Veysəl Xankişiyev

icon indicating a website link http://veysel-xan.com/

icon location Baku

Results 5 issues of Veysəl Xankişiyev

Cross Site Request Forgery (CSRF) to File Deletion (security bug)

Any requests which modifies data should not be sent by using GET method. So while deletion or renaming file csrf token not validated `Get Method: site/laravel-filemanager/delete?working_dir=%2F2&type=Images&items%5B%5D=filename.jpg&_=1646834633028 `

security

Writing the value from the method with frida to the console.

1 comment

Writing the value from the method with frida to the console. App code:https://ibb.co/J5gH6gk Frida code: https://ibb.co/TBg0B1C

freshissue

xss bug found

1 comment

xss found PoC: https://ibb.co/XbdMNVV Payload: `">`

xss bug fix #580

Writing the value from the method with frida to the console

Writing the value from the method with frida to the console. App code:https://ibb.co/J5gH6gk Frida code: https://ibb.co/TBg0B1C