Slowftw
👁️🗨️
Slowftw
/ security-report_LABYnet_may_2023.md
Last active
June 22, 2023 23:44
Slowftw
/ security-report_kunena_oct_2022.md
Created
November 23, 2022 21:39
Slowftw
/ linux_common_files.txt
Last active
October 15, 2022 20:23
MySQL SQLi - LENGTH(LOAD_FILE('path'))>-1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /.htaccess | |
| /.htpasswd | |
| /access.log | |
| /access_log | |
| /apache/conf/httpd.conf | |
| /apache/logs/access.log | |
| /apache/logs/error.log | |
| /apache/php/php.ini | |
| /apache2/logs/access.log | |
| /apache2/logs/error.log |
Slowftw
/ livzmc-security-report-multiple-xss.md
Last active
September 29, 2022 07:05
Security Report: Multiple XSS (Stored & Reflected) on https://livzmc.net
Multiple XSS (Stored & Reflected) on https://livzmc.net
1 stored and 5 reflected XSS vulnerabilities were found in several different routes and parameters due to incorrect or non-existent escaping/sanitization.
Stored XSS description from OWASP
occurs when a web application gathers input from a user which might be malicious, and then stores that input in a data store for later use. The input that is stored is not correctly filtered. As a consequence, the malicious data will appear to be part of the web site and run within the user’s browser under the privileges of the web application. Since this vulnerability typically involves at least two requests to the application, this may also called second-order XSS.
Slowftw
/ mcun-security-report-attr-injection.md
Last active
September 24, 2022 05:05
Security Report: HTML attribute injection on https://mcuserna.me
It's possible to inject new attributes that DOMPurify considers "safe" by default in the anchor tag due to insufficient/improper encoding/escaping of the user's hypixel button.
Vulnerability description from Acunetix
HTML Attribute Injection is an attack that is conceptually similar to Cross-site Scripting (XSS), and closely related to HTML Injection. It can be able to inject a new attribute into an existing HTML tag, but unable to inject arbitrary HTML or JavaScript code. When an application does not properly handle user supplied data, an attacker can supply valid HTML code, typically via a parameter value, and inject their own attributes and possibly attribute values, thereby altering the behavior of the page. This attack is typically used in conjunction with some form of social engineering, as the attack is exploiting a code-based vuln
Slowftw
/ mcun-security-report-stored-xss.md
Last active
September 24, 2022 05:05
Security Report: Stored XSS on https://mcuserna.me
User's Hypixel and Discord buttons are not correctly escaped/sanitized before they become part of the string that is inserted with innerHTML (which is a bad idea), allowing the injection of malicious attributes/events into the anchor tag (Hypixel button), the tag could not be closed because the function htmlEntities encodes these characters /[\u00A0-\u9999<>\&]/g.
HTML Injection is possible for the Discord button, but it's only possible to insert harmless tags.
It's probably possible to exploit CSS Injection and/or others attacks but I could not confirm due to Hypixel's character limitation.
Vulnerability description from OWASP
Stored XSS occurs when a web application gat