4072 matches found
Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition
Description CSRF to FlushOwnGhostPeers Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking users to perform unintended actions...
SQL Injection in cacti/cacti
Description SQL Injection vulnerability occurs because the input taken from parameters is not sanitized for SQL Injection statement in useradmin.php useradmin.php:84 updatepolicies function contains sql injection vulnerability getnfilterrequestvar function takes get/post parameter without...
Cross-site Scripting (XSS) - Stored in eventum/eventum
Description Multiple Stored XSS in Administration at eventum 3.10.8 Proof of Concept // PoC.payload " Step to Reproduct Goto Administration Areas and choose to feature below Manage News Input payload into fieldTitle Manage Status Input payload into fieldTitle Manage Projects Input payload into...
Cross-Site Request Forgery (CSRF) in code16/sharp
Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET. To expand: One way GET could be abused...
Heap-based Buffer Overflow in zyantific/zydis
As discussed in the report at https://www.huntr.dev/bounties/96b0a482-7041-45b1-9327-c6a4a8f32d3a/, I am re-opening the report here for proper tracking. Description Hello, we hope you're doing well during these challenging times. Whilst testing zydis built from commit 077b185 with Clang12 + ASan ...
Cross-site Scripting (XSS) - Stored in openpetra/openpetra
Description Multiple Stored XSS at openpetra 2020.10 Proof of Concept // PoC.req POST /api/serverMSponsorship.asmx/TSponsorshipWebConnectorMaintainChild HTTP/1.1 Host: demo.openpetra.org Cookie: ASP.NETSessionId=AEC44A33068E58B5DE583F3E; OpenPetraSessionID=b987029b-104f-45f1-aa29-339a49d0d55a...
Cross-site Scripting (XSS) - Stored in getgrav/grav-plugin-admin
Description In Grav, you can preview the file you uploaded by hovering your mouse to the file and clicking the info icon. The normal preview should be like this: However, I noticed that it is possible to perform XSS on the filename due to the following HTML Code: We can upload a file with a...
Session Fixation in kasuganosoras/pigeon
βοΈ Description Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application. When authenticating a user, it doesn't assign a new sessio...
in pimcore/pimcore
Description I found unrestricted file upload, to force an image parser to allocate a large volume of memory based on the image headers large file in profile picture, 4250x64250 pixels whole image into memory, it tries to allocate 4128062500 pixels into memory, flooding the memory and causing DoS...
SQL Injection in forkcms/forkcms
Description When calling the url for deleting one or more tags, the parameter id is vulnerable for SQL injection. Proof of Concept Call an URL like this one as an authenticated user. http://forkcms.site/private/de/tags/massaction?token=n93e05rj0l&id=3;insert into usersemail,password,isgod values...
Business Logic Errors in simplcommerce/simplcommerce
Description SimplCommerce allows negative product allowing one to get products for free The fix here https://github.com/simplcommerce/SimplCommerce/issues/971 does not work because client-side controls can by bypassed by modifying the POST request Proof of Concept 1: Add one $75 and $25 item in...
SQL Injection in yeswiki/yeswiki
Description A boolean-based SQL Injection vulnerability has been found in the email parameter of the registration form. When a new user registers, the application first checks if the email exists through the emailExistsInDB function located in line 999 of the User.class.php. As you can see, it do...
Cross-site Scripting (XSS) - Stored in msaari/relevanssi
Description Good afternoon. Beginning on 12 October 2021, our XSS catcher started receiving callbacks from a group of sites that are using the Relevanssi plugin for Wordpress. It appears to us that the software is not properly filtering Unsuccessful searches before displaying the information to t...
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
Description More CSRF endpoints in delete webhooks Proof of Concept /index.php?route=/panel/core/hooks/&action=delete&id=2 Impact This vulnerability is capable of tricking admin users to deleting webhooks...
in robotichead/nearbeach
Description Sensitive data on the application can be exposed after the user logout Proof of Concept 1 Login to the application https://demo.nearbeach.app/ 2 Goto page like My Account , or Any other page 3 Click logout 4 Click browser back button Impact When a user logs out without closing the...
