Stripe: CSRF in Importing CSV files [app.taxjar.com]

A CSRF vulnerability was found in the CSV import feature of app.taxjar.com, allowing an attacker to import transactions into a user's account without their permission. The vulnerability was due to a lack of CSRF protection in the import process...

CS Money: Blind XSS on image upload

Summary: - The CSRF vulnerability make a request for support.cs.money/uploadfile; This uploadfile does not have csrf token/ origin/ reference verification! - The XSS allows to execute JS. The payload of the XSS stay in the param 'filename' of the CSRF request. Steps To Reproduce: XSS - use a prox...

XSS'OR - Hack with JavaScript

XSS'OR is a free online tool for hacking with JavaScript. It contains three major modules: 1. Encode/Decode The Encode/Decode module, including: front-end encryption and decryption; code compression, decompression, beautification, the implementation of testing; character set conversion, hash...

IP Board 3.x - CSRF Token hjiacking

No description provided by source. Title: IP Board 3.x CSRF - Token hjiacking Date: 03.09.14 Version: = 3.4.6 Vendor: invisionpower.com Author: Piotr S. Video-PoC: https://www.youtube.com/watch?v=G5P21TA4DjY 1 Introduction Latest and propabbly previous IPB verions suffers on vulnerability, which...

IP Board 3.x CSRF Token Theft

Title: IP Board 3.x CSRF - Token hjiacking Date: 03.09.14 Version: = 3.4.6 Vendor: invisionpower.com Author: Piotr S. Video-PoC: https://www.youtube.com/watch?v=G5P21TA4DjY 1 Introduction Latest and propabbly previous IPB verions suffers on vulnerability, which allows attacker to steal CSRF token...

vOlk Botnet Framework v4.0 Multiple Vulnerabilities

Exploit for php platform in category web applications Title: ====== vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities Introduction: ============= vOlk-Botnet v4.0 is a remote administration tool, its main function is to manage the HOSTS file of the windows operating systems The code creat...