Пропускане към основното съдържание

Публикации

Показват се публикации от Септември, 2021

Simple Membership System using PHP and AJAX is vulnerable to remote SQL-Injection-Bypass-Authentication/XSS-Stored PWNED.

South Gate Inn Online Reservation System © South Gate Inn is vulnerable to remote SQL-Injection-Bypass-Authentication for the admin account and XSS-Stored PWNED

AHSS-PHP (by: oretnom23 ) v1.0 is vulnerable in the application /scheduler/classes/Login.php to remote SQL-Injection-Bypass-Authentication + XSS-Stored Hijacking PHPSESSID

PHP CRUD (by: oretnom23 ) is vulnerable to XSS Stored Attack and remote SQL-Injection special characters no prepared statements

POMS-PHP (by: oretnom23 ) v1.0 is vulnerable to remote SQL-Injection-Bypass-Authentication

SURMS - PHP (by: oretnom23 ) v1.0 SQL-Injection-Bypass-Authentication and XSS PWNED PHPSESSID Hijacking

CVE-nu11-07-eLearning V2(by: oretnom23) is vulnerable from remote SQL-Injection-Bypass-Authentication in three accounts

Burp Suite from Port Swigger

MSMS-PHP (by: oretnom23 ) v1.0 - HIT STRIKE!

Vulnerability Assessment before I write an exploit! NOTE: for MySQL - Injection: It is not actually that what Burp is finding for this case but it is similar to my case, and it is real, after the second test I confirm that is Burp Suite was finding vulnerable apps. ;) I needed exactly from this report to perform the powerful exploit. So. If you want to make a more quality attack you must give a little more hard work to do this. BR nu11secur1ty The HIT STRIKE exploit =)

CVE-2021-33470-Covid-19 Contact Tracing System Web App with QR Code Scanning CTS-QR (by: oretnom23 ) v1.0 remote SQL-Injection-Bypass-Authentication in /cts_qr/classes/Login.php + XSS-Stored PWNED PHPSESSID Vulnerable parameter "code" in applicatoin State/Province List.