Showing 12 Result(s)

Nezabezpečený přístup k osobním údajům milionu uživatelů Leo Expressu

Leo Express je společnost provozující vlakové a autobusové linky v Česku a ve střední Evropě.
Když jsem se zaregistroval, všiml jsem si, že při každém načtení stránky se odesílá GraphQL požadavek na jejich server, který vrací údaje o mém účtu.
GraphQL je dotazovací jazyk, alternativa k RESTu, který v jednom požadavku vrací data definovaná na straně klienta.

Reflected XSS in Google Code Jam

Information about this XSS:The XSS will be fired in the toast message. Also, it seems like you have to open the homepage (https://codejam.withgoogle.com/2018/challenges/) at least once before visiting other pages there. POC: https://codejam.withgoogle.com/2018/challenges/0000000000007766/scoreboard/for/%3Cimg%20src=x%20onerror=alert(document.domain)%3E CSP: Due to CSP, this XSS will fire only in browsers where it’s not supported (i.e. IE). If we could somehow find a way to execute a …

Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org

Video:   Steps to reproduce: 1. Create a Polymer element and publish it to github2. Set the repo homepage URL to: javascript:alert(document.domain)3. Publish it via https://www.webcomponents.org/publish4. Go to the element’s webcomponents.org page and click the homepage link       What can you do with this XSS: It’s possible if the user has authenticated using github on webcomponents.org before, to get the github auth code …

SQLi at Maxon

Vulnerable URL: https://reg.maxon-campus.net/login/forgotpassword.php If you enter ‘ (a single quote) into the input field, it’ll show: query failed1064 : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ””’ at line 1   Summary: Problems: SQLi Reward: None Fixed: Yes < back to the …