Lucene search
K

48 matches found

Hacker One
Hacker One
added 2018/07/17 2:32 p.m.88 views

Semrush: Stored XSS in '' Section and WAF Bypass

Summary Stored Cross-site Scripting XSS is the most dangerous type of Cross Site Scripting. Web applications that allow users to store data are potentially exposed to this type of attack. stored XSS occurs when a web application gathers input from a user which might be malicious, and then stores...

5.7AI score
Exploits0
Hacker One
Hacker One
added 2018/07/02 1:44 p.m.187 views

Semrush: Post Based XSS On Upload Via CK Editor [semrush.com]

Summary: XSS Via Post Method When Upload via CKEditor Description: This XSS is execute by error message when upload some image on https://www.semrush.com/my-posts/api/image/upload/?CKEditor=text&CKEditorFuncNum=0&langCode=en Browsers Verified In: Firefox Steps To Reproduce: - This is POST based...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2018/02/21 5:57 p.m.57 views

Semrush: clickjacking to Semrush auth login

Description: Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on. this attack could be perform to semrush auth user because its direct...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2018/02/16 8:24 a.m.21 views

Semrush: Ad Builder Display Ads Path Traversal

Summary: The Semrush Ad Builder for Display Ads is vulnerable to path traversal when extracting zip files and referencing images from the embedded data.csv file. Description: The Semrush Ad Builder for Display Ads allows users to import Display Ads from an uploaded zip file. The backend...

7AI score
Exploits0
Hacker One
Hacker One
added 2018/02/10 7:34 p.m.26 views

Semrush: [oauth token leak] at oauth.semrush.com

Domain, site, application --- oauth.semrush.com Steps to reproduce --- 1 Create following html at attacker.com/postmessage.html function listenerevent alertJSON.stringifyevent.data; var dest =...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2018/02/01 1:55 p.m.19 views

Semrush: Open Redirect

Open Redirect on https://www.semrush.com/ User can be redirect to malicious site POC: https://www.semrush.com/redirect?url=http://bing.com I hope you know the impact of open redirect and more info refer https://cwe.mitre.org/data/definitions/601.html Impact User can be redirect to malicious site...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/12/12 7:56 a.m.132 views

Semrush: Reflected XSS using Header Injection

Host : www.semrush.com Path : /billing-admin/profile/subscription/?l=de Payload : c5obc'+alert1+'p7yd5 Steps to reproduce : Request Header : GET /billing-admin/profile/subscription/?l=de HTTP/1.1 Host: www.semrush.com Accept: / Accept-Language: en User-Agent: Mozilla/5.0 compatible; MSIE 9.0;...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2017/10/31 10:4 p.m.59 views

Semrush: Insecure Direct Object Reference on API without API key

Summary: It is possible to query the semrush API without specifying an API key. This allows anyone to query the API and retrieve information without having paid for a subscription. This is not a security vulnerability as such, but I believe it does undermine your business model in that a user doe...

6.2AI score
Exploits0
Rows per page
Query Builder