Web Penetration Testing

December 28, 2021 Vehicle Service Management System – ‘Multiple’ Cookie Stealing Leads to Full Account Takeover

CVE-2021-46067 Exploit Title: Vehicle Service Management System – ‘Multiple’ Cookie Stealing Leads to Full Account TakeoverExploit Author: P.L.SanuCVE: CVE-2021-46067CVSS: 9.8…

December 20, 2021 Bludit 3.13.1 – About Plugin Stored Cross Site Scripting (XSS)

CVE-2021-45745 Exploit Title: Bludit 3.13.1 – About Plugin Stored Cross Site Scripting (XSS)Exploit Author: P.L.SanuCVE: CVE-2021-45745CVSS: 5.4 MEDIUMReferences:https://www.plsanu.com/bludit-3-13-1-about-plugin-stored-cross-site-scripting-xsshttps://nvd.nist.gov/vuln/detail/CVE-2021-45745https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45745 Description:A Stored…

December 20, 2021 Bludit 3.13.1 – TAGS Field Stored Cross Site Scripting (XSS)

CVE-2021-45744 Exploit Title: Bludit 3.13.1 – TAGS Field Stored Cross Site Scripting (XSS)Exploit Author: P.L.SanuCVE: CVE-2021-45744CVSS: 5.4 MEDIUMReferences:https://www.plsanu.com/bludit-3-13-1-tags-field-stored-cross-site-scripting-xsshttps://nvd.nist.gov/vuln/detail/CVE-2021-45744https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45744 Description:A Stored…