Yogosha Hackitivist Challenge 2019

I started with hackitivist1 and found that the provided link was vulnerable to blind SQLI, so I started digging more into it. As you can see in the picture below (Figure 1) that after running SQLMAP, I was able to find the database. And then after, I found the username, password, and secret key Unfortunately, … 

 

Stored XSS to Full Information disclosure

Hello pals, During research of terapeak.com I found that Bulk Research name is vulnerable to XSS attack. Note:You need to subscribe for Terapeak Profession account. POC: After digging more I’ve found that by that token you can get full information of that user like: Email Address, Full Name, Member ID, Subscription Type, and other info. as well The … 

 

Svg XSS in Unifi v5.0.2

This is another finding in Unifi Controller. Description: I have found a persistent xss vulnerability on Unifi Controller that allows attackers steal user’s cookies, do csrf attacks against victim account or do phishing attacks. This vulnerability occurs due the page allows svg attachments that contains “xmlns=http://www.w3.org/1999/xhtml”, then the page will render the content of the … 

 

Swf XSS (Dom Based Xss)

Hey Folks, I was working in UBNT for bounty and i found several xss there so i’m sharing one of the cool xss. function dispatchInit(param1:Event=null) : void { if(ExternalInterface.available == false){ return; } if(bridgeName == null){ bridgeName = baseObject.root.loaderInfo.parameters[“bridgeName”]; if(bridgeName == null){ bridgeName = “flash”; } } _registerComplete = ExternalInterface.call(“FABridge__bridgeInitialized”,[bridgeName]); dispatchEvent(new Event(FABridge.INITIALIZED)); } In the … 

 

XSS on Flickr

Howdy friends, Today I’m going to show you how I got Flickr XSS Vulnerability. I’ve been spending time lately playing with Flickr. First as usual I created flickr group with some random words <“lol”> To my bad luck there was filtration. then i started digging with that and i found a way to execute my …