Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/08/04 6:55 a.m.8 views

Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager

✍️ Description CSRF bug in application 🕵️‍♂️ Proof of Concept Bellow request is vulnerable to csrf attack .\ Although there is csrf token in request but it does not checked in server-side . Any attacker provided csrf token is accepted here. POST /online-rental/app/applicationsleasesview.php...

6.9AI score
Exploits0
Huntr
Huntr
added 2021/08/04 6:48 a.m.8 views

Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager

✍️ Description CSRF bug to add property 🕵️‍♂️ Proof of Concept Bellow request is vulnerable to csrf attack .\ Although there is csrf token in request but it does not checked in server-side . Any attacker provided csrf token is accepted here. POST /online-rental/app/propertiesview.php HTTP/1.1 Host:...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/08/02 11:26 a.m.8 views

Cross-Site Request Forgery (CSRF) in alanaktion/phproject

✍️ Description Attacker able to close any issue with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

1.9AI score
Exploits0
Huntr
Huntr
added 2021/07/31 9:51 p.m.8 views

Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager

✍️ Description Attacker able to create any Document management if users visit attacker site. 🕵️‍♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check Document management with aaa name have been created. // PoC.html history.pushState'', '', '/' document.forms0.submit; 💥...

3.1AI score
Exploits0
Huntr
Huntr
added 2021/07/31 2:4 p.m.8 views

in amirsanni/mini-inventory-and-sales-management-system

💥 BUG unprivileged user can delete item 💥 STEP TO REPDOUCE 1. From admin account goto https://1410inc.xyz/mini-inventory-and-sales-management-system/administrators and add new user callled user-B with basic role .\ 2. Now goto user-B account and here user-B cant see any item.\ Now user-B execute...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/07/30 5:35 p.m.8 views

Cross-Site Request Forgery (CSRF) in sergix44/xbackbone

✍️ Description following endpoint vulnerable to CSRF: /omeka/system/recalculateUserQuota Also there is not any different that you run The application in localhost or some real hosts, this is enough to login with a browser that used the browser for online web surfacing too. 🕵️‍♂️ Proof of Concept //...

1.4AI score
Exploits0
Huntr
Huntr
added 2021/07/30 11:12 a.m.8 views

Use of a Broken or Risky Cryptographic Algorithm in hdinnovations/unit3d-community-edition

✍️ Description The referenced code block uses PHP's native md5 and uniqid functions to generate the attributes named passkey and rsskey - both of which are to be considered cryptographically insecure due to their usage of uniqid which is not to be considered cryptographically secure. 🕵️‍♂️ Proof of...

1AI score
Exploits0
Huntr
Huntr
added 2021/07/29 8:53 a.m.8 views

None in polonel/trudesk

1Go to https://docker.trudesk.io/ 2Enter the username and password 3Capture the request and start bruteforcing the password IMPACT: Account takeover...

1.4AI score
Exploits0
Huntr
Huntr
added 2021/07/28 8:40 p.m.8 views

Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/07/24 10:19 p.m.8 views

Use of a Broken or Risky Cryptographic Algorithm in serghey-rodin/vesta

✍️ Description uniqid does not generate cryptographically secure strings, even if it did, supplying it with mtrand would render it insecure as an attacker would be able to gain access to a victim's account by simply knowing when they logged in, this could be used as a mass-account-takeover vector...

2.2AI score
Exploits0
Huntr
Huntr
added 2021/07/24 12:2 p.m.8 views

Inefficient Regular Expression Complexity in erxes/erxes

✍️ Description If we want to use Regex in our match or search or replace or … functions, we must be sanitize this function's inputs. if an attacker capable to inject any Regex or abuse the exponential Regexes that used in our codes, then the ReDoS vulnerability appear and according to "freezing th...

