4072 matches found
Cross-Site Request Forgery (CSRF) in gunet/openeclass
Description Missing CSRF Token at all form POST action in on Application Proof of Concept // CSRF PoC history.pushState'', '', '/' Impact With CSRF attack, the attacker can perform operations to add, edit, and delete data on the application through the victim...
Open Redirect in blogifierdotnet/blogifier
Description Open redirect at login page due to unchecked "returnUrl" param Proof of Concept 1. Go to demo page link http://demo.blogifier.net/admin/login/?returnUrl=https://google.com 2. Login using demo account and see that you are redirected to google.com Impact This vulnerability is capable of...
in collectiveaccess/providence
Description Sensitive Data can be exposed even after logouting the application due to ui wrong action Proof of Concept 1 login to the application dashboard https://demo.collectiveaccess.org 2 Goto Any pages dashboard,administrations etc 3 Click logout 4 Click browser back button Impact Any other...
Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition
Description Attacker is able to change a torrents featured state to if a logged in user visits attacker website. Proof of Concept 1. When you logged in open this POC.html in a browser. 2. You can check the torrents state changed to featured. history.pushState'', '', '/' document.forms0.submit;...
Path Traversal in dmpop/mejiro
Description A path traversal attack also known as directory traversal aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be...
in dmpop/mejiro
Description Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish this...
Cross-Site Request Forgery (CSRF) in e107inc/e107
✍️ Description Attacker or malicious user is able to change search setting “specific for one area such comments" if a logged in user visits attacker website. because lack of CSRF token 🕵️♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally some...
Code Injection in jerrod-lankford/google-voice-desktop-app
✍️ Description Attackers can execute malicious code on users computers using Google Voice Desktop App provided that users click on a malicious hyperlink in the app itself 🕵️♂️ Proof of Concept 1. Host the following index.html on a web server require'childprocess'.exec'calc'; 2. Users who click on...
Inefficient Regular Expression Complexity in cdr/code-server
✍️ Description The code-server package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted input to the ansiRegex functionality may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. The ReDOS i...
Cross-site Scripting (XSS) - Stored in alanaktion/phproject
✍️ Description stored xss via svg file upload 🕵️♂️ Proof of Concept Here i uses demo site https://demo.phproject.org .\ 1. First goto any project and upload a svg file https://github.com/ranjit-git/poc/blob/master/evilsvgfile.svg .\ 2. Now open this svg file using url like...
Cross-site Scripting (XSS) - Reflected in hestiacp/hestiacp
✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...
Cross-site Scripting (XSS) - Reflected in btcpayserver/btcpayserver
✍️ Description XSS payload is triggered during editing and saving text included near the payment button. 🕵️♂️ Proof of Concept " In the app, settings try editing already included product. drop the payload in the Buy Button Text and save it hence the payload will be triggered. 💥 Impact Execution of...
Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts
✍️ Description Attacker able to delete any number of Warehouse Products with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...
Path Traversal in alanaktion/mchostpanel
✍️ Description A Path Traversal vulnerability was identified in Minecraft server control panel which allows an attacker to access arbitrary user resources. 🕵️♂️ Proof of Concept console POST /ajax.php HTTP/1.1 Host: localhost:8080 User-Agent: curl/7.47.0 Accept: / Content-Length: 45 Content-Type:...
Cross-site Scripting (XSS) - Stored in namelessmc/nameless
✍️ Description Stored XSS in google analytics. 🕵️♂️ Proof of Concept 1. goto 'http://localhost/Nameless/index.php?route=/panel/core/seo/' logged in as admin. 2. enter "G-XXXXXXXX'; javascript:alert1; alert1; instead will cause any admin who visits the SEO page to have the java script activated on...
Cross-Site Request Forgery (CSRF) in qkqpttgf/onemanager-php
✍️ Description Attacker able to delete any disk with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
Cross-site Scripting (XSS) - Stored in pimcore/pimcore
✍️ Description pimcore is a Open Source Data & Experience Management Platform PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce this package is vulnerable for Stored XSS custom meta data 🕵️♂️ Proof of Concept 💥 Impact This vulnerability is capable of Stored XSS...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
✍️ Description Stored xss via generalsettings 🕵️♂️ Proof of Concept 1. gotohttps://demo.livehelperchat.com/siteadmin/chatbox/configuration and update a General settings with xss payload xss"'' and save it . 2. now try to edit this Chatbox settings using url like...
in zoujingli/thinkadmin
✍️ Description The application implements a cross-origin resource sharing CORS policy for requests that allows access from any domain. 🕵️♂️ Proof of Concept Request GET /data/shop.goods/index.html HTTP/2 Host: testdomain11.com Cookie: lang=zh-cn; PHPSESSID=45780759c5ea6ae0be9cfc95fde04bc9...
Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts
✍️ Description Attacker able to delete any number of Accounting Subaccounts with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...
Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin
✍️ Description The Add Key functionality in the Application is vulnerable to CSRF attack. 🕵️♂️ Proof of Concept history.pushState'', '', '/' 💥 Impact This vulnerability can let an attacker add data to the database without the knowledge/interaction of the user. 📍 Location index.phpL1 📝 References...
Cross-Site Request Forgery (CSRF) in admidio/admidio
✍️ Description Attacker able to delete any photo of a user with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
Cross-Site Request Forgery (CSRF) in leantime/leantime
✍️ Description CSRF on deleting a user. There is no token or anti csrf implemented. 🕵️♂️ Proof of Concept Create a .html file poc.html for example and copy paste the following code in it. Change localhost to ur domain or ip address. javascript CSRF PoC send this file to a admin when he opens the...
