xss-payloads

xss cheatsheet - xss Portswiggerhttps://portswigge...

PortSwigger-DirectroyTraversal

PortSwigger Lab: File Path Traversal Non-Recursive Strip Bypa...

Portswigger-Lab-SQLI-4

PortSwigger Web Security Academy Lab Report: SQL Injection Att...

XSS-cheat-sheet-txt-dictionary-by-PortSwigger

XSS cheat sheet dictionary by PortSwigger PortSwigger diction...

portswigger-labs-writeups

portswigger-labs-writeups Complete writeups for P...

Gitbook

Personal Pentesting Knowledge Base 👋 Welcome! This reposit...

UP-RESULT PRO 1.0 SQL Injection

Titles: UP-RESULTpro-1.0 Multiple-SQLi Author: nu11secur1ty Date: 10/28/2024 Vendor: https://mayurik.com/ Software: https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download Reference:...

Human Resource Management System 2024 1.0 SQL Injection

Title: hrm2024.1.0-Multiple-SQLi Author: nu11secur1ty Date: 04/02/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Reference: https://portswigger.net/web-security/sql-injection...

Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials

The CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard "" while also having the Access-Control-Allow-Credentials set to true...

WEBIGniter 28.7.23 Cross Site Scripting

Exploit Title: WEBIGniter v28.7.23 Stored Cross Site Scripting XSS Exploit Author: Sagar Banwa Date: 19/10/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/cross-site-scripting Tested on: Windows 10/Kali Linux CVE :...

XoopsCore25 2.5.11 Cross Site Scripting

Title: XoopsCore25-2.5.11-XSS-Reflected Author: nu11secur1ty Date: 02/12/2024 Vendor: https://xoops.org/ Software: https://github.com/XOOPS/XoopsCore25/releases/tag/v2.5.11 Reference: https://portswigger.net/kb/issues/00200300cross-site-scripting-reflected Description: The value of the yname...

TASKHUB-2.8.8 - XSS-Reflected

Title: TASKHUB-2.8.8-XSS-Reflected Author: nu11secur1ty Date: 09/22/2023 Vendor: https://codecanyon.net/user/infinitietech Software: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Reference: https://portswigger.net/web-security/cross-site-scripting Description: T...

101 News 1.0 - Multiple-SQLi

Title: 101 News-1.0 Multiple-SQLi Author: nu11secur1ty Date: 09/16/2023 Vendor: https://mayurik.com/ Software: https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html Reference: https://portswigger.net/web-security/sql-injection Description: The searchtitle...

osCommerce 4.13-60075 Shell Upload

Title: osCommerce 4.13-60075 File-Upload-RCE Author: nu11secur1ty Date: 12/14/2023 Vendor: https://www.oscommerce.com/ Software: https://www.oscommerce.com/download-file Reference: https://portswigger.net/web-security/file-upload Description: The parameter "icon-pencil" in the upload-file...

PortSwigger Web Security: CSP bypass on PortSwigger.net using Google script resources

A cross-site scripting vulnerability was discovered on PortSwigger.net. The site's content security policy allowed resources from Google's reCAPTCHA domain, which contains AngularJS. This could be abused to bypass the CSP and load arbitrary scripts from other domains. The issue allowed an attacke...

inTouch 1.0 File Upload - Remote Code Execution Vulnerability

Title: inTouch-1.0 File Upload - RCE Author: nu11secur1ty Vendor: https://codecanyon.net/user/media-city Software: https://codecanyon.net/item/intouch-laravel-support-ticket-management-system/35177425?srank=2 Reference: https://portswigger.net/web-security/file-upload,...

WEBIGniter 28.7.23 Shell Upload

Title: WEBIGniter-28.7.23 File Upload - RCE Author: nu11secur1ty Date: 09/04/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/file-upload Description: The media function suffers from file upload vulnerability. The attacker...

GaanaGawaana Music Platform PHP Script 1.0 Cross Site Scripting / SQL Injection Vulnerabilities

Title: GaanaGawaana - Music Platform PHP Script-1.0 XSS-Reflected and SQLi Vulnerability Author: nu11secur1ty Vendor: https://www.codester.com/ Software: https://www.codester.com/items/27270/gaanagawaana-music-platform-php-script Reference XSS:...

Purchase Order Management 1.0 SQL Injection

Title: Purchase Order Management-1.0 - SQLi Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html Reference:...

Purchase Order Management 1.0 Cross Site Scripting Vulnerability

Purchase Order Management version 1.0 appears to suffer from a cross site scripting vulnerability due to printing errors with a malicious password payload. Title: Purchase Order Management-1.0 - XSS-Reflected - Information-gathering Author: nu11secur1ty Vendor:...