575 matches found
Pandora FMS 6.0SP3 Cross Site Scripting
Exploit Title: XSS vulnerability for keywords searching parameter in pandorafms-6.0SP3/pandoraconsole Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 05.27.2021 Vendor: https://pandorafms.com/ Link: https://github.com/pandorafms/pandorafms/releases CVE: 2021-0527-nu11secur1ty...
Spotweb 1.4.9 - DOM Based Cross-Site Scripting Vulnerability
Exploit Title: Spotweb 1.4.9 - DOM Based Cross-Site Scripting XSS Exploit Author: @nu11secur1ty Software Link: https://github.com/spotweb/spotweb Proof: https://streamable.com/hix5o1 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty from selenium import webdriver import time import os, sy...
Spotweb 1.4.9 - DOM Based Cross-Site Scripting (XSS)
Exploit Title: Spotweb 1.4.9 - DOM Based Cross-Site Scripting XSS Exploit Author: @nu11secur1ty Date: 05.20.2021 Software Link: https://github.com/spotweb/spotweb Proof: https://streamable.com/hix5o1 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty from selenium import webdriver import...
Piwigo 11.3.0 - 'language' SQL
Exploit Title: Piwigo 11.3.0 - 'language' SQL Author: @nu11secur1ty Testing and Debugging: nu11secur1ty Date: 04.30.2021 Vendor: https://piwigo.org/ Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0 CVE: CVE-2021-27973 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty Debug:...
Piwigo 11.3.0 SQL Injection
Exploit Title: SQL injection in language parameter to admin.php?page=languages.on Piwigo 11.3.0 Author: @nu11secur1ty Testing and Debugging: nu11secur1ty Date: 04.30.2021 Vendor: https://piwigo.org/ Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0 CVE: CVE-2021-27973 + Exploit Source:...
Piwigo 11.3.0 SQL Injection Exploit
Exploit Title: SQL injection in language parameter to admin.php?page=languages.on Piwigo 11.3.0 Testing and Debugging: nu11secur1ty Vendor: https://piwigo.org/ Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0 CVE: CVE-2021-27973 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty...
SEO Panel 4.8.0 - (order_col) Blind SQL Injection Exploit (2)
Exploit Title: SEO Panel 4.8.0 - 'ordercol' Blind SQL Injection 2 Author: nu11secur1ty Testing and Debugging: nu11secur1ty Vendor: https://www.seopanel.org/ Link: https://www.seopanel.org/spdownload/4.8.0 CVE: CVE-2021-28419 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty CVE-2021-28419...
SEO Panel 4.8.0 SQL Injection
Exploit Title: blind SQL injection on archive.php of SEO Panel 4.8.0 Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 04.25.2021 Vendor: https://www.seopanel.org/ Link: https://www.seopanel.org/spdownload/4.8.0 CVE: CVE-2021-28419 + Exploit Source: !/usr/bin/python3 Author:...
DzzOffice 2.02.1 - (Multiple) Cross-Site Scripting Exploit
Exploit Title: DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting XSS Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r Vendor: http://www.dzzoffice.com/ Link: https://github.com/zyx0814/dzzoffice CVE: CVE-2021-3318 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty...
DzzOffice 2.02.1 Cross Site Scripting
Exploit Title: XSS attack app/setting in DzzOffice-2.02.1 Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r Date: 04.23.2021 Vendor: http://www.dzzoffice.com/ Link: https://github.com/zyx0814/dzzoffice CVE: CVE-2021-3318 + Exploit Source: !/usr/bin/python3 Author:...
DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)
Exploit Title: DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting XSS Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r Date: 04/23/2021 Vendor: http://www.dzzoffice.com/ Link: https://github.com/zyx0814/dzzoffice CVE: CVE-2021-3318 + Exploit Source: !/usr/bin/python3 Author...
RemoteClinic 2 Cross Site Scripting
Exploit Title: Cross Site Scripting XSS RemoteClinic on register.php Author: nu11secur1ty Debug: g3ck0dr1v3r Date: 04.21.2021 Vendor: RemoteClinic Link: https://github.com/remoteclinic/RemoteClinic CVE: CVE-2021-30044 + Exploit Source:...
htmly 2.8.0 Cross Site Scripting
Exploit Title: htmly 2.8.0 allows stored XSS Authors: @nu11secur1ty & G.Dzhankushev Date: 04.15.2021 Vendor: htmly Link: https://github.com/danpros/htmly CVE: CVE-2021-30637 + Exploit Source: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26929 Exploit Program Code !/usr/bin/python3...
htmly 2.8.0 Cross Site Scripting Exploit
Exploit Title: htmly 2.8.0 allows stored XSS Authors: @nu11secur1ty & G.Dzhankushev Date: 04.15.2021 Vendor: htmly Link: https://github.com/danpros/htmly CVE: CVE-2021-30637 Software Link: https://github.com/danpros/htmly Video: https://www.youtube.com/watch?v=xKRQZYqVlS4 Steps to Reproduce:...
htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)
Exploit Title: htmly 2.8.0 - 'description' Stored Cross-Site Scripting XSS Authors: @nu11secur1ty & G.Dzhankushev Date: 04.15.2021 Vendor Homepage: https://www.htmly.com/ Software Link: https://github.com/danpros/htmly CVE: CVE-2021-30637 !/usr/bin/python3 from selenium import webdriver from...
h1-ctf: H1 Hackyholidays CTF - The Grinch was defeated
The following writeup will underline all the steps and tools used to solve the 12 challenges of the H1 Holidays CTF. The theme of the competition was the Grinch. How it is possible to read from the competition blog post https://www.hackerone.com/blog/12-days-hacky-holidays-ctf , the goal was to...
GitLab: Remote hacker can download all the files of master branch in public projects where everything is members only.
Summary Hi team, I found this weird behavior which I thought I should report, a malicious hacker can remotely download files of any branch in a public project where all permissions are ==member-only==, Gitlab uses a link to download files of a branch, normally ==an unauthenticated user will not b...
What’s New in InsightAppSec and tCell: Q3 2020 in Review
Here at Rapid7, we’ve been quite busy continuously improving, expanding functionality, and testing new features for feedback with our customers across our application security portfolio. This includes InsightAppSec, our leading DAST solution, tCell by Rapid7, our next-gen cloud WAF and RASP...
GHunt - Investigate Google Accounts With Emai
GHunt is an OSINT tool to extract a lot of informations of someone's Google Account email. It can currently extract : Owner's name Last time the profile was edited Google ID If the account is an Hangouts Bot Activated Google services Youtube, Photos, Maps, News360, Hangouts, etc. Possible Youtube...
in seleniumhq/selenium
Description Selenium is an umbrella project encapsulating a variety of tools and libraries enabling web browser automation. Selenium specifically provides infrastructure for the W3C WebDriver specification — a platform and language-neutral coding interface compatible with all major web browsers...