4072 matches found
Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition
Description There is a CSRF vulnerability on Empty Inbox in Private Messages inbox. Proof of Concept //POC.html history.pushState'', '', '/'...
SQL Injection in ampache/ampache
Description The application does not validate and escape the type parameter before using it in a SQL statement in Model/Tag.php, leading to a SQL Injection Proof of Concept Time delay: GET /browse.php?action=tag&type=0%27orifnow=sysdate,sleep3,0or%27 HTTP/1.1 Host: demo.ampache.dev sec-ch-ua:...
Cross-site Scripting (XSS) - Stored in yeswiki/yeswiki
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...
Classic Buffer Overflow in sjord/checkmate
Description Good morning, I hope this message finds you well during these challenging times. Whilst testing checkmate built from commit 8e497d8, we discovered crafted input which triggers a bug in the frame parsing code, leading to a global-buffer-overflow, READ of size 4. Proof of Concept First...
Use of a Broken or Risky Cryptographic Algorithm in livehelperchat/livehelperchat
Description livehelperchat uses cryptographically insecure functions microtime, mtrand and even rand to generate sensitive information. Proof of Concept None provided, see the PHP documentation that specifies the cryptographic insecurity of the above functions. Impact This vulnerability is capabl...
Cross-Site Request Forgery (CSRF) in craigk5n/webcalendar
Description Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering such as sending a link via email or chat, an attacker may trick the users of a web...
Type Confusion in craigk5n/webcalendar
Description During the comparisons of different variables, php will automatically convert the data into a common, comparable type. This leads to a variety of problems and might even cause security vulnerabilities. https://github.com/craigk5n/webcalendar has type juggling vulnerabilities that allo...
Exposure of Sensitive Information to an Unauthorized Actor in kcal-app/kcal
Description An attacker can view the foods and other informations in the application through direct call to api functions without any authenication Proof of Concept Step 1 Go to http://demo.kcal.cooking/api/v1/foods?pagenumber=1&pagesize=12...
Use of a Broken or Risky Cryptographic Algorithm in idno/known
Description In the referenced code, known uses an insecure RNG to generate a password because, in its words; this should "mitigate security holes if cleanup fails" - unfortunately, if the cleanup fails - an attacker may be able to predict the password to the created account. Proof of Concept See...
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
Description With this CSRF any user is able to remove any punishment on any user made by the staff. Proof of Concept After you log in, open this POC.html in a browser. This will remove any punishment that's specified in the POC. history.pushState'', '', '/' document.forms0.submit; This specific P...
Inefficient Regular Expression Complexity in ampproject/amphtml
✍️ Description The amphtml package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted template as input to the expandTemplate function of core/types/string/index.js may cause an application to consume an excessive amount of CPU. Below pinned...
Cross-site Scripting (XSS) - Stored in zikula-modules/content
Description Stored XSS in External element Feed when created Content Proof of Concept POST /content/item/edit?type=Zikula%5CContentModule%5CContentType%5CFeedType HTTP/2 Host: demo.ziku.la Cookie: zsid=5idn7q9udrp7mgirikmdlep45d User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0...
Cross-Site Request Forgery (CSRF) in janeczku/calibre-web
Description Hi team :, the /shelf/remove/id and /shelf/add/id is vulnerable against CSRFleading to the possibility to add and remove shelves' items on the behalf of the victim user. Proof of Concept 1. Install the application 2. Create a new shelf id == 1 in this case 3. The attacker sends the...
