Skip to content

Instantly share code, notes, and snippets.

@fir3storm
fir3storm / gist:c8a013d1231c22e22835566609620afd
Created May 19, 2023 14:10
Zero-Day Vulnerability Identified in Credence Analytics - iDEAL - Wealth and Funds - V1.0
[description]
SQL injection in "/Framewrk/Home.jsp" file (POST method) in "tCredence" allows authenticated remote attackers to inject payload via "v" parameter.
------------------------------------------
[Vulnerability Type]
SQL Injection
------------------------------------------
@fir3storm
fir3storm / CWE Control Panel - Password Recovery Bypass.md
Created September 14, 2023 17:40
CWP Web Control Panel "Recover Password" component bypass
  1. Visit the CWP Control Panlel url :
  2. Enter a valid username and any email address (here the attacker will put his email id) Capture the request in Burp Suite

image image Click Forward In the next intercept, change the value "0" to "1" image image

@fir3storm
fir3storm / Cross-Site Scripting (XSS) in MOODLE 3.10.9
Created March 11, 2024 17:02
Cross-Site Scripting (XSS) in MOODLE 3.10.9
Vulnerability Description: Cross-Site Scripting (XSS) in MOODLE 3.10.9
Affected Product: MOODLE
Affected Version(s): 3.10.9 (Versions prior to 3.11.4 might also be affected)
CVE ID: Not assigned (hypothetical)
Description: