4072 matches found
Exposure of Sensitive Information to an Unauthorized Actor in blair2004/nexopos-4x
Description Unhandled exception leads to exposure of server side and sql query information. Proof of Concept 1. Go to demo page http://v4.nexopos.com and login using demo account 2. Go to Customer - Create coupon and try to create a coupon without entering coupon code leave it empty 3. See that t...
Open Redirect in fisharebest/webtrees
Description OpenRedirect at login with parameter &url= Proof of Concept // PoC.request POST /demo-stable/index.php?route=%2Fdemo-stable%2Flogin%2Fdemo HTTP/2 Host: dev.webtrees.net Cookie: Secure-WT-ID=ekks8678620p55do7do21jd4p1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0...
in kcal-app/kcal
Description Sensitive Data can be exposed even after logouting the application due to ui wrong action Proof of Concept 1 login to the application dashboard http://demo.kcal.cooking/ 2 Goto Any pages recipes,foods 3 Click logout 4 Click browser back button Application structure exposed we can stil...
in kcal-app/kcal
Description Weak password implementation Proof of Concept step 1: login into account goto http://demo.kcal.cooking/users/kcal/edit step 2: change password kcal to 12 and save changes step 3: we can see updated message application is allowing to set weak password. poc of image in below link...
Cross-Site Request Forgery (CSRF) in galette/galette
Description Attacker is able to execute an CSRF attack when a user visits a malicious page Proof of Concept // PoC.html history.pushState'', '', '/' Impact This vulnerability is capable of allowing an attacker to submit CSRF through a crafted malicious page...
Cross-Site Request Forgery (CSRF) in attendize/attendize
Description Attacker is able to make an event live. Proof of Concept When you logged in open this POC.html in a browser. history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging user to unintentional mark an event live. Test Tested on Safari. Fix You...
Cross-site Scripting (XSS) - Stored in collectiveaccess/providence
Description stored xss via event name Proof of Concept Plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1iMDosuZYYmFyJEVxXo7KB09TghKPs-7/view?usp=sharing \ Here i uses bellow xss payload xss2"'onmouseover=prompt;// Impact Stored xss...
Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition
Description Attacker is able to change a torrents featured state to un-featured if a logged in user visits attacker website. Proof of Concept When you logged in open this POC.html in a browser. You can check the torrents state changed to un-featured. history.pushState'', '', '/'...
Inefficient Regular Expression Complexity in trentm/python-markdown2
Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in markdown2. The ReDoS vulnerability is mainly due to the sub-pattern with quantified overlapping adjacency and can be exploited with the following code. Proof of Concept // PoC.py import markdown2 from...
Inefficient Regular Expression Complexity in cronvel/terminal-kit
Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in terminal-kit. It allows cause a denial of service when calling function markupWidth. The ReDoS vulnerability is mainly due to the regex /^^|^./g and can be exploited with the following code. Proof...
Cross-site Scripting (XSS) - Stored in unclebob/fitnesse
Description Stored XSS in FileName allows for arbitrary execution of JavaScript Proof of Concept // PoC Request POST /files/ HTTP/1.1 Host: localhost:8081 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...
Cross-site Scripting (XSS) - Stored in causefx/organizr
Description When creating a new Tab, the name of the tab can store JavaScript. This also happens, when editing the name of an existing Tab. - I tested it with docker image for Organizr hash 7fb764ccd226. organizr/organizr latest 7fb764ccd226 4 weeks ago 73.3MB - Branch is v2-master. Proof of...
Cross-site Scripting (XSS) - Reflected in zikula/core
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept // PoC.js POST /categories/admin/category/contextMenu HTTP/2 Host: demo.ziku.la Cookie: zsid=a9b37grip4in2kp0j6kaugdvrh...
Stack-based Buffer Overflow in gwsw/less
Description The less utility is a pager used by many applications and setups. One such setup is access to log files. If permissions are not sufficient for regular users, less can be called with sudo. LESSSECURE=1 can be set to disable many dangerous operations which a regular user should not be...
