crash.software
Projects
Pull Requests
Issues
Builds
AllAboutBugBounty
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
List
Boards
Milestones
Builds
Statistics
Contributions
Source Lines
Child Projects
Projects
STRLCPY
AllAboutBugBounty
Commits
d618747c
🤬
Sign In
feat: added CVEs directory
Muhammad Daffa
committed
1 year ago
d618747c
1 parent
1ecbea42
Total 4 files
Show one by one
■ ■ ■ ■ ■ ■
CVEs/2021/CVE-2021-36873.md
1
+
# CVE-2021-36873
2
+
3
+
## Description
4
+
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.
5
+
6
+
## CVSS (Vector and Score)
7
+
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N - 5.5 MEDIUM
8
+
9
+
## Affected Application
10
+
WordPress iQ Block Country plugin
11
+
12
+
## Affected Version
13
+
<= 1.2.11
14
+
15
+
## Total Installation
16
+
30,000+
17
+
18
+
## Steps to Reproduce
19
+
1. Login as administrator
20
+
2.
21
+
22
+
23
+
## Proof of Concept
24
+
- Image
25
+
- Video
All occurrences
■
■
■ ■ ■ ■
README.md
skipped 66 lines
67
67
68
68
## To-Do-List
69
69
- [ ] Tidy up the reconnaisance folder
70
-
- [ ] Seperate the bypass from some vulnerability readme
70
+
- [x] Added CVEs folder
71
71
- [ ] Writes multiple payload bypasses for each vulnerability
72
72
- [x] Payload XSS for each WAF (Cloudflare, Cloudfront, AWS, etc)
73
73
- [ ] Payload SQL injection for each WAF (Cloudflare, Cloudfront)
All occurrences
■ ■ ■
■ ■ ■
SQL Injection.md
skipped 12 lines
13
13
- Time-based Blind SQLi
14
14
- Out-of-band SQLi
15
15
16
+
## Where to find
17
+
Everywhere
18
+
16
19
## How to exploit
17
20
# SQLI tricks
18
21
skipped 146 lines
All occurrences
■
■
■ ■ ■ ■
Web Cache Deception.md
1
-
# Web Cache
Poisoning
1
+
# Web Cache
Deception
2
2
3
3
## Introduction
4
4
Web Cache Deception is an attack in which an attacker deceives a caching proxy into improperly storing private information sent over the internet and gaining unauthorized access to that cached data
skipped 48 lines
All occurrences
Please wait...
Page is in error, reload to recover