Yogosha Hackitivist Challenge 2019

I started with hackitivist1 and found that the provided link was vulnerable to blind SQLI, so I started digging more into it. As you can see in the picture below (Figure 1) that after running SQLMAP, I was able to find the database. And then after, I found the username, password, and secret key Unfortunately, … 

 

The H1-212 CTF Writeup

It was nice experience so let’s have a look how I cracked H1-212 CTF? I was reading about H1-212 on hackerone.com/blog and got to know about server IP and host. I found that you can’t browse the host so I thought why not try to use acme.org as host as it was already hosted on … 

 

Stored XSS to Full Information disclosure

Hello pals, During research of terapeak.com I found that Bulk Research name is vulnerable to XSS attack. Note:You need to subscribe for Terapeak Profession account. POC: After digging more I’ve found that by that token you can get full information of that user like: Email Address, Full Name, Member ID, Subscription Type, and other info. as well The … 

 

Svg XSS in Unifi v5.0.2

This is another finding in Unifi Controller. Description: I have found a persistent xss vulnerability on Unifi Controller that allows attackers steal user’s cookies, do csrf attacks against victim account or do phishing attacks. This vulnerability occurs due the page allows svg attachments that contains “xmlns=http://www.w3.org/1999/xhtml”, then the page will render the content of the … 

 

Swf XSS (Dom Based Xss)

Hey Folks, I was working in UBNT for bounty and i found several xss there so i’m sharing one of the cool xss. function dispatchInit(param1:Event=null) : void { if(ExternalInterface.available == false){ return; } if(bridgeName == null){ bridgeName = baseObject.root.loaderInfo.parameters[“bridgeName”]; if(bridgeName == null){ bridgeName = “flash”; } } _registerComplete = ExternalInterface.call(“FABridge__bridgeInitialized”,[bridgeName]); dispatchEvent(new Event(FABridge.INITIALIZED)); } In the …