Cross-site Scripting (XSS) - Stored in dmpop/mejiro
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in tildeclub/site
✍️ Description The file signup-handler.php creates a user by accepting input from request parameters username, email, interest, sshkey. The affected parameter is sshkey. It does not sanitizes special characters and only checks if the first 4 character of the input is ssh- which allows the signup...
Cross-Site Request Forgery (CSRF) in justingit/dada-mail
✍️ Description Attacker able to Add any number of subscriber with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only...
Cross-Site Request Forgery (CSRF) in glpi-project/glpi
✍️ Description Hello dear glpi team I found one more CSRF vulnerability. 🕵️♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here pdf plugin will be installed after clicking on submit...
Cross-site Scripting (XSS) - Reflected in vfleaking/uoj
✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...
Cross-site Scripting (XSS) - Reflected in th3-822/rapidleech
✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...
Cross-site Scripting (XSS) - Reflected in cujanovic/ssrf-testing
✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...
Cross-site Scripting (XSS) - Stored in leantime/leantime
✍️ Description A malicious actor is able to add "new Retrospective" with a malicious payload, and upon opening the research menu, the XSS payload is being executed. 🕵️♂️ Proof of Concept - 1; Log in with a proper roled user - 2; Add a new board to the system at Retrospective menu on the left - 3;...
in apolloconfig/apollo
✍️ Description The Application does not have control set in password complexity. It is possible to add a user with a single character password in the application. 🕵️♂️ Proof of Concept Adding the user. POST /users HTTP/1.1 Host: xxx.xxx.xxx.xxx Content-Length: 63 Accept: application/json,...
Sensitive Cookie Without 'HttpOnly' Flag in flatpressblog/flatpress
✍️ Description HTTPOnly attribute is not set for session cookies in the application. 🕵️♂️ Proof of Concept 💥 Impact When a cookie doesn’t have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS could lead to cookies being stolen. These include session cookies that can...
Forced Browsing in slackero/phpwcms
✍️ Description Image cache can be flushed by any authenticated, low privileged user. 🕵️♂️ Proof of Concept - Register a low privileged user without any administrator access. - Log in with the low privileged user - Open the following URL:...
Cross-site Scripting (XSS) - Generic in forkcms/library
✍️ Description Please enter a description of the vulnerability. XSS is possible when the option allowHTML was set to true for text inputs and textfields 🕵️♂️ Proof of Concept http://demo.fork-cms.com/en/search?form=search&qwidget=%22%3E%3Csvg/onload=alertdocument.domain%3E 💥 Impact XSS attacks can...
Cross-site Scripting (XSS) - Stored in zmister2016/mrdoc
✍️ Description Stored xss bug allow to execute arbitary javascript code in vicitm account 🕵️♂️ Proof of Concept 1. First create a document and put bellow xss payload inside document content .\ xss"''\ 2. Now any user view this document project then xss is executed VIDEO POC --...
in opensourcepos/opensourcepos
✍️ Description The giftcards/view/ POST request can be hijacked so that the information will be sent to another page, by modifying the login page URL. 🕵️♂️ Proof of Concept Change the login page URL to https://mydomain.com/giftcards/view/anotherpagehere Then the form action in the webpage will be...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in froxlor/froxlor
✍️ Description The secure flag is not set for PHPSESSID session cookie in the application. 🕵️♂️ Proof of Concept 💥 Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from...
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
✍️ Description Attacker able to disable any module with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
✍️ Description Stored xss via rolename 🕵️♂️ Proof of Concept 1. First goto https://demo.livehelperchat.com/siteadmin/permission/roles and create a role with xss payload xss"'' and save it .\ 2. now try to edit this role using url like...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
✍️ Description Stored Xss on smtp/Sender address 🕵️♂️ Proof of Concept Step To Reproduce: 1. Go to system/smtp 2. add the payload: " on "Sender address" or "Default from e-mail address" or "Default from name" all the 3 params are vulnerable to xss 3. save it and you can see that the xss fires poc...
Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2
✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...
