Hello folks! Today I want to talk about ASUS RCE vulnerability on rma.asus-europe.eu domain. I was trying to fill out service apply form for my personal laptop. I had a screen issue. I realised that there is an upload part to upload some warranty documents. I was trying to bypass upload restrictions by editing request….
SMARTSHEET XSS VIA FILE UPLOAD
Hi, today I want to explain XSS vulnerability that I found on Smartsheet.com. Smartsheet XSS vulnerability is an interesting vulnerability because it occurs via file upload! By the way I want to clarify that, this XSS works with or without authorization, so it is dangerous vulnerability as well as interesting. What is Smartsheet and more…
BYPASS TWO FACTOR AUTHENTICATION VULNERABILITY ON LOGIN.GOV
I found a way to bypass two factor authentication on login.gov which contains critical informations in it. This vulnerability occurs because of the misconfigurated token. The account creating process of login.gov is very interesting. You need to confirm your email first, instead of last. I realised that this might cause some security problems. And it…
Other Posts: Mustafa Kemal CAN ~ muskecan
Senate.gov open redirect vulnerability
How I hacked ASUS?
CyberArk EPM Privilege Escalation Vulnerability – CVE-2018-13052
CyberArk EPM file block bypass – CVE-2018-14894
Fronter XSS – 3 XSS in 1 Blogpost
First Touch Games database information leak
ITSLEARNING VULNERABILITY STORIES – One more stored XSS
ITSLEARNING XSS PART 2
SMARTSHEET XSS VIA FILE UPLOAD
Guestall – SIMPLE BUT IMPORTANT PYTHON SCRIPT
