4072 matches found
Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system
š„ BUG CSRF bug to ban a member š„ IMPACT csrf bug allow to ban any user š„ STEP TO REPRODUCE 1. First goto http://localhost/online-invoice/app/admin/pageViewMembers.php and lets assume there present a member with username test.\ Now any user send link...
Cross-Site Request Forgery (CSRF) in sergix44/xbackbone
āļø Description following endpoint vulnerable to CSRF: /omeka/user/2/delete Also there is not any different that you run The application in localhost or some real hosts, this is enough to login with a browser that used the browser for online web surfacing too. šµļøāāļø Proof of Concept // PoC.html...
Cross-Site Request Forgery (CSRF) in microweber/microweber
āļø Description Attacker able to delete any Product in My shop section if attacker knows the ids parameter value. šµļøāāļø Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the Product with id 9 has been deleted...
Cross-Site Request Forgery (CSRF) in babybuddy/babybuddy
āļø Description You don't check CSRF token in following endpoint /timers/1/restart/ with PoC.html attacker able to reset timer with id equal to 1. šµļøāāļø Proof of Concept // PoC.html history.pushState'', '', '/' š„ Impact This vulnerability is capable of reset any timer...
Cross-Site Request Forgery (CSRF) in babybuddy/babybuddy
āļø Description You don't check CSRF token in following endpoint /timers/1/stop/ with PoC.html attacker able to stop timer with id equal to 1. šµļøāāļø Proof of Concept // PoC.html history.pushState'', '', '/' š„ Impact This vulnerability is capable of stop any timer...
Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis
āļø Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis
āļø Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
in pimcore/pimcore
1Go to https://demo.pimcore.fun/en/account/register 2Enter the username and password 3Choose the password as 'a' and the account will be created...
Cross-Site Request Forgery (CSRF) in ampache/ampache
āļø Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in ampache/ampache
āļø Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy
āļø Description CSRF bug when contacting team šµļøāāļø Proof of Concept no csrf token contact .\ Bellow request is vulnerable to csrf attack POST /contactUsDirect.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101 Firefox/88.0 Accept:...
Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy
āļø Description csrf bug to change user profile šµļøāāļø Proof of Concept I see there no csrf token checking when updating user-profile save bellow html code in html file and host this file . Now sent this file link to vicitm when victim open the link then his profile information will be changed...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
āļø Description CSRF bug to delete product variants šµļøāāļø Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when delete product variants ....
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
āļø Description CSRF bug to remove linked file šµļøāāļø Proof of Concept bellow request is vulnerable to csrf attack when removing linked file.\ https://demo.dolibarr.org/expensereport/card.php?id=202&action=removefile&file=%28PROV202%29%2F%28PROV202%29.pdf&entity=1 š„ Impact csrf attack...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
āļø Description In Bank section the Bank | Cash part, you protect List entities to delete with CSRF attacks but if I set CSRF token to nothings then I able to delete arbitrary List entities only with knowing their ids. šµļøāāļø Proof of Concept // PoC.html history.pushState'', '', '/' input...
Cross-Site Request Forgery (CSRF) in microweber/microweber
āļø Description microweber is vulnerable to Cross-site request forgery. The app is not checking the CSRF token when adding new products to the cart. šµļøāāļø Proof of Concept HTML content: HTML setTimeout = form.submit; , 2000; 1. Save the above content into an HTML file. 2. Open the file on the...
Cross-site Scripting (XSS) - Reflected in alovoa/alovoa
āļø Description xss bug šµļøāāļø Proof of Concept 1. Open url https://alovoa.com/profile?lang=es%22%3E%3Cscript%3Ealert1%3C/script%3E and see xss is executed .\ My previous xss and this xss has different attacking endpoint and thats why i submitted two report š„ Impact xss...
in cortezaproject/corteza-server
Passwords shorter than 8 characters are considered to be weak NIST SP800-63B. Maximum password length should not be set too low, as it will prevent users from creating passphrases. ... It is important to set a maximum password length to prevent long password Denial of Service attacks. STEPS FOR...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
āļø Description In this directory "https://demo.dolibarr.org/ecm/index.php?mainmenu=ecm&leftmenu=ecm&idmenu=167162" The attacker Can Perform a CSRF attack to Remove any folders. In this Directory application take a parameter named "token" and I set "token" parameter value to nothings like...
