This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# # # # # | |
# Title: SLAC "Site Login and Access Control": Blind SQL Injection / XPath Injection | |
# Vendor Homepage: https://sitemakin.com/login-script-demo | |
# Version: v1.0 | |
# Category: Webapps | |
# Severity: High | |
# Tested on: KaLi LinuX_x64 | |
# # # # # | |
# Proof of Concept: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- | |
# # # # # | |
# Title: EasyService Billing 1.0 Cross-Site Scripting | |
# Vendor Homepage: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 | |
# Version: 1.0 | |
# Category: Webapps | |
# Severity: Medium | |
# Tested on: KaLi LinuX_x64 | |
# CVE: CVE-2018-11443 | |
# # # # # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- | |
# # # # # | |
# Title: EasyService Billing 1.0 SQL Injection on page jobcard-ongoing.php?q= | |
# Vendor Homepage: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 | |
# Version: 1.0 | |
# Category: Webapps | |
# Severity: High | |
# Tested on: KaLi LinuX_x64 | |
# CVE: CVE-2018-11444 | |
# # # # # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- | |
# # # # # | |
# Title: EasyService Billing 1.0 Cross-Site Request Forgery | |
# Vendor Homepage: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 | |
# Version: 1.0 | |
# Category: Webapps | |
# Severity: Medium | |
# Tested on: KaLi LinuX_x64 | |
# CVE: CVE-2018-11445,CVE-2018-11442 | |
# # # # # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The full advisory (that includes all technical details) can be found below: | |
Description: Unencrypted storage of confidential information | |
Affects: MakeMyTrip version 7.2.4 for Android | |
Vendor: MakeMyTrip Android Application | |
Tested on: Android v5.1 | |
Severity: Medium | |
Discovery: NinjaXshell | |
Background |