4072 matches found
in emoncms/emoncms
✍️ Description weak password requirements can lead to account takeover vulnerability as attacker easily can perform Bruteforce attacks. 🕵️♂️ Proof of Concept if a attacker knows the username and email of the your users then attacker easily can reset the victim password and no privileges required...
Cross-site Scripting (XSS) - Reflected in leantime/leantime
✍️ Description Reflected XSS in editBoxDialog.tpl.php where "module" and "label" parameters leads to exploitation of a vulnerability. 🕵️♂️ Proof of Concept Open this link http://127.0.0.1/setting/editBoxLabel?module=idealabels%22%3E%3Cscript%3Ealert%22XSS%20by%20OverJT%22%3C/script%3E&label=jjj 💥...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description I found a stored XSS in your project which is lead by adding client's comment. 🕵️♂️ Proof of Concept Steps to reproduce: 1. Create a Client. 2. Enter " in the comments. 3. Save and you will see XSS. 💥 Impact This vulnerability is capable of stored XSS...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description I found a stored XSS in your project which is lead by adding invoice comment. 🕵️♂️ Proof of Concept Steps to reproduce: 1. Create a invoice. 2. Enter " in the comments. 3. Save and you will see XSS. 💥 Impact This vulnerability is capable of stored XSS...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
💥 BUG Stored xss 2 💥 VERSION TESTED latest version as of 4/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/admin/pageSettings.php and click on Sign Up tab .\ put bellow xss payload xss2"' in Members custom...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
💥 BUG XSS via groupname 💥 VERSION TESTED latest version as of 4/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/admin/pageViewGroups.php and create a new group .\ During creation put bellow xss payload in...
Cross-site Scripting (XSS) - Stored in volmarg/personal-management-system
💥 BUG XSS via issue-name 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://personal-management-system.pl/my-issues/pending and create a new issue .\ During creation put bellow xss payload in name field and save it.\ xss"' Now whenever you visit...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description In the repo online invoicing system i found a stored xss which gets exploited on member profile view which is lead by group name. 🕵️♂️ Proof of Concept Video POC: https://drive.google.com/file/d/1wUNY4BQyvI5RzutUn8T5KbTRMAIAZOlJ/view?usp=sharing Steps to reproduce: 1. Create a group...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description here is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Address field as tested on the latest releasety. 🕵️♂️ Proof of Concept step to reproduce: Go to /admin/pageSettings.php and click Preconfigured users and groups Add payload: " on Name...
Cross-site Scripting (XSS) - Reflected in bigprof-software/online-rental-property-manager
✍️ Description Reflected XSS in membershippasswordReset.php where key parameter leads to exploitation of a vulnerability. 🕵️♂️ Proof of Concept // POC membershippasswordReset.php?key=;?"alert1 💥 Impact This vulnerability is capable of XSS, steal user cookies, session hijacking...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
💥 BUG xss via unit description 💥 VERSION TESTED latest version as of 1/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/unitsview.php and create a new unit .\ During creation put bellow xss payload in...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
✍️ Description Stored xss in profile Address field.\ There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the State name field as tested on the latest release. 🕵️♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
💥 BUG xss via groupname permission 💥 VERSION TESTED latest version as of 1/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. first goto http://localhost/online-rental/app/admin/pageEditGroup.php and add a new group and put bellow xss payload in...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description There is a Stored XSS in the online invoicing system view price history which is lead by adding invoice items. 💥 TESTED VERSION https://github.com/bigprof-software/online-invoicing-system/releases/tag/v5.0 🕵️♂️ Proof of Concept POC Video:...
Cross-site Scripting (XSS) - Reflected in projectsend/projectsend
💥 BUG reflected xss 💥 STEP TO REPRODUCE 1. Login to your account and visit url http://localhost/projectsend2/process.php?do=returnfilesids&files%5B0%5D%5Bname%5D=batch%5B%5D&files%5B0%5D%5Bvalue%5D=32%27%22%3E%3Cimg+src=x+onerror=alert%3E and see xss is executed 💥 IMPACT Attacker can execute...
Cross-site Scripting (XSS) - Stored in getgrav/grav
✍️ Description Grav is vulnerable to XSS via bad SVG files. It is possible to upload an SVG file that contains errors after script tags. 🕵️♂️ Proof of Concept SVG file content: html alertdocument.domain; 1. Create an SVG file with the above content. 2. Upload it through profile image update. 3...
Server-Side Request Forgery (SSRF) in kalcaddle/kodexplorer
✍️ Description The path is vulnerable to ssrf via svg file upload 🕵️♂️ Proof of Concept upload an SVG file with SSRF payload in it. open option on the file and open with browser. 💥 Impact redirect host via ssrf...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description There is a Stored XSS in the online invoicing system when adding a group name. 🕵️♂️ Proof of Concept Video POC: https://drive.google.com/file/d/13VaUfJrhd7m565lMQWZMfzXhfYPVjPV/view?usp=sharing Payload: ''' 💥 Impact Stored XSS...
Cross-site Scripting (XSS) - Reflected in bigprof-software/online-invoicing-system
✍️ Description Application is vulnerable to XSS through key parameter. Line 85 of membershippasswordReset.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in membershippasswordReset.php at line 85...
Command Injection in sofianehamlaoui/lockdoor-framework
✍️ Description inurlbr function is vulnerable to CI of exploitation.py 🕵️♂️ Proof of Concept // PoC https://drive.google.com/file/d/1HpID3CrNAqK7t0C2JttP75Eqptha6r-D/view?usp=sharing 💥 Impact command run as root. So an attacker could do potential damage to the machine...
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
✍️ Description ?tab= parameter is vulnerable to Cross Site Scripting. Line 1974 of backup.php sends unvalidated data to a web browser, which can result in the browser executing malicious code of XSS. 🕵️♂️ Proof of Concept POC SCREENSHOT: 1. Just visit /settings.php?tab=alert1 and XSS will be pop...
Cross-site Scripting (XSS) - Stored in nebulade/meemo
✍️ Description Stored xss in meemo file create functionality 🕵️♂️ Proof of Concept Payload: Test POC screenshot: https://drive.google.com/file/d/1aLBRIdU2AAz-RXa6uEF0IiWfks5jHMu/view?usp=sharing Tested on the demo website of the latest release. To reproduce create a file and add the following...
Cross-site Scripting (XSS) - Stored in falconchristmas/fpp
✍️ Description fpp is vulnerable to XSS through file name. 🕵️♂️ Proof of Concept 1. Access /upload. 2. Change the name of an image to .png. 3. Upload it. 💥 Impact JavaScript code execution...
in chatwoot/chatwoot
💥 BUG unprivileged user can see ticket content 💥 IMPACT User does not have any inboixes but still can see ticket details in inbox . 💥 STEP TO REPRODUCE 1.First from admin account goto https://app.chatwoot.com/app/accounts/4534/settings/agents/list and add new agent user-B .\ Now dont add this...
Improper Privilege Management in gskinner/regexr
✍️ Description I managed to find a Critical IDOR in the https://github.com/gskinner/regexr/ . Any user is able to change the Visibility Status of any pattern set 📚 Proof of Concept 1: Go to https://regexr.com/ 2: Click on "New" in the Top Left Corner 3: Select Pattern Settings and Fill out "patter...
Path Traversal in kalcaddle/kodexplorer
✍️ Description KodExplorer A web-based file manager, web IDE/browser-based code editor. I discovered that by uploading a symbolic linked file via any user, he/she could see any file in the server which causes Path Traversal vulnerability. 🕵️♂️ Proof of Concept 1. Create a file by the following...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
✍️ Description The faq section of LiveHelperChat can be modified listing some new questions/answers. However, the template is used incorrectly resulting in a CSTI injection which leads to stored XSS. 🕵️♂️ Proof of Concept 1. Install the livechat 2. Go on https://your-host.com/siteadmin/faq/view/1...
SQL Injection in s-cart/core
✍️ Description Searching keyword in/scadmin/currency is vulnerable to SQL injection. This will allow a user to run arbitrary SQL queries and completely delete, edit, export or change all information in the database - potentially rendering the entire platform unusable. 🕵️♂️ Proof of Concept Login...
Cross-site Scripting (XSS) - Stored in cortezaproject/corteza-server
💥 BUG Stored xss bug using file upload against admin . 💥 TESTED VERSION v2021.3.6 💥 IMPACT lower level user can make xss attack against admin . Using xss bug attacker can execute arbitary javascript in victim account .\ Thus lower level user can execute arbitary javascript in admin account using...
None in chatwoot/chatwoot
✍️ Description No rate limit on the login portal 🕵️♂️ Proof of Concept POC VIDEO: https://drive.google.com/file/d/1fmhVsm2tZ2r1yIGduAlTWFO52semP5z/view?usp=sharing Conclusion: It gives 401 error when an incorrect password It gives 200 when it got the correct password 💥 Impact Any attacker can able...
Heap-based Buffer Overflow in squell/id3
✍️ Description Archive.org is a worthy cause to support. 👍 During testing of id3 compiled from commit a899ea with Clang 13+ASan on Ubuntu 20.04.2, we discovered a payload which triggers a heap-buffer-overflow in ID3put. This particular bug was found using the AFL fuzzer. 🕵️♂️ Proof of Concept echo...
Cross-Site Request Forgery (CSRF) in monicahq/monica
✍️ Description The /settings/exportToSql endpoint does not have CSRF Protection. This could be used to force download account data and potentially spoof users. 🕵️♂️ Proof of Concept Login to user account. Create the following file and open the page in browser. // PoC.html To verify that you are a...
Prototype Pollution in robinvdvleuten/shvl
✍️ Description Hi, I've seen a recent prototype pollution report to this library and, during the code review, found out that the applied fix doesn't work at all. The problem relies in the regex used to fix, as I shown bellow. 🕵️♂️ Proof of Concept The reported prototype pollution resulted in the...
