Al1ex

icon company Heptagram icon location Chengdu

Results 10 issues of Al1ex

Novel-plus-install-v3.5.3-Druid Unauthorized access

2 comment

## Information Exploit Title:Novel-plus-install-v3.5.3-Druid Unauthorized access Exploit date:01.06.2021 Exploit Author:Al1ex@Heptagram Vendor Homepage:https://github.com/201206030/novel-plus Affect Version:novel-plus-install-v3.5.3 Description:Novell plus system carries Druid component, and the permission check is verified by Shiro. However, Shiro...

Novel-plus-install-v3.5.3-Storage XSS

1 comment

## Information ``` Exploit Title:Novel-plus-install-v3.5.3-Storage XSS Exploit date:01.06.2021 Exploit Author:Al1ex@Heptagram Vendor Homepage:https://github.com/201206030/novel-plus Affect Version:novel-plus-install-v3.5.3 Description:Novell plus feedback message function module has storage XSS, which can be used by attackers to...

Jeewx-Boot-v1.3-Cross-site request forgery(CSRF)

## Information ``` Exploit Title:Jeewx-Boot-v1.3-Cross-site request forgery(CSRF) Exploit date:01.06.2021 Exploit Author:Al1ex@Heptagram Vendor Homepage:https://github.com/zhangdaiscott/jeewx-boot Affect Version:Jeewx-Boot-v1.3 Description:There is CSRF vulnerability in jeewx-boot-v1.3. Attackers can construct a malicious page and cheat administrator...

Jeewx-Boot-v1.3-Storage XSS

## Information ``` Exploit Title:Jeewx-Boot-v1.3-Storage XSS Exploit date:01.06.2021 Exploit Author:Al1ex@Heptagram Vendor Homepage:https://github.com/zhangdaiscott/jeewx-boot Affect Version:Jeewx-Boot-v1.3 Description:The background voting function module of jeewx-boot-v1.3 allows users to import data through templates, but does...

Storage XSS in article comments

This newest version of the zrlog has a storage XSS in article comments.The attacker can insert the malicious XSS code into the comments and submit it. When the background blogger...

CSRF in backstage management

This version of the zrlog backstage management has CSRF vulnerability.The attacker can induce the user to visit the CSRF attack page, and then use the user's credentials for malicious operations...

A Security vulnerability to report

7 comment

Hello, I found a security vulnerabilities. I want to know how to safely submit it to the project party.Or you can contact me through TG(@RedTeamPing).

A security vulnerability submission

Hello, I found a conditional competition vulnerability. I want to know how to submit vulnerability details and vulnerability reward rules. You can contact me through TG(@RedTeamPing).

A security vulnerability submission

Hello, I found a vulnerability which can cause double spend attack. I want to know how to submit vulnerability details and vulnerability reward rules. You can contact me via TG(@RedTeamPing).

A Security vulnerability to report

Hello, I found a serious security vulnerabilities. I want to know how to safely submit it to the project party.