DefacePage

Defa...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Langflow

Langflow Exploit Tool - CVE-2026-0770 📋 Table of Contents...

Deface-TOOLS-

Deface-TOOLS- 😈 DEVIL DEFACER v3.0 🔥 Tools deface paling ganas...

CVE-2021-42078

PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting XSS, as demonstrated by the /server/ajax/eventsmanager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the sit...

CVE-2020-6205

SAP NetWeaver AS ABAP Business Server Pages Smart Forms, SAPBASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content...

Bangladeshi Hackers Deface India’s Zee Media Website for Mocking Floods

Bangladeshi hackers "SYSTEMADMINBD" defaced Zee Medias website, accusing them of mocking the situation in Bangladesh amid severe flooding.…...

Cross-site Scripting (XSS)

microweber/microweber is vulnerable to cross-site scripting. An attacker is able to inject malicious script via productKeyword parameter, allowing an attacker to deface website and steal cookie...

Code injection

DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...

Design/Logic Flaw

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device...

Cross-site Scripting (XSS) - Reflected

Description The endpoint https://demo.microweber.org/demo/admin/post/id/edit is vulnerable to cross site scripting. The "Edit source" field is affected. Proof of Concept 1. Login into https://demo.microweber.org 2. Navigate to https://demo.microweber.org/demo/admin/post/25/edit 3. click EditSourc...

Cross-site Scripting (XSS) - Reflected

Description Hi, The endpoint https://demo.microweber.org/demo/admin/page is vulnerable to Cross Site Scripting. Proof of Concept 1. just navigate to the poc url:...

Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki

Description Another low-severity CSRF last one, I think. identified on styling page Proof of Concept Requests to the following endpoint used by admins to edit template styling settings do not contain sectok CSRF token POST /doku.php?id=start&do=admin&page=styling Impact This vulnerability is...

CVE-2021-42078

PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting XSS, as demonstrated by the /server/ajax/eventsmanager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the sit...

Froala 3.2.6-1 Cross Site Scripting Vulnerability

Exploit Title: Stored XSS and Html Code Injection Editor Froala Version 3.2.6-1 Author: Vincent666 ibn Winnie Software Link: https://froala.com/wysiwyg-editor/ Tested on: Windows 10 Web Browser: Mozilla Firefox My Youtube Channel: https://www.youtube.com/channel/UCZOWpC2dW9sipPq5z63C2rQ PoC: In t...

5M WordPress Sites Running 'Contact Form 7' Plugin Open to Attack

A patch for the popular WordPress plugin called Contact Form 7 was released Thursday. It fixes a critical bug that allows an unauthenticated adversary to takeover a website running the plugin or possibly hijack the entire server hosting the site. The patch comes in the form of a 5.3.2 version...

Hackers hit Reddit; deface 70+ Subreddits with Pro-Trump messages

By Sudais Asif Before Reddit, in June 2020, more than 1,150 Roblox accounts were also hacked with pro-Trump content. This is a post from HackRead.com Read the original post: Hackers hit Reddit; deface 70+ Subreddits with Pro-Trump messages...

RiskAssessmentFramework - Static Application Security Testing

The OWASP Risk Assessment Framework consist of Static application security testing and Risk Assessment tools, Eventhough there are many SAST tools available for testers, but the compatibility and the Environement setup process is complex. By using OWASP Risk Assessment Framework's Static...

Shell Backdoor List - PHP / ASP Shell Backdoor List

What is a shell backdoor ? A backdoor shell is a malicious piece of code e.g. PHP, Python, Ruby that can be uploaded to a site to gain access to files stored on that site. Once it is uploaded, the hacker can use it to edit, delete, or download any files on the site, or upload their own. How to...

Iranian hackers deface US government & African bank website

By Waqas Iranian hackers are back in action and this time they have found targets in the US and Africa. Here's what happened: This is a post from HackRead.com Read the original post: Iranian hackers deface US government & African bank website...

Pure Blood v2.0 - A Penetration Testing Framework Created For Hackers / Pentester / Bug Hunter

A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter. Web Pentest / Information Gathering: Banner Grab Whois Traceroute DNS Record Reverse DNS Lookup Zone Transfer Lookup Port Scan Admin Panel Scan Subdomain Scan CMS Identify Reverse IP Lookup Subnet Lookup Extract Page...