Summary:
I have identified a potential security vulnerability involving an XSS attack on the ekm.com website through the "AuditTrailPlugin." An attacker can exploit this issue to execute arbitrary JavaScript code within the context of a user's web browser.

Steps To Reproduce:

Open the following URL in a web browser:
[ Ссылка ](%22OPENBUGBOUNTY%22);%20a=%22
Observe that the injected JavaScript code triggers a pop-up alert in the browser.

All the videos are only for educational purpose.
#mufazmi

I reported this vulnerability to ekm.com on 20 Oct 2023 but received no response. Therefore, I reported it via Open Bug Bounty, but the vulnerability remains unfixed. When it was disclosed by Open Bug Bounty, I disclosed the report here:

Unpatched Disclosed Report
[ Ссылка ]

I'm Umair Farooqui, a passionate software engineer and security researcher dedicated to uncovering vulnerabilities in systems worldwide. With a strong background in ethical hacking, I delve into the intricacies of cybersecurity to safeguard digital infrastructures.

🔍 *Hacking Experience:*

I specialize in discovering and responsibly disclosing critical security issues. My portfolio includes successful hacks and disclosures impacting renowned organizations such as NASA and Paytm, earning recognition and appreciation for enhancing their security postures.

🎥 *YouTube Channel:*

On my YouTube channel, I share Proof of Concept (PoC) videos where I demonstrate how vulnerabilities were identified and exploited. Each video provides insights into the techniques used and the impact on security.

🌐 *Connect with Me:*
- *GitHub:* [ Ссылка ]
- *Instagram:* [ Ссылка ]
- *Twitter:* [ Ссылка ]
- *HackerOne:* [ Ссылка ]
- *Bugcrowd:* [ Ссылка ]
- *Google Search:* [ Ссылка ]
- *Google Search:* [ Ссылка ]

📱 *Contact Me:*
- *WhatsApp:* +91 9867503256

*Note:* All content shared on this channel is for educational purposes only. Don't misuse or hack or try to hack or test the server without permission.
I am not promoting anything wrong here. this video is just for education purpose, i have disclosed a report which is disclosed on the OpenBugBounty,

The video contains the information which was disclosed by openbugbounty

🔗 *Hashtags:*
#mufazmi #umairfarooqui #ethicalhacking #cybersecurity #infosec #bugbounty #securityresearch #hacker #bughunter #websecurity #pentesting #vulnerability #exploit #securityawareness #tech #coding #opensource #privacy #datasecurity #cybercrime #networksecurity #cyberattack #digitalforensics #blockchainsecurity #iotsecurity #appsec #cloudsecurity #redteam #blueteam #hackerinmumbra #mumbra #mumbrahacker #hackerkausa #mumbrahacker #itpm #hackerinsaraimeer #saraimeerhacker #saraimeer

Join me in exploring the world of cybersecurity, one vulnerability at a time! Let's secure the digital landscape together. 💻🛡️

свернуть