4072 matches found
Path Traversal in lampnick/doctron
βοΈ Description doctron is a golang tool that helps conversion of HTML to PDF or image. The input doesn't validate if it's a valid web URL. Trying to access local files using file:/// work. This allows getting a screenshot/PDF of the sensitive files on the system. π΅οΈββοΈ Proof of Concept A demo...
Improper Authorization in imran300/inventory
βοΈ Description A General manager user can edit/add other group PERMISSIONS LIST with IDOR. π΅οΈββοΈ Proof of Concept go to this url when logging in as a General manager. http://localhost:8000/inventory/index.php/generals/addgroup and then you can see that Permissions can be bypassed. π₯ Impact This...
Cross-site Scripting (XSS) - DOM in forkcms/forkcms
βοΈ Description The underlying library needs to get the charset in lowercase but fork is passing it in uppercase causing some of the XSS protections to fail π΅οΈββοΈ Proof of Concept Go to...
Cross-site Scripting (XSS) - Stored in zikula-modules/content
βοΈ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites π΅οΈββοΈ Proof of Concept // PoC.js 1- Go to -- https://demo.ziku.la/content/page/edit/PAGEID?slug=pages/content-introduction-page 2- inject this...
Cross-site Scripting (XSS) - Stored in zmister2016/mrdoc
βοΈ Description online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. like gitbook this package is vulnerable for XSS π΅οΈββοΈ Proof of Concept π₯ Impact This vulnerability is capable of...
Cross-site Scripting (XSS) - Stored in zmister2016/mrdoc
βοΈ Description online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. like gitbook this package is vulnerable for XSS π΅οΈββοΈ Proof of Concept π₯ Impact This vulnerability is capable of XSS...
Cross-Site Request Forgery (CSRF) in qkqpttgf/onemanager-php
βοΈ Description Attacker able to make copy of any disk with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
SQL Injection in opensourcepos/opensourcepos
βοΈ Description The Application is vulnerable to blind SQL Injection π΅οΈββοΈ Proof of Concept URL: https://dev.opensourcepos.org/itemkits/search?sort=1 Vulnerable Parameter: sort SQLMap POC --- Parameter: sort GET Type: boolean-based blind Title: Boolean-based blind - Parameter replace original value...
in opensourcepos/opensourcepos
βοΈ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. π΅οΈββοΈ Proof of Concept Image: https://i.ibb.co/cbtVcb1/clickjack.png π₯ Impact According to PortSwigger references, it is...
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
βοΈ Description csrf bug to lock a topic π΅οΈββοΈ Proof of Concept i see everywhere is csrf token checking . But in this case csrf token checking is missing .\ Bellow url is vulnerable to csrf attack to lock a topic . http://localhost/nameless/index.php?route=/forum/lock/&tid=1 π₯ Impact csrf bug to...
Improper Privilege Management in circuitverse/circuitverse
βοΈ Description upvote in any private comment π΅οΈββοΈ Proof of Concept Bellow request is vulnerable to upvote in any comment of private project POST /commontator/comments/1312/upvote HTTP/2 Host: circuitverse.org Cookie: User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:90.0 Gecko/20100101...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
βοΈ Description Attacker is able to delete any file on the server if logged in user visits attacker website. π΅οΈββοΈ Proof of Concept Create a test.txt file under /home/user when you logged in open this POC.html in a browser you can check test.txt deletes. //PoC.html history.pushState'', '', '/'...
in livehelperchat/livehelperchat
βοΈ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. π΅οΈββοΈ Proof of Concept π₯ Impact According to PortSwigger references, it is possible for a page controlled by an attacker...
Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts
βοΈ Description Attacker able to delete any number of users with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
SQL Injection in slackero/phpwcms
βοΈ Description Data enters a program from an untrusted source π΅οΈββοΈ Proof of Concept if$result = mysqliquery$db, 'SELECT FROM '. $phpwcms"dbprepend" ? $phpwcms"dbprepend".'' : ''.'phpwcmsuser' π₯ Impact A successful attack may result in the unauthorized viewing of user lists, the deletion of entire...
