Introduction:

Review:

Instructor: Tanya Janca

Level: Introductory

Course Contents:

1. Introduction to Secure Coding — The Basics

2. Secure SDLC & Application Security Program

3. Secure Coding Basics

Stored XSS leads admin account takeover

CVE link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24609

# Exploit Title: Savsoft Quiz 5 — Stored Cross-Site Scripting
# Date: 2020–07–28
# Exploit Author: Mayur Parmar(th3cyb3rc0p)
# Vendor Homepage:
https://savsoftquiz.com/
# Software Link:
https://github.com/savsofts/savsoftquiz_v5.git
# Version: 5.0
# Tested on: Windows 10
# Contact:
https://www.linkedin.com/in/th3cyb3rc0p/
# CVE: CVE-2020–24609

Stored…

CVE link: https://nvd.nist.gov/vuln/detail/CVE-2020-29474

# Exploit Title: EgavilanMedia Address Book 1.0 Exploit — SQLi Auth Bypass
# Date: 02–12–2020
# Exploit Author: Mayur Parmar(th3cyb3rc0p)
# Vendor Homepage:
http://egavilanmedia.com
# Software Link :
http://egavilanmedia.com/egm-address-book/
# Version: 1.0
# Tested on: PopOS

Attack Vector:
An attacker can gain admin panel access using malicious SQL…

SQL injection leads to Cpanel bypass

CVE link: https://nvd.nist.gov/vuln/detail/CVE-2020-29472

# Exploit Title: Under Construction Page with CPanel 1.0 — SQL injection
# Date: 17–11–2020
# Exploit Author: Mayur Parmar(th3cyb3rc0p)
# Vendor Homepage:
http://egavilanmedia.com
# Software Link :
http://egavilanmedia.com/under-construction-page-with-cpanel/
# Version: 1.0
# Tested on: PopOS

SQL Injection:
SQL injection is a…

CVE link: https://nvd.nist.gov/vuln/detail/CVE-2020-29247

# Exploit Title: WonderCMS 3.1.3 — ‘page’ Persistent Cross-Site Scripting
# Date: 20–11–2020
# Exploit Author: Mayur Parmar
# Vendor Homepage:
https://www.wondercms.com/
# Version: 3.1.3
# Tested on: PopOS

Stored Cross-site scripting(XSS):
Stored attacks are those where the injected script is permanently stored on the target servers,
such as…

Course: eJPT(eLearnSecurity Junior Penetration Tester)

https://elearnsecurity.com/product/ejpt-certification/

Cost: 200$(exam voucher)

Duration of exam: 72 Hours(3 days)

payment options: Paypal/credit card

Material(Lab,video,PDF): follow below steps

Steps: Register on ine.com(you will get starter pass with eJPT course material included)

goto this link: https://my.ine.com/CyberSecurity/learning-paths/a223968e-3a74-45ed-884d-2d16760b8bbd/penetration-testing-student (eJPT course material)

Introduction:

The eLearnSecurity Junior Penetration Tester (eJPT)…

Tale of Stored XSS Leads to admin account takeover

CVE:https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-24723

# Exploit Title: User Registration & Login and User Management System 2.1— Stored Cross-Site Scripting
# Date: 2020–11–18
# Exploit Author: Mayur Parmar(th3cyb3rc0p)
# Vendor Homepage: https://phpgurukul.com
# Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/
# Version: 2.1
# Tested on Pop OS(Linux)
# CVE: CVE-2020–24723

Stored Cross-site scripting(XSS):
Stored attacks are those where…

A Tale of SQL Injection Leads to admin panel bypass

Exploit: https://www.exploit-db.com/exploits/49052

CVE:https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-25952

# Exploit Title: User Registration & Login and User Management System 2.1
# Date: 2020–11–14
# Exploit Author: Mayur Parmar(th3cyb3rc0p)
# Vendor Homepage: https://phpgurukul.com
# Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/
# Version: 2.1 …

Mayur Parmar

I am a passionate information security researcher and CTF player who likes to learn more about hacking.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store