Endless Group: XSS on https://fax.pbx.itsendless.org/ (CVE-2017-18024)

Summary: Hello Endless Hosting, I found an XSS on https://fax.pbx.itsendless.org/ . This domain running an AvantFax software 3.3.6 However, the exploit of CVE-2017-18024 for version 3.3.3 is working on that version. Here is the exploit code of CVE-2017-18024 history.pushState'', '', '/'...

Endless Group: CVE-2017-8779 exploit on open rpcbind port could lead to remote DoS

Summary: An open rpcbind port on https://da.theendlessweb.com allows for possible exploitation by an existing Metasploit module. This could lead to large and unfreed memory allocations for XDR strings. Description: Port scanning on 149.56.38.19 which is the IP of https://da.theendlessweb.com show...

Endless Group: Modify Host Header which is sent to email

Summary: Modify host header and include the fake website in password reset email. Password reset mail is taking source domain from request header host, which can be modified using burp suite and the modified link is sent to the victims email Steps To Reproduce: 1. Go to...