Hello guys, Today I’m writing a blog post after long time. How I got 22000$ by pawning a website. Though it’s a private program so can’t disclose the name I’ll be using example.com to explain that how I’ve exploited blind XSS to pwn the website. I was doing the monkey test on name field to … →

Hello pals, During research of terapeak.com I found that Bulk Research name is vulnerable to XSS attack. Note:You need to subscribe for Terapeak Profession account. POC: After digging more I’ve found that by that token you can get full information of that user like: Email Address, Full Name, Member ID, Subscription Type, and other info. as well The … →

This is another finding in Unifi Controller. Description: I have found a persistent xss vulnerability on Unifi Controller that allows attackers steal user’s cookies, do csrf attacks against victim account or do phishing attacks. This vulnerability occurs due the page allows svg attachments that contains “xmlns=http://www.w3.org/1999/xhtml”, then the page will render the content of the … →

Hey Folks, I was working in UBNT for bounty and i found several xss there so i’m sharing one of the cool xss. function dispatchInit(param1:Event=null) : void { if(ExternalInterface.available == false){ return; } if(bridgeName == null){ bridgeName = baseObject.root.loaderInfo.parameters[“bridgeName”]; if(bridgeName == null){ bridgeName = “flash”; } } _registerComplete = ExternalInterface.call(“FABridge__bridgeInitialized”,[bridgeName]); dispatchEvent(new Event(FABridge.INITIALIZED)); } In the … →

Howdy friends, Today I’m going to show you how I got Flickr XSS Vulnerability. I’ve been spending time lately playing with Flickr. First as usual I created flickr group with some random words <“lol”> To my bad luck there was filtration. then i started digging with that and i found a way to execute my … →