zeroday | Okan KURTULUS

IDOR Vulnerability in KubeSphere / CVE-2024-46528

Hi guys, I am writing to report a potential Insecure Direct Object Reference (IDOR) vulnerability that I have discovered in KubeSphere. Below are the details of the vulnerability: There is a potential Insecure Direct Object References (IDOR) vulnerability in KubeSphere […]

Okan Kurtuluş | Yayınlanan 9 September 202421 October 2024 by Okan Kurtuluş

October CMS v3.4.4 – Stored Cross-Site Scripting (XSS) (Authenticated)

#Exploit Title: October CMS v3.4.4 – Stored Cross-Site Scripting (XSS) (Authenticated) #Date: 29 June 2023 #Exploit Author: Okan Kurtulus #Vendor Homepage: https://octobercms.com #Version: v3.4.4 #Tested on: Ubuntu 22.04 #CVE: 2023-37692 #Proof of Concept: 1-) Install the system through the website […]

Okan Kurtuluş | Yayınlanan 24 July 202324 July 2023 by Okan Kurtuluş

Piwigo v13.7.0 – Stored Cross-Site Scripting (XSS) (Authenticated)

#Exploit Title: Piwigo v13.7.0 – Stored Cross-Site Scripting (XSS) (Authenticated) #Date: 4 July 2023 #Exploit Author: Okan Kurtulus #Vendor Homepage: https://piwigo.org #Version: 13.7.0 #Tested on: Ubuntu 22.04 #CVE: N/A #Proof of Concept: 1-) Install the system through the website and […]

Okan Kurtuluş | Yayınlanan 6 July 20236 July 2023 by Okan Kurtuluş

CMS Made Simple v2.2.17 – Stored Cross-Site Scripting (XSS) (Authenticated)

#Exploit Title: CMS Made Simple v2.2.17 – Stored Cross-Site Scripting (XSS) (Authenticated) #Date: 25 June 2023 #Exploit Author: Okan Kurtulus #Vendor Homepage: https://www.cmsmadesimple.org #Version: 2.2.17 #Tested on: Ubuntu 18.04 #CVE: 2023-36970 #Proof of Concept: 1-) Install the system through the […]

Okan Kurtuluş | Yayınlanan 27 June 202324 July 2023 by Okan Kurtuluş

Food Ordering System v1.0 – Authenticated SQL Injection

#Exploit Title: Food Ordering System v1.0 – Authenticated SQL Injection #Date: 19 June 2023 #Exploit Author: Okan Kurtulus #Vendor Homepage: https://github.com/haxxorsid/food-ordering-system #Version: 1.0 #Tested on: Windows 11 #CVE: 2023-36968 #Affected Parameter: id #Proof of Concept: 1-) Install Food Ordering System […]

Okan Kurtuluş | Yayınlanan 21 June 202324 July 2023 by Okan Kurtuluş

ReQlogic v11.3 – Unauthenticated Reflected Cross-Site Scripting (XSS)

#Exploit Title: ReQlogic v11.3 – Unauthenticated Reflected Cross-Site Scripting (XSS)#Date: 9 October 2022#Exploit Author: Okan Kurtulus#Vendor Homepage: https://reqlogic.com#Version: 11.3#Tested on: Linux#CVE : 2022-41441 # Proof of Concept:1– Install ReQlogic v11.32– Go to https://localhost:81/ProcessWait.aspx?POBatch=test&WaitDuration=33– XSS is triggered when you send the […]

Okan Kurtuluş | Yayınlanan 17 January 20231 February 2023 by Okan Kurtuluş

ZeroDay Nedir ?

Merhaba arkadaşlar , Bilişim camiasında sürekli bir kelime dolaşır.Herkes ZeroDay , ZeroDay diye söylenip durur.Peki nedir bu ZeroDay ? ZeroDay’ı kısaca anlatmak gerekirse herhangi bir sistemin açığının bulunup , bunun kimseyle paylaşılmaması (duyurulmaması) demektir. Tahminen bundan 10 yıl öncesine kadar […]

Okan Kurtuluş | Yayınlanan 7 December 201715 March 2018 by Okan Kurtuluş

İletişim