Liferay Portal 5.1.2 – Persistent XSS

Standard
#Exploit Title: Liferay Portal 5.1.2 - Persistent XSS
#Discovery Date: 2016-02-10
#Exploit Author: Sarim Kiani
#Vendor Homepage: https://www.liferay.com
#Software Link: https://www.liferay.com/community/releases
#Version: 5.1.2
#Tested on: Windows OS
Liferay Portal 5.1.2 is an open source version of Liferay's enterprise web platform for building business solutions that deliver immediate results and long-term value.

Continue reading

VLDPersonals Cross-Site Scripting XSS

Standard

# Exploit Title: VLD Personals – Cross Site Scripting ( Reflective ) with admin authentication.
# Notified VLD Personals Date: 02/FEB/2015

# Exploit Author: Mr T
# Exploit Authors Website: http://www.securitypentester.ninja
# Vendor Homepage: http://www.vldpersonals.com/
# Software Link: http://www.vldpersonals.com/clients/downloads.php
# Vulnerable Version: 2.7.1
# Fixed Version 2.7.2
# Tested on: Windows / Linux

XSS in "what" Parameter

XSS in “what” Parameter

Continue reading

VLDPersonal Bug Bounty

Standard

# Exploit Title: VLD Personals – Multiple Vulnerabilities
# Date: 09/11/2014
# Exploit Author: Talib Osmani
# Exploit Authors Website: http://www.securitypentester.ninja
# Vendor Homepage: http://www.vldpersonals.com/
# Software Link: http://www.vldpersonals.com/clients/downloads.php
# Version: 2.7
# CVE: CVE-2014-9004
# Exploit-db: http://www.exploit-db.com/exploits/35193/
# Fixed Version 2.7.1
# Tested on: Windows / Linux

Continue reading