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in mineweb/minewebcms
Description Hello, In the password reset it is possible to perform a Host Header Injection, so the victim will receive an email pointing to a third party site. By clicking, the attacker will be able to retrieve the victim's account reset token and use it to access his account. From Portswigger :...
in flatcore/flatcore-cms
Description The Cookie before & after user login doesn't change. Proof of Concept // PoC 1 Load new website in a new browser 2 Get cookie before login 3 Login to website 4 Get cookie after login Compare those 2 values Impact Through other attack methods such as XSS, the attacker can store the...
Heap-based Buffer Overflow in hoene/libmysofa
Description system : ubuntu 20.04 build command cd libmysofa mkdir build cd build CC=clang CXX=clang++ CFLAGS="-fsanitize=address -g" CXXFLAGS="-fsanitize=address -g" cmake ../ make all repro ./mysofa2json -c ./libmyfofamysofacheck Proof of Concept...
Cross-site Scripting (XSS) - Reflected in dmpop/mejiro
Description From OWASP : : Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script...
in fisharebest/webtrees
Description In fix commit https://github.com/fisharebest/webtrees/commit/fc904122e0c1b55f274bc4c8cd883c266176e34e, the fix was to set CSP to script-src in HTML files to none. Webtrees by default has X-Frame-Options headers to prevent clickjacking, but since X-Frame-Options: SAMEORIGIN, it is...
Cross-site Scripting (XSS) - Reflected in jspark311/buriedunderthenoisefloor
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userβs browser has no way to know that the script should not be trusted, and will execut...
in thedevdojo/wave
Description: There is no rate limit sent unlimited email victim or any email address. Proof of Concept: There is no rate limit return-password , attacker to send unlimited email to victim or any email address. Impact: Attacker can sent unlimited email to any mail address . Solution: Add 'throttle...
Cross-Site Request Forgery (CSRF) in i-love-flamingo/flamingo-commerce
Description CSRF in cart related endpoints. This include: - Adding items to cart - Clean cart - Delete item from cart - Update cart This happens because the system use GET request for these actions and thus allows CSRF attacks. Proof of Concept 1. Access this link in a browser...
Session Fixation in pheditor/pheditor
Description Session Fixation vulnerability found in pheditor in which it doesn't expire the sessions after password update. Proof of Concept // PoC 1. Open normal tab and one private tab 2. Open the pheditor on both of them and log in as a user 3. From private tab change the user password and log...
in yeswiki/yeswiki
Description Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker to inject javascript code via SVG...
Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos
Description Attacker able to delete supplier with CSRF attack Proof of Concept //PoC.html history.pushState'', '', '/'...
Cross-site Scripting (XSS) - Reflected in part-db/part-db
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userβs browser has no way to know that the script should not be trusted, and will execut...
Cross-site Scripting (XSS) - Stored in admidio/admidio
Description Stored XSS in parameter 'msgbody' at 'Write e-mail' allows for the arbitrary execution of JavaScript Proof of Concept // PoC.req POST /demo/admprogram/modules/messages/messagessend.php HTTP/2 Host: www.admidio.org Cookie:...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in netdisco/netdisco
Description Session cookie dancer.session is not marked with 'Secure' Proof of Concept 1. Go to demo page https://netdisco2-demo.herokuapp.com, the page will automatically logs in as guest 2. Open Firefox developer and see that the cookie dancer.session is not marked with 'Secure'...
in gotify/server
Description On OS level, the authorization token of the user is being logged, with the default docker installation. Proof of Concept 1; Install the docker version of the software 2; Log in with any user 3; Observe the logs, and the following row is being displayed: GIN 2021/09/26 - 19:34:52 | 200...
Cross-Site Request Forgery (CSRF) in janeczku/calibre-web
Description csrf bug to chnage shelf from private to public Proof of Concept Bellow request is vulnerable to csrf attack document.getElementById"test".click; Impact csrf bug to change anyone shelf status from private to public...
Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition
Description CSRF in deleting comments Proof of Concept 1. Logging in using admin/staff account 2. Go to torrent https://unit3d.site/torrents/19comments 3. Access the link https://unit3d.site/comments/delete/5 4 .See that the comment is deleted Impact This vulnerability is capable of deleting...
Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition
Description Attacker is able to disable the form Proof of Concept When you logged in open this POC.html in a browser. You can put the website into maintenance mode. history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of disabling the website...
Inefficient Regular Expression Complexity in pyload/pyload
βοΈ Description The pyload package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted HTML comments as input to the comments function of utils/web/purge.py may cause an application to consume an excessive amount of CPU. Below pinned line using...
Cross-site Scripting (XSS) - Stored in zikula-modules/content
Description Stored XSS in Content allows for the arbitrary execution of JavaScript Proof of Concept POST /content/admin/page/edit HTTP/2 Host: demo.ziku.la Cookie: zsid=3u8efffphk5430gdmlevluk6fa User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...
Inefficient Regular Expression Complexity in mochajs/mocha
Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in mocha. It allows cause a denial of service when stripping crafted invalid function definition from strs. The ReDoS vulnerability is mainly due to the regex...
Inefficient Regular Expression Complexity in isaacs/minimatch
Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in minimatch. It allows cause a denial of service when calling function braceExpand. The ReDoS vulnerability is mainly due to the regex /./ and can be exploited with the following code. Proof of Concept...
Code Injection in zoujingli/thinkadmin
Description remote code execution Proof of Concept Bellow request is vulnerable to arbitary system command injection .\ During file upload it does not properly check file upload which allow to upload php file and this php file will execute system command POST /admin/api.upload/file.html HTTP/2...
Cross-Site Request Forgery (CSRF) in pheditor/pheditor
Description Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which theyβre currently authenticated. With a little help of social engineering such as sending a link via email or chat, an attacker may trick the users of a web...
Open Redirect in sbrl/pepperminty-wiki
Description Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain...
Cross-Site Request Forgery (CSRF) in e107inc/e107
βοΈ Description Attacker or malicious user is able to delete all caches if a logged in user visits attacker website. because lack of CSRF token. π΅οΈββοΈ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally all caches are cleared //POC.html...
Cross-Site Request Forgery (CSRF) in justingit/dada-mail
βοΈ Description Attacker able to Add any Draft with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only with visiting a...
Inefficient Regular Expression Complexity in clean-css/clean-css
βοΈ Description It allows cause a denial of service when calling function isDataUriResource. π΅οΈββοΈ Proof of Concept // PoC.js var isDataUriResource = require"clean-css/lib/utils/is-data-uri-resource" forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = 'data:' +...
Open Redirect in alanaktion/phproject
βοΈ Description open-redirect π΅οΈββοΈ Proof of Concept Bellow url is vulnerable to open redirect after login .\ it will redirect user to any arbitary site . http://localhost/phproject/login?to=http://example.com π₯ Impact Open redirect to any site...
Path Traversal in lampnick/doctron
βοΈ Description doctron is a golang tool that helps conversion of HTML to PDF or image. The input doesn't validate if it's a valid web URL. Trying to access local files using file:/// work. This allows getting a screenshot/PDF of the sensitive files on the system. π΅οΈββοΈ Proof of Concept A demo...
Improper Authorization in imran300/inventory
βοΈ Description A General manager user can edit/add other group PERMISSIONS LIST with IDOR. π΅οΈββοΈ Proof of Concept go to this url when logging in as a General manager. http://localhost:8000/inventory/index.php/generals/addgroup and then you can see that Permissions can be bypassed. π₯ Impact This...
Cross-site Scripting (XSS) - DOM in forkcms/forkcms
βοΈ Description The underlying library needs to get the charset in lowercase but fork is passing it in uppercase causing some of the XSS protections to fail π΅οΈββοΈ Proof of Concept Go to...
Cross-site Scripting (XSS) - Stored in zikula-modules/content
βοΈ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites π΅οΈββοΈ Proof of Concept // PoC.js 1- Go to -- https://demo.ziku.la/content/page/edit/PAGEID?slug=pages/content-introduction-page 2- inject this...
Cross-site Scripting (XSS) - Stored in zmister2016/mrdoc
βοΈ Description online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. like gitbook this package is vulnerable for XSS π΅οΈββοΈ Proof of Concept π₯ Impact This vulnerability is capable of...
Cross-site Scripting (XSS) - Stored in zmister2016/mrdoc
βοΈ Description online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. like gitbook this package is vulnerable for XSS π΅οΈββοΈ Proof of Concept π₯ Impact This vulnerability is capable of XSS...