Ninja NinjaXshell
NinjaXshell
/ SLAC: Blind SQL Injection or XPath Injection
Last active
May 28, 2018 12:42
SLAC: Blind SQL Injection or XPath Injection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # # # # # | |
| # Title: SLAC "Site Login and Access Control": Blind SQL Injection / XPath Injection | |
| # Vendor Homepage: https://sitemakin.com/login-script-demo | |
| # Version: v1.0 | |
| # Category: Webapps | |
| # Severity: High | |
| # Tested on: KaLi LinuX_x64 | |
| # # # # # | |
| # Proof of Concept: |
NinjaXshell
/ EasyService Billing 1.0 Cross-Site Scripting
Last active
May 25, 2018 16:14
EasyService Billing 1.0 Cross-Site Scripting
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- | |
| # # # # # | |
| # Title: EasyService Billing 1.0 Cross-Site Scripting | |
| # Vendor Homepage: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 | |
| # Version: 1.0 | |
| # Category: Webapps | |
| # Severity: Medium | |
| # Tested on: KaLi LinuX_x64 | |
| # CVE: CVE-2018-11443 | |
| # # # # # |
NinjaXshell
/ EasyService Billing 1.0 SQL Injection
Last active
May 25, 2018 16:15
EasyService Billing 1.0 SQL Injection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- | |
| # # # # # | |
| # Title: EasyService Billing 1.0 SQL Injection on page jobcard-ongoing.php?q= | |
| # Vendor Homepage: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 | |
| # Version: 1.0 | |
| # Category: Webapps | |
| # Severity: High | |
| # Tested on: KaLi LinuX_x64 | |
| # CVE: CVE-2018-11444 | |
| # # # # # |
NinjaXshell
/ EasyService Billing 1.0 Cross-Site Request Forgery
Last active
May 25, 2018 16:12
EasyService Billing 1.0 Cross-Site Request Forgery
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- | |
| # # # # # | |
| # Title: EasyService Billing 1.0 Cross-Site Request Forgery | |
| # Vendor Homepage: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 | |
| # Version: 1.0 | |
| # Category: Webapps | |
| # Severity: Medium | |
| # Tested on: KaLi LinuX_x64 | |
| # CVE: CVE-2018-11445,CVE-2018-11442 | |
| # # # # # |
NinjaXshell
/ MakeMyTrip_7.2.4_InsecureDataStorage
Last active
August 2, 2018 14:27
Security advisory: Unencrypted storage of information in MakeMyTrip 7.2.4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The full advisory (that includes all technical details) can be found below: | |
| Description: Unencrypted storage of confidential information | |
| Affects: MakeMyTrip version 7.2.4 for Android | |
| Vendor: MakeMyTrip Android Application | |
| Tested on: Android v5.1 | |
| Severity: Medium | |
| Discovery: NinjaXshell | |
| Background |