mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-18 10:26:11 +00:00
feat: added CVEs directory
This commit is contained in:
parent
1ecbea42ce
commit
d618747c12
25
CVEs/2021/CVE-2021-36873.md
Normal file
25
CVEs/2021/CVE-2021-36873.md
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# CVE-2021-36873
|
||||||
|
|
||||||
|
## Description
|
||||||
|
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.
|
||||||
|
|
||||||
|
## CVSS (Vector and Score)
|
||||||
|
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N - 5.5 MEDIUM
|
||||||
|
|
||||||
|
## Affected Application
|
||||||
|
WordPress iQ Block Country plugin
|
||||||
|
|
||||||
|
## Affected Version
|
||||||
|
<= 1.2.11
|
||||||
|
|
||||||
|
## Total Installation
|
||||||
|
30,000+
|
||||||
|
|
||||||
|
## Steps to Reproduce
|
||||||
|
1. Login as administrator
|
||||||
|
2.
|
||||||
|
|
||||||
|
|
||||||
|
## Proof of Concept
|
||||||
|
- Image
|
||||||
|
- Video
|
@ -67,7 +67,7 @@ These are my bug bounty notes that I have gathered from various sources, you can
|
|||||||
|
|
||||||
## To-Do-List
|
## To-Do-List
|
||||||
- [ ] Tidy up the reconnaisance folder
|
- [ ] Tidy up the reconnaisance folder
|
||||||
- [ ] Seperate the bypass from some vulnerability readme
|
- [x] Added CVEs folder
|
||||||
- [ ] Writes multiple payload bypasses for each vulnerability
|
- [ ] Writes multiple payload bypasses for each vulnerability
|
||||||
- [x] Payload XSS for each WAF (Cloudflare, Cloudfront, AWS, etc)
|
- [x] Payload XSS for each WAF (Cloudflare, Cloudfront, AWS, etc)
|
||||||
- [ ] Payload SQL injection for each WAF (Cloudflare, Cloudfront)
|
- [ ] Payload SQL injection for each WAF (Cloudflare, Cloudfront)
|
@ -13,6 +13,9 @@ SQL Injection (SQLi) is a code injection attack where an attacker manipulates th
|
|||||||
- Time-based Blind SQLi
|
- Time-based Blind SQLi
|
||||||
- Out-of-band SQLi
|
- Out-of-band SQLi
|
||||||
|
|
||||||
|
## Where to find
|
||||||
|
Everywhere
|
||||||
|
|
||||||
## How to exploit
|
## How to exploit
|
||||||
# SQLI tricks
|
# SQLI tricks
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# Web Cache Poisoning
|
# Web Cache Deception
|
||||||
|
|
||||||
## Introduction
|
## Introduction
|
||||||
Web Cache Deception is an attack in which an attacker deceives a caching proxy into improperly storing private information sent over the internet and gaining unauthorized access to that cached data
|
Web Cache Deception is an attack in which an attacker deceives a caching proxy into improperly storing private information sent over the internet and gaining unauthorized access to that cached data
|
||||||
|
Loading…
Reference in New Issue
Block a user