Cross-site Scripting (XSS) - Stored in slackero/phpwcms
βοΈ Description Stored xss π΅οΈββοΈ Proof of Concept Plz check this 1 minute video https://drive.google.com/file/d/1ycKDrN3ot623c-iYTaJYFNCjxCXChNx1/view?usp=sharing π₯ Impact xss bug...
Cross-Site Request Forgery (CSRF) in admidio/admidio
βοΈ Description Attacker able to delete any File & Doc with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
Cross-site Scripting (XSS) - Stored in leantime/leantime
βοΈ Description Stored xss bug using a xss payload in the todo name when adding a todo item π΅οΈββοΈ Proof of Concept Goto http://localhost/tickets/showKanban and add a todo item and copy paste the following xss payload in the todo-name javascript " Click on safe and go to the My Timesheets tab and see...
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in devcode-it/openstamanager
βοΈ Description A user without access to the software can inject a portion of HTML code in access logs. π΅οΈββοΈ Proof of Concept Simulate login with a crafter Client-IP header like this: curl -H 'Client-IP: INJECT' -d 'username=&password=&op=login' 'http://localhost//?op=login' The result is: π₯ Impact...
Cross-site Scripting (XSS) - Stored in ampache/ampache
βοΈ Description This is a stored XSS in the mp3 management library. π΅οΈββοΈ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Vote an album 1 and then open "Informations" - "Most rated" 2: π₯ Impact By uploading an mp3 with javascript code into meta...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
βοΈ Description Attacker able to delete any contact with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the I...
Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition
βοΈ Description Attacker is able to change a user profile state to public if a logged in user visits attacker website. π΅οΈββοΈ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check your profile state changed form private to public history.pushState'', '', '/'...
Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin
βοΈ Description Attacker able to modify any menu with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system
βοΈ Description csrf bug to mass delete item price π΅οΈββοΈ Proof of Concept bellow request is vulnerable to csrf attack. here csrf token checking, no refferrer checking . There is nothing to prevent csrf attack . POST /online-invoicing-system/app/itempricesview.php HTTP/1.1 Host: localhost User-Agent:...
Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system
βοΈ Description csrf bug to mass delete client π΅οΈββοΈ Proof of Concept bellow request is vulnerable to csrf attack. here csrf token checking, no refferrer checking . There is nothing to prevent csrf attack . POST /online-invoicing-system/app/clientsview.php HTTP/1.1 Host: localhost User-Agent:...
Cross-Site Request Forgery (CSRF) in alanaktion/phproject
βοΈ Description Attacker able to delete any user with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
in erudika/scoold
βοΈ Description Bypass rate limit and sent unlimited email to any email address. π₯ Impact Attacker can sent unlimited email to any mail address . Many email service provider has limited email sending like 10000 email per month . If you exeed that limit then you will be extra charged . So, using thi...
Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager
βοΈ Description Attacker able to create any Personal Data if users visit attacker site. π΅οΈββοΈ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that Personal data with Denomination aaa have been created. // PoC.html history.pushState'', '', '/' input type="hidden" name="e...
Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager
βοΈ Description Attacker able to delete any Document management if users visit attacker site. π΅οΈββοΈ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check Document management with idrecord value equal to 1 have been created. // PoC.html history.pushState'', '', '/'...
Cross-Site Request Forgery (CSRF) in microweber/microweber
βοΈ Description Attacker able to delete any customer if knows the customer ids parameter value. π΅οΈββοΈ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the customer with id 2 has been deleted. //PoC.html...
Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis
βοΈ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in ampache/ampache
βοΈ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in ampache/ampache
βοΈ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in ampache/ampache
βοΈ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
in kestasjk/webdiplomacy
βοΈ Description According to previous explanation about weak cryptographic tokens, you also send the same weak token to users that forgot their passwords. here an attacker can also do Bruteforce attacks to take control of users accounts. π΅οΈββοΈ Proof of Concept...
in janeczku/calibre-web
βοΈ Description A user can see the name of another user's private shelf through a forbidden error. π΅οΈββοΈ Proof of Concept 1. As user 1, try to add a book to a user 2's shelf: GET /shelf/add/2/2 2. See the returned error: Sorry you are not allowed to add a book to the the shelf: shelf test2 This is...
