WUZHI CMS 4.1.0 - form[qq_10] Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: WUZHI CMS 4.1.0 XSS Vulnerability Exploit Author: jiguang email protected Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10313 An issue was...

WUZHI CMS 4.1.0 - tag[pinyin] Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: WUZHI CMS 4.1.0 XSS Vulnerability Exploit Author: jiguang email protected Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10311 An issue was...

Wuzhi CMS 4.1.0 Cross Site Scripting

Exploit 1 of 2: Exploit Title: WUZHI CMS 4.1.0 XSS Vulnerability Date: 2018-4-23 Exploit Author: jiguang [email protected] Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10313 An issue was discovered in WUZHI CMS...

WUZHI CMS 4.1.0 - 'form[qq_10]' Cross-Site Scripting

Exploit Title: WUZHI CMS 4.1.0 XSS Vulnerability Date: 2018-4-23 Exploit Author: jiguang [email protected] Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10313 An issue was discovered in WUZHI CMS 4.1.0...

WUZHI CMS 4.1.0 - tag[pinyin] Cross-Site Scripting

WUZHI CMS 4.1.0 - tagpinyin Cross-Site Scripting Exploit Title: WUZHI CMS 4.1.0 XSS Vulnerability Date: 2018-4-23 Exploit Author: jiguang [email protected] Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10311 An...

WUZHI CMS 4.1.0 - 'tag[pinyin]' Cross-Site Scripting

Exploit Title: WUZHI CMS 4.1.0 XSS Vulnerability Date: 2018-4-23 Exploit Author: jiguang [email protected] Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10311 An issue was discovered in WUZHI CMS 4.1.0...

WUZHI CMS 4.1.0 - form[qq_10] Cross-Site Scripting

WUZHI CMS 4.1.0 - formqq10 Cross-Site Scripting Exploit Title: WUZHI CMS 4.1.0 XSS Vulnerability Date: 2018-4-23 Exploit Author: jiguang [email protected] Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10313 An...

Slack: Access of Android protected components via embedded intent

@bagipro found a vulnerability wherein a malicious and unprivileged app on the victim's phone could interact with any activity in the Slack Android app, allowing manipulation of the app in unintended ways. Thanks for the finding @bagipro! I found the following code inside com.Slack.ui.HomeActivit...

PortSwigger Web Security: Order-phishing via Payment ID URL

Hello. I discovered the endpoint, which allows the attacker conduct the fishing attack to other users and they can pay for attacker's order. Why this can happen? On the site, order id parameter sends to the https://portswigger.net/CCPayment.aspx as POST, but attacker can append it as GET and it...