Cross-site Scripting (XSS) - Stored in leantime/leantime
✍️ Description Stored xss bug using a xss payload in the Ideas area when adding a comment in the discussion area 🕵️♂️ Proof of Concept Goto http://localhost/ideas/showBoards and click on add an idea and copy paste the following xss payload in the discussion field javascript " Click on safe and see...
in ampache/ampache
Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills. This tricks...
in erudika/scoold
✍️ Description Bypass rate limit and sent unlimited email to any email address. 💥 Impact Attacker can sent unlimited email to any mail address . Many email service provider has limited email sending like 10000 email per month . If you exeed that limit then you will be extra charged . So, using thi...
Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager
✍️ Description Attacker able to disable any Personal Data module if users visit attacker site. 🕵️♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that Personal data module with id value equal to 1 have been disabled. // PoC.html history.pushState'', '', '/'...
Open Redirect in erudika/scoold
✍️ Description There is an open redirect vulnerability in the following URL: https://live.scoold.com/signin?returnto=https://google.com 🕵️♂️ Proof of Concept Step to reproduce 1. open above URL 2. login in the applicaiton 3. you redirect to google.com 💥 Impact That causes a redirection to an...
Session Fixation in projectsend/projectsend
✍️ Description Project Send contains a Session Fixation Vulnerability. This vulnerability is one that can allow an attacker to fixate find or set another person’s session identifier. This most commonly happens when session tokens are now refreshed or renewed when they should be. It looks like the...
Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in changeweb/unifiedtransform
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Business Logic Errors in pimcore/pimcore
✍️ Description Pimcore is vulnerable to Business Logic error through negative products amount. 🕵️♂️ Proof of Concept HTML content: HTML 1. Save the above content into an HTML file. 2. Open the HTML file on the browser and click on Submit button. 3. Check out the total price. PoC video. 💥 Impact It...
Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy
✍️ Description CSRF bug to watch a game 🕵️♂️ Proof of Concept no csrf token checking during watch game.\ Bellow request is vulnerable to csrf attack POST /redirect.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101 Firefox/88.0 Accept:...
Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy
✍️ Description CSRF bug when disabling notice 🕵️♂️ Proof of Concept no csrf token checking during enable/desable notice .\ Bellow request is vulnerable to csrf attack POST /index.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101...
Code Injection in causefx/organizr
✍️ Description The "version": "v6.4.1", is vulnerable to code injection, Affected versions of this package are vulnerable to Arbitrary Code Execution. If the $langpath parameter is passed unfiltered from user input, it can be set to a UNC path, and if an attacker is also able to persuade the serve...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
✍️ Description In Bank section the POS part, you don't protect resources from delete with CSRF attacks and then I able to delete/close arbitrary POS cash desk control entities only with knowing their ids. 🕵️♂️ Proof of Concept // PoC.html history.pushState'', '', '/' 💥 Impact This vulnerability is...
Cross-Site Request Forgery (CSRF) in spiral-project/ihatemoney
✍️ Description CSRF bug to delete project 🕵️♂️ Proof of Concept 1. goto https://ihatemoney.org/ and create a new project and project-name is XXXX .\ Now bellow request is vulnerable to csrf attack which will delete the whole project \ https://ihatemoney.org/xxxx/delete 💥 Impact Attacker can...
Use of a Broken or Risky Cryptographic Algorithm in boxbilling/boxbilling
✍️ Description The function mtrand is used to generate ticket hashes at the reference shown, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to disclose critical...
Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot
✍️ Description XSS via file upload in profile settings 🕵️♂️ Proof of Concept open chatwoot ,login to your profile , go to profile settings upload SVG file with XSS payload and update profile open the avatar in new page, XSS will be triggered 💥 Impact custom javascript code is executed...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
✍️ Description I found a stored XSS in your project which is lead by adding Application/Leases notes. 🕵️♂️ Proof of Concept Steps to reproduce: 1. Create a Application/Leases. 2. Enter " in the notes. 3. Save and you will see XSS. 💥 Impact This vulnerability is capable of stored XSS...