Pornhub: Blind SQL injection and making any profile comments from any users to disappear using "like" function (2 in 1 issues)

Researcher found a blind SQL injection in the profile comment Like functionality, executing on the second request made for a given comment dislikes. Summary The injection was found manually, used discovery methods are basically the same as described in this awesome article by @gerbenjavado:...

CVE-2010-5005

Cross-site scripting XSS vulnerability in members/profileCommentsResponse.php in Rayzz Photoz allows remote attackers to inject arbitrary web script or HTML via the profileCommentTextArea parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third...