4072 matches found
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
Description With this CSRF any user is able to remove any punishment on any user made by the staff. Proof of Concept After you log in, open this POC.html in a browser. This will remove any punishment that's specified in the POC. history.pushState'', '', '/' document.forms0.submit; This specific P...
Inefficient Regular Expression Complexity in ampproject/amphtml
✍️ Description The amphtml package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted template as input to the expandTemplate function of core/types/string/index.js may cause an application to consume an excessive amount of CPU. Below pinned...
Cross-site Scripting (XSS) - Stored in zikula-modules/content
Description Stored XSS in External element Feed when created Content Proof of Concept POST /content/item/edit?type=Zikula%5CContentModule%5CContentType%5CFeedType HTTP/2 Host: demo.ziku.la Cookie: zsid=5idn7q9udrp7mgirikmdlep45d User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0...
Cross-Site Request Forgery (CSRF) in janeczku/calibre-web
Description Hi team :, the /shelf/remove/id and /shelf/add/id is vulnerable against CSRFleading to the possibility to add and remove shelves' items on the behalf of the victim user. Proof of Concept 1. Install the application 2. Create a new shelf id == 1 in this case 3. The attacker sends the...
in zikula/core
Description Rate limit bypass sent unlimited email victim or any email address Proof of Concept There is no rate limit lost-user-name, attacker to send unlimited email to victim or any email address. POST /zauth/account/lost-user-name HTTP/1.1 Host: demo.ziku.la User-Agent: Mozilla/5.0 Windows NT...
in zikula/core
Description Sensitive Data can be exposed even after logouting the application Proof of Concept Tested url :: https://demo.ziku.la/ Tested on :: Firefox 1 Login to the application 2 Got my account 3 Click logout button 4 Press browser back button 5 Now the we can re-enter to the dashboard Impact...
Inefficient Regular Expression Complexity in validatorjs/validator.js
Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in validator. It allows cause a denial of service when validating crafted invalid MagnetURIs. The ReDoS vulnerability is mainly due to the sub-pattern .+&tr=.+ with quantified overlapping adjacency and c...
Cross-site Scripting (XSS) - DOM in zoujingli/thinkadmin
Description DOM based xss via url hash frgament Proof of Concept First login into https://v6.thinkadmin.top and then visit https://v6.thinkadmin.top/admin.htmlhttps://bbounty.000webhostapp.com/cors.php?id=xxxxx2 and see xss is executed Impact DOM based xss via url hash fragment...
Cross-Site Request Forgery (CSRF) in microweber/microweber
Description Attacker able to delete any file In Files module if this module enabled there isn't any csrf protection in this endpoint. Proof of Concept After open the PoC.html file you can see that the file with name 1.jpg will be deleted. //PoC.html history.pushState'', '', '/'...
Cross-Site Request Forgery (CSRF) in glpi-project/glpi
✍️ Description Hello dear glpi team I found one more CSRF vulnerability. 🕵️♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here pdf plugin will be uninstalled after clicking on submit...
Cross-site Scripting (XSS) - Reflected in universaloj/uoj-system
✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...
Cross-site Scripting (XSS) - Reflected in tildeclub/site
✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...
Improper Access Control in agentejo/cockpit
✍️ Description A local file inclusion vulnerability allows attackers to bypass the need for API Keys when querying private custom API endpoints 🕵️♂️ Proof of Concept 1. On the server create a custom API endpoint in /var/www/html/config/api/custom.php as follows: param'test'; if !$test return...
Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver
✍️ Description stored xss bug via link in store 🕵️♂️ Proof of Concept 1. goto https://mainnet.demo.btcpayserver.org/stores and create a store .\ 2. Now open that store using url https://mainnet.demo.btcpayserver.org/stores/BuBNcrh8vpu4sMcTikqXoP5pXU49hvoFDyqAoA46Tns2 and change website link to...
in fisharebest/webtrees
✍️ Description The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. The Forgot Password feature can be exploited to conduct user enumeration. If the given email exists in the...