Exploits0
Huntr
Huntr
added 2021/07/23 3:29 p.m.8 views

in janeczku/calibre-web

✍️ Description The attribute name is not properly restricted so a user can change his username even when the view does not allow to change it. 🕵️‍♂️ Proof of Concept //The method changeprofile saves also de name if it is present in the request. It does not check if the user has the permission to...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/07/22 4:41 a.m.8 views

Improper Privilege Management in opensource-socialnetwork/opensource-socialnetwork

💥 BUG unprivileged user can like to private album . 💥 IMPACT user who does not have permiison in private album still can comment in that album. 💥 STEP TO RERPODUCE There is two user called user-A and user-B.\ 1. First goto user-A account and create a private album . \ Lets album url is...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/07/21 11:43 a.m.8 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description CSRF bug to delete warehouse 🕵️‍♂️ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when delete warehouse ....

1.2AI score
Exploits0
Huntr
Huntr
added 2021/07/18 4:4 p.m.8 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description Attacker can Delete each Group with CSRF vulnerability when the Admin or SuperAdmin click on PoC.html file, it is enough to attacker know the Group id on server that start from 1. For bypass your CSRF token, I just delete token parameter value and set in nothings as you can see in "...

2.8AI score
Exploits0
Huntr
Huntr
added 2021/07/06 2:56 p.m.8 views

Cross-site Scripting (XSS) - Stored in sergix44/xbackbone

✍️ Description Stored xss through file upload via a .svg file 🕵️‍♂️ Proof of Concept Upload a .svg file with the following content: javascript alertdocument.cookie; give a name you want ending with .svg store-xss.svg for example and upload the file, after upload click on open click on raw see the...

7.1AI score
Exploits0
Huntr
Huntr
added 2021/07/06 1:25 p.m.8 views

Cross-site Scripting (XSS) - Stored in omeka/omeka-s

✍️ Description Stored xss bug using a xss payload in the Title when adding a new site. the xss is getting executed when you are trying to delete the website, see the PoC for details. 🕵️‍♂️ Proof of Concept Goto http://localhost/omeka/omeka-s/admin/site and click on add new site copy paste the...

7AI score
Exploits0
Huntr
Huntr
added 2021/07/05 6:27 a.m.8 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description I found a stored XSS in your project which is lead by adding unpaid invoice comment. 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Create a unpaid invoice. 2. Enter " in the comments. 3. Save and you will see XSS. 💥 Impact This vulnerability is capable of stored XSS...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/07/05 6:26 a.m.8 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description I found a stored XSS in your project which is lead by adding Leases starting/ending. 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Create a Starting or Ending as both are vulnerable. 2. Enter " in the notes. 3. Save and you will see XSS. 💥 Impact This vulnerability is capable of...

1AI score
Exploits0
Huntr
Huntr
added 2021/07/05 6:22 a.m.8 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description I found a stored XSS in your project which is lead by adding comments when creating landlord due to improper sanitization. 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Create a Landlord. 2. Enter x''' in the comments. 3. Save and you will see prompt. 💥 Impact This vulnerability is...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/07/05 6:21 a.m.8 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description I found a stored XSS in your project which is lead by adding anonymous group name. 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Create a group. 2. Enter group"' in the group name. 3. Save and visit view groups. 4. Click on the Anonymous group you just created. 💥 Impact This...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/07/04 6:34 a.m.8 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description stored xss via Group name 🕵️‍♂️ Proof of Concept Step To Reproduce: Go to /admin/pageEditGroup.php and creat a group with payload: '/ Now visit user dashboard ie, /membershipprofile.php and see the xss pops up Poc video:...

7AI score
Exploits0
Huntr
Huntr
added 2021/07/03 4:48 p.m.8 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored XSS in setting up mail sender's name sue to improper sanitization of user input. 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Go to http://192.168.43.130:8081/app/admin/pageSettings.php?search-settings=smtp 2. Enter payload " 3. Now visit...

Exploits0
Huntr
Huntr
added 2021/07/03 3:58 p.m.8 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

💥 BUG xss via unpaid-invoice-comment 💥 VERSION TESTED latest version as of 3/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-invoice3/app/hooks/calendar-unpaid-invoices.php?date=2021-06-03&view=dayGridMonth and create a...

3AI score
Exploits0
Huntr
Huntr
added 2021/07/03 3:16 