mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-18 10:26:11 +00:00
feat: added CVEs directory
This commit is contained in:
parent
1ecbea42ce
commit
d618747c12
25
CVEs/2021/CVE-2021-36873.md
Normal file
25
CVEs/2021/CVE-2021-36873.md
Normal file
@ -0,0 +1,25 @@
|
||||
# CVE-2021-36873
|
||||
|
||||
## Description
|
||||
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.
|
||||
|
||||
## CVSS (Vector and Score)
|
||||
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N - 5.5 MEDIUM
|
||||
|
||||
## Affected Application
|
||||
WordPress iQ Block Country plugin
|
||||
|
||||
## Affected Version
|
||||
<= 1.2.11
|
||||
|
||||
## Total Installation
|
||||
30,000+
|
||||
|
||||
## Steps to Reproduce
|
||||
1. Login as administrator
|
||||
2.
|
||||
|
||||
|
||||
## Proof of Concept
|
||||
- Image
|
||||
- Video
|
@ -67,7 +67,7 @@ These are my bug bounty notes that I have gathered from various sources, you can
|
||||
|
||||
## To-Do-List
|
||||
- [ ] Tidy up the reconnaisance folder
|
||||
- [ ] Seperate the bypass from some vulnerability readme
|
||||
- [x] Added CVEs folder
|
||||
- [ ] Writes multiple payload bypasses for each vulnerability
|
||||
- [x] Payload XSS for each WAF (Cloudflare, Cloudfront, AWS, etc)
|
||||
- [ ] Payload SQL injection for each WAF (Cloudflare, Cloudfront)
|
@ -13,6 +13,9 @@ SQL Injection (SQLi) is a code injection attack where an attacker manipulates th
|
||||
- Time-based Blind SQLi
|
||||
- Out-of-band SQLi
|
||||
|
||||
## Where to find
|
||||
Everywhere
|
||||
|
||||
## How to exploit
|
||||
# SQLI tricks
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
# Web Cache Poisoning
|
||||
# Web Cache Deception
|
||||
|
||||
## Introduction
|
||||
Web Cache Deception is an attack in which an attacker deceives a caching proxy into improperly storing private information sent over the internet and gaining unauthorized access to that cached data
|
||||
|
Loading…
Reference in New Issue
Block a user