Cross-site Scripting (XSS) - Stored in leantime/leantime
✍️ Description A malicious actor is able to add new Client with a malicious payload, and upon opening the research menu, the XSS payload is being executed. 🕵️♂️ Proof of Concept - 1; Log in with a proper roled user - 2; Add a new client to the system at upper right corner at /clients/showAll/ URI...
Cross-site Scripting (XSS) - Stored in yogeshojha/rengine
✍️ Description Hi, When creating a template for nuclei, it is possible to upload a malicious template with xss load, clicking to see this template will run xss. 🕵️♂️ Proof of Concept 1- First, create the fake template: id: poc-xss alert1 info: name: xss-storage-rengine author: phor3nsic severity:...
Cross-site Scripting (XSS) - Stored in zikula/core
✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites 🕵️♂️ Proof of Concept // PoC.js 1- Go to -- https://demo.ziku.la/blocks/admin/block/edit/2 2- Go to Editor and link a test word with a link As...
Cross-Site Request Forgery (CSRF) in qkqpttgf/onemanager-php
✍️ Description Attacker able to rename any disktag with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks...
Cross-site Scripting (XSS) - Reflected in azuracast/azuracast
✍️ Description The Application is Vulnerable to reflected HTML Injection 🕵️♂️ Proof of Concept Open the following page in the browser as admin. The page is vulnerable to HTML Injection...
in zoujingli/thinkadmin
✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
✍️ Description The download/web-log endpoint does not have CSRF Protection. This could be used to force download error log and potentially sensitive information leakage. 🕵️♂️ Proof of Concept Login to user account. Create the following POC.html file and open the page in browser. To verify that you...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
✍️ Description Attacker is able to add an element to favorite. this vulnerability happens on some sections. for example on “Firewall” tab list/firewall/ 🕵️♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally first record saves as favorite...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
✍️ Description In this application there is weak CSRF protection on backup functionality. therefore according to below POC.html when a logged in user visits attacker website then an unintentional backup request sends to application. 🕵️♂️ Proof of Concept //PoC.html history.pushState'', '', '/'...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
✍️ Description Attacker is able to logout user if a logged in user visits attacker website. 🕵️♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally you logged out history.pushState'', '', '/' document.forms0.submit; 💥 Impact This vulnerability is...
Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts
✍️ Description Attacker able to delete any number of Purchases invoices with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...
Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2
✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...
Cross-Site Request Forgery (CSRF) in aces/loris
✍️ Description Attacker able to create any Category with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attack...
Cross-Site Request Forgery (CSRF) in aces/loris
✍️ Description Attacker able to edit any Information with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
Cross-site Scripting (XSS) - Stored in ampache/ampache
✍️ Description This is a stored XSS in the mp3 management library. 🕵️♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Open "New" 1 under "Information" menu: 💥 Impact By uploading an mp3 with javascript code into meta tag could permit an...
in filegator/filegator
Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills. This tricks...
Cross-Site Request Forgery (CSRF) in glpi-project/glpi
✍️ Description Attacker able to delete any document from Processing change with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user...
Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager
✍️ Description csrf bug to create a backup 🕵️♂️ Proof of Concept Bellow request vulnerable to csrf bug which allow to create database backup GET /online-rental-property-manager/app/admin/pageBackupRestore.php?action=createbackup HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Ubuntu; Linux...
Improper Privilege Management in bigprof-software/online-invoicing-system
💥 BUG CSRF bug to approve member 💥 IMPACT csrf bug allow to approov any user 💥 STEP TO REPRODUCE 1. Lets assume signup allowed in settings page and member need to approoved .\ Now From external user goto http://localhost/online-invoice/app/membershipsignup.php and signup for new member with...
Cross-Site Request Forgery (CSRF) in alanaktion/phproject
✍️ Description Attacker able to delete any group with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks i...
Improper Privilege Management in amirsanni/mini-inventory-and-sales-management-system
💥 BUG unprivileged user can add item 💥 STEP TO REPDOUCE 1. From admin account goto https://1410inc.xyz/mini-inventory-and-sales-management-system/administrators and add new user callled user-B with basic role .\ So, user-B cant add new item.\ 2. Now goto user-B account and here user-B cant see...
Cross-Site Request Forgery (CSRF) in sergix44/xbackbone
✍️ Description following endpoint vulnerable to CSRF: /omeka/upload/1/delete Also there is not any different that you run The application in localhost or some real hosts, this is enough to login with a browser that used the browser for online web surfacing too. 🕵️♂️ Proof of Concept // PoC.html...
Cross-Site Request Forgery (CSRF) in microweber/microweber
✍️ Description Attacker able to delete any Module if attacker knows the ids parameter value. 🕵️♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the Module with id 167 has been deleted. //PoC.html...
Cross-Site Request Forgery (CSRF) in microweber/microweber
✍️ Description Attacker able to delete any user if knows the user id parameter value. 🕵️♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the user with id 3 has been deleted. //PoC.html history.pushState'', '',...
in erudika/scoold
✍️ Description You should check and validate the password when users registering, any user able to use a weak password like aaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords. 💥 Impact This...
Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
in zeromq/pyzmq
✍️ Description The paramiko.WarningPolicy policy used in setmissinghostkeypolicy will not reject unknown host keys. This may lead to Man-in-the-middle attacks. 🕵️♂️ Proof of Concept client = paramiko.SSHClient client.loadsystemhostkeys client.setmissinghostkeypolicyparamiko.WarningPolicy 💥 Impact...
Cross-Site Request Forgery (CSRF) in janeczku/calibre-web
✍️ Description An attacker can make a user change his profile settings by CSRF vulnerability through PoC file. There is no CSRF token. 🕵️♂️ Proof of Concept For example, changing the email address from "[email protected]" to "[email protected]" test1's profile. Make the user open a link with this page...
Cross-Site Request Forgery (CSRF) in emoncms/dashboard
💥 BUG csrf bug to regenerate api-key 💥 STEP TO REPRODUCE 1. First login into your account and open the link http://localhost/emoncms/user/newapikeywrite.json and a new api key will be generated. 💥 IMPACT Any attacker can send those link to vicitm and when vicitm open the link then api-key will be...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
✍️ Description In Ticket section , you protect tickets from being deleted with CSRF attacks but if I set CSRF token to nothings then I able to delete arbitrary tickets only with knowing their "trackid" parameter. 🕵️♂️ Proof of Concept // PoC.html history.pushState'', '', '/' 💥 Impact This...
in spiral-project/ihatemoney
💥 BUG clickjacking bug. 💥 STEP TO REPRODUCE I see there is no X-Frame-Options header present in response . So, it allow to load dashboard url in iframe which make clickjacking attack . Iframe will be completely hidden with opacity control so that victim dont suspect . bellow code can be used as...
in emoncms/emoncms
✍️ Description weak password requirements can lead to account takeover vulnerability as attacker easily can perform Bruteforce attacks. 🕵️♂️ Proof of Concept if a attacker knows the username and email of the your users then attacker easily can reset the victim password and no privileges required...
Cross-site Scripting (XSS) - Reflected in leantime/leantime
✍️ Description Reflected XSS in editBoxDialog.tpl.php where "module" and "label" parameters leads to exploitation of a vulnerability. 🕵️♂️ Proof of Concept Open this link http://127.0.0.1/setting/editBoxLabel?module=idealabels%22%3E%3Cscript%3Ealert%22XSS%20by%20OverJT%22%3C/script%3E&label=jjj 💥...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description I found a stored XSS in your project which is lead by adding client's comment. 🕵️♂️ Proof of Concept Steps to reproduce: 1. Create a Client. 2. Enter " in the comments. 3. Save and you will see XSS. 💥 Impact This vulnerability is capable of stored XSS...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description I found a stored XSS in your project which is lead by adding invoice comment. 🕵️♂️ Proof of Concept Steps to reproduce: 1. Create a invoice. 2. Enter " in the comments. 3. Save and you will see XSS. 💥 Impact This vulnerability is capable of stored XSS...