X (Formerly Twitter): SSRF in https://cards-dev.twitter.com/validator

Hello, After my previous report 2 years ago https://hackerone.com/reports/30860 you fixed the vulnerability, but now it looks like this fix was reverted and the same problem exists again. Test scenario: Open https://cards-dev.twitter.com/validator 1. Closed port on localhost http://0.0.0.0:123 -...

BigTree CMS 4.2.13 Cross Site Request Forgery

-------------------------- - Exploit Title : bigtree cms CSRF Exploit - Author : Ashiyane Digital Security Team - Vendor Homepage: https://www.bigtreecms.org/ - Software Link: - https://www.bigtreecms.org/ajax/download-installer/?installer=53 - Version : 4.2.13 - Date: 26-10-2016 - Tested On :...

APT2 - Automated Penetration Toolkit

This tool will perform an NMap scan, or import the results of a scan from Nexpose, Nessus, or NMap. The processesd results will be used to launch exploit and enumeration modules according to the configurable Safe Level and enumerated service information. All module results are stored on localhost...

Windows/x86 - localhost Port Scanner Shellcode (556 bytes)

/ Title : Windows x86 localhost port scanner shellcode Date : 29-07-2016 Author : Roziul Hasan Khan Shifat Tested on : Windows 7 x86 starter / / Disassembly of section .text: 00000000 : 0: 31 db xor %ebx,%ebx 2: 64 8b 43 30 mov %fs:0x30%ebx,%eax 6: 8b 40 0c mov 0xc%eax,%eax 9: 8b 70 14 mov...

Python urllib HTTP Header Injection

Python's built-in URL library "urllib2" in 2.x and "urllib" in 3.x is vulnerable to protocol stream injection attacks a.k.a. "smuggling" attacks via the http scheme. If an attacker could convince a Python application using this library to fetch an arbitrary URL, or fetch a resource from a malicio...

Viart Shopping Cart 5.0 - Cross-Site Request Forgery Arbitrary File Upload

Viart Shopping Cart 5.0 - Cross-Site Request Forgery Arbitrary File Upload function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "http://localhost/admin/adminfmuploadfiles.php", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...

ArticleSetup 1.00 - Cross-Site Request Forgery (Change Admin Password)

Exploit for php platform in category web applications 0day.today 2018-03-05...

GitLab: SSRF when importing a project from a git repo by URL

Fixed in 8.17.4, 8.16.8, and 8.15.8 SSRF when importing a project from a Repo by URL GitLab instances that have enabled project imports using "Repo by URL" were vulnerable to Server-Side Request Forgery attacks. By specifying a project import URL of localhost an attacker could target services tha...

Exponent CMS 2.3.5 File Upload Cross Site Scripting

CVE-2015-8684 - Exponent CMS 2.3.5 File Upload Cross Site Scripting Vulnerability Product : Exponent CMS CVE : CVE-2015-8684 Author : Sachin Wagh Affected Version : Exponent CMS 2.3.5 Fixed Version: Exponent CMS 2.3.7 ============================================================================...

Exponent CMS 2.3.5 Cross Site Scripting

CVE-2015-8667 - Exponent CMS 2.3.5 Multiple Cross Site Scripting Vulnerabilities Product : Exponent CMS CVE : CVE-2015-8667 Author : Sachin Wagh Affected Version : Exponent CMS 2.3.5 Fixed Version: Exponent CMS 2.3.7 ============================================================================...

New Relic: Server Side Browsing - localhost open port enumeration

Hi again to all, I've found that is possible to scan all the open ports and network information of internal instances of your amazon DC that are related with synthetics monitors. NOTE: I do not have a pro account so I can use the more advanced synthetics functions or the Insights db query to get...

Kaltura Community Edition 11.1.0-2 Code Execution / File Upload / File Read

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Kaltura Community Edition Multiple Vulnerabilities Affected versions: Kaltura Community Edition =11.1.0-2 PDF:...

Acunetix WVS 10 - Local Privilege Escalation

Acunetix WVS 10 - Local Privilege Escalation ''' ======================================================================== Acunetix WVS 10 - from guest to Sytem Local privilege escalation CVE: CVE-2015-4027 Author: me Daniele Linguaglossa Affected Product: Acunetix WVS 10 Exploit: Local privilege...

SSL and TLS protocol test suite and fuzzer: tlsfuzzer

tlsfuzzer is a combination of TLS test framework, ready-to-use tests and hopefully in the future a fuzzer for TLS protocol. The aim is to have ability to test TLS implementation everywhere a fairly recent version of Python can run 2.6, 3.2 or later. Current implementation efforts focus on testing...

OS X Install.framework suid root Runner Binary Privilege Escalation Vulnerability

Exploit for macOS platform in category local exploits Source: https://code.google.com/p/google-security-research/issues/detail?id=478 The Install.framework runner suid root binary does not correctly account for the fact that Distributed Objects can be connected to by multiple clients at the same...

Microweber 1.0.3 - Arbitrary File Upload Filter Bypass PHP Remote Code Execution

Microweber 1.0.3 - Arbitrary File Upload Filter Bypass PHP Remote Code Execution Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution Vendor: Microweber Team Product web page: http://www.microweber.com Affected version: 1.0.3 Summary: Microweber is an open source drag and drop...

cups: cross-site scripting flaw in CUPS web UI (VU#810572)

A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface...

Send-Only Postfix Server

Postfix is an MTA Mail Transfer Agent, an application used to send and receive email. In this tutorial, we will install and configure Postfix so that it can be used to send emails by local applications only. Why would you want to do that? If you’re already using a third-party email provider for...

Phabricator: SSRF vulnerability (access to metadata server on EC2 and OpenStack)

In bug 50537, haquaman reported a SSRF vulnerability in the meme creation section of Phabricator. Ticket T6755 was created and the HackerOne issue was closed as "Won't fix". T6755 states that "attackers can use the machine's ability to access the network, which may allow them to find services and...

DEBIAN-CVE-2015-2152

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by 1 setting the DISPLAY environment variable, when compiled with SDL support,...