WordPress Wow Viral Signups 2.1 Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wow Viral Signups v2.1 WordPress Plugin SQL Injection Date: 29/03/2017 Exploit Author: TAD GROUP Vendor Homepage: http://wow-company.com/ Software Link: https://wordpress.org/plugins/mwp-viral-signup/ Version: 2.1 Contact:...

oooo.dating XSS vulnerability

Vulnerable URL: https://oooo.dating/app/signup.php Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 19:26 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3465154 VIP website status:| No Check oooo.dating SSL...

Multiple SQL Injection Vulnerabilities in WebsiteBaker

websitebaker is an open source content management system CMS. Websitebaker has multiple SQL injection vulnerabilities. Because account/signup.php does not properly handle the values of the variables "username" and "displayname", a remotely authenticated attacker registration is turned on by defau...

johndwood.co.uk XSS vulnerability

Vulnerable URL: http://www.johndwood.co.uk/content/myaccount/signup.php Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 634515 VIP website status:| No Check johndwood.co.uk SSL...

iFdate Social Dating Script 2.0 - SQL Injection

Exploit Title: iFdate Social Dating Script v2.0 - SQL Injection Google Dork: N/A Date: 18.03.2017 Vendor Homepage: http://turnkeycentral.com/ Software: http://turnkeycentral.com/scripts/social-dating-script/ Demo: http://demo.turnkeycentral.com/ifdate/index.php Version: 2.0 Tested on: Win7 x64,...

oilprice.com XSS vulnerability

Vulnerable URL: http://oilprice.com/market-intelligence/signup Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 19:05 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 23716 VIP website status:| Yes Check...

Pornhub: XSS Vulnerability at https://www.pornhubpremium.com/premium_signup? URL endpoint

The researcher discovered an XSS-vulnerable parameter at the premiumsignup endpoint...

signup.zebra.com XSS vulnerability

Vulnerable URL: https://signup.zebra.com/register.html?appId=%22%3E%3Csvg/onload=alert%27OPENBUGBOUNTY%27%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...

DEBIAN-CVE-2017-5493

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...

CVE-2017-5493

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...

UBUNTU-CVE-2017-5493

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...

secure.docusign.com XSS vulnerability

Vulnerable URL: https://secure.docusign.com/signup/free?tgr=com-freeplan-netlogincouponcode=%22%3E%3Csvg/onload=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VI...

New Relic: Moniter Failed Sends too many emails

Hello, While i was testing your program i found one vulnerabilty in your program, Steps To Reproduce 1. Go here https://newrelic.com/, and click on signup button. 2.Then put Javascript alert in Name field You can try any name too 3. Then put javascript:alertdocument.domain in You company field Yo...

jbvideo.com XSS vulnerability

Vulnerable URL: http://jbvideo.com/signup?vopt=alert'OPENBUGBOUNTY';...

DCFM Blog 0.9.7 Blind SQL Injection Vulnerability

DCFM Blog version 0.9.7 suffers from a remote blind SQL injection vulnerability. DCFM Blog Version 0.9.7 Blind SQL Injection Vulnerability time based-attack ================================================================================ Description ============ Open-source blog project. Free blo...

Yelp: CSRF on signup endpoint (auto-api.yelp.com)

Sign up request on https://auto-api.yelp.com/account/createsecure endpoint processes without any checking headers without cookies, csrf tokens and even user-agent. This is sample HTML form: --- Maybe when you will check it the signature will be expired, but it is not very difficult to generate th...

Brave Software: [website] Script injection in newsletter signup https://brave.com/brave_youth_program_signup.html

go to https://brave.com/braveyouthprogramsignup.html click become an ambasador insert malicious payloads in the fields YOU JUST WON 1m$ you will receive a mail like in the image attached. You can send phising emails and do other bad stuff. If you need more details i'm here...

WebSummit: Subdomain take over signup.websummit

Subdomain take over Hi, You have a subdomain aka signup.websummit.net that point to a third party service hosted on Heroku: wsv1.herokuapp.com. The nslookup command shows the DNS configuration. $ nslookup signup.websummit.net 8.8.8.8 Server: 8.8.8.8 Address: 8.8.8.853 Non-authoritative answer:...

mechaero.ir XSS vulnerability

Vulnerable URL: http://mechaero.ir/users/signup.php?utype=admin" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 4975205 VIP website status:| No Check mechaero.ir SSL connection:|...

ncsrm.shirazu.ac.ir XSS vulnerability

Vulnerable URL: http://ncsrm.shirazu.ac.ir/users/signup.php?utype=admin" Details: Description| Value ---|--- Patched:| Yes, at 24.11.2017 Latest check for patch:| 24.11.2017 18:51 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP websi...