Vulnerabilities
Custom Sidebars 2.1.0.1 XSS
$_GET['cs-msg'] is not escaped.
23-09-2015
1 MIN READ
Vulnerabilities
Bypass ScriptBlock using Google Cloud Storage
googleapis.com domain is whitelisted by default.
18-08-2015
1 MIN READ
Vulnerabilities
WordPress Video Gallery 2.7 SQL Injection
$_GET['vid'] is not escaped.
09-08-2015
2 MIN READ
Vulnerabilities
Livefyre Comments 3 4.1.4 XSS
Every registered user can change livefyre_site_id and livefyre_site_key.
02-08-2015
1 MIN READ
Vulnerabilities
Detectify XSS challenge - Twins of Ten
Ten character XSS payload.
15-07-2015
2 MIN READ
Vulnerabilities
FreiChat 9.6 SQL Injection
$_GET['time'] is not escaped.
13-07-2015
2 MIN READ
Vulnerabilities
Floating Social Bar 1.1.5 XSS
$_REQUEST['items'] is not escaped.
07-07-2015
1 MIN READ
Vulnerabilities
Store Locator Plus 4.2.23 Email Injection
We can send email to anyone if we have valid nonce token.
27-05-2015
1 MIN READ
From 0 to pentesting hero
Client Side Template Injection
Retrieving parameters from the user and later displaying them on the website always carries risk of XSS attack. But can you perform such attack without using the HTML tag?
21-03-2019
3 MIN READ