Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org

Video:   Steps to reproduce: 1. Create a Polymer element and publish it to github2. Set the repo homepage URL to: javascript:alert(document.domain)3. Publish it via https://www.webcomponents.org/publish4. Go to the element’s webcomponents.org page and click the homepage link     What can you do with this XSS: It’s possible if the user has authenticated …

SQLi at Maxon

Vulnerable URL: https://reg.maxon-campus.net/login/forgotpassword.php If you enter ‘ (a single quote) into the input field, it’ll show: query failed1064 : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ””’ at line 1   Summary: …