10 matches found
CVE-2022-0968
The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12...
EUVD-2022-1321
Malicious code in bioql PyPI...
The microweber application allows large characters to insert in the input field "Email" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request
POC: 1. Go to home page http://127.0.0.1/ and there will a option to signup with email and phone number with 3 check box 2. Screenshot: -- https://ibb.co/F3tPVWY 3. Fill the email parameter with huge characters 4. when the admin check the notification http://127.0.0.1/admin/notification it will b...
The microweber application allows large characters to insert in the input field "Coupons" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Proof of Concept 1.Go to "Settings" click on "Coupons" and Add a new Coupons 2.Go to this drive link:- https://drive.google.com/file/d/1CcVCHWbvMk07IZ5v4dojrdJbC43ufhh/view?usp=sharing copy the payload and paste it on the "Code" input field 3.You will see the application accepts large characters...
CVE-2022-0968 The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in microweber/microweber
The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12...
CVE-2022-0961 The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber
The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12...
The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber
Proof of Concept 1. Go to http://127.0.0.1/admin/view:modules/loadmodule:users/action:profile 2. Click on edit profile 3. Fill the first name & last name field with huge characters, more than 1 lakh 4. Copy the below payload and put it in the input fields and click on continue. 5. You will see th...
The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Proof of Concept 1. Go to add post http://site.com/admin/post/create 2. click on create new post 3. There will a option called post title 4. Fill the input field with huge characters, more than 1 lakh 5. Copy the below payload and put it in the input fields and click on continue. 6. You will see...
Integer Overflow or Wraparound
Description The microweber application allows large characters to insert in the input field like "Town, ZIP, State, Address, and Additional Info field" which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. Proof of Concept 1.Buy a product and in the Shipping metho...
Static Code Injection
Description The Microweber application allows HTML tags in the "First name", "Last name" and "Phone number" which can be exploited by Injecting HTML payloads. Proof of Concept 1.While buying product we need to fill contact information form. 2.Insert your html code in code block. e.g., Hurry Up!Go...