Cross-Site Request Forgery (CSRF) in seriawei/zkeacms
āļø Description ZKEACMS is vulnerable to Cross-site request forgery. The app has no mechanism against CSRF in all HTTP requests. šµļøāāļø Proof of Concept Sample: Add products to the shopping cart. HTML content: HTML setTimeout = form.submit , 2000; 1. Save the above content into an HTML file. 2. With...
in emoncms/emoncms
āļø Description In CSRF attack if attacker able to change the victim email then attacker can change email to own email and get password from password reset section and then the account take over happen here. šµļøāāļø Proof of Concept 1.you login in your account 2.you make a file contain the following...
Cross-Site Request Forgery (CSRF) in emoncms/emoncms
āļø Description In CSRF attack if your users going to attacker website and click the mallicouse link then they able to steal users cookie, submit unwanted date, .... šµļøāāļø Proof of Concept 1.you login in your account 2.you make a file contain the following html file. 3.open html as victim site...
Cross-site Scripting (XSS) - Stored in leantime/leantime
āļø Description Stored xss bug using a xss payload in the Milestone Title when adding a new milestone šµļøāāļø Proof of Concept Goto http://localhost/tickets/roadmap and click on add Milestone and copy paste the following xss payload javascript " Click on safe and see the xss popup with the cookie. š„...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
āļø Description I found a stored XSS in your project which is lead by adding anonymous group name. šµļøāāļø Proof of Concept Steps to reproduce: 1. Create a group. 2. Enter group"' in the group name. 3. Save and visit view groups. 4. Click on Anonymous group you just created. š„ Impact This...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
āļø Description In the repo online invoicing system i found a stored xss which gets exploited on unpaid invoice view which is lead by client name. šµļøāāļø Proof of Concept Video POC: https://drive.google.com/file/d/1emTPPkSgGXM6XllelCrsdTYhhXMGCGb/view?usp=sharing Steps to reproduce: 1. Add a client...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
āļø Description stored xss via residenceandrentalhistoryview šµļøāāļø Proof of Concept check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1BdPQ-89AXURe8wCGAlwuz8wL1Xge0cmJ/view?usp=sharing...
in bigprof-software/online-rental-property-manager
š„ BUG privilege escalation bug to add employmentandincomehistory to a applicant . š„ IMPACT unprivileged user can add employmentandincomehistory to a applicant š„ STEP TO REPRODUCE 1. From admin account goto http://localhost/online-rental/app/admin/pageViewMembers.php and add new user called user-B...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
āļø Description Stored xss in membership profile. šµļøāāļø Proof of Concept Steps to Reproduce: 1. Create a member account. 2. Login into the member account. 3. Enter the s"' payload in the city field. 4. Update the profile and You will see an alert. š„ Impact This vulnerability is capable of Stored xss...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
āļø Description Stored xss in profile City field.\ There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the State name field as tested on the latest release. šµļøāāļø Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
š„ BUG Stored xss via group name š„ TESTED VERSION latest version as of 01/07/21 š„ STEP TO REPRODUCE 1. create a group with bellow xss payload in name.\ group1"'.\ 2. Now add a new user called user-B to the above group .\ 3. Finally visit...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
š„ BUG xss via landlord comment š„ VERSION TESTED latest version as of 1/7/21 š„ IMPACT xss allow to execute arbitary javascript in vicitm account š„ STEP TO REPRODUCE 1. first goto http://localhost/online-rental/app/rentalownersview.php and add a new landlord .\ During creation put bellow xss payloa...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
š„ BUG xss via groupname in item š„ VERSION TESTED latest version as of 1/7/21 š„ IMPACT xss allow to execute arbitary javascript in vicitm account š„ STEP TO REPRODUCE 1. first goto http://localhost/online-invoice2/app/admin/pageEditGroup.php and add a new group and put bellow xss payload in...
Improper Privilege Management in bigprof-software/online-invoicing-system
š„ BUG privilege escalation bug to add item to a price-history š„ IMPACT unprivileged user can add item to a price-history š„ STEP TO REPRODUCE 1. From admin account goto http://localhost/online-invoice2/app/admin/pageViewMembers.php and add new user called user-B .\ Now revoke all acccess from item...
in projectsend/projectsend
š„ BUG privilege escalation bug to update admin email-address and company name etc . š„ IMPACT unprivileged user can update admin email-address and company name etc š„ STEP TO REPRODUCE 1. From admin account goto http://localhost/projectsend2/users.php and add new user called user-B with uploader...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
āļø Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the City field as tested on the latest release. šµļøāāļø Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user account. 3. Enter the s"' payload in the City...
