Yelp: xmlrpc file enabled

Summary: Hello team, I have found a security vulnerability in restaurants.yelp.com/xmlrpc.php which lets attacker to: 1: XSPA or PortScan 2: Bruteforce 3:DOS and much more Platforms Affected: https://restaurants.yelp.com Steps To Reproduce: 1: Go to https://restaurants.yelp.com/xmlrpc.php to chec...

U.S. Dept Of Defense: xmlrpc.php FILE IS enable which enables attacker to XSPA Brute-force and even Denial of Service(DOS), in https://████/xmlrpc.php

Summary: Hello team, I have found a security vulnerability inhttps://███████/xmlrpc.php which lets attacker to: 1: XSPA or PortScan 2: Bruteforce 3:DOS and much more Description: Impact Step-by-step Reproduction Instructions █████████ 1: Go to https://██████/xmlrpc.php to check if it is enabled o...

Polymail, Inc.: XSPA on API service endpoint

Batch endpoint on the api was vulnerable to XSPA due to incorrect validation of url parameter in the request body...

Lob: Blind SSRF/XSPA on dashboard.lob.com + blind code injection

Summary: I was just playing around with the website and I found blind XSPA on time of creating Templets on dashboard.lob.com. Steps To Reproduce: 1. Go to https://dashboard.lob.com//templates 1. Now click on create templet and insert this code in HTML : "'" / and click on create. 1. Now click on...

DuckDuckGo: SSRF on duckduckgo.com/iu/

Normally, a call to https://duckduckgo.com/iu contains a query parameter u with some path using the domain yimg.com. This call will succeed in most cases. F337121 And if we change that path to something like https://google.com it's rejected. F337118 However, it appears that the check that ensures...

Magento - Proof of Concept SSRF & XSPA Vulnerability

Document Title: =============== Magento - Proof of Concept SSRF & XSPA Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1632 Video: https://www.youtube.com/watch?v=Z2jKGQa52kA Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1631 Release Date:...

Magento - Proof of Concept SSRF & XSPA Vulnerability

Document Title: =============== Magento - Proof of Concept SSRF & XSPA Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1632 Video: https://www.youtube.com/watch?v=Z2jKGQa52kA Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1631 Release Date:...

U.S. Dept Of Defense: SSRF+XSS

I discovered that due to an outdated Jira instance, I was able to exploit an SSRF vulnerability in Jira and was able to perform several actions such as bypass any firewall/protection solutions, access AWS instance data, access Internal DoD Servers and internal services. Additionally I was able to...

WordPress WP File Manager 1.9 Server-Side Request Forgery

Exploit Title ; Wordpress wp File Manager plugin SSRF/XSPA Vulnerability + Date : 2017-01-12 + Author : 0P3N3R From IRANIAN ETHICAL HACKERS + Vendor Homepage : https://wordpress.org/plugins/wp-file-manager/ + Version : 1.9 + Dork : N/A + Tested On : windows 10 - kali linux 2.0 + Contact :...

Magento Commerce Server-Side Request Forgery Vulnerability

Exploit for php platform in category web applications Document Title: =============== Magento Commerce - SSRF & XSPA Web Vulnerability Vulnerability Class: ==================== Server Side Request Forgery Product & Service Introduction: =============================== Magento is an open source...

Magento Commerce Server-Side Request Forgery

Document Title: =============== Magento Commerce - SSRF & XSPA Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1631 Release Date: ============= 2018-01-03 Vulnerability Laboratory ID VL-ID: ==================================== 1631 Comm...

Magento Commerce - SSRF & XSPA Web Vulnerability

Document Title: =============== Magento Commerce - SSRF & XSPA Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1631 Release Date: ============= 2018-01-03 Vulnerability Laboratory ID VL-ID: ==================================== 1631 Comm...

Magento Commerce - SSRF & XSPA Web Vulnerability

Document Title: =============== Magento Commerce - SSRF & XSPA Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1631 Release Date: ============= 2018-01-03 Vulnerability Laboratory ID VL-ID: ==================================== 1631 Comm...

GSA Bounty: SSRF/XSPA in labs.data.gov/dashboard/validate

Hi. This vulnerability allows access to all ports locally. Which is not visible from the web. 1We need an interim site file index.php 2Next we write in index.php 3Next go to https://labs.data.gov/dashboard/validate And write url - for example http://example/index.php If the port will be open...

Mail.ru: ssrf xspa [https://prt.mail.ru/] 2

Potential SSRF in prt.mail.ru. On the time of reporting, extended scope was not covered by bug bounty, a bounty for this report was awarded as a bonus...

Google Docs XSPA / SSRF

================================================================================ Google Docs - XSPA/SSRF ================================================================================ Author: Ashiyane Digital Security Team Vendor Homepage: http://docs.google.com/ Date : 09 September 2016...

Mail.ru: SSRF/XSPA [parapa.mail.ru] 2

Blind SSRF in parapa.mail.ru on the moment of reporting, Ext.B scope was not covered by bug bounty program, the bounty was awarded as a bonus...

Mail.ru: SSRF/XSPA [parapa.mail.ru]

SSRF at parapa.mail.ru. On the moment of reporting, Extended scope was not covered with bug bounty, bounty was awarded as a bonus...

Mail.ru: [allods.my.com] SSRF / XSPA

Доброго времени суток. Уязвимость находится в функции загрузки аватара. Можно загрузить аватарку с удаленного хоста. PoC http://allods.my.com/forum/index.php?form=AvatarEdit Download avatar: http://localhost:80 - You have selected a corrupt image. порт открыт http://localhost:3306 - You have...

ok.ru: SSRF/XSPA в форме загрузки видео по URL

Недостаточная фильтрация URL и отсутствие ограничений по количеству запросов в форме загрузки видео по ссылке позволяет выполнить атаку SSRF типа XSPA, сканирование удаленных портов от серверов mail.ru например, photo55.mail.ru, сканирование loopback и т.д. Базовый запрос: POST...