- Visit the CWP Control Panlel url :
- Enter a valid username and any email address (here the attacker will put his email id) Capture the request in Burp Suite
Click Forward
In the next intercept, change the value "0" to "1"
fir3storm
fir3storm
/ Cross-Site Scripting (XSS) in MOODLE 3.10.9
Created
March 11, 2024 17:02
Cross-Site Scripting (XSS) in MOODLE 3.10.9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Vulnerability Description: Cross-Site Scripting (XSS) in MOODLE 3.10.9 | |
| Affected Product: MOODLE | |
| Affected Version(s): 3.10.9 (Versions prior to 3.11.4 might also be affected) | |
| CVE ID: Not assigned (hypothetical) | |
| Description: |
fir3storm
/ CWE Control Panel - Password Recovery Bypass.md
Created
September 14, 2023 17:40
CWP Web Control Panel "Recover Password" component bypass
fir3storm
/ gist:c8a013d1231c22e22835566609620afd
Created
May 19, 2023 14:10
Zero-Day Vulnerability Identified in Credence Analytics - iDEAL - Wealth and Funds - V1.0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [description] | |
| SQL injection in "/Framewrk/Home.jsp" file (POST method) in "tCredence" allows authenticated remote attackers to inject payload via "v" parameter. | |
| ------------------------------------------ | |
| [Vulnerability Type] | |
| SQL Injection | |
| ------------------------------------------ |