell' $row=$this-admingetusershell$SESSION'auid',$SESSION'ashell'; if!$row$this-logout;echo "无权操作!";die; if$GET'm'=="" || $GET'm'=="index" ||...