HackDig : Dig high-quality web security articles for hackers

TikTok fixed security issues that could have led one-click account takeover

TikTok has addressed a couple of security issues that could have been chained to led account takeover.  The first issue addressed by the social media platform is a reflected XSS security flaw that has been reported by the bug bounty hunter Muhammed “milly” Taskiran via the bug bounty platform HackerOne. The Cross-Site-Scripting flaw affecte
Publish At:2020-11-23 12:24 | Read:150 | Comments:0 | Tags:Breaking News Hacking Cross-Site Request Forgery (CSRF). Rem

iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery (CSRF)

Title: iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery (CSRF) Advisory ID: ZSL-2020-5606 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 04.11.2020SummaryiDS6 Software's DSSPro network digital signage management systemis a web-b
Publish At:2020-11-04 18:42 | Read:230 | Comments:0 | Tags: Csrf

SpinetiX Fusion Digital Signage 3.4.8 CSRF Add Admin Exploit

Title: SpinetiX Fusion Digital Signage 3.4.8 CSRF Add Admin Exploit Advisory ID: ZSL-2020-5592 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 30.09.2020SummaryAt SpinetiX we inspire businesses to unlock the potential of their story.We believe in
Publish At:2020-09-30 16:40 | Read:352 | Comments:0 | Tags: Csrf exploit

B-swiss 3 Digital Signage System 3.6.5 CSRF Add Maintenance Admin

Title: B-swiss 3 Digital Signage System 3.6.5 CSRF Add Maintenance Admin Advisory ID: ZSL-2020-5589 Type: Local/Remote Impact: Cross-Site Scripting Risk: (4/5) Release Date: 19.09.2020SummaryIntelligent digital signage made easy. To go beyond thepossibilities offered, b-s
Publish At:2020-09-18 23:08 | Read:1255 | Comments:0 | Tags: Csrf

Hyland OnBase 19.x and below - CSRF

CVSSv3.1 Score-------------------------------------------------AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NVendor-------------------------------------------------Hyland Software - (https://www.hyland.com/en/ and https://www.onbase.com/en/)Product-------------------------------------------------Hyland OnBaseAll derivatives based on OnBaseVersions Affected-------------
Publish At:2020-09-04 13:25 | Read:464 | Comments:0 | Tags: Csrf

All-Dynamics Software enlogic:show Digital Signage System 2.0.2 CSRF Add Admin

Title: All-Dynamics Software enlogic:show Digital Signage System 2.0.2 CSRF Add Admin Advisory ID: ZSL-2020-5576 Type: Local/Remote Impact: Cross-Site Scripting Risk: (2/5) Release Date: 31.07.2020SummaryBring communication with your customers, guests or employeesto a new
Publish At:2020-07-31 21:41 | Read:762 | Comments:0 | Tags: Csrf

UBICOD Medivision Digital Signage 1.5.1 CSRF Add Super Admin

Title: UBICOD Medivision Digital Signage 1.5.1 CSRF Add Super Admin Advisory ID: ZSL-2020-5574 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 19.07.2020Summary Medivision is a service that provides everything from DID operation todevelopment of
Publish At:2020-07-19 16:15 | Read:534 | Comments:0 | Tags: Csrf

Chrome 84 Brings 38 Security Patches, Resumes CSRF Protection Rollout

Chrome 84 was released in the stable channel this week with a total of 38 patches, but also with additional security improvements, including the rollout of a previously announced SameSite cookie change.Initially announced in May 2019, the change is meant to provide users with improved protection against cross-site request forgery (CSRF) attacks by making onl
Publish At:2020-07-15 11:44 | Read:461 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Csrf

Verint Impact 360 login CSRF

<!--# Exploit Title: Verint Impact 360 login CSRF# Date: 7-13-2020# Exploit Author: Ryan Delaney# Author Contact: ryan.delaney () owasp org# Author LinkedIn: https://www.linkedin.com/in/infosecrd/# Vendor Homepage: https://www.verint.com/# Software Link:https://www.verint.com/engagement/our-offerings/solutions/workforce-optimization/# Version: Impact 360
Publish At:2020-07-14 06:14 | Read:712 | Comments:0 | Tags: Csrf

Bolt CMS <= 3.7.0 Multiple Vulnerabilities - CSRF to RCE

########################################################################### Bolt CMS <= 3.7.0 Multiple Vulnerabilities ###########################################################################Author - Sivanesh Ashok | @sivaneshashok | stazot.comDate : 2020-03-24Vendor : https://bolt.cm/Version : <= 3.7.0
Publish At:2020-07-03 13:50 | Read:453 | Comments:0 | Tags: Csrf

Drupal addresses critical code execution vulnerability

Drupal released security updates to patch several security issues, including a flaw that could allow an attacker to execute arbitrary PHP code. Drupal released security updates to address multiple security vulnerabilities, including a “critical” flaw tracked as CVE-2020-13664 that could be exploited by an attacker to execute arbitrary PHP code
Publish At:2020-06-18 12:28 | Read:589 | Comments:0 | Tags:Breaking News Hacking Security CSRF Drupal hacking news info

Secure Computing SnapGear Management Console SG560 v3.1.5 CSRF Add Super User

Title: Secure Computing SnapGear Management Console SG560 v3.1.5 CSRF Add Super User Advisory ID: ZSL-2020-5567 Type: Local/Remote Impact: Cross-Site Scripting Risk: (4/5) Release Date: 04.06.2020SummaryThe SG gateway appliance range provides Internet security andprivacy
Publish At:2020-06-04 11:23 | Read:701 | Comments:0 | Tags: Csrf

P5 FNIP-8x16A/FNIP-4xSH CSRF Stored Cross-Site Scripting

Title: P5 FNIP-8x16A/FNIP-4xSH CSRF Stored Cross-Site Scripting Advisory ID: ZSL-2020-5564 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 21.04.2020SummaryThe FNIP-8x16A is an eight channel relay module used for switching anytype of load that do
Publish At:2020-04-20 22:03 | Read:978 | Comments:0 | Tags: Csrf

Prestashop <= 1.7.6.4 Multiple Vulnerabilities - CSRF to RCE

########################################################################### Prestashop <= 1.7.6.4 Multiple Vulnerabilities ###########################################################################Author - Sivanesh Ashok | @sivaneshashok <https://twitter.com/sivaneshashok>| stazot.comLast Modified: 2020-04-11Vendor : h
Publish At:2020-04-17 13:40 | Read:832 | Comments:0 | Tags: Csrf

Google Rolls Back Recently Introduced Chrome CSRF Protection

Google last week announced that it has started rolling back a cross-site request forgery (CSRF) protection introduced in early February with the release of Chrome 80 in the stable channel.Initially announced in May 2019, the protection involves Chrome enforcing a new secure-by-default cookie classification system, where cookies that haven’t declared a SameSi
Publish At:2020-04-06 15:56 | Read:1034 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Management & St

Tools