Lucene search
K

86 matches found

Huntr
Huntr
β€’added 2022/02/23 10:15 p.m.β€’9 views

Improper Input Validation

Description If hostname is not entered as in the following PoC, Open Redirect and SSRF occur because hostname is empty. Proof of Concept javascript // PoC : http:@127.0.0.1 const parseUrl = require"parse-url" const http = require"http" url = parseUrl"http:@127.0.0.1" console.logurl...

0.1AI score
Exploits0
Huntr
Huntr
β€’added 2022/02/11 10:0 a.m.β€’61 views

Exposure of Sensitive Information to an Unauthorized Actor in ionicabizau/parse-url

Description First Assume this example var parseUrl = require"parse-url" parseUrl"http://[email protected]:[email protected]/path/name?foo=bar&bar=42some-hash" that return : protocols: "http" protocol: "http" port: null resource: "[email protected]" user: "" pathname:...

5CVSS5.8AI score0.01104EPSS
Exploits1
Huntr
Huntr
β€’added 2022/01/10 8:37 p.m.β€’13 views

in ionicabizau/parse-url

Description urldomain validation bypass Proof of Concept parse-url not able verify urldomain properly when basic authentication is given .This allow to bypass hostname validation . Lets username is admin and password is password123@ and hostname is 127.0.0.1 . so the url will be...

7.5AI score
Exploits0
Huntr
Huntr
β€’added 2021/07/10 2:13 p.m.β€’18 views

Open Redirect in ionicabizau/parse-url

✍️ Description parse-url improperly handles the user input such as https:/\ and interprets it as a relative path. Backslashes after the protocol are accepted by browsers and treated as normal slashes, but parse-url reads them as the relative path, which could lead to SSRF, open redirects, or other...

6.1AI score0.02483EPSS
Exploits2
Huntr
Huntr
β€’added 2021/07/08 8:10 a.m.β€’21 views

Open Redirect in ionicabizau/parse-url

✍️ Description parse-url mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while parse-url sees it as a relative path. Which will lead to SSRF attacks, open redirects, or...

0.6AI score0.02483EPSS
Exploits2
OSV
OSV
β€’added 2017/07/10 12:0 a.m.β€’3 views

UBUNTU-CVE-2016-10397

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and evil.example.com:[email protected]/ inputs to the parseurl...

7.5CVSS7.1AI score0.01908EPSS
Exploits0References7
Rows per page
Query Builder