Black Hat Ethical Hacking
  • Home
  • Solutions
  • Courses
  • Patreon
  • Resources
    • Articles
    • InfoSec News
    • Premium Articles
    • Hacking Tools
    • Tools by BHEH
  • Merch
  • About us
  • Contact us
Select Page
XSS Vulnerability in the “Get a Quote” form while bypassing WordFence and CloudFlare

XSS Vulnerability in the “Get a Quote” form while bypassing WordFence and CloudFlare

Jun 24, 2025 | Articles, Free Premium Article

During an external penetration testing, we uncovered a Cross-Site Scripting (XSS) vulnerability in the newly introduced “Get a Quote” form on the client’s website. This weakness allows malicious script injection via user input, which was not caught by existing defenses (including Wordfence and Cloudflare Web Application Firewall).

Oracle ILOM Compromise via EternalBlue

Oracle ILOM Compromise via EternalBlue

Jun 17, 2025 | Articles, Free Premium Article

During a penetration testing assessment, our team identified a critical exploitation chain affecting an enterprise network. The attack began by exploiting the EternalBlue vulnerability on an unpatched Windows server, allowing remote code execution.

Recent News

  • Critical nginx-ui Flaw Under Active Exploitation Enables Full Server Takeover

    Critical nginx-ui Flaw Under Active Exploitation Enables Full Server Takeover

    4 days ago
  • React2Shell Exploited in Mass Credential Harvesting Campaign Targeting 700+ Hosts

    React2Shell Exploited in Mass Credential Harvesting Campaign Targeting 700+ Hosts

    2 weeks ago
  • EvilTokens Phishing Service Fuels Large-Scale Microsoft 365 Account Takeover Campaign

    EvilTokens Phishing Service Fuels Large-Scale Microsoft 365 Account Takeover Campaign

    4 weeks ago
  • Attackers Impersonate IT Support on Microsoft Teams to Deploy A0Backdoor Malware

    Attackers Impersonate IT Support on Microsoft Teams to Deploy A0Backdoor Malware

    1 month ago
  • State-Sponsored Attack Hijacks Notepad++ Update Infrastructure to Deliver Malware

    State-Sponsored Attack Hijacks Notepad++ Update Infrastructure to Deliver Malware

    3 months ago
  • Fortinet Fixes Actively Exploited FortiOS SSO Auth Bypass

    Fortinet Fixes Actively Exploited FortiOS SSO Auth Bypass

    3 months ago
  • CISA Flags Actively Exploited VMware vCenter RCE in KEV Catalog

    CISA Flags Actively Exploited VMware vCenter RCE in KEV Catalog

    3 months ago
  • Reprompt Attack Lets Attackers Exfiltrate Data From Microsoft Copilot With a Single Click

    Reprompt Attack Lets Attackers Exfiltrate Data From Microsoft Copilot With a Single Click

    3 months ago
  • Node.js Fixes Critical DoS Flaw That Could Crash “Virtually Every Production App”

    Node.js Fixes Critical DoS Flaw That Could Crash “Virtually Every Production App”

    3 months ago
  • Actively Exploited D-Link Router Flaw Enables Unauthenticated Remote Code Execution

    Actively Exploited D-Link Router Flaw Enables Unauthenticated Remote Code Execution

    3 months ago

ABOUT US

  • Press Release
  • Sponsorship-Advertising
  • Site Map
  • Terms of Services
  • Privacy & Policy

SOLUTIONS

  • Vulnerability Assessment
  • Penetration Testing
  • Digital Forensics
  • Social Engineering
  • Compliance Programs

SUPPORT

  • Submit a Ticket
  • Report an Incident
  • Vulnerability Disclosure Policy
  • Contact us

EDUCATION

  • Courses – Login
  • Premium Articles – Login
  • Patreon – Hacking Episodes
  • Offensive Security Courses
  • Security Awareness
  • Courses – Login
  • Premium Articles – Login
  • Patreon – Hacking Episodes
  • Offensive Security Courses
  • Security Awareness
  • Facebook
  • X
  • Instagram
  • RSS
© Copyright 2026 • Black Hat Ethical Hacking • All rights reserved