Skip to content

Instantly share code, notes, and snippets.

fir3storm / CWE Control Panel - Password Recovery
Created September 14, 2023 17:40
CWP Web Control Panel "Recover Password" component bypass
View CWE Control Panel - Password Recovery
  1. Visit the CWP Control Panlel url :
  2. Enter a valid username and any email address (here the attacker will put his email id) Capture the request in Burp Suite

image image Click Forward In the next intercept, change the value "0" to "1" image image

fir3storm / gist:c8a013d1231c22e22835566609620afd
Created May 19, 2023 14:10
Zero-Day Vulnerability Identified in Credence Analytics - iDEAL - Wealth and Funds - V1.0
View gist:c8a013d1231c22e22835566609620afd
SQL injection in "/Framewrk/Home.jsp" file (POST method) in "tCredence" allows authenticated remote attackers to inject payload via "v" parameter.
[Vulnerability Type]
SQL Injection