Cross-site Scripting (XSS) - Stored in combodo/itop
š„ BUG stored xss via file upload š„ STEP TO REPRODUCE here in this case i uploaded a html file with xss payload inside.\ Plz check this 1 minute video to reproduce https://drive.google.com/file/d/1xKqYFgrsFUfp9Ufe4XiATQcAL-Q6Mr9G/view?usp=sharing š„ Impact I see there is many different type of role...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
āļø Description There is a Stored XSS in the online invoicing system which could be exploited by any user who has permission to add a client. when a comment is added during the creation of a client by the user then due to improper sanitization XSS payload gets triggered. šµļøāāļø Proof of Concept Video...
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
āļø Description Reflected XSS in ping.php as IP parameter is not sanitized. šµļøāāļø Proof of Concept Vulnerable Code: Ping Payload: Ping alert1 ? š„ Impact This vulnerability is capable of reflected XSS...
in beestat/app
āļø Description The random number generator implemented by mtrand on session keys is not suitable for cryptographic purposes generation of tokens, passwords, or cryptographic keys either. mtrand function that produces predictable values is utilized as a source of randomness in a security-sensitive...
Stack-based Buffer Overflow in rup0rt/pcapfix
Description A stack over flow was found in pcapfix in function fixpcappackets in pcap.c at line 550 The root cause seem at line 458 , there is an int overflow if filesize-pos-sizeofpackethdr is negative. Test version : 1.1.6 2fe168e Test env: gcc 9.3.0 ubuntu 20.04 x86-64 Proof of Concept...
in phpservermon/phpservermon
āļø Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...
Cross-Site Request Forgery (CSRF) in erudika/scoold
āļø Description The /voteup/question/ endpoint does not have a CSRF protection. This could be exploited by an attacker to manipulate votes in a question. šµļøāāļø Proof of Concept An attacker creates the following web page and sends a link to a logged in user. // PoC.html Click Here When an...
Server-Side Request Forgery (SSRF) in frenchbread/private-ip
āļø Description private-ip is an npm module that is used to check if the IP address is private or not for preventing SSRF attacks. It has nearly 11k+ weekly downloads on npmjs. However, I discovered that an attacker may simply get around this check by constructing a malicious IP. šµļøāāļø Proof of...
Command Injection in sofianehamlaoui/lockdoor-framework
āļø Description Unsanitized user input leads to command injection in Nasnum function input in the infogathering.py script. šµļøāāļø Proof of Concept Payload: ;id š„ Impact command run as root. So an attacker could do potential damage to the machine...
OS Command Injection in falconchristmas/fpp
āļø Description The version variable is directly embeded in a OS command in https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/upgradefpp.phpL54 php $version = $GET'version'; // $command = "sudo /opt/fpp/scripts/upgradeFPP " . $version . " 2&1"; echo "Command:...
OS Command Injection in falconchristmas/fpp
āļø Description Hi, there is a command injection vulnerability in https://github.com/FalconChristmas/fpp/blob/40a636c6e38442e3674db0b85fdfc5ed8a79b823/www/changebranch.phpL23 php &1"; echo "Command: $command\n"; echo...
in mcfriend99/bird
āļø Description Heap-based 1-byte write violation. Certain programs can cause the parser/syntax-checker to write out of bounds. The below program writes a single byte out of bounds. šµļøāāļø Proof of Concept Program: var a = 'outer' def test var a = 'inner' echo 'It works! $a' echo a echo test test def...
in hstm/dotfiles
āļø Description Owner of this Github repo has inadvertently committed their .pgpass file which contains login information for a localhost PostgreSQL server. We suggest the owner of this Github repo deletes the file from the repo, adds .pgpass to their .gitignore and changes their localhost...
Improper Privilege Management in dolibarr/dolibarr
š„ BUG unprivileged user can add personal email to another user. š„ IMPACT user who dont have any access in "users and groups" can update users personal email. š„ TESTED VERSION dolibarr 14.0.0-beta š„ STEP TO REPRODUCE 1. First goto admin account and add user B as normal user .\ Now give user B...
Improper Access Control in codingtrain/website
āļø Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. šµļøāāļø Proof of Concept Visit this link to verify that you can use the service by visiting...