ValBrux ( ͡° ͜ʖ ͡°)


ethical hacking

CVE-2019-6588 – Liferay Portal < 7.1 CE GA4 / SimpleCaptcha API XSS

Introduction In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the “url” parameter of the JSP taglib call <liferay-ui:captcha url=”<%= url %>” /> or <liferay-captcha:captcha url=”<%= url… Continue Reading →

Google Ads – Information Disclosure via null pointer exception

Well well! After having been pretty busy with some university mid-term exams, I finally found some spare-time to dig deep into bug bounty programs. Some months ago, I contacted Google about an information disclosure vulnerability I found on their Google… Continue Reading →

MITM using arpspoof + Burp or mitmproxy on Kali Linux.

I could not find anything on the web that explains how to setup properly a man-in-the-middle proxy on Kali Linux thus I am writing this article to make it clear. First we should enable IP forwarding on the proxy machine… Continue Reading →

Google XSS Game

I recently found this webpage (created by Google) which provides a cross-site-scripting game to test your skills in Javascript. It is divided into 6 levels. I found the first,second,third and fifth level pretty easy, but I think the fourth and sixth… Continue Reading →

© 2019 Valbrux — Powered by WordPress