4072 matches found
Cross-Site Request Forgery (CSRF) in microweber/microweber
✍️ Description Attacker able to delete any user if knows the user id parameter value. 🕵️♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the user with id 3 has been deleted. //PoC.html history.pushState'', '',...
in erudika/scoold
✍️ Description You should check and validate the password when users registering, any user able to use a weak password like aaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords. 💥 Impact This...
Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis
✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
in zeromq/pyzmq
✍️ Description The paramiko.WarningPolicy policy used in setmissinghostkeypolicy will not reject unknown host keys. This may lead to Man-in-the-middle attacks. 🕵️♂️ Proof of Concept client = paramiko.SSHClient client.loadsystemhostkeys client.setmissinghostkeypolicyparamiko.WarningPolicy 💥 Impact...
Use of a Broken or Risky Cryptographic Algorithm in serghey-rodin/vesta
✍️ Description uniqid does not generate cryptographically secure strings, even if it did, supplying it with mtrand would render it insecure as an attacker would be able to gain access to a victim's account by simply knowing when they logged in, this could be used as a mass-account-takeover vector...
Cross-Site Request Forgery (CSRF) in janeczku/calibre-web
✍️ Description An attacker can make a user change his profile settings by CSRF vulnerability through PoC file. There is no CSRF token. 🕵️♂️ Proof of Concept For example, changing the email address from "[email protected]" to "[email protected]" test1's profile. Make the user open a link with this page...
Cross-Site Request Forgery (CSRF) in emoncms/dashboard
💥 BUG csrf bug to regenerate api-key 💥 STEP TO REPRODUCE 1. First login into your account and open the link http://localhost/emoncms/user/newapikeywrite.json and a new api key will be generated. 💥 IMPACT Any attacker can send those link to vicitm and when vicitm open the link then api-key will be...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
✍️ Description In Ticket section , you protect tickets from being deleted with CSRF attacks but if I set CSRF token to nothings then I able to delete arbitrary tickets only with knowing their "trackid" parameter. 🕵️♂️ Proof of Concept // PoC.html history.pushState'', '', '/' 💥 Impact This...
in spiral-project/ihatemoney
💥 BUG clickjacking bug. 💥 STEP TO REPRODUCE I see there is no X-Frame-Options header present in response . So, it allow to load dashboard url in iframe which make clickjacking attack . Iframe will be completely hidden with opacity control so that victim dont suspect . bellow code can be used as...
in emoncms/emoncms
✍️ Description weak password requirements can lead to account takeover vulnerability as attacker easily can perform Bruteforce attacks. 🕵️♂️ Proof of Concept if a attacker knows the username and email of the your users then attacker easily can reset the victim password and no privileges required...
Cross-site Scripting (XSS) - Reflected in leantime/leantime
✍️ Description Reflected XSS in editBoxDialog.tpl.php where "module" and "label" parameters leads to exploitation of a vulnerability. 🕵️♂️ Proof of Concept Open this link http://127.0.0.1/setting/editBoxLabel?module=idealabels%22%3E%3Cscript%3Ealert%22XSS%20by%20OverJT%22%3C/script%3E&label=jjj 💥...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description I found a stored XSS in your project which is lead by adding client's comment. 🕵️♂️ Proof of Concept Steps to reproduce: 1. Create a Client. 2. Enter " in the comments. 3. Save and you will see XSS. 💥 Impact This vulnerability is capable of stored XSS...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description I found a stored XSS in your project which is lead by adding invoice comment. 🕵️♂️ Proof of Concept Steps to reproduce: 1. Create a invoice. 2. Enter " in the comments. 3. Save and you will see XSS. 💥 Impact This vulnerability is capable of stored XSS...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
💥 BUG Stored xss 2 💥 VERSION TESTED latest version as of 4/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/admin/pageSettings.php and click on Sign Up tab .\ put bellow xss payload xss2"' in Members custom...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
💥 BUG XSS via groupname 💥 VERSION TESTED latest version as of 4/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/admin/pageViewGroups.php and create a new group .\ During creation put bellow xss payload in...
Cross-site Scripting (XSS) - Stored in volmarg/personal-management-system
💥 BUG XSS via issue-name 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://personal-management-system.pl/my-issues/pending and create a new issue .\ During creation put bellow xss payload in name field and save it.\ xss"' Now whenever you visit...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description In the repo online invoicing system i found a stored xss which gets exploited on member profile view which is lead by group name. 🕵️♂️ Proof of Concept Video POC: https://drive.google.com/file/d/1wUNY4BQyvI5RzutUn8T5KbTRMAIAZOlJ/view?usp=sharing Steps to reproduce: 1. Create a group...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description here is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Address field as tested on the latest releasety. 🕵️♂️ Proof of Concept step to reproduce: Go to /admin/pageSettings.php and click Preconfigured users and groups Add payload: " on Name...
Cross-site Scripting (XSS) - Reflected in bigprof-software/online-rental-property-manager
✍️ Description Reflected XSS in membershippasswordReset.php where key parameter leads to exploitation of a vulnerability. 🕵️♂️ Proof of Concept // POC membershippasswordReset.php?key=;?"alert1 💥 Impact This vulnerability is capable of XSS, steal user cookies, session hijacking...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
💥 BUG xss via unit description 💥 VERSION TESTED latest version as of 1/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/unitsview.php and create a new unit .\ During creation put bellow xss payload in...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
✍️ Description Stored xss in profile Address field.\ There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the State name field as tested on the latest release. 🕵️♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
💥 BUG xss via groupname permission 💥 VERSION TESTED latest version as of 1/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. first goto http://localhost/online-rental/app/admin/pageEditGroup.php and add a new group and put bellow xss payload in...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description There is a Stored XSS in the online invoicing system view price history which is lead by adding invoice items. 💥 TESTED VERSION https://github.com/bigprof-software/online-invoicing-system/releases/tag/v5.0 🕵️♂️ Proof of Concept POC Video:...
Cross-site Scripting (XSS) - Reflected in projectsend/projectsend
💥 BUG reflected xss 💥 STEP TO REPRODUCE 1. Login to your account and visit url http://localhost/projectsend2/process.php?do=returnfilesids&files%5B0%5D%5Bname%5D=batch%5B%5D&files%5B0%5D%5Bvalue%5D=32%27%22%3E%3Cimg+src=x+onerror=alert%3E and see xss is executed 💥 IMPACT Attacker can execute...
Cross-site Scripting (XSS) - Stored in getgrav/grav
✍️ Description Grav is vulnerable to XSS via bad SVG files. It is possible to upload an SVG file that contains errors after script tags. 🕵️♂️ Proof of Concept SVG file content: html alertdocument.domain; 1. Create an SVG file with the above content. 2. Upload it through profile image update. 3...
Server-Side Request Forgery (SSRF) in kalcaddle/kodexplorer
✍️ Description The path is vulnerable to ssrf via svg file upload 🕵️♂️ Proof of Concept upload an SVG file with SSRF payload in it. open option on the file and open with browser. 💥 Impact redirect host via ssrf...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description There is a Stored XSS in the online invoicing system when adding a group name. 🕵️♂️ Proof of Concept Video POC: https://drive.google.com/file/d/13VaUfJrhd7m565lMQWZMfzXhfYPVjPV/view?usp=sharing Payload: ''' 💥 Impact Stored XSS...
Cross-site Scripting (XSS) - Reflected in bigprof-software/online-invoicing-system
✍️ Description Application is vulnerable to XSS through key parameter. Line 85 of membershippasswordReset.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in membershippasswordReset.php at line 85...
Command Injection in sofianehamlaoui/lockdoor-framework
✍️ Description inurlbr function is vulnerable to CI of exploitation.py 🕵️♂️ Proof of Concept // PoC https://drive.google.com/file/d/1HpID3CrNAqK7t0C2JttP75Eqptha6r-D/view?usp=sharing 💥 Impact command run as root. So an attacker could do potential damage to the machine...
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
✍️ Description ?tab= parameter is vulnerable to Cross Site Scripting. Line 1974 of backup.php sends unvalidated data to a web browser, which can result in the browser executing malicious code of XSS. 🕵️♂️ Proof of Concept POC SCREENSHOT: 1. Just visit /settings.php?tab=alert1 and XSS will be pop...
Cross-site Scripting (XSS) - Stored in nebulade/meemo
✍️ Description Stored xss in meemo file create functionality 🕵️♂️ Proof of Concept Payload: Test POC screenshot: https://drive.google.com/file/d/1aLBRIdU2AAz-RXa6uEF0IiWfks5jHMu/view?usp=sharing Tested on the demo website of the latest release. To reproduce create a file and add the following...
Cross-site Scripting (XSS) - Stored in falconchristmas/fpp
✍️ Description fpp is vulnerable to XSS through file name. 🕵️♂️ Proof of Concept 1. Access /upload. 2. Change the name of an image to .png. 3. Upload it. 💥 Impact JavaScript code execution...
in chatwoot/chatwoot
💥 BUG unprivileged user can see ticket content 💥 IMPACT User does not have any inboixes but still can see ticket details in inbox . 💥 STEP TO REPRODUCE 1.First from admin account goto https://app.chatwoot.com/app/accounts/4534/settings/agents/list and add new agent user-B .\ Now dont add this...
Improper Privilege Management in gskinner/regexr
✍️ Description I managed to find a Critical IDOR in the https://github.com/gskinner/regexr/ . Any user is able to change the Visibility Status of any pattern set 📚 Proof of Concept 1: Go to https://regexr.com/ 2: Click on "New" in the Top Left Corner 3: Select Pattern Settings and Fill out "patter...
Path Traversal in kalcaddle/kodexplorer
✍️ Description KodExplorer A web-based file manager, web IDE/browser-based code editor. I discovered that by uploading a symbolic linked file via any user, he/she could see any file in the server which causes Path Traversal vulnerability. 🕵️♂️ Proof of Concept 1. Create a file by the following...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
✍️ Description The faq section of LiveHelperChat can be modified listing some new questions/answers. However, the template is used incorrectly resulting in a CSTI injection which leads to stored XSS. 🕵️♂️ Proof of Concept 1. Install the livechat 2. Go on https://your-host.com/siteadmin/faq/view/1...
SQL Injection in s-cart/core
✍️ Description Searching keyword in/scadmin/currency is vulnerable to SQL injection. This will allow a user to run arbitrary SQL queries and completely delete, edit, export or change all information in the database - potentially rendering the entire platform unusable. 🕵️♂️ Proof of Concept Login...
Cross-site Scripting (XSS) - Stored in cortezaproject/corteza-server
💥 BUG Stored xss bug using file upload against admin . 💥 TESTED VERSION v2021.3.6 💥 IMPACT lower level user can make xss attack against admin . Using xss bug attacker can execute arbitary javascript in victim account .\ Thus lower level user can execute arbitary javascript in admin account using...
None in chatwoot/chatwoot
✍️ Description No rate limit on the login portal 🕵️♂️ Proof of Concept POC VIDEO: https://drive.google.com/file/d/1fmhVsm2tZ2r1yIGduAlTWFO52semP5z/view?usp=sharing Conclusion: It gives 401 error when an incorrect password It gives 200 when it got the correct password 💥 Impact Any attacker can able...
Heap-based Buffer Overflow in squell/id3
✍️ Description Archive.org is a worthy cause to support. 👍 During testing of id3 compiled from commit a899ea with Clang 13+ASan on Ubuntu 20.04.2, we discovered a payload which triggers a heap-buffer-overflow in ID3put. This particular bug was found using the AFL fuzzer. 🕵️♂️ Proof of Concept echo...
Cross-Site Request Forgery (CSRF) in monicahq/monica
✍️ Description The /settings/exportToSql endpoint does not have CSRF Protection. This could be used to force download account data and potentially spoof users. 🕵️♂️ Proof of Concept Login to user account. Create the following file and open the page in browser. // PoC.html To verify that you are a...
Prototype Pollution in robinvdvleuten/shvl
✍️ Description Hi, I've seen a recent prototype pollution report to this library and, during the code review, found out that the applied fix doesn't work at all. The problem relies in the regex used to fix, as I shown bellow. 🕵️♂️ Proof of Concept The reported prototype pollution resulted in the...
OS Command Injection in falconchristmas/fpp
✍️ Description Hi, it is possible to inject arbitrary OS commands in https://github.com/FalconChristmas/fpp/blob/59b7f7e8039a7019143c2c4b44f7d95b6358a4ef/www/formatstorage.phpL24 php &1"; echo "Command: $command\n"; echo...
OS Command Injection in falconchristmas/fpp
✍️ Description Hi, it is possible ot inject arbitrary OS commands in https://github.com/FalconChristmas/fpp/blob/f032d800a67ed280f8d577d95519a71c95114579/www/upgradeOS.phpL46 php system$SUDO . " $fppDir/SD/upgradeOS-part1.sh /home/fpp/media/upload/" . $GET'os'; 🕵️♂️ Proof of Concept Visit :...
Command Injection in sofianehamlaoui/lockdoor-framework
✍️ Description Unsanitized user input leads to command injection in multiple scripts. 🕵️♂️ Proof of Concept payload = ;id https://drive.google.com/file/d/1ZPyCaSyDbD2-gQK43DKlAHkFxi8lmgh/view?usp=sharing 💥 Impact command run as root so it could do potential damage...
Improper Access Control in teamultroid/ultroid
✍️ Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. 🕵️♂️ Proof of Concept Visit this link to verify that you can use the service by visiting...
Prototype Pollution in fiznool/body-parser-xml
✍️ Description This library uses an XML parsing library which causes prototype pollution. However, this issue can be fixed on our side. 🕵️♂️ Proof of Concept const express = require'express'; const bodyParser = require'body-parser'; require'body-parser-xml'bodyParser; const app = express; const...
in rockcarry/ffjpeg
✍️ Description An exploitable heap overflow vulnerability exists in function bmpload in bmp.c. 🕵️♂️ Proof of Concept make ./ffjpeg -e poc 💥 Impact This vulnerability is capable of Code execution...
OS Command Injection in falconchristmas/fpp
✍️ Description Hi, in https://github.com/FalconChristmas/fpp/blob/721c99aed6897792bf7f79fa02a280995e27d409/www/gitCheckoutVersion.phpL38 : php A system function is called with a user input, a malicious user could profit from it if the version variable contains a command 🕵️♂️ Proof of Concept...
Cross-site Scripting (XSS) - Reflected in forkcms/forkcms
✍️ Description The forkcms is vulnerable to XSS through Online movies id edition. 🕵️♂️ Proof of Concept 1. With an authenticated user, access http://localhost/private/en/medialibrary/mediaitemindex. 2. Click on New media. 3. Select Online movies Youtube, Vimeo, ... and click on Next. 4. Select any...