Today I want to explain you how I can still be able to execute javascript payloads on Itslearning education syste. Itslearning XSS part 2 begins! You should check the part 1 of this article. ITSLEARNING STORED XSS VULNERABILITY OR NOT? Mr. Håkon Høydal, wrote an article about Itslearning. After that Itslearning, did some things to filter…
SMARTSHEET XSS VIA FILE UPLOAD
Hi, today I want to explain XSS vulnerability that I found on Smartsheet.com. Smartsheet XSS vulnerability is an interesting vulnerability because it occurs via file upload! By the way I want to clarify that, this XSS works with or without authorization, so it is dangerous vulnerability as well as interesting. What is Smartsheet and more…
Guestall – SIMPLE BUT IMPORTANT PYTHON SCRIPT
Hi everyone. I coded a basic python script that install guest additions on your debian based linux. I called it Guestall, it supports VMWare and VirtualBox. It is easy to use. I’ve made it because I always forget these things. It is not a problem anymore with guestall. I hope it helps everyone like me. Guestall…
ITSLEARNING STORED XSS VULNERABILITY OR NOT?
I’ve found an stored XSS on itslearning education system works without even autorized. Hacker can do lots of things via Itslearning stored XSS vulnerability. This XSS works without any authorization, so it is more dangerous than usual XSS. Payload : I use <svg/onload=prompt(1)> but almost every payload works. PoCs about itslearning stored XSS Redirect via XSS; https://files.itslearning.com/data/2099/13132/xss.html Alert…
BYPASS TWO FACTOR AUTHENTICATION VULNERABILITY ON LOGIN.GOV
I found a way to bypass two factor authentication on login.gov which contains critical informations in it. This vulnerability occurs because of the misconfigurated token. The account creating process of login.gov is very interesting. You need to confirm your email first, instead of last. I realised that this might cause some security problems. And it…
ASUS bilgisayar alınır mı?
Herkese merhaba, internette çoğu kullanıcının yazdığı gibi “x bilgisayar markası nasıldır, alınır mı?” gibi sorulara yaşadığım bir sorunu anlatarak cevap vermeye çalışacağım. Bilgisayarımın markası ASUS olduğu için bu soruyu ” ASUS bilgisayar alınır mı? ” şeklinde düşünelim. Mart 2017’de ASUS X550VX satın aldım. Fiyatının güzel olmuş olması ve donanımsal olarak da oldukça güçlü olması beni…
Mustafa Kemal Can – muskecan – About me
Mustafa Kemal Can kimdir? …
Recent Posts
- Protected: REDACTED 20 November 2021
- [REDACTED] App – Insufficiently “Encrypted” Config Leads to Free InAppPurchase 23 March 2020
- Make IDOR great again! 5 December 2019