-
## Vulnerability Name : Server Side Template Injection to Cross Site Scripting
## Vulnerable Domain : *.V6.demo.nocobase.com
## Description :
In the ACL where the user edits the Role the `role na…
-
### What happened?
Crowdsec crashed.
### What did you expect to happen?
It to not crash. Its been running stable for more than a year now
### How can we reproduce it (as minimally and precisely as…
-
Add a special `WebVuln.test_param` method as a placeholder method for testing an individual query param, header name, cookie param, or form param. This will allow other classes such as `CommandInjecti…
-
30 sec counter
test link:
https://allbox.tv/film-online,niepodleglosc-2018,459024
-
### What happened?
When creating Docker container for the first time, you can see some warnings/errors in logs like
```
time="2024-07-08T08:53:48Z" level=warning msg="scenario list is empty, will n…
-
部分题目可能没有参数直接 /path 作为模板注入,这类注入如何设置参数?
-
提交issue前,请检查你本地的vulhub是否是最新版,否则可能存在一些由于时间问题导致而今已经修复的bug。
填写如下信息
- Which environment: 哪个环境出现BUG [e.g. python/ssti]
- Host OS: Ubuntu
- OS Version: 16.04 LTS
- Docker version: Docker versio…
-
### Query PR
https://github.com/github/codeql/pull/15193
### Language
GoLang
### CVE(s) ID list
- [CVE-2023-2259](https://nvd.nist.gov/vuln/detail/CVE-2023-2259)
- [CVE-2023-2017](https://nvd.…
-
SSTIは実装中。
https://github.com/DiogoMRSilva/websitesVulnerableToSSTI/blob/master/python/python-django/src/site/server/views.py
-
Juice Shop challenges could become a resource type for OpenCRE, being associated with certain topics. Example:
* https://www.opencre.org/search/xss
* Juice Shop Hacking Challenge - "API-only XSS…