Web Penetration Testing

By SANU P.L December 28, 2021 No Comments

Vehicle Service Management System – ‘Mechanic List’ Stored Cross Site Scripting (XSS)

CVE-2021-46069 Exploit Title: Vehicle Service Management System – ‘Mechanic List’ Stored Cross Site Scripting (XSS)Exploit Author: P.L.SanuCVE: CVE-2021-46069CVSS: 4.8 MEDIUMReferences:https://www.plsanu.com/vehicle-service-management-system-mechanic-list-stored-cross-site-scripting-xsshttps://nvd.nist.gov/vuln/detail/CVE-2021-46069https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46069 Description:A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in...

By SANU P.L December 28, 2021 No Comments

Vehicle Service Management System – ‘MyAccount’ Stored Cross Site Scripting (XSS)

CVE-2021-46068 Exploit Title: Vehicle Service Management System – ‘MyAccount’ Stored Cross Site Scripting (XSS)Exploit Author: P.L.SanuCVE: CVE-2021-46068CVSS: 4.8 MEDIUMReferences:https://www.plsanu.com/vehicle-service-management-system-myaccount-stored-cross-site-scripting-xsshttps://nvd.nist.gov/vuln/detail/CVE-2021-46068https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46068 Description:A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login...

By SANU P.L December 28, 2021 No Comments

Vehicle Service Management System – ‘Multiple’ Cookie Stealing Leads to Full Account Takeover

CVE-2021-46067 Exploit Title: Vehicle Service Management System – ‘Multiple’ Cookie Stealing Leads to Full Account TakeoverExploit Author: P.L.SanuCVE: CVE-2021-46067CVSS: 9.8 CRITICALReferences:https://www.plsanu.com/vehicle-service-management-system-multiple-cookie-stealing-leads-to-full-account-takeoverhttps://nvd.nist.gov/vuln/detail/CVE-2021-46067https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46067 Description:In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover. 1. Vehicle...

By SANU P.L December 20, 2021 No Comments

Bludit 3.13.1 – About Plugin Stored Cross Site Scripting (XSS)

CVE-2021-45745 Exploit Title: Bludit 3.13.1 – About Plugin Stored Cross Site Scripting (XSS)Exploit Author: P.L.SanuCVE: CVE-2021-45745CVSS: 5.4 MEDIUMReferences:https://www.plsanu.com/bludit-3-13-1-about-plugin-stored-cross-site-scripting-xsshttps://nvd.nist.gov/vuln/detail/CVE-2021-45745https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45745 Description:A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. Application stores attacker injected...

Category: Web Penetration Testing

Vehicle Service Management System – ‘Mechanic List’ Stored Cross Site Scripting (XSS)

Vehicle Service Management System – ‘MyAccount’ Stored Cross Site Scripting (XSS)

Vehicle Service Management System – ‘Multiple’ Cookie Stealing Leads to Full Account Takeover

Bludit 3.13.1 – About Plugin Stored Cross Site Scripting (XSS)