Pinned Repositories
CVE-2019-10779
GCHQ Stroom is vulnerable to Cross-Site Scripting due to the ability to load the Stroom dashboard on another site and insufficient protection against window event origins.
CVE-2020-9484
Apache Tomcat RCE (CVE-2020-9484)
email_change_exploit_xss.js
This is a sample exploit for exploiting an XSS vulnerability that changes the user email. This bypasses some CSRF protections as the page was revoking the CSRF protections when refreshed.
password_vault_exploit.js
XSS Exploit code for retrieving passwords stored in a Password Vault
XSS_Privilege_Escalation.js
Privilege escalation exploit code for XSS vulnerability
R O K's Repositories
RepublicR0K/CVE-2020-9484
Apache Tomcat RCE (CVE-2020-9484)
RepublicR0K/email_change_exploit_xss.js
This is a sample exploit for exploiting an XSS vulnerability that changes the user email. This bypasses some CSRF protections as the page was revoking the CSRF protections when refreshed.
RepublicR0K/password_vault_exploit.js
XSS Exploit code for retrieving passwords stored in a Password Vault
RepublicR0K/XSS_Privilege_Escalation.js
Privilege escalation exploit code for XSS vulnerability
RepublicR0K/CVE-2019-10779
GCHQ Stroom is vulnerable to Cross-Site Scripting due to the ability to load the Stroom dashboard on another site and insufficient protection against window event origins.