18 matches found
Unikrn: An IDOR that can lead to enumeration of a user and disclosure of email and phone number within cashier
Vulnerability description not provided...
Unikrn: Lack of Input sanitization leads to database Character encoding configuration Disclosure
Summary: Email Input field during Register is not properly sanitized leads to sql error Steps To Reproduce: During Register use 'π©' character in email field Impact Information Exposure Through an Error Message βββββββ...
Unikrn: Staging Rabbitmq instance is exposed to the internet with default credentials
Description: RabbitMQ is an open-source message-broker software sometimes called message-oriented middleware that originally implemented the Advanced Message Queuing Protocol AMQP and has since been extended with a plug-in architecture to support Streaming Text Oriented Messaging Protocol STOMP,...
Unikrn: Rate Limit workaround in the message of the phone number verification
There was a to more or less trivial workaround to the SMS resend rate limit. Thx @drakm !...
Unikrn: multiple vulnerabilities on your mautic server
Hi @unikrn! I found some vulnerabilities in you crm server: 1. By pass Cloudflare access: You Use Cloudflare Access on https://crm.unikrn.com . BUt this link bypassed Cloudflare Access: ββββββββ/login This vulnerability generates the disclosure of important data: PHP info page: ββββββββββphpinfo ...
Unikrn: Full Path Disclosure
HI security team! we can see path on your resource. https://crm.unikrn.com/app/bundles/CampaignBundle/EventListener/LeadSubscriber.php You must create a ban on viewing the script from the outside using .htaccess Impact Full Path Disclosure https://www.owasp.org/index.php/FullPathDisclosure...
Unikrn: Path Disclosure Vulnerability http://crm.******.com
Hello, there is a path discovery on the server. https://crm.unikrn.com/plugins/MauticZapierBundle/MauticZapierBundle.php https://crm.unikrn.com/plugins/MauticCloudStorageBundle/MauticCloudStorageBundle.php and other scripts at https://crm.unikrn.com/plugins//.php . As an option to eliminate the...
Unikrn: βββββββββ on CRM server without authorization
The https://crm.unikrn.com/βββββββ file is available on the server https://crm.unikrn.com without authorization. Anyone can run this script. How to classify this vulnerability - leave the right for you. Impact Anyone can run this script...
Unikrn: [unikrn.com] Profile updated with error":true,"success":false"
Greetings, We noticed that even if the https://unikrn.com/apiv2/user/updateprofile gave an answer that the code is on error , the post is proceeded : PoC : -- curl 'https://unikrn.com/apiv2/user/updateprofile' -XPOST -H 'Referer: https://unikrn.com/profile' -H 'Content-Type: application/json' -H...
Unikrn: [crm.unikrn.com] Open Redirect
Hi there is an open redirect vulnerable in crm.unikrn.com POC curl http://crm.unikrn.com//example.com/ -L -v Response GET //example.com/ HTTP/1.1 Host: crm.unikrn.com User-Agent: curl/7.54.0 Accept: / HTTP/1.1 301 Moved Permanently Date: Thu, 14 Dec 2017 09:06:13 GMT Content-Type: text/html;...
Unikrn: CSRF log victim into the attacker account
All the API endpoints v1 & v2 reflect sessionid to Set-Cookie response - which can lead victim to login attacker account, for example: Request: ====== POST /apiv1/ HTTP/1.1 Host: unikrn.com User-Agent: Mozilla/5.0 Windows NT 6.1; Win64; x64; rv:57.0 Gecko/20100101 Firefox/57.0 Accept:...
Unikrn: session_id is not being validated at email invitation endpoint
sessionid is not being validated at email invitation endpoint request sample: POST /apiv1/inviteemail HTTP/1.1 Host: unikrn.com User-Agent: Mozilla/5.0 Windows NT 6.1; Win64; x64; rv:57.0 Gecko/20100101 Firefox/57.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5...
Unikrn: Weak Session ID Implementation - No Session change on Password change
Summary: Weak session id implementation Description: Unikrn does not change session id after password is changed. Reusing same session ids, after password is changed is highly risky. Example scenario: Hacker has successfully brute forced the password of a victim and has access to the account. The...
Unikrn: CSRF in Raffles Ticket Purchasing
Description: ======== An API endpoint get executed with no CSRF prevention, the endpoint did not verify sessionid required in the post form. An attacker can crafted malicious form Poc, which is executed by authenticated user action leading to huge balance lost. Poc: === Recommendations:...
Unikrn: ssh: unprivileged users may hijack due to backdated ssh version open port found(βββ.unikrn.com)
Summary: Vulnerabilities in OpenSSH Session Hijacking Vulnerability is a Medium risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to bein...
Unikrn: Non-Cloudflare IPs allowed to access origin servers
Summary: Non-Cloudflare IPs allowed to access origin servers Description: Your origin servers are not blocking access from non-Cloudflare servers. This way crawlers can find your origin servers' IPs by checking random IPs until they found your origin servers. What makes this especially easy are...
Unikrn: Escaping images directory in S3 bucket when saving new avatar, using Path Traversal in filename
Thanks again @sp1d3rs, also for the summary. Nothing to add from our side except maybe for the wish for more reports having this quality. Final comment: nothing from that bucket was ever exposed to any user except the uploader, also nothing in the bucket is there for real archiving purposes. I wa...
Unikrn: Flash CSRF: Update Ad Frequency %: [cp-ng.pinion.gg]
Description: ----------- Attacker can update the user's Ad Frequency % using flash + 307 redirect trick by making post request to particular endpoint. Step To Reproduce: ----------- + Get logged at: https://cp-ng.pinion.gg + Visit: http://geekboy.ninja/poc/freq.swf + Ad Frequency should be update...