Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2023/05/30 3:24 a.m.9 views

Stored XSS in End page

Description Allows a user who only has the authority to create surveys not the administrator to bypass validation and embed javascript schemes when creating surveys Step to reproduce - Login as administrator 1. Open User management and Create a user with create surveys only permissions. 1. Logout...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/05/02 8:25 p.m.9 views

Cross Site Scripting in Open Web Analytics on most statistics related pages

Description The makeJson method within the owatemplate class generates a JSON string in an unsafe manner. This method is utilized within the report.tpl file, where it receives parameters from the URL and generates a JSON string using them without properly sanitizing. Proof of Concept The...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/03/20 9:36 a.m.9 views

REFLECTED XSS "Cross-site Scripting (XSS) "

Description Summary: I have found Reflected XSS at https://www.vim.org/login.php?referrer= Go To : https://www.vim.org/login.php?referrer=%22%3E%3Csvg/onload=prompt/OPENBUGBOUNTY/%3E payload xss : " Proof of Concept // PoC.js var payload =...

6.4AI score
Exploits0
Huntr
Huntr
added 2023/02/21 4:37 p.m.9 views

Stored HTML injection and Potential Cross Site Scripting in pixelfed ≤ 0.11.4

Description pixelfed ≤ 0.11.4 is affected by HTML injection and Potential Cross Site Scripting vulnerability. Steps to Reproduce: 1.Choose any server from https://pixelfed.org/servers and go to registration page. 2.Enter your username, email, password and enter following payload on "Name" paramet...

6.7AI score
Exploits0References2
Huntr
Huntr
added 2023/02/20 10:17 a.m.9 views

Stored XSS in "Import" Module

Description When loading a CSV or XLSX file to preview before importing Step 4, no sanitization of the first line label, allows authenticated attacker to inject malicious XSS payload into the to import file, and store it on the target webserver. If any admin reuse the malicious uploaded importing...

6.2AI score
Exploits0
Huntr
Huntr
added 2023/01/30 1:39 p.m.9 views

XSS caused by sending information between users

Description The forum allows users to send information. Although the script tag cannot be used, the img tag can also cause xss.And the program can bypass the filtering of the "cookie" string by means of entity encoding. Video link You can watch my video through this link first. link...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/12/19 12:26 p.m.9 views

SNMP location XSS vulnerability

Description By including some HTML in the "Location" field of the snmpd configuration of a managed device, an attacker can inject HTML into the LibreNMS "Devices" tab, which then gets rendered when the page is viewed. EDIT: I'm having difficulties developing a proper exploit for this beyond the...

6.7AI score
Exploits0References1
Huntr
Huntr
added 2022/11/23 9:20 p.m.10 views

An unrestricted upload file lead to a stored XSS via SVG file.

Description During the test, I discovered that the upload function accepted svg files without any sanitization, allowing me to inject javascript code into the svg file and store it, as well as execute the javascript code via the svg file. Proof of Concept // PoC.js...

7.5AI score
Exploits0
Huntr
Huntr
added 2022/11/17 11:51 a.m.9 views

Cross-site Scripting (XSS) - Stored at discussion title

Description Attacker can inject XSS payload in title when he starts or renames a discussion. The payload will be triggered right after a normal user open that discussion. Proof of Concept 1. Login to your account on https://forum.locker.io 2. Create New Discussions 3. On the Discussions Title,...

6AI score
Exploits0
Huntr
Huntr
added 2022/10/30 11:35 p.m.9 views

XSS stored in Category name

Description If a user inject an XSS payload inside a category name. All users that visit the index page will execute the corresponding XSS payload. Proof of Concept Add a malicious category XSS is executed...

2.5AI score
Exploits0References1
Huntr
Huntr
added 2022/10/09 4:48 p.m.9 views

POST Based Reflected Cross Site Scripting in installation page

Description The installation page in Elgg ≤ v4.3.3 is vulnerable to Cross-Site Scripting attack via 'dataroot' parameter. Steps to Reproduce 1. Freshly install the Elgg in your web-server and proceed to "Database Installation Page". 2. Enter the following payload in "Data Directory" field and fil...

5.9AI score
Exploits0References1
Huntr
Huntr
added 2022/10/09 2:42 p.m.9 views

Multiple SQL Injections

Description User input is inserted directly into a SQL query in multiple places when duplicating contacts/leads. Proof of Concept For a PoC, we are going to use Leads, although the other vulnerabilities will probably work analagously. Since the input is not directly displayed to the user, we will...

