A reflected XSS vulnerability via a POST request to /tool/ack.php affecting all ProjectOr versions up to v11.0.2 (unpatched)
It was possible to bypass the very basic and incomplete security measure (detection of the <script> tag) that exists in the checkValidHtmlText() function of the /model/Security.php file of the solution.
| ; | |
| ; An autohotkey script for MSI gaming laptops that have swapped Win & Fn keys | |
| ; to add macros for the Menu key and media controls | |
| ; | |
| ; Fn (single press): Meny key (Shift+F10) | |
| ; Fn + Ctrl: Play/Pause | |
| ; Fn + Ctrl + ⇦: Previous | |
| ; Fn + Ctrl + ⇨: Next | |
| ; |
| #!/usr/bin/env python3 | |
| # | |
| # Nokia/Alcatel-Lucent router backup configuration tool | |
| # | |
| # Features: | |
| # - Unpack/repack .cfg files generated from the backup and restore functionnality | |
| # in order to modify the full router configuration | |
| # - Decrypt/encrypt the passwords/secret values present in the configuration |
| #!/usr/bin/env python | |
| # | |
| # learning python and making use of my ocd by sharing heavily commented scripts | |
| # i've probably spent too much time on because i had nothing better to do (part 1): | |
| # solution for a pwn challenge (the name of which is intentionally omitted to prevent spoilers) | |
| # binary: https://bit.ly/2Pdu90o | |
| # | |
| # by Sami Alaoui (thedroidgeek) | |
| # |
I hereby claim:
To claim this, I am signing this object:
