12 matches found
Harvard.edu Local File Inclusion
Hey, I've tried reporting issues to Harvard University tons of times in the past but they rarely respond and even more rarely commend researchers for finding vulnerabilities so I decided that full-disclosure was the way to get Harvard off of their crimson asses and patch this vulnerability. PoC...
Zendesk Multiple Vulnerabilities
Exploit for multiple platform in category web applications ================================ Zendesk Multiple Vulnerabilities ================================ /????????????????????????????????\ :Zendesk Multiple Vulnerabilities : / /Discovered By: \ |Luis Santana | / Overview ?????????? Luis...
Unfixed XSS vulnerability at thevault.stridegum.com
Security researcher Luis Santana, has submitted on 08/04/2010 a cross-site-scripting XSS vulnerability affecting thevault.stridegum.com, which at the time of submission ranked 279882 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/07/2010. I...
WebsiteBaker 2.8.1 - Cross-Site Request Forgery
WebsiteBaker 2.8.1 - Cross-Site Request Forgery Author: Luis Santana Software Link: http://www.websitebaker2.org/modules/downloadgallery/dlc.php?file=88&id=1269641667 Version: 2.8.1 Tested on: All Code : http://hacktalk.net/exploits/websitebakercsrfPOC.zip The full advisory can be found at...
WebsiteBaker 2.8.1 CSRF Vulnerability
Exploit for php platform in category web applications ===================================== WebsiteBaker 2.8.1 CSRF Vulnerability ===================================== Author: Luis Santana Software Link: http://www.websitebaker2.org/modules/downloadgallery/dlc.php?file=88&id=1269641667 Version:...
WebsiteBaker 2.8.1 - Cross-Site Request Forgery
Author: Luis Santana Software Link: http://www.websitebaker2.org/modules/downloadgallery/dlc.php?file=88&id=1269641667 Version: 2.8.1 Tested on: All Code : http://hacktalk.net/exploits/websitebakercsrfPOC.zip The full advisory can be found at http://hacktalk.net/exploits/websitebakerCSRF.txt...
Limny 2.0 - Cross-Site Request Forgery (Change Email and Password)
Limny 2.0 - Cross-Site Request Forgery Change Email and Password /¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\ :Limny 2.0 Change Pass CSRF : / /Discovered By: \ |Luis Santana | / Overview ¯¯¯¯¯¯¯¯¯¯ The Limny 2.0 CMS is vulnerable to a Cross-Site-Request Forgery exploit which allows for a malicious attacker to...
Limny 2.0 - Cross-Site Request Forgery (Create Admin User)
Limny 2.0 - Cross-Site Request Forgery Create Admin User /¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\ :Limny 2.0 CSRF : / /Discovered By: \ |Luis Santana | / Overview ¯¯¯¯¯¯¯¯¯¯ The Limny 2.0 CMS is vulnerable to a Cross-Site-Request Forgery exploit which allows for a malicious attacker to create their own...
Limny v2.0 Change Email and Password CSRF Exploit
Exploit for unknown platform in category web applications ================================================= Limny v2.0 Change Email and Password CSRF Exploit ================================================= /????????????????????????????\ :Limny 2.0 Change Pass CSRF : / /Discovered By: \ |Luis...
Limny v2.0 Create Admin User CSRF Exploit
Exploit for unknown platform in category web applications ========================================= Limny v2.0 Create Admin User CSRF Exploit ========================================= /????????????????????????????\ :Limny 2.0 CSRF : / /Discovered By: \ |Luis Santana | / Overview ?????????? The...
Limny 2.0 - Cross-Site Request Forgery (Change Email and Password)
/¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\ :Limny 2.0 Change Pass CSRF : / /Discovered By: \ |Luis Santana | / Overview ¯¯¯¯¯¯¯¯¯¯ The Limny 2.0 CMS is vulnerable to a Cross-Site-Request Forgery exploit which allows for a malicious attacker to change the password, and email address, of any user, including...
Limny 2.0 - Cross-Site Request Forgery (Create Admin User)
/¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\ :Limny 2.0 CSRF : / /Discovered By: \ |Luis Santana | / Overview ¯¯¯¯¯¯¯¯¯¯ The Limny 2.0 CMS is vulnerable to a Cross-Site-Request Forgery exploit which allows for a malicious attacker to create their own administrator user. Product Information ¯¯¯¯¯¯¯¯¯¯...