7.6AI score
Exploits0
Huntr
Huntr
added 2022/09/06 4:6 p.m.9 views

Insufficient Session Expiration

Description Existing sessions are not invalidated after a password change. Proof of Concept Steps to reproduce: 1. Log in to Humhub 2. Do the same in another browser or a private window, such that there are two different active sessions 3. Update the user's password in either of the two sessions ...

1.2AI score
Exploits0References1
Huntr
Huntr
added 2022/08/31 2:57 a.m.9 views

Reflected XSS on "DetailViewAjax" via "relation_id" parameter

Description The value of the "relationid" parameter on the "DetailViewAjax" reflects to the source code without any sanitization. So, that leads to XSS which allows cookie stealing. Proof of Concept...

1.5AI score
Exploits0
Huntr
Huntr
added 2022/08/28 10:34 a.m.9 views

Tabnabbing on spec-disrespecting browsers

Some browsers do not comply with the 2021 HTML specification, meaning that an attacker can redirect the parent window. This applies to links in descriptions // Create a new card // Add https://someevilsite.com to card // Now the site can do the following:...

0.9AI score
Exploits0References1
Huntr
Huntr
added 2022/08/21 4:13 p.m.9 views

DoS via Client Email Update

Description An unauthenticated user, via the Inbox Website Widget, can update its contact email information, whose field doesn't have any proper size restriction or limitation in place, allowing to set as email an unlimited number of characters. \ \ Because of this an attacker can send an enormou...

6.9AI score
Exploits0
Huntr
Huntr
added 2022/08/19 9:53 p.m.9 views

XSS on URL recorder

Description Hi Team , I found XSS vulnerability in url recorder https://conifer.rhizome.org/"USERNAME"/default-collection/ Proof of Concept Image : https://ibb.co/dBr0QQr...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/08/13 12:39 p.m.9 views

Cross-site Scripting (XSS) - Stored on Translations

Description Translations are vulnerable to Cross-Site Scripting. Steps to reproduce 1 - Go to Website - Settings 2 - Click on Languages 3 - Fill any field to be translated with an XSS payload : ". 4 - XSS popup will appear. Proof of concept...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/08/08 10:45 p.m.9 views

Modify other people's articles by modifying the data package

Description The program does not check whether the originator of the request has this permission. I can modify the content of other people's articles and even modify the content by capturing data packets, even if I am not the owner of the article, even if I do not have permission in this respect...

0.3AI score
Exploits0References1
Huntr
Huntr
added 2022/08/03 10:57 p.m.9 views

Denial of Service via Attachment Upload

Description An attacker can upload an attachment without any size limitation which leads to an exception and the crash of the application. Proof of Concept 1. 1 - Log in and select and project and card. 2. 2 - Upload a file, in this case, a 5GB file. Used sample file. 3. 3 - After some seconds th...

1.9AI score
Exploits0
Huntr
Huntr
added 2022/07/05 9:2 a.m.9 views

UI REDRESSING

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept Go to this URL:...

0.6AI score
Exploits0References2
Huntr
Huntr
added 2022/07/02 6:53 a.m.9 views

Cross Site Scripting via Improper Input Validation (parser differential)

Description I find that parse-url parses the following URL incorrectly and identifies protocol as ssh: javascript://n.com:-4294967297/?ab=--2509999973799371216494http://user:passser:[email protected]:-4294967297/?a /parseurlfuzz$ node -e 'const parseUrl = require"parse-url";...

0.2AI score
Exploits0
Huntr
Huntr
added 2022/07/01 7:25 p.m.9 views

xss via svg file

Description xss via svg file Proof of Concept 1. goto your account and create a document under a collection .\ 2. Now edit this document and upload bellow svg file in this document content as image filename--evil.svg alert'Thais app is probably vulnerable to XSS attackss!'; 3. after upload open...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/06/30 2:6 p.m.9 views

Cross-site Scripting (XSS) - Stored in Space Name

Description Cross-site Scripting XSS - Stored in space name. Because space name is not HTML encoded, "Confirm action" modal pops up then the script is executed. Proof of Concept Step 1: Create a new Space and fill in name with this payload: "alert1. Step 2: Send an invite to victim then save. Ste...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2022/06/27 7:30 a.m.9 views

Reflected XSS in multiple parameters

Testing Environment 1. Windows OS 2. Firefox Browser Vulnerable URLs ----...

