Sajeeb Lohani (sml555 / prodigysml)

https://raw.githubusercontent.com/xyele/secretx/master/patterns.json

https://github.com/random-robbie/keywords/blob/master/keywords.txt Thanks @xYantix !

https://github.com/hisxo/gitGraber/blob/master/tokens.py

XXE in Playlist Parsers

1

# The Issue An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to...

Add NetForce

1

Add in NetForce. https://www.imdb.com/title/tt0158423/ Apparently not a good movie, but worth putting on the list.

XML Injection Denial of Service

16

### Expected behaviour Validate XML import against a schema ### Actual behaviour Processes the XML bomb provided ### Steps to reproduce Import an XML file with the following content: ```xml

Stored Cross-site Scripting (XSS)

1

# Issue Stored XSS found within the blog creation page. This allows attackers to get arbitrary execution of javascript code. # Steps to reproduce 1. Log into a user's account...

Hi! We found some potential security flaws and were wondering whether there was anyone we could talk to on the contributor's team about it. Is there anyone we can talk...

Authenticated SQL Injection in show_groups_popup.php

11

# The Issue SQL Injections are vulnerabilities in which the developer overly trusts user controlled input. This allows an attacker to perform malicious queries upon the database, which can lead...

Authenticated Local File Disclosure in import_template.php

18

# The Issue Local file disclosure is a vulnerability which allows an attacker to disclose the contents of files on the server. An attacker can use this vulnerability to disclose...