Stored Cross-site Scripting (XSS) leads to Account Takeover

🔒️ Requirements - Be able to edit or create documents. - Click of a user on the link. 📝 Description The markdown's link creation feature does not properly sanitize url input, which allows to use error event to execute javascript. Furthermore, due to a lack of HttpOnly flag on sessions cookie, it i...

Acronis: Session Fixation on Acronis

Hi there, The application does not set a new Session ID in the cookie after what appears to be an authentication attempt by the user. If this was a successful login and the Session IDs are stored in cookies then this application is affected by Session Fixation vulnerability. Steps To Reproduce...

SharpChromium - .NET 4.0 CLR Project To Retrieve Chromium Data, Such As Cookies, History And Saved Logins

SharpChromium is a .NET 4.0+ CLR project to retrieve data from Google Chrome, Microsoft Edge, and Microsoft Edge Beta. Currently, it can extract: Cookies in JSON format History with associated cookies for each history item Saved Logins Note: All cookies returned are in JSON format. If you have th...

Web-Fu - Chrome extension for pentesting web applications

Chrome extension for pentesting web applications. Web-fu Is a web hacking tool focused on discovering and exploiting web vulnerabilitites. Is a Browser embedded webhacking tool. Some tools, doesn't support certifiacte auhtentication or web vpn accesses. If the browser can authenticate on the...

Paddelberg Topsite Script Authentication Bypass Vulnerability

No description provided by source. Exploit Title: Paddelberg's topsite-script admin auth bypass. Google Dork: intext:powered by php scripte webmaster resource Date: 8. 1. 2012 Author: Christian Inci Software Link: http://www.paddelberg.de/gratis-toplisten-script/gratis-download/ Version: = 1.23 2...

Paddelberg Topsite Script - Authentication Bypass

Paddelberg Topsite Script - Authentication Bypass Exploit Title: Paddelberg's topsite-script admin auth bypass. Google Dork: intext:"powered by php scripte webmaster resource" Date: 8. 1. 2012 Author: Christian Inci Software Link: http://www.paddelberg.de/gratis-toplisten-script/gratis-download/...

Paddelberg Topsite Script - Authentication Bypass

Exploit Title: Paddelberg's topsite-script admin auth bypass. Google Dork: intext:"powered by php scripte webmaster resource" Date: 8. 1. 2012 Author: Christian Inci Software Link: http://www.paddelberg.de/gratis-toplisten-script/gratis-download/ Version: = 1.23 22. 9. 2007 Tested on: 1.23 Vendor...

arcade-sql.txt

--==+================================================================================+==-- --==+ Game Portal Manager v1.7 SQL Injection Vulnerability +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE:...

Vz (Adp) Forum 2.0.3 Remote Password Disclosure Vulnerablity

No description provided by source. SvADP Forum 2.0.3 Remote Password Disclosure Vulnerablity S.name:ADP Forum Affected version:2.0.3 Download&Demo:http://www.linux.it/fedro/index.php?pag=scripts&lang=en Risk:Very Highly Critical Author:Dr Max Virus Location:Egypt POC:...

Vz (Adp) Forum 2.0.3 - Remote Password Disclosure

Vz Adp Forum 2.0.3 - Remote Password Disclosure SvADP Forum 2.0.3 Remote Password Disclosure Vulnerablity S.name:ADP Forum Affected version:2.0.3 Download&Demo:http://www.linux.it/fedro/index.php?pag=scripts&lang=en Risk:Very Highly Critical Author:Dr Max Virus Location:Egypt POC:...

P-News 1.161.17 - user.dat Remote Password Disclosure

P-News 1.161.17 - user.dat Remote Password Disclosure P-News user.datRemote Password Disclosure Vulnerablity S.name:P-News Affected versions:1.17 and 1.16 Vendor:www.ppopn.net Risk:Very Highly Critical Author:Dr Max Virus Location:Egypt POC: http:/target/path/db/user.dat As We see Admin name and...

Vz (Adp) Forum 2.0.3 Remote Password Disclosure Vulnerablity

Exploit for unknown platform in category web applications ============================================================ Vz Adp Forum 2.0.3 Remote Password Disclosure Vulnerablity ============================================================ SvADP Forum 2.0.3 Remote Password Disclosure Vulnerablity...

Sv(ADP) Forum 2.0.3 Remote Password Disclosure Vulnerablity

SvADP Forum 2.0.3 Remote Password Disclosure Vulnerablity S.name:ADP Forum Affected version:2.0.3 Download&Demo:http://www.linux.it/fedro/index.php?pag=scripts&lang=en Risk:Very Highly Critical Author:Dr Max Virus Location:Egypt POC: http:/target/path/users/admin.txt As We see Admin name and hash...

XSS with Vbulletin (new idea !)

Author : Ashraf Morad Contact : [email protected] XSS with vBulletin Attachments supported , SWF is a valid extension ! Materials : -Any SWF file with an actionscript frame : ActionScript Code : getURL"javascript:function blabvar scriptNode =...

ASP-Nuke Community 1.5 - Cookie Privilege Escalation

ASP-Nuke Community 1.5 - Cookie Privilege Escalation Title : ASP-Nuke Community Find cookie informations. Change Informations= Cookie Informations: ASPNUKE14%5Fpseudoname , pseudoname = "Welcome USERNAME" see for ASPNUKE14%5Fpseudo , pseudo = Login UserName ASPNUKE14%5Fpseudoid , pseudoid = UserI...

ASP-Nuke Community 1.5 - Cookie Privilege Escalation

Title : ASP-Nuke Community Find cookie informations. Change Informations= Cookie Informations: ASPNUKE14%5Fpseudoname , pseudoname = "Welcome USERNAME" see for ASPNUKE14%5Fpseudo , pseudo = Login UserName ASPNUKE14%5Fpseudoid , pseudoid = UserId ASPNUKE14%5Femail , email = User Email Save and go ...