feat: added CVEs directory

CVEs/2021/CVE-2021-36873.md

@@ -0,0 +1,25 @@
+# CVE-2021-36873
+
+## Description
+Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.
+
+## CVSS (Vector and Score)
+CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N - 5.5 MEDIUM
+
+## Affected Application
+WordPress iQ Block Country plugin
+
+## Affected Version
+<= 1.2.11
+
+## Total Installation
+30,000+
+
+## Steps to Reproduce
+1. Login as administrator
+2. 
+
+
+## Proof of Concept
+- Image
+- Video

README.md

@@ -67,7 +67,7 @@ These are my bug bounty notes that I have gathered from various sources, you can
 
 ## To-Do-List
 - [ ] Tidy up the reconnaisance folder
-- [ ] Seperate the bypass from some vulnerability readme
+- [x] Added CVEs folder
 - [ ] Writes multiple payload bypasses for each vulnerability
   - [x] Payload XSS for each WAF (Cloudflare, Cloudfront, AWS, etc)
   - [ ] Payload SQL injection for each WAF (Cloudflare, Cloudfront)

SQL Injection.md

@@ -13,6 +13,9 @@ SQL Injection (SQLi) is a code injection attack where an attacker manipulates th
 - Time-based Blind SQLi 
 - Out-of-band SQLi 
 
+## Where to find
+Everywhere
+
 ## How to exploit
 # SQLI tricks
 

Web Cache Deception.md

@@ -1,4 +1,4 @@
-# Web Cache Poisoning
+# Web Cache Deception
 
 ## Introduction
 Web Cache Deception is an attack in which an attacker deceives a caching proxy into improperly storing private information sent over the internet and gaining unauthorized access to that cached data