Home
Lithonn
Cancel
Preview Image

CVE-2023-2684: File Renaming on Upload <= 2.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Introdution During my search for a plugin with the functionality to modify file names after uploading, I came across a particular plugin that seemed promising. As a security enthusiast, I decided ...

Preview Image

CVE-2023-2811: AI ChatBot <= 4.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

Introduction WPBot is an easy to use, Native, No coding required, AI ChatBot plugin for WordPress websites. It can be powered by DialogFlow or OpenAI GPT-3 (ChatGPT). Own and Manage your ChatBot f...

Preview Image

CVE-2022-4278: SourceCodester Human Resource Management System employeeadd.php SQL Injection

Introduction Human Resource Management System is a web application that was developed in PHP and MySQL Database. It aims to provide an online automated platform for certain company employees’ to m...

Preview Image

CVE-2022-4229: SourceCodester Book Store Management System 1.0 /bsms_ci/index.php Access Control

Introduction In the realm of cybersecurity, discovering a vulnerability and obtaining a CVE (Common Vulnerabilities and Exposures) entry is a significant achievement. It marks a milestone in an in...

Preview Image

CVE-2022-4228: SourceCodester Book Store Managerment System 1.0 Password Information Disclosure

A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. An Unauthen...

Preview Image

Port Redirection and Tunneling

Port Forwarding Port forwarding is the simplest traffic manipulation technique we will examine in which we redirect traffic destined for one IP address and port to another IP address and port. ...

Preview Image

Active Directory Enumeration & Attacks

Manually Enumeration Basic enumeration Use built-in net.exe application Who are you net user Enumerate all users net user /domain Enumerate all groups net group /domain Use powershell s...

Preview Image

Linux Privilege Escalation

NOTE: It is not always possible to escalate privileges to root, we have to escalate privileges to another non-root user, then escalate privileges to root Checklist Reference from PayloadsAllT...

Preview Image

Windows Privilege Escalation

Privilege Escalation Strategy This section is coming straight from Tib3rius Udemy Course. Spend some time and read over the results of your enumeration. If WinPEAS or another tool finds someth...

Mobile Secure Local Storage

When developing iOS or Android apps, there’s a need to store some data locally, such as basic fetch data, usernames, and passwords. However, using standard storage methods like shared preferences o...