Stored XSS to Full Information disclosure

Hello pals, During research of terapeak.com I found that Bulk Research name is vulnerable to XSS attack. Note:You need to subscribe for Terapeak Profession account. POC:

After digging more I’ve found that by that token you can get full information of that user like: Email Address, Full Name, Member ID, Subscription Type, and other info. as well … 

 

Svg XSS in Unifi v5.0.2

This is another finding in Unifi Controller. Description: I have found a persistent xss vulnerability on Unifi Controller that allows attackers steal user’s cookies, do csrf attacks against victim account or do phishing attacks. This vulnerability occurs due the page allows svg attachments that contains “xmlns=http://www.w3.org/1999/xhtml”, then the page will render the content of the … 

 

Swf XSS (Dom Based Xss)

Hey Folks, I was working in UBNT for bounty and i found several xss there so i’m sharing one of the cool xss.

In the above code the FlashVar parameter “bridgeName” is passed to the ExternalInterface.call method without filtering. It is possible to pass JavaScript code via the bridgeName parameter that will be executed … 

 

XSS on Flickr

Howdy friends, Today I’m going to show you how I got Flickr XSS Vulnerability. I’ve been spending time lately playing with Flickr. First as usual I created flickr group with some random words <“lol”> To my bad luck there was filtration. then i started digging with that and i found a way to execute my …