Blizard BB 1.7 (privtmsg) MD5 Hash Retrieve Blind sql injection Exploit

Exploit for php platform in category web applications !/usr/bin/perl ------------------------------------------------------------------------ + Blizard BB 1.7 privtmsg MD5 Hash Retrieve blind sql injection ------------------------------------------------------------------------ Discovered by Juri...

TI Online Examination System 2.0 Admin Password Changer Exploit

Exploit for php platform in category web applications !/usr/bin/perl ------------------------------------------------------------------------ + TI Online Examination System 2.0 Admin Password Changer Exploit ------------------------------------------------------------------------ Discovered by Ju...

CVE-2016-4316

Multiple cross-site scripting XSS vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the 1 setName parameter to identity-mgt/challenges-mgt.jsp; the 2 webappType or 3 httpPort parameter to webapp-list/webappinfo.jsp; the 4 dsName or 5 descriptio...

OLX: Public Vulnerable Version of Confluence https://confluence.olx.com

The public server is vulnerable to Insecure Direct Object Reference, allowing any authenticated user to read configuration files from the application such as the content of webapp directory in confluence. Link to the public issue: https://jira.atlassian.com/browse/CONF-39704 PoC: GET:...

TI Online Examination System 2.0 Admin Login Bypass Vulnerability

Exploit for php platform in category web applications --------------------------------------------------------------------------------------- + TI Online Examination System = 2.0 sql injection Admin Login Bypass -------------------------------------------------------------------------------------...

Posnic 1.03 Unauthorized Password Recovery Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------- + Posnic 1.03 forgetpass.php Unauthorized Password Recovery ------------------------------------------------------------------------ Discovered by Juri Gianni -...

My Photo Gallery 1.0 SQL Injection / Unauthorized Login Vulnerabilities

Exploit for php platform in category web applications ------------------------------------------------------------------------- + My Photo Gallery 1.0 SQL Injection / Unauthorized Login ------------------------------------------------------------------------ Discovered by Juri Gianni - Turin,Ital...

arxius: XSS in content type header when uploading file.

Hello. First of all I wish you good luck securing your site, as far as I can tell, your site is secured, and this bug is minor. It affects the content type header, when a file with an invalid content-type is uploaded, the value of the content-type file header is echoed back without any filtering...

LocalTapiola: SQL Injection /webApp/cancel_iltakoulu regId parameter (viestinta.lahitapiola.fi)

Basic report information Summary: There is a SQL Injection vulnerability on http://viestinta.lahitapiola.fi/webApp/canceliltakoulu?regId=478836614&locationId=464559674 Domain: viestinta.lahitapiola.fi Steps To Reproduce: Tested on sqlmap framework with following command: ./sqlmap.py -u...

LocalTapiola: Sql injection on /webApp/sijoituswebinaari (viestinta.lahitapiola.fi)

Issue The reporter found a blind SQL Injection attack in an application in viestinta.lahitapiola.fi. Fix The issue was investigated and found to be valid. The fix was to remove the application as it was not needed. Reasoning The reported case was valid and within the scope of the bug bounty...

PHPMailer / Zend-mail / SwiftMailer Remote Code Execution

!/usr/bin/python intro = """\03394m / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // PHPMailer / Zend-mail / SwiftMailer - Remote Code Execution Exploit a.k.a "PwnScriptum" CVE-2016-10033 + CVE-2016-10045 +...

secure.madametussauds.com XSS vulnerability

Open Bug Bounty ID: OBB-200880 Description| Value ---|--- Affected Website:| secure.madametussauds.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Netgear R7000 - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Netgear R7000 - XSS via. DHCP hostname Date: 11-12-2016 Exploit Author: Vincent Yiu Contact: https://twitter.com/vysecurity Vendor Homepage: https://www.netgear.com/ Category: Hardware / WebApp Version: V1.0.7.21.1.93 +...

webapp.mis.vanderbilt.edu XSS vulnerability

Vulnerable URL: https://webapp.mis.vanderbilt.edu/olga/?appealCode="// Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...

LocalTapiola: Multiple Reflected XSS /webApp/lahti (viestinta.lahitapiola.fi)

Vulnerable script: /webApp/lahti Vulnerable parameters: ctxvarshtml, ctxvarszoom, ctxvarsLat, ctxvarsLng PoC 1 html parameter https://blackfan.ru/localtapiola4567uytr567tre4567ytr/poc1html.html Result: html alertdocument.location PoC 2 zoom parameter...

LocalTapiola: SQL Injection /webApp/sijoitustalous_peruutus locId parameter (viestinta.lahitapiola.fi)

Vulnerable script: /webApp/sijoitustalousperuutus Vulnerable parameter: locId Database: PostgreSQL PoC 1. TRUE, substrversion,1,10='PostgreSQL', Result: Ilmoittaumisesi on peruttu...

LocalTapiola: HTML Injection in email /webApp/lahti (viestinta.lahitapiola.fi)

Steps to reproduce 1. Open link http://viestinta.lahitapiola.fi/webApp/lahti 2. Set "Etunimi" Welcome 3. Set "Sähköposti" to victim email 4. Other fields may be arbitrary 5. Submit form F134348 Result Victim receive an email from [email protected] which contains a link to a...

webapp.seo-magic.it XSS vulnerability

Vulnerable URL: http://webapp.seo-magic.it/modules/projectnumber/?jsoncallback=prompt/OPENBUGBOUNTY/...

SweetRice 1.5.1 - Arbitrary File Upload

SweetRice 1.5.1 - Arbitrary File Upload /usr/bin/python -- Coding: utf-8 -- Exploit Title: SweetRice 1.5.1 - Unrestricted File Upload Exploit Author: Ashiyane Digital Security Team Date: 03-11-2016 Vendor: http://www.basic-cms.org/ Software Link:...

SweetRice 1.5.1 - Arbitrary File Upload

/usr/bin/python -- Coding: utf-8 -- Exploit Title: SweetRice 1.5.1 - Unrestricted File Upload Exploit Author: Ashiyane Digital Security Team Date: 03-11-2016 Vendor: http://www.basic-cms.org/ Software Link: http://www.basic-cms.org/attachment/sweetrice-1.5.1.zip Version: 1.5.1 Platform: WebApp -...