Faisal Fs ⚔️

icon indicating a website link https://faisalfs10x.github.io

icon company GitHub icon location Malaysia icon location Int*net 70% | Luck 20% | GPU 10% #hack2protect

Results 8 issues of Faisal Fs ⚔️

Update 50155.txt

minor update

Update 50148.txt

update cve-id

Update 50142.txt

update version

Update 50101.py

minor changes to comment out the description line.

cmd lookup failed to store hash: Database.Plugins is empty (you must set this field to use this function)

@blacktop, i keep getting this error if run command lookup...command scan is running well... ``` $ docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -e MALICE_VT_API=apikey --network="host" malice/engine lookup 87a28a99697452a37fc229b3aa3afe97 FATA[0000] cmd lookup...

Password hash in Users setting

1 comment

Version: v8.1.2 Please/consider remove the Password field and its value in the Users setting to avoid future issues. ![image](https://user-images.githubusercontent.com/51811615/152087790-0aca223c-7bee-4a7f-ad6f-58996b38f374.png)

Stored XSS exists in Blog package of Lavalite CMS v8.1.2

PoC 1: Affected endpoint: `POST http://localhost/website/public/admin/blog/blog/rA0kxlke49` Field: `Title` Parameter: `title` PoC 2: Affected endpoint: `POST http://localhost/website/public/admin/blog/tag/rA0kxlke49` Field: `Name` Parameter: `name` This issue is also reported via huntr.dev https://huntr.dev/bounties/50b2575f-01a2-4202-8d31-aa7f3164fdfb/

[add-request] Add Webmin-CVE-2022-0824 RCE

Hi @p0dalirius, mind to add Webmin-CVE-2022-0824 authenticated RCE.. This exploit could be done by any less privileged authenticated attacker. Thanks! Reference: https://github.com/faisalfs10x/Webmin-CVE-2022-0824-revshell

add-request