7 matches found
Zarafe CMS 1.0 Cross Site Request Forgery
Exploit Title : Zarafe CMS 1.0 / CSRF Rest Admin Password Exploit Author : Persian Hack Team Vendor Homepage : http://www.zarrafeh.net/ Category: Webapps Tested on: Win Version: 1.0 Date: 2016/08/27 PoC: Exploit codes: ================ Rest Admin Password The Code for zarafe.html is Zarafe CMS CS...
WordPress 4.2 - Stored XSS Vulnerability
Exploit for php platform in category web applications Overview Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If triggered by a logged-in administrator, unde...
WordPress 4.2 - Persistent Cross-Site Scripting
WordPress 4.2 - Persistent Cross-Site Scripting Source: http://klikki.fi/adv/wordpress2.html Overview Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If...
HackerOne: Reflected File Download
Info: Reflected File Download is a new web attack vector. It allows an attacker to craft a malicious file and present it to a victim, but there is no file present at the server. It was recently published at the BlackHat Eupore 2014 by Oren Hafif. Link to his presentation is given at the end...
HOTBOX 2.1.11 CSRF / Traversal / Denial Of Service
+------------------------------------------------------------------------------+ | HOTBOX is the leading router/modem appliance of | | HOT Cable communication company in israel. | | The Appliance is manufactured by SAGEMCOM | | and carries the model name F@st 3184. |...
[CookieCatcher] Session Hijacking Tool
CookieCatcher is an open source application which was created to assist in the exploitation of XSS Cross Site Scripting vulnerabilities within web applications to steal user session IDs aka Session Hijacking. The use of this application is purely educational and should not be used without proper...
TextAds 2.08 Cross Site Scripting
=========================================================================== TextAds 2.08 Script Cross Site Scripting Vulnerability =========================================================================== Name: TextAds 2.08 Script Cross Site Scripting Vulnerability Vendor:...