Vulnerability-Review

vuln/tricks reports from：

wooyun 
hackerone 
bugreader

Reflected XSS

🔥 01 Reflected XSS on www.hackerone.com and resources.hackerone.com
🔥 02 XSS in select attribute options
🔥 03 Prevent XSS when passing a parameter directly into link_to
🔥 04 Reflected XSS on https://apps.topcoder.com/wiki/page/
🔥 05 Reflected XSS on https://apps.topcoder.com/wiki/
🔥 06 Reflected XSS on https://apps.topcoder.com/wiki/pages/createpage.action

Stored XSS

🔥 01 Stored XSS on upload files leads to steal cookie
🔥 02 Potential stored Cross-Site Scripting vulnerability in Support Backend

XXE

🔥 01 XXE through injection of a payload in the XMP metadata of a JPEG file

CSRF

IDOR

🔥 01 Missing ownership check on remote wipe endpoint
🔥 02 Insecure redirect rule results in bypassing ban redirect on certain pages
🔥 03 [██████████] Unauthorized access to admin panel
🔥 04 IDOR on update user preferences
🔥 05 Idor on the DELETE /comments/
🔥 06 IDOR on deleting drafts on https://apps.topcoder.com/wiki/users/viewmydrafts.action via discardDraftId parameter

Code Injection

🔥 01 [git-promise] RCE via insecure command formatting

Command Injection

🔥 01 Command Injection (via CVE-2019-11510 and CVE-2019-11539)

SQL Injection

🔥 01 SQL Injection on cookie parameter
🔥 02 SQL Injection - https://███/█████████/MSI.portal
🔥 03 Followup - SQL Injection - https://██████████/██████/MSI.portal
🔥 04 SQL Injection in Login Page: https://█████/█████████/login.php

SSRF

🔥 01 wooyun-2016-0227704 当当网某站点SSRF可以遍历本地文件 √
🔥 02 wooyun-2014-083592 利用两个鸡肋SSRF探测360内网 √
🔥 03 CVE-2019-5464 Server Side Request Forgery mitigation bypass
🔥 04 labs.data.gov/dashboard/validate中的SSRF / XSPA

Race Condition

CRLF

🔥 01 CVE-2019-9947 CRLF Injection in urllib

Path Traversal

🔥 01 Arbitrary file read via the UploadsRewriter when moving and issue
🔥 02 [Total.js] Path traversal vulnerability allows to read files outside public directory
🔥 03 [https://███] Local File Inclusion via graph.php

Denial of Service

🔥 01 Denial of service to WP-JSON API by cache poisoning the CORS allow origin header
🔥 02 Malformed string sent through FireServer leads to server freezing/hanging
🔥 03 File Upload Restriction Bypass

Clickjacking

🔥 01 frame injection on bittorrent.com

Open Redirect

🔥 01 Open Redirection leads to redirect Users to malicious website
🔥 02 open redirect in eb9f.pivcac.prod.login.gov

Information Disclosure

🔥 01 Internal IP Address Disclosed
🔥 02 Firewall rules for ████████ can be bypassed to leak site authors

Improper Access Control

🔥 01 Unrestricted access to any "connected pack" on docs
🔥 02 Sourcemaps and Unminified Source Code Exposed on Pages

Improper Authorization

🔥 01 You can override the speed limit by adding the X-Forwarded-For header.

Misconfiguration

🔥 01 misconfigured CORS let to HPP and SOP bypass

Deserialization of Untrusted Data（反序列化）

🔥 01 Remote Code Execution via Insecure Deserialization in Telerik UI

HTTP Request Smuggling(HTTP请求走私)

🔥 01 HTTP Request Smuggling on https://labs.data.gov

Other

🔥 01 disclosure of email by sending a message.
🔥 02 Session works after logout from Shopify account and password of online store is displayed
🔥 03 Subdomain Takeover to Authentication bypass

持续更新...

Ch0pin / vulnerability-review

Vulnerability-Review

Reflected XSS

Stored XSS

XXE

CSRF

IDOR

Code Injection

Command Injection

SQL Injection

SSRF

Race Condition

CRLF

Path Traversal

Denial of Service

Clickjacking

Open Redirect

Information Disclosure

Improper Access Control

Improper Authorization

Misconfiguration

Deserialization of Untrusted Data（反序列化）

HTTP Request Smuggling(HTTP请求走私)

Other

About