Improper Access Control in janeczku/calibre-web
βοΈ Description A user can edit the title of another user's shelf. π΅οΈββοΈ Proof of Concept The function editshelf calls directly to createeditshelf sending the queried shelf by the id from the path withouth checking if that shelf is theirs. // shelf.py @shelf.route"/shelf/edit/", methods="GET",...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description In Billing | payment section the Customer invoices part, you protect invoice Statuses to any kind of modification from CSRF attacks but if I set CSRF token to nothings then I able to modify arbitrary invoice Statuses only with knowing their ids. In this PoC.html I am able to Validat...
Session Fixation in alovoa/alovoa
βοΈ Description When a logged in user changes his password, the session does not expire after the update. π΅οΈββοΈ Proof of Concept // PasswordController.java does not expire or force to logout the user after the update. @PostMappingvalue = "/change", consumes = "application/json" public void...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description Attacker can delete any Third Parties for any user with CSRF vulnerability when the Admin or SuperAdmin or an authorized user click on PoC.html file, it is enough to attacker know the Third Parties id on server. I convert the GET...
Cross-site Scripting (XSS) - Generic in emoncms/emoncms
βοΈ Description Line 94 of theme.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in theme.php at line 94. π΅οΈββοΈ Proof of Concept $q = ""; if isset$GET'q' $q = $GET'q'; //get in line 16 //print in line...
Cross-site Scripting (XSS) - Stored in chevereto/chevereto-free
βοΈ Description Stored xss via image upload TESTED VESRION latest github code as of 16/7/21 π΅οΈββοΈ Proof of Concept 1. First download https://github.com/ranjit-git/poc/blob/master/xss%22'%3E%3Cimg%20src%3Dx%20onerror%3Dalert123%3E.jpeg image file in linux . Dont change the file name . This type file...
in ampache/ampache
βοΈ Description According to PHP official documents 1 we have for mtrand function an security issue that says "This function does not generate cryptographically secure values, and should not be used for cryptographic purposes" and as we see in permalinks you use the mtrand function for generate...
Heap-based Buffer Overflow in squell/id3
βοΈ Description Hello! We compiled id3 from commit 857ac8 with Clang-13 + ASan, and we discovered a crafted file which triggers a negative-size-param and a heap-buffer-overflow with a READ of size 40987248. But for the purposes of this report, we are going to look at the heap-buffer-overflow, as it...
Cross-Site Request Forgery (CSRF) in spiral-project/ihatemoney
βοΈ Description The //delete/ end point lacks CSRF protection. This could be exploited by attackers to make the admin delete records from database. π΅οΈββοΈ Proof of Concept For the attack to work, a logged in user should click the link could be performed with JavaScript. /delete/"Click here π₯ Impact...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
βοΈ Description I found a stored XSS in your project which is lead by adding property name which reflects on summary-reports-application-leases-1.php π΅οΈββοΈ Proof of Concept Steps to reproduce: 1. Create a Property. 2. Enter x''' in the comments. 3. Save and visit...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
π₯ BUG Stored xss 1 π₯ VERSION TESTED latest version as of 4/7/21 π₯ IMPACT xss allow to execute arbitary javascript in vicitm account π₯ STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/admin/pageSettings.php and click on Sign Up tab.\ put bellow xss payload in Members custom field 1....
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
βοΈ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Address field as tested on the latest release. π΅οΈββοΈ Proof of Concept Step to Reproduce: Go to /itemsview.php and add the payload: ""@x.y as Item Description and add required data and...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
βοΈ Description here is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Address field as tested on the latest releaset π΅οΈββοΈ Proof of Concept Step To Reproduce: Visit clientsview.php and click add a new client Add any details add payload: on the Comments...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
βοΈ Description Stored xss in membership profile. π΅οΈββοΈ Proof of Concept Steps to Reproduce: 1. Create a member account. 2. Login into the member account. 3. Enter the s"' payload in the Address field. 4. Update the profile and You will see an alert. π₯ Impact This vulnerability is capable of stored...