Cross-site Scripting (XSS) - Reflected in zikula/core
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept // PoC Request: POST /permissions/test HTTP/1.1 Host: demo.ziku.la Cookie: zsid=qk60gkn4dmhgrjc6io2kt3dij4 User-Agent:...
in zikula/core
Description Rate limit bypass sent unlimited email victim or any email address Proof of Concept There is no rate limit lost-user-name, attacker to send unlimited email to victim or any email address. POST /zauth/account/lost-user-name HTTP/1.1 Host: demo.ziku.la User-Agent: Mozilla/5.0 Windows NT...
in zikula/core
Description Sensitive Data can be exposed even after logouting the application Proof of Concept Tested url :: https://demo.ziku.la/ Tested on :: Firefox 1 Login to the application 2 Got my account 3 Click logout button 4 Press browser back button 5 Now the we can re-enter to the dashboard Impact...
Inefficient Regular Expression Complexity in validatorjs/validator.js
Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in validator. It allows cause a denial of service when validating crafted invalid MagnetURIs. The ReDoS vulnerability is mainly due to the sub-pattern .+&tr=.+ with quantified overlapping adjacency and c...
Cross-site Scripting (XSS) - DOM in zoujingli/thinkadmin
Description DOM based xss via url hash frgament Proof of Concept First login into https://v6.thinkadmin.top and then visit https://v6.thinkadmin.top/admin.htmlhttps://bbounty.000webhostapp.com/cors.php?id=xxxxx2 and see xss is executed Impact DOM based xss via url hash fragment...
Cross-Site Request Forgery (CSRF) in microweber/microweber
Description Attacker able to delete any file In Files module if this module enabled there isn't any csrf protection in this endpoint. Proof of Concept After open the PoC.html file you can see that the file with name 1.jpg will be deleted. //PoC.html history.pushState'', '', '/'...
Cross-Site Request Forgery (CSRF) in glpi-project/glpi
✍️ Description Hello dear glpi team I found one more CSRF vulnerability. 🕵️♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here pdf plugin will be uninstalled after clicking on submit...
Cross-site Scripting (XSS) - Reflected in universaloj/uoj-system
✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...
Cross-site Scripting (XSS) - Reflected in tildeclub/site
✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...
Improper Access Control in agentejo/cockpit
✍️ Description A local file inclusion vulnerability allows attackers to bypass the need for API Keys when querying private custom API endpoints 🕵️♂️ Proof of Concept 1. On the server create a custom API endpoint in /var/www/html/config/api/custom.php as follows: param'test'; if !$test return...
Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver
✍️ Description stored xss bug via link in store 🕵️♂️ Proof of Concept 1. goto https://mainnet.demo.btcpayserver.org/stores and create a store .\ 2. Now open that store using url https://mainnet.demo.btcpayserver.org/stores/BuBNcrh8vpu4sMcTikqXoP5pXU49hvoFDyqAoA46Tns2 and change website link to...
in fisharebest/webtrees
✍️ Description The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. The Forgot Password feature can be exploited to conduct user enumeration. If the given email exists in the...
Cross-site Scripting (XSS) - Stored in leantime/leantime
✍️ Description A malicious actor is able to add new Client with a malicious payload, and upon opening the research menu, the XSS payload is being executed. 🕵️♂️ Proof of Concept - 1; Log in with a proper roled user - 2; Add a new client to the system at upper right corner at /clients/showAll/ URI...
Cross-site Scripting (XSS) - Stored in yogeshojha/rengine
✍️ Description Hi, When creating a template for nuclei, it is possible to upload a malicious template with xss load, clicking to see this template will run xss. 🕵️♂️ Proof of Concept 1- First, create the fake template: id: poc-xss alert1 info: name: xss-storage-rengine author: phor3nsic severity:...
Cross-site Scripting (XSS) - Stored in zikula/core
✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites 🕵️♂️ Proof of Concept // PoC.js 1- Go to -- https://demo.ziku.la/blocks/admin/block/edit/2 2- Go to Editor and link a test word with a link As...
Cross-Site Request Forgery (CSRF) in qkqpttgf/onemanager-php
✍️ Description Attacker able to rename any disktag with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks...
Cross-site Scripting (XSS) - Reflected in azuracast/azuracast
✍️ Description The Application is Vulnerable to reflected HTML Injection 🕵️♂️ Proof of Concept Open the following page in the browser as admin. The page is vulnerable to HTML Injection...
in zoujingli/thinkadmin
✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
✍️ Description The download/web-log endpoint does not have CSRF Protection. This could be used to force download error log and potentially sensitive information leakage. 🕵️♂️ Proof of Concept Login to user account. Create the following POC.html file and open the page in browser. To verify that you...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
✍️ Description Attacker is able to add an element to favorite. this vulnerability happens on some sections. for example on “Firewall” tab list/firewall/ 🕵️♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally first record saves as favorite...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
✍️ Description In this application there is weak CSRF protection on backup functionality. therefore according to below POC.html when a logged in user visits attacker website then an unintentional backup request sends to application. 🕵️♂️ Proof of Concept //PoC.html history.pushState'', '', '/'...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
✍️ Description Attacker is able to logout user if a logged in user visits attacker website. 🕵️♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally you logged out history.pushState'', '', '/' document.forms0.submit; 💥 Impact This vulnerability is...
Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts
✍️ Description Attacker able to delete any number of Purchases invoices with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...
Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2
✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...
Cross-Site Request Forgery (CSRF) in aces/loris
✍️ Description Attacker able to create any Category with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attack...
Cross-Site Request Forgery (CSRF) in aces/loris
✍️ Description Attacker able to edit any Information with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
Cross-site Scripting (XSS) - Stored in ampache/ampache
✍️ Description This is a stored XSS in the mp3 management library. 🕵️♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Open "New" 1 under "Information" menu: 💥 Impact By uploading an mp3 with javascript code into meta tag could permit an...
in filegator/filegator
Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills. This tricks...
Cross-Site Request Forgery (CSRF) in glpi-project/glpi
✍️ Description Attacker able to delete any document from Processing change with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user...
Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager
✍️ Description csrf bug to create a backup 🕵️♂️ Proof of Concept Bellow request vulnerable to csrf bug which allow to create database backup GET /online-rental-property-manager/app/admin/pageBackupRestore.php?action=createbackup HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Ubuntu; Linux...
Improper Privilege Management in bigprof-software/online-invoicing-system
💥 BUG CSRF bug to approve member 💥 IMPACT csrf bug allow to approov any user 💥 STEP TO REPRODUCE 1. Lets assume signup allowed in settings page and member need to approoved .\ Now From external user goto http://localhost/online-invoice/app/membershipsignup.php and signup for new member with...
Cross-Site Request Forgery (CSRF) in alanaktion/phproject
✍️ Description Attacker able to delete any group with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks i...
Improper Privilege Management in amirsanni/mini-inventory-and-sales-management-system
💥 BUG unprivileged user can add item 💥 STEP TO REPDOUCE 1. From admin account goto https://1410inc.xyz/mini-inventory-and-sales-management-system/administrators and add new user callled user-B with basic role .\ So, user-B cant add new item.\ 2. Now goto user-B account and here user-B cant see...
Cross-Site Request Forgery (CSRF) in sergix44/xbackbone
✍️ Description following endpoint vulnerable to CSRF: /omeka/upload/1/delete Also there is not any different that you run The application in localhost or some real hosts, this is enough to login with a browser that used the browser for online web surfacing too. 🕵️♂️ Proof of Concept // PoC.html...
Cross-Site Request Forgery (CSRF) in microweber/microweber
✍️ Description Attacker able to delete any Module if attacker knows the ids parameter value. 🕵️♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the Module with id 167 has been deleted. //PoC.html...
Cross-Site Request Forgery (CSRF) in microweber/microweber
✍️ Description Attacker able to delete any user if knows the user id parameter value. 🕵️♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the user with id 3 has been deleted. //PoC.html history.pushState'', '',...
in erudika/scoold
✍️ Description You should check and validate the password when users registering, any user able to use a weak password like aaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords. 💥 Impact This...