Cross-Site Request Forgery (CSRF) in aces/loris
✍️ Description Attacker able to delete any user with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
Cross-Site Request Forgery (CSRF) in aces/loris
✍️ Description Attacker able to create admin user with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks...
Cross-site Scripting (XSS) - Stored in ampache/ampache
✍️ Description This is a stored XSS in the mp3 management library. 🕵️♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Open "Artists" 1 under "Search" menu and then on the cover icon: 💥 Impact By uploading an mp3 with javascript code into...
Cross-site Scripting (XSS) - Stored in ampache/ampache
✍️ Description This is a stored XSS in the mp3 management library. 🕵️♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Open "Artists" 1 under "Search" menu and then "Search" 2: 💥 Impact By uploading an mp3 with javascript code into meta tag...
Denial of Service in cortezaproject/corteza-server
You can put a very long login email text until you get the last user to put and aries or DoS. Normally emails have 64 to 225 digits. Summary There is no limit to the number of characters in the login email, which allows a DoS attack. The DoS attack affects both server-side and client-side. NOTE:...
in francoisjacquet/rosariosis
Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills. This tricks...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
✍️ Description Attacker able to delete any Invoice with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the I...
in postfixadmin/postfixadmin
✍️ Description clickjacking attack 🕵️♂️ Proof of Concept i see there is no X-Frame-Options reseponse header present which allow to load entire website in iframe . And using this clickjacking attack can be performed . 💥 Impact clickjacking attack...
Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin
✍️ Description Attacker able to add any rule with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it is...
Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager
✍️ Description Attacker able to change users password if users visit attacker site. 🕵️♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that password changed to admin0 // PoC.html history.pushState'', '', '/' document.forms0.submit; 💥 Impact This vulnerability is...
Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-site Scripting (XSS) - Reflected in dolibarr/dolibarr
Description Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off of a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious...
in emoncms/dashboard
💥 BUG account takeover via host-header injection It allow attacker to change url of account-verification link and verify any email-address . 💥 STEP TO REPRODUCE 1. First as attacker create a account with email [email protected]. You dont own that email-address .\ You cant login untill you verify that...
Cross-Site Request Forgery (CSRF) in emoncms/dashboard
💥 BUG csrf bug to change email 💥 STEP TO REPRODUCE 1. First login into your account and open the link http://localhost/emoncms/user/changeemail.json?&email=admin%40localhost.combm and your email will be changed. 💥 IMPACT Any attacker can send those link to vicitm and when vicitm open the link the...
in janeczku/calibre-web
✍️ Description The app does not expire the user's session after the logout. It is possible to continue using the session even when the user has logged out. 🕵️♂️ Proof of Concept 1. Login as a user at /login. 2. Select logout, intercepting and copying the user's cookie. 3. After this logout, send a...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
✍️ Description CSRF bug to close a project 🕵️♂️ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when closing a project ....
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
✍️ Description CSRF bug to validate inventory 🕵️♂️ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when validate inventory ....
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
✍️ Description CSRF bug to delete customer price 🕵️♂️ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when delete customer price ....
Business Logic Errors in microweber/microweber
✍️ Description microweber is vulnerable to Business Logic error through negative product price. 🕵️♂️ Proof of Concept HTML content: HTML 1. Save the above content into an HTML file. 2. Access the app localhost and add a product to the cart. 3. Open the HTML file and click on submit button to take...
Use of a Broken or Risky Cryptographic Algorithm in mautic/mautic
✍️ Description The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are...
Heap-based Buffer Overflow in squell/id3
✍️ Description Hello! We compiled id3 from commit 857ac8 with Clang-13 + ASan, and we discovered a crafted file which triggers a heap-buffer-overflow, WRITE of size 1. This and the previous bug were discovered with the help of honggfuzz. 🕵️♂️ Proof of Concept echo...
Cross-site Scripting (XSS) - Stored in munafio/chatify
✍️ Description A Laravel package helps you add a complete real-time messaging system to your new / existing application with only one command this package is vulnerable for xss 🕵️♂️ Proof of Concept 💥 Impact This vulnerability is capable of admin ac takeover...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
✍️ Description In the repo online rental property manager where i found a stored xss which gets exploited on member profile view which is lead by group name. 🕵️♂️ Proof of Concept Video POC: https://drive.google.com/file/d/1oQUZmQfFwaiRUkGYVkJoXxedeSENDbwQ/view?usp=sharing Steps to reproduce: 1...
in beestat/app
✍️ Description The random number generator implemented by mtrand cannot withstand a cryptographic attack. In this case the function that generates weak random numbers is mtrand in user.php at line 58. 🕵️♂️ Proof of Concept Vulnerable Code / Create an anonymous user so we can log in and have access...
Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager
✍️ Description The app/admin/pageDeleteGroup.php?groupID= does not have a CSRF protection. This could be used by attackers to trick the admin to delete a group from their system. 🕵️♂️ Proof of Concept /online-rental-property-manager-6.8/app/admin/pageDeleteGroup.php?groupID=6"Click Here ! When an...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
💥 BUG xss via groupname 💥 VERSION TESTED latest version as of 1/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. first goto http://localhost/online-invoice2/app/admin/pageEditGroup.php and add a new group and put bellow xss payload in group-name....
Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system
✍️ Description The app/admin/pageDeleteGroup.php?groupID= does not have a CSRF protection. This could be used by attackers to trick the admin to delete a group from their invoice system. 🕵️♂️ Proof of Concept For this attack to work, a logged in admin, should visit the POC page...