feat: added CVEs directory

This commit is contained in:
Muhammad Daffa 2022-11-18 18:58:34 +07:00
parent 1ecbea42ce
commit d618747c12
4 changed files with 30 additions and 2 deletions

View File

@ -0,0 +1,25 @@
# CVE-2021-36873
## Description
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.
## CVSS (Vector and Score)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N - 5.5 MEDIUM
## Affected Application
WordPress iQ Block Country plugin
## Affected Version
<= 1.2.11
## Total Installation
30,000+
## Steps to Reproduce
1. Login as administrator
2.
## Proof of Concept
- Image
- Video

View File

@ -67,7 +67,7 @@ These are my bug bounty notes that I have gathered from various sources, you can
## To-Do-List
- [ ] Tidy up the reconnaisance folder
- [ ] Seperate the bypass from some vulnerability readme
- [x] Added CVEs folder
- [ ] Writes multiple payload bypasses for each vulnerability
- [x] Payload XSS for each WAF (Cloudflare, Cloudfront, AWS, etc)
- [ ] Payload SQL injection for each WAF (Cloudflare, Cloudfront)

View File

@ -13,6 +13,9 @@ SQL Injection (SQLi) is a code injection attack where an attacker manipulates th
- Time-based Blind SQLi
- Out-of-band SQLi
## Where to find
Everywhere
## How to exploit
# SQLI tricks

View File

@ -1,4 +1,4 @@
# Web Cache Poisoning
# Web Cache Deception
## Introduction
Web Cache Deception is an attack in which an attacker deceives a caching proxy into improperly storing private information sent over the internet and gaining unauthorized access to that cached data