WordPress Alemha Watermarker 1.3.1 Cross Site Scripting

Exploit Title: Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting XSS Date: 22 March 2024 Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.3.1 Proof Of Concept: 1. Click Add New Watermark and enter the XSS payload into the Watermark Text. 2. Stored XSS will...

Broken Access Control on "http://localhost/api/user" endpoint

Description Able to create an Admin account from normal User account. Steps 1.Navigate to https://localhost/. 2.Then click on login and then register, fill the form and click Register. 3.Now login with a newly created user account with intercepting the traffics in burp. 4.Turn on the burp interce...

An user can delete other user's post

Description As the title, an attacker can delete other user's post via post id can be bruteforce Here is video poc: https://drive.google.com/file/d/18QucWYwkpO9kVPMqNzSQ-ptwrZGk-UP9/view?usp=sharelink Proof of Concept DELETE /api/memo/$1026$ HTTP/2 Host: demo.usememos.com Cookie:...

Zhuhai Suny Technology ESL Tag Forgery / Replay Attacks Vulnerability

Zhuhai Suny Technology ESL Tag suffers from replay attacks and a forgery attack allowing for the displaying of arbitrary contents. ======================================================================= title: Replay attacks & Displaying arbitrary contents product: Zhuhai Suny Technology ESL Tag ...

U.S. Dept Of Defense: IDOR to Account Takeover on https://████/index.html

Hello Team! Summary: I found when you wish to update your profile on https://███████/ after your login through https://██████████/signIn/signIn.html website due to an IDOR. This IDOR gives you the opportunity to change the origin email for the registered account by changing the ID parameter on th...

HackerOne: Unicorn worker pool exhaustion by continuously updating payout preferences

please this time i hope you listen to me - please see the included video as POC - please this is not self DOS , not self DOS, not self DOS - i hope this time you find out that this is last report that i have , please see the video to the end again this is not a self DOS i have invulded one...

Dup Scout Enterprise 9.9.14 - 'Input Directory' Local Buffer Overflow

!/usr/bin/python Exploit Title : Dup Scout Enterprise v9.9.14 - 'Input Directory' Local Buffer Overflow Date : 04 Sept, 2017 Exploit Author : Touhid M.Shaikh - www.touhidshaikh.com Contact : https://github.com/touhidshaikh Vendor Homepage: http://www.dupscout.com/ Version : v9.9.14 Software Link ...

Wordpress Theagency Themes File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress Themes Theagency File Upload Vulnerability Author : Berandal Google Dork: inurl:/wp-content/themes/theagency Tested on: Win 7, Linux Blog : http://www.maxteroit.com/ Video Proof :...

Nextcloud: Missing SPF Flags on nextcloud.com

Hello NextCloud Details i just test your domain which is nextcloud.com and i surprised that i can send a legit email to a user. Impact Attacker can use this to send a Legit Email to the Victim and attacker can send a Malicious Web Links and Phishing Sites. Video Proof of Concept...

WordPress Directory Themes Arbitrary Shell Upload Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress Theme Directory Arbitrary Shell Upload Vulnerability Exploit Author : xBADGIRL21 Dork : inurl:/wp-content/themes/Directory/ Vendor Homepage : https://templatic.com/ version : 2.0.16 - 2.0.14 & maybe high or lower Test...

Joomla Threate 1.1.4 SQL Injection

Exploit Title : Joomla comthreate 1.1.4 SQL injection Exploit Author : xBADGIRL21 Dork : index.php?option=comthreate version: 1.1.4 Vendor Homepage : http://joomlic.com/ Tested on: Windows skype:xbadgirl21 Date: 2016/07/09 video Proof : https://youtu.be/WXqrK7dqGaY PoC: id= Get Parameter Vulnerab...

Veris: Unauthenticated CSRF(User can input any value for CSRF Token)

Hello Veris, I believe you have implemented CSRF token on the registration for a reason. In my research, I found that a user supplied CSRF Token would be accepted and even saved in the browser cookie and will be the set token on subsequent request. This report is limited to the Register and Login...

Shopify: Strored Cross Site Scripting

Hello , There is a stored cross site scripting at http://hardware.shopify.com . I saw that you recently fixed a bug on this sub-domain , so I'm reporting this. Video Proof of Concept : https://www.youtube.com/watch?v=cP66Bfb0IoE&feature=youtu.be Payload used : javascript:alertdocument.domain...

Localize: infinite number of new project creation!

Hello, To be honest, I'm not sure if there is any real security implications of this bug, but it's something which should be fixed soon as possible.. With This bug, Attacker can create thousands of new projects in lest than 5 minutes! http://www.localize.io/pages/createproject I Explained Total...

Hacker stole $100,000 from Users of California based ISP using SQL Injection

In 2013 we have seen a dramatic increase in the number of hack attacks attempted against banks, credit unions and utility companies using various techniques including DDoS attack, SQL injection, DNS Hijacking and Zero-Day Flaws. SQL Injection is one of the most common security vulnerabilities on...

Pinterest Exploit exposes user information of 70 Million accounts

Security researcher Dan Melamed has found a serious Pinterest Exploit that exposed user's information of over 70 Million accounts. The security researcher Dan Melamed has found a Critical Pinterest Exploit that compromised the privacy of over 70 Million Users, the flaw allows hackers to view the...

Fluidgalleries Photo Upload Shell Upload

In The Name Of Allah + Exploit Title : fluidgalleries Photo Upload Remote Shell Upload Vulnerability + Google Dork 1 : inurl:"fluidgalleries/dat/info.dat" + Google Dork 2 : inurl:"/fluidgalleries/php/" + Date : 01/08/2013 + Exploit Author : IranianDarkCodersTeam + Home : www.idc-team.net +...