Black Hat Ethical Hacking
  • Home
  • Solutions
  • Courses
  • Patreon
  • Resources
    • Articles
    • InfoSec News
    • Premium Articles
    • Hacking Tools
  • Merch
  • About us
  • Contact us
Select Page
XSS Vulnerability in “Get a Quote” while bypassing WordFence and CloudFlare

XSS Vulnerability in “Get a Quote” while bypassing WordFence and CloudFlare

Jun 24, 2025 | Articles, Free Premium Article

During an external penetration testing, we uncovered a Cross-Site Scripting (XSS) vulnerability in the newly introduced “Get a Quote” form on the client’s website. This weakness allows malicious script injection via user input, which was not caught by existing defenses (including Wordfence and Cloudflare Web Application Firewall).

Oracle ILOM Compromise via EternalBlue

Oracle ILOM Compromise via EternalBlue

Jun 17, 2025 | Articles, Free Premium Article

During a penetration testing assessment, our team identified a critical exploitation chain affecting an enterprise network. The attack began by exploiting the EternalBlue vulnerability on an unpatched Windows server, allowing remote code execution.

Recent News

  • Mac Infostealer ‘Shamos’ Spreads via ClickFix Attacks Masquerading as Help

    Mac Infostealer ‘Shamos’ Spreads via ClickFix Attacks Masquerading as Help

    1 day ago
  • Threat Actors Exploit Two-Year-Old Apache ActiveMQ Flaw to Deploy DripDropper Malware on Linux Systems

    Threat Actors Exploit Two-Year-Old Apache ActiveMQ Flaw to Deploy DripDropper Malware on Linux Systems

    6 days ago
  • 15.8 Million PayPal Logins Allegedly on Sale in Hacker Forum

    15.8 Million PayPal Logins Allegedly on Sale in Hacker Forum

    1 week ago
  • XZ-Utils Backdoor Still Found in 35+ Docker Hub Linux Images

    XZ-Utils Backdoor Still Found in 35+ Docker Hub Linux Images

    2 weeks ago
  • WinRAR Zero-Day Exploited to Deploy RomCom Malware

    WinRAR Zero-Day Exploited to Deploy RomCom Malware

    2 weeks ago
  • Ghost Calls: New C2 Technique Abuses Zoom and Teams to Evade Detection

    Ghost Calls: New C2 Technique Abuses Zoom and Teams to Evade Detection

    3 weeks ago
  • New ‘Plague’ Malware Evades Detection for a Year, Hijacks Linux SSH Authentication

    New ‘Plague’ Malware Evades Detection for a Year, Hijacks Linux SSH Authentication

    3 weeks ago
  • Critical RCE Flaw in WordPress ‘Alone’ Theme Under Mass Exploitation

    Critical RCE Flaw in WordPress ‘Alone’ Theme Under Mass Exploitation

    4 weeks ago
  • New macOS ‘Sploitlight’ Flaw Bypasses Privacy Controls to Exfiltrate Sensitive Data

    New macOS ‘Sploitlight’ Flaw Bypasses Privacy Controls to Exfiltrate Sensitive Data

    4 weeks ago
  • Scattered Spider Hacks VMware ESXi via Help Desk Social Engineering

    Scattered Spider Hacks VMware ESXi via Help Desk Social Engineering

    4 weeks ago

ABOUT US

  • Press Release
  • Sponsorship-Advertising
  • Site Map
  • Terms of Services
  • Privacy & Policy

SOLUTIONS

  • Vulnerability Assessment
  • Penetration Testing
  • Digital Forensics
  • Social Engineering
  • Compliance Programs

SUPPORT

  • Submit a Ticket
  • Report an Incident
  • Vulnerability Disclosure Policy
  • Contact us

EDUCATION

  • Courses – Login
  • Premium Articles – Login
  • Patreon – Hacking Episodes
  • Offensive Security Courses
  • Security Awareness
  • Courses – Login
  • Premium Articles – Login
  • Patreon – Hacking Episodes
  • Offensive Security Courses
  • Security Awareness
  • Facebook
  • X
  • Instagram
  • RSS
© Copyright 2025 • Black Hat Ethical Hacking • All rights reserved