1.4AI score
Exploits0
Huntr
Huntr
added 2022/06/27 5:37 a.m.9 views

Command Injection:

Description cookiecutter is a command-line utility that creates projects from cookiecutters. Affected versions of this package are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg...

8AI score
Exploits0References3
Huntr
Huntr
added 2022/06/25 5:1 p.m.9 views

Reflected XSS on the Products Modules

Description coreBOS is vulnerable with Reflected XSS on the Products modules. The HTML tag can be escaped with " character and the attacker can be able to perform the Reflected XSS Proof of Concept 1. Login to coreBOS 1. Go to...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2022/06/25 1:52 a.m.9 views

Improper path sanitization allows remote read of sensitive system resources

In pufferpanel/files.go there is an EnsureAccess method that accepts a source string and prefix argument. This function attempts to validate that the path being requested is within the scope of the server's operating directory. However, there is a logic bug in this function that improperly passes...

1.2AI score
Exploits0
Huntr
Huntr
added 2022/06/19 2:40 p.m.9 views

Username can be enumerated by password reset endpoint

Description The error message on /password/reset/1 can indicate whether the username exists in the instance. I believe this is a valid issue for the following reason: 1. /password/reset after submitting the username on this page, the server always returns success no matter whether the username...

7.3AI score
Exploits0
Huntr
Huntr
added 2022/06/13 4:37 a.m.9 views

Stored XSS in Supplier Company Description

Description The application inventree is vulnerable to Stored XSS in supplier company description field. Proof of Concept Video PoC Link: https://drive.google.com/file/d/115LLo4rxW7RzWd7hevbSFAlf-V83OUhU/view?usp=sharing...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/06/08 7:48 a.m.9 views

stored xss

Description Stored XSS, also known as persistent XSS, is the more damaging than non-persistent XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Proof of Concept 1Go to this website: https://titra.io/ 2Click on add Track button 3In the Task field enter...

6.1AI score
Exploits0
Huntr
Huntr
added 2022/06/04 8:22 p.m.9 views

Failure to strip Authentication header on HTTP downgrade

The Guzzle redirect middleware fails to strip the Authorization header when a redirect downgrades from https to http. The middleware currently only checks if the host has changed...

0.5AI score
Exploits0
Huntr
Huntr
added 2022/05/23 8:43 p.m.9 views

Cross-site Scripting (XSS) - Stored

Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept - it works on firefox not in chromium based browsers - login as admin - go to...

7AI score
Exploits0References1
Huntr
Huntr
added 2022/05/22 10:3 a.m.9 views

Improper privilege management - Anyone can view room settings.

Description Hi bigbluebutton maintainers, I would like to report an improper privilege management, this allows anyone to view any room settings. Proof of Concept 1. To demonstrate the vulnerability, I've created a room https://demo.bigbluebutton.org/gl/hoa-j4s-sxx-5gn 2. Run this curl command to...

1.6AI score
Exploits0
Huntr
Huntr
added 2022/05/16 6:27 p.m.9 views

Application Level DoS:

Description Hey, when I attempt to change the password, I noticed that you haven't kept any password boundary. You need to limit password length. Hashing a large amount of data can cause significant resource consumption on behalf of the server and would be an easy target for an Application-level...

7.2AI score
Exploits0References1
Huntr
Huntr
added 2022/05/16 6:8 p.m.9 views

Application Level DoS:

Description Hey, when I attempt to change the password, I noticed that you haven't kept any password boundary. You need to limit password length. Hashing a large amount of data can cause significant resource consumption on behalf of the server and would be an easy target for an Application-level...

7.2AI score
Exploits0References1
Huntr
Huntr
added 2022/05/11 10:39 a.m.9 views

Cross site Request Forgery in running schedule by using GET method.

Description There is a CRSF in autolab source code in running scheduler due to usage of GET method. Proof of Concept 1. Install a local instance of autolab 2. Go to /courses//schedulers and create a schedule 3. Access the link courses//schedulers//run and see that the schedulers is running...

1.8AI score
Exploits0
Huntr
Huntr
added 2022/05/11 8:23 a.m.9 views

Stored XSS due to the setting text/xml mime type for xml files

Description Hi, The patch for the previous XSS vulnerability Cross-site scripting - Reflected via upload .xml file looks incomplete. It just will set the mime type to text/xml for XML files to avoid XSS, However, this one can be also used to perform XSS too. Since an XML file can contain HTML...

5.8AI score
Exploits0
Huntr
Huntr
added 2022/05/09 1:8 p.m.9 views

Set cookie for different domain

Description It is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header. Proof of Concept php true; $client-request"GET", "https://.free.beeceptor.com/setcookie"; $cookies = $client-getConfig'cookies'-toArray; printr$cookies; ? You can us...

0.5AI score
Exploits0References1
Huntr
Huntr
added 2022/05/09 10:37 a.m.9 views

Reflected Cross site scripting

Description When a user add new product with a supplier, supplier reference field is responsible to rxss Proof of Concept 1. Navigate to http://localhost/invoices/EditProducto?code=1&action=save-ok and goto supplier tab 2. Click on Add and in "Supplier reference" field add hey...

Exploits0
Huntr
Huntr
added 2022/05/08 1:8 p.m.9 views

Google Storage Bucket Takeover which is getting used in github repository "github.com/wardviaene/kubernetes-course"

Description wardviaene have a opensource project for kubernetes-course In the project, there is a README file which is contains installation instruction of helm. Those instructions are suggesting to download helm binary from a google bucket which was not registered on GCP. So I was able to takeov...

Exploits0References2
Huntr
Huntr
added 2022/04/24 3:49 a.m.9 views

Cross Site Request Forgery in Release all grades feature

Description Hi there, there is a Cross site request Forgery in your Release all grades feature. This is due to the release all grades action is using GET request method. Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/04/23 5:48 p.m.9 views

Cross-site scripting - Stored via upload xml file

Description When user upload file with XML extension in white-list, server will stored XML file at assets/PortalNotesFiles/, so we can direct access and execute javascript code. Proof of Concept POST /rosariosis/Modules.php?modname=SchoolSetup/PortalNotes.php&modfunc=update HTTP/1.1 Host:...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2022/04/02 6:39 p.m.9 views

identify registered user

Description There is a response during password reset which allow to identify if email address is registered or not Proof of Concept 1. Signup to https://cloud.heroiclabs.com/ using a email like [email protected] . \ 2. Now goto https://cloud.heroiclabs.com/recover and put a dummy email address...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/03/31 8:9 a.m.9 views

CSRF on update cart functionality

I found a CSRF Vulnerability in the update cart functionality where there is no csrf token being validated While updating the cart as the authenticated user Vulnerable Request: POST /demo/api/updatecart HTTP/1.1 Host: demo.microweber.org Cookie:...

0.4AI score
Exploits0
Huntr
Huntr
added 2022/03/31 5:29 a.m.9 views

Divulge user password

Description The administrator can obtain the website user registration password hash Proof of Concept // PoC Log in to the background and access: http://demo.jizhicms.cn/admin.php/Member/index.html?ajax=1&page=1&limit=10&isshow=&start=&end=&username=% Package return:...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/03/27 11:2 a.m.9 views

Stored xss bug to hijack admin account

Description Using this xss lower level user can change his role to super-admin and can hijack admin account Proof of Concept 1. First from super-admin account goto http://localhost/silverstripe/admin/security/RootUsers and add user-B as content authors .\ also give user-B only permisssion to page...

0.7AI score
Exploits0
Huntr
Huntr
added 2022/03/23 2:33 a.m.9 views

Stored XSS via upload file

Description In document feature, you can upload a file .ofd which can have xss Proof of Concept // xss.ofd alert1 Step 1: Go to Support - Documents Step 2: Click Create Documents Step 3: At the Download type, choose Internal. Upload file xss.ofd above. Step 4: Go to that file link, such as:...

7AI score
Exploits0
Huntr
Huntr
added 2022/03/19 4:4 a.m.9 views

Multiple Open redirect

Description There exist multiple open redirect in the get parameter returnurl . I found it in bookmarks//edit , bookmarks//remove, bookmarks//archive, bookmarks//unarchive, bookmarks/bulkedit Proof of Concept 1. Login in the demo instance https://demo.linkding.link/ 2. Go to...

0.3AI score
Exploits0
Huntr
Huntr
added 2022/02/23 10:15 p.m.9 views

Improper Input Validation

Description If hostname is not entered as in the following PoC, Open Redirect and SSRF occur because hostname is empty. Proof of Concept javascript // PoC : http:@127.0.0.1 const parseUrl = require"parse-url" const http = require"http" url = parseUrl"http:@127.0.0.1" console.logurl...

0.1AI score
Exploits0
Total number of security vulnerabilities4072