Critical XSS Vulnerability in The New Era Journal http://www.khitpyaing.org

Home / Hacking, News, Security / Critical XSS Vulnerability in The New Era Journal http://www.khitpyaing.org

August 26, 2010 PlanetCreator 0 Comments 0 tags

PlanetCreator.Net’s Security Team Member has reported another critical XSS vulnerability on http://www.khitpyaing.org

These are some information from Vulneral Site http://www.khitpyaing.org:

This vulnerability has been alerted to webmaster: [email protected]

Vulnerability Link is as follow http://khitpyaing.org

We hope that your security staff will look into this issue and fix it as soon as possible.

Explore More

Selection of tools to automate an attack SQL Injection

sqlmap (http://sqlmap.sourceforge.net/) Full support: MySQL, Oracle, PostgreSQL and Microsoft SQL Server. Partially supported: Microsoft Access, DB2, Informix, Sybase and Interbase. SQL Power Injector (http://www.sqlpowerinjector.com/) Implemented support for: Microsoft SQL Server,

Finding vulnerabilities in PHP scripts

Contents : * 1) About * 2) Some stuff * 3) Remote File Inclusion * 3.0 – Basic example * 3.1 – Simple example * 3.2 – How to fix

Yet another simple Google Docs hack

A simple hack that allow you to edit read only Google docs is explained here http://googlesystem.blogspot.com/2009/01/copy-google-documents-to-your-account.html It works and all you need is to hack the url a bit like

[local] Realtek rtl819x - Local Privilege
on May 27, 2026 at 12:00 am
Realtek rtl819x - Local Privilege
[webapps] Casdoor 3.54.1 - Arbitrary File Write via Path Traversal
on May 27, 2026 at 12:00 am
Casdoor 3.54.1 - Arbitrary File Write via Path Traversal
[webapps] OpenCATS 0.9.7.4 - SQL Injection
on May 27, 2026 at 12:00 am
OpenCATS 0.9.7.4 - SQL Injection
[hardware] MeiG Smart FORGE_SLT711 - OS Command Injection
on May 27, 2026 at 12:00 am
MeiG Smart FORGE_SLT711 - OS Command Injection
[webapps] scramble - Remote Code Execution
on May 27, 2026 at 12:00 am
scramble - Remote Code Execution