-
攻擊者學號:B10732002 @isgordon458
被攻擊者學號與網址:B10830027 @mandy900619 https://demo.mandy.social/
漏洞類型:(XSS)
漏洞描述
在上傳貼文處有 XSS inejection
PoC
登入網頁後,在上傳貼文處新增一則貼文,其內容為
```
alert(1)
```
、CSRF(delete)、CSRF(comment)
漏洞描述
可繞過之前的 XSS Patch 執行 JS 並進行 CSRF 攻擊。
攻擊者可以在留言板上留下以下…
-
The 4th byte of the RAR signature is wrong - it should be 21 and not 20.
Additionally, the last byte is not always zero - it's a version number 00 (RAR 1.5 to 4.0) or 01 (RAR 5) with values 02 thr…
-
Nik,
First of all great work! I wanted to write something like you did but stumbled on your code and was pretty impressed!
I have been having an issue though whenever I hit back button with CortesyF…
-
https://developer.mozilla.org/en-US/observatory/analyze?host=fined.academy