Cross-site scripting vulnerability in moodle 3.2

There is a xss vulnerability in moodle 3.2 latestIn admin page Add a new course ,Course summary filter have xss vulnerability payload :<svg onload="alert('Coursesummary')"></svg>save and display  when we viste

阅读全文»

XSS攻击另类玩法

XSS攻击另类玩法 今天就来讲一下大家都熟悉的 xss漏洞的攻击利用。相信大家对xss已经很熟悉了,但是很多安全人员的意识里 xss漏洞危害只有弹窗或者窃取cookie。但是xss还有更多的花式玩法,今天将介绍几种。1.  xss攻击添加管理员后台触发存储型XSS,网站设置http-only,窃取的cookie无效。那么如何在这种情况下利用xss漏洞。无法获取cookie,但是我们可以利用xss漏洞,以管理员的权限,添加一个新的管理员。没错,就是让管理员给我们加一个高权限账号

阅读全文»

Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-23

Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16 in adminpageUse this vulnerabilitie must be login admin page " _src="http://localhost/admin/modules/bibliography/checkout_item.php?keywords="˃"˃http://local

阅读全文»

Store XSS Vulnerability in Wordpress plugin WP Markdown Editor Version 2.0.3

There is a Store XSS Vulnerability in Wordpress plugin WP Markdown Editor Version 2.0.3 When i use Wordpress plugin WP Markdown Editor  add new post or edit post i fund a store xss vulnerabilitypost in content input the xss payload <img src=x

阅读全文»

Cross-site scripting vulnerability in CMS Made Simple 2.1.6

 CMS Made Simple in adminpage > sitesetting > General Settings > globalmetadata filed has xss vulnerabilitythen visite any page has Cross-site scripting vulnerability

阅读全文»

Cross-site scripting (XSS) vulnerability in CMS Made Simple 2.1.6

in adminpage > Design Manager > Categories options  Create a new Category Desciption filed  has xss vulnerability  first create a new catagory and in Description write the payload </textarea><svg/onload=alert(0)> and

阅读全文»

Cross Site Scripting injection vulnerability in SANADATA SanaCMS 7.3

Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. A Vendor HomePage: https://www.sanadata.com/A Version : 7.3A Dork : i

阅读全文»

不忘初心,方得始终

失败的时候不要气馁,成功的时候不要骄傲!在一次次的成功与荣誉面前,不要骄傲,不要满足!还有很多没有完成的梦想,没有理由停下脚步,没有理由去骄傲!一个人的价值出自于自己,而不是别人的嘴里。渴望别人的认可,永远是一种不自信的表现。未来的路很长,在小小的荣誉面前,始终提醒自己,这只是一个开始,而不是结束。世界上不缺少天才,既然不是天才,那就要更加努力。人外有人,天外有天,谦虚,低调,虚心,才能走的更远~不忘初心,方得始终!!

阅读全文»

SQL injection vulnerability in SANADATA SanaCMS 7.3

SQL injection vulnerability in /sanadata/seo/index.asp in SANADATA SanaCMS 7.3 allows remote attackers to execute arbitrary SQL commands via the txtFrom parameter.Vulnerability Path : http://127.0.0.1/sanadata/seo/index.asp?txtFrom=[sql]This Vul

阅读全文»