OS Command Injection in falconchristmas/fpp
✍️ Description Hi, it is possible to inject arbitrary OS commands in https://github.com/FalconChristmas/fpp/blob/59b7f7e8039a7019143c2c4b44f7d95b6358a4ef/www/formatstorage.phpL24 php &1"; echo "Command: $command\n"; echo...
OS Command Injection in falconchristmas/fpp
✍️ Description Hi, it is possible ot inject arbitrary OS commands in https://github.com/FalconChristmas/fpp/blob/f032d800a67ed280f8d577d95519a71c95114579/www/upgradeOS.phpL46 php system$SUDO . " $fppDir/SD/upgradeOS-part1.sh /home/fpp/media/upload/" . $GET'os'; 🕵️♂️ Proof of Concept Visit :...
Command Injection in sofianehamlaoui/lockdoor-framework
✍️ Description Unsanitized user input leads to command injection in multiple scripts. 🕵️♂️ Proof of Concept payload = ;id https://drive.google.com/file/d/1ZPyCaSyDbD2-gQK43DKlAHkFxi8lmgh/view?usp=sharing 💥 Impact command run as root so it could do potential damage...
Improper Access Control in teamultroid/ultroid
✍️ Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. 🕵️♂️ Proof of Concept Visit this link to verify that you can use the service by visiting...
Prototype Pollution in fiznool/body-parser-xml
✍️ Description This library uses an XML parsing library which causes prototype pollution. However, this issue can be fixed on our side. 🕵️♂️ Proof of Concept const express = require'express'; const bodyParser = require'body-parser'; require'body-parser-xml'bodyParser; const app = express; const...
in rockcarry/ffjpeg
✍️ Description An exploitable heap overflow vulnerability exists in function bmpload in bmp.c. 🕵️♂️ Proof of Concept make ./ffjpeg -e poc 💥 Impact This vulnerability is capable of Code execution...
OS Command Injection in falconchristmas/fpp
✍️ Description Hi, in https://github.com/FalconChristmas/fpp/blob/721c99aed6897792bf7f79fa02a280995e27d409/www/gitCheckoutVersion.phpL38 : php A system function is called with a user input, a malicious user could profit from it if the version variable contains a command 🕵️♂️ Proof of Concept...
Cross-site Scripting (XSS) - Reflected in forkcms/forkcms
✍️ Description The forkcms is vulnerable to XSS through Online movies id edition. 🕵️♂️ Proof of Concept 1. With an authenticated user, access http://localhost/private/en/medialibrary/mediaitemindex. 2. Click on New media. 3. Select Online movies Youtube, Vimeo, ... and click on Next. 4. Select any...
Session Fixation in monicahq/monica
✍️ Description Recently there was more than 5 reports at huntr showing how to trigger XSS in monica ,the session fixation i am reporting here can be used with these bugs or can be used for post exploitation methods to maintain access on an account even after changing the password of the account...
Path Traversal in svenstaro/miniserve
✍️ Description The file upload feature in miniserver is vulnerable to path traversal vulnerability. An attacker can upload a file with "../" in the filename and the web server will then upload the file outside of the directory scope allowing path traversal. The severity of this security issue...
Insufficiently Protected Credentials in hotrodzphotography/hotrodzphotography.github.io
✍️ Description Private mailgun API key found in https://github.com/hotrodzphotography/hotrodzphotography.github.io/blob/1e8d0227f3558f3df8140ee0042867fcb1146379/src/views/Contact.vueL48 90e27fb32160148dc1cc3890ef601355' 🕵️♂️ Proof of Concept curl --user 'api:key-90e27fb32160148dc1cc3890ef601355'...
Command Injection in sofianehamlaoui/lockdoor-framework
✍️ Description Command injection occurs due to lack of sanitization of input passed to the os.system command usage in the package. as the package runs only as root every command processed inside the package system command will be running with root privileges , so every command passed via simple...
Prototype Pollution in aheckmann/mquery
✍️ Description mquery is aware of the risk of prototype pollution in its exported functions cloneObject and merge and readily present protection by checking the key in var specialProperties = 'proto', 'constructor', 'prototype'. However, the current protection misses to protect another exported...
Code Injection in adobe/ops-cli
Description ops-cli is a wrapper for Terraform, Ansible, Helmfile and SSH for cloud automation , which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip install ops-cli Run exploit.py...
Prototype Pollution in kettek/dot-dotty
Description dot-dotty is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js const DotDotty = require'dot-dotty' let obj = a: 1 let dot = DotDottyobj console.log"Before : " + .polluted; dot'proto.polluted' = 'Yes! Its Polluted'; console.log"After : " +...
Code Injection in tensorflow/tfx
Description TensorFlow Extended TFX is a Google-production-scale machine learning platform based on TensorFlow. It provides a configuration framework to express ML pipelines consisting of TFX components. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of...
Prototype Pollution in yomguithereal/baobab
Description baobab is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const Baobab = require'baobab'; console.log'Before: ' + .polluted tree = new Baobab tree.deepMergeJSON.parse'"proto": "polluted": true' console.log'After: ' + .polluted...