STRLCPY/AllAboutBugBounty

■ ■ ■ ■ ■ ■

CVEs/2021/CVE-2021-36873.md

1	+	# CVE-2021-36873
2	+
3	+	## Description
4	+	Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.
5	+
6	+	## CVSS (Vector and Score)
7	+	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N - 5.5 MEDIUM
8	+
9	+	## Affected Application
10	+	WordPress iQ Block Country plugin
11	+
12	+	## Affected Version
13	+	<= 1.2.11
14	+
15	+	## Total Installation
16	+	30,000+
17	+
18	+	## Steps to Reproduce
19	+	1. Login as administrator
20	+	2.
21	+
22	+
23	+	## Proof of Concept
24	+	- Image
25	+	- Video

■ ■ ■ ■ ■ ■

README.md

		skipped 66 lines
67	67
68	68		## To-Do-List
69	69		- [ ] Tidy up the reconnaisance folder
70		-	- [ ] Seperate the bypass from some vulnerability readme
	70	+	- [x] Added CVEs folder
71	71		- [ ] Writes multiple payload bypasses for each vulnerability
72	72		- [x] Payload XSS for each WAF (Cloudflare, Cloudfront, AWS, etc)
73	73		- [ ] Payload SQL injection for each WAF (Cloudflare, Cloudfront)

■ ■ ■ ■ ■ ■

SQL Injection.md

■ ■ ■ ■ ■ ■

Web Cache Deception.md

1		-	# Web Cache Poisoning
	1	+	# Web Cache Deception
2	2
3	3		## Introduction
4	4		Web Cache Deception is an attack in which an attacker deceives a caching proxy into improperly storing private information sent over the internet and gaining unauthorized access to that cached data
		skipped 48 lines