4072 matches found
SQL Injection in opensourcepos/opensourcepos
✍️ Description The Application is vulnerable to blind SQL Injection 🕵️♂️ Proof of Concept URL: https://dev.opensourcepos.org/itemkits/search?sort=1 Vulnerable Parameter: sort SQLMap POC --- Parameter: sort GET Type: boolean-based blind Title: Boolean-based blind - Parameter replace original value...
in opensourcepos/opensourcepos
✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️♂️ Proof of Concept Image: https://i.ibb.co/cbtVcb1/clickjack.png 💥 Impact According to PortSwigger references, it is...
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
✍️ Description csrf bug to lock a topic 🕵️♂️ Proof of Concept i see everywhere is csrf token checking . But in this case csrf token checking is missing .\ Bellow url is vulnerable to csrf attack to lock a topic . http://localhost/nameless/index.php?route=/forum/lock/&tid=1 💥 Impact csrf bug to...
Improper Privilege Management in circuitverse/circuitverse
✍️ Description upvote in any private comment 🕵️♂️ Proof of Concept Bellow request is vulnerable to upvote in any comment of private project POST /commontator/comments/1312/upvote HTTP/2 Host: circuitverse.org Cookie: User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:90.0 Gecko/20100101...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
✍️ Description Attacker is able to delete any file on the server if logged in user visits attacker website. 🕵️♂️ Proof of Concept Create a test.txt file under /home/user when you logged in open this POC.html in a browser you can check test.txt deletes. //PoC.html history.pushState'', '', '/'...
in livehelperchat/livehelperchat
✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...
Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts
✍️ Description Attacker able to delete any number of Agents with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSR...
Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts
✍️ Description Attacker able to delete any number of users with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
SQL Injection in slackero/phpwcms
✍️ Description Data enters a program from an untrusted source 🕵️♂️ Proof of Concept if$result = mysqliquery$db, 'SELECT FROM '. $phpwcms"dbprepend" ? $phpwcms"dbprepend".'' : ''.'phpwcmsuser' 💥 Impact A successful attack may result in the unauthorized viewing of user lists, the deletion of entire...
Cross-site Scripting (XSS) - Stored in slackero/phpwcms
✍️ Description Stored xss 🕵️♂️ Proof of Concept Plz check this 1 minute video https://drive.google.com/file/d/1ycKDrN3ot623c-iYTaJYFNCjxCXChNx1/view?usp=sharing 💥 Impact xss bug...
Cross-Site Request Forgery (CSRF) in admidio/admidio
✍️ Description Attacker able to delete any File & Doc with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
Cross-site Scripting (XSS) - Stored in leantime/leantime
✍️ Description Stored xss bug using a xss payload in the todo name when adding a todo item 🕵️♂️ Proof of Concept Goto http://localhost/tickets/showKanban and add a todo item and copy paste the following xss payload in the todo-name javascript " Click on safe and go to the My Timesheets tab and see...
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in devcode-it/openstamanager
✍️ Description A user without access to the software can inject a portion of HTML code in access logs. 🕵️♂️ Proof of Concept Simulate login with a crafter Client-IP header like this: curl -H 'Client-IP: INJECT' -d 'username=&password=&op=login' 'http://localhost//?op=login' The result is: 💥 Impact...
Cross-site Scripting (XSS) - Stored in ampache/ampache
✍️ Description This is a stored XSS in the mp3 management library. 🕵️♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Vote an album 1 and then open "Informations" - "Most rated" 2: 💥 Impact By uploading an mp3 with javascript code into meta...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
✍️ Description Attacker able to delete any contact with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the I...
Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition
✍️ Description Attacker is able to change a user profile state to public if a logged in user visits attacker website. 🕵️♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check your profile state changed form private to public history.pushState'', '', '/'...
Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin
✍️ Description Attacker able to modify any menu with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system
✍️ Description csrf bug to mass delete item price 🕵️♂️ Proof of Concept bellow request is vulnerable to csrf attack. here csrf token checking, no refferrer checking . There is nothing to prevent csrf attack . POST /online-invoicing-system/app/itempricesview.php HTTP/1.1 Host: localhost User-Agent:...
Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system
✍️ Description csrf bug to mass delete client 🕵️♂️ Proof of Concept bellow request is vulnerable to csrf attack. here csrf token checking, no refferrer checking . There is nothing to prevent csrf attack . POST /online-invoicing-system/app/clientsview.php HTTP/1.1 Host: localhost User-Agent:...
Cross-Site Request Forgery (CSRF) in alanaktion/phproject
✍️ Description Attacker able to delete any user with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
in erudika/scoold
✍️ Description Bypass rate limit and sent unlimited email to any email address. 💥 Impact Attacker can sent unlimited email to any mail address . Many email service provider has limited email sending like 10000 email per month . If you exeed that limit then you will be extra charged . So, using thi...
Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager
✍️ Description Attacker able to create any Personal Data if users visit attacker site. 🕵️♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that Personal data with Denomination aaa have been created. // PoC.html history.pushState'', '', '/' input type="hidden" name="e...
Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager
✍️ Description Attacker able to delete any Document management if users visit attacker site. 🕵️♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check Document management with idrecord value equal to 1 have been created. // PoC.html history.pushState'', '', '/'...
Cross-Site Request Forgery (CSRF) in microweber/microweber
✍️ Description Attacker able to delete any customer if knows the customer ids parameter value. 🕵️♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the customer with id 2 has been deleted. //PoC.html...
Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in ampache/ampache
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in ampache/ampache
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in ampache/ampache
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
in kestasjk/webdiplomacy
✍️ Description According to previous explanation about weak cryptographic tokens, you also send the same weak token to users that forgot their passwords. here an attacker can also do Bruteforce attacks to take control of users accounts. 🕵️♂️ Proof of Concept...
in janeczku/calibre-web
✍️ Description A user can see the name of another user's private shelf through a forbidden error. 🕵️♂️ Proof of Concept 1. As user 1, try to add a book to a user 2's shelf: GET /shelf/add/2/2 2. See the returned error: Sorry you are not allowed to add a book to the the shelf: shelf test2 This is...
Improper Access Control in janeczku/calibre-web
✍️ Description A user can edit the title of another user's shelf. 🕵️♂️ Proof of Concept The function editshelf calls directly to createeditshelf sending the queried shelf by the id from the path withouth checking if that shelf is theirs. // shelf.py @shelf.route"/shelf/edit/", methods="GET",...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
✍️ Description In Billing | payment section the Customer invoices part, you protect invoice Statuses to any kind of modification from CSRF attacks but if I set CSRF token to nothings then I able to modify arbitrary invoice Statuses only with knowing their ids. In this PoC.html I am able to Validat...
Session Fixation in alovoa/alovoa
✍️ Description When a logged in user changes his password, the session does not expire after the update. 🕵️♂️ Proof of Concept // PasswordController.java does not expire or force to logout the user after the update. @PostMappingvalue = "/change", consumes = "application/json" public void...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
✍️ Description Attacker can delete any Third Parties for any user with CSRF vulnerability when the Admin or SuperAdmin or an authorized user click on PoC.html file, it is enough to attacker know the Third Parties id on server. I convert the GET...
Cross-site Scripting (XSS) - Generic in emoncms/emoncms
✍️ Description Line 94 of theme.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in theme.php at line 94. 🕵️♂️ Proof of Concept $q = ""; if isset$GET'q' $q = $GET'q'; //get in line 16 //print in line...
Cross-site Scripting (XSS) - Stored in chevereto/chevereto-free
✍️ Description Stored xss via image upload TESTED VESRION latest github code as of 16/7/21 🕵️♂️ Proof of Concept 1. First download https://github.com/ranjit-git/poc/blob/master/xss%22'%3E%3Cimg%20src%3Dx%20onerror%3Dalert123%3E.jpeg image file in linux . Dont change the file name . This type file...
in ampache/ampache
✍️ Description According to PHP official documents 1 we have for mtrand function an security issue that says "This function does not generate cryptographically secure values, and should not be used for cryptographic purposes" and as we see in permalinks you use the mtrand function for generate...
Heap-based Buffer Overflow in squell/id3
✍️ Description Hello! We compiled id3 from commit 857ac8 with Clang-13 + ASan, and we discovered a crafted file which triggers a negative-size-param and a heap-buffer-overflow with a READ of size 40987248. But for the purposes of this report, we are going to look at the heap-buffer-overflow, as it...
Cross-Site Request Forgery (CSRF) in spiral-project/ihatemoney
✍️ Description The //delete/ end point lacks CSRF protection. This could be exploited by attackers to make the admin delete records from database. 🕵️♂️ Proof of Concept For the attack to work, a logged in user should click the link could be performed with JavaScript. /delete/"Click here 💥 Impact...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
✍️ Description I found a stored XSS in your project which is lead by adding property name which reflects on summary-reports-application-leases-1.php 🕵️♂️ Proof of Concept Steps to reproduce: 1. Create a Property. 2. Enter x''' in the comments. 3. Save and visit...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
💥 BUG Stored xss 1 💥 VERSION TESTED latest version as of 4/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/admin/pageSettings.php and click on Sign Up tab.\ put bellow xss payload in Members custom field 1....
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Address field as tested on the latest release. 🕵️♂️ Proof of Concept Step to Reproduce: Go to /itemsview.php and add the payload: ""@x.y as Item Description and add required data and...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description here is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Address field as tested on the latest releaset 🕵️♂️ Proof of Concept Step To Reproduce: Visit clientsview.php and click add a new client Add any details add payload: on the Comments...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
✍️ Description Stored xss in membership profile. 🕵️♂️ Proof of Concept Steps to Reproduce: 1. Create a member account. 2. Login into the member account. 3. Enter the s"' payload in the Address field. 4. Update the profile and You will see an alert. 💥 Impact This vulnerability is capable of stored...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
✍️ Description Stored xss in profile state field There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the State name field as tested on the latest release. 🕵️♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user...
Cross-site Scripting (XSS) - Stored in projectsend/projectsend
💥 BUG CSRF bug to delete file 💥 SUMMURY during batch delete file there is no csrf token present 💥 STEP TO REPRODUCE 1. vulnerable url is http://localhost/projectsend2/manage-files.php?action=delete&batch=27&batch=31&page=1 .\ Here in this url change file-id to delete and open the url and see file...
Cross-site Scripting (XSS) - Stored in projectsend/projectsend
💥 BUG Stored xss during file upload 💥 STEP TO REPRODUCE check this 1 minute video to reproduce the bug https://drive.google.com/file/d/17TkVQxAOuXxSnlaPh4smvbJndcW-JQla/view?usp=sharing 💥 IMPACT Lower level user can make xss attack against admin. So, using this xss bug lower level user can execut...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
💥 BUG Stored xss via client address in invoice 💥 TESTED VERSION latest version as of 01/07/21 💥 STEP TO REPRODUCE 1. From admin account goto http://localhost/online-invoice2/app/admin/pageViewMembers.php and add a new user called user-B with read-write permission in invoice/client module .\ 2...
Cross-site Scripting (XSS) - Stored in combodo/itop
💥 BUG stored xss via contact lastname 💥 STEP TO REPRODUCE Plz check this 1 minute video to reproduce https://drive.google.com/file/d/1bR9ili6jKxX3UQ2dQUQTqNL0e4LsMDtk/view?usp=sharing 💥 Impact I see there is many different type of role base user . So, user who has permission to create contact can...
Improper Access Control in dani-garcia/vaultwarden
✍️ Description Vaultwarden allows users to share files and texts securely with anyone. This feature enables the user to control the number of accesses to a file or text and also the expiration date. A person, to retrieve one of these files, needs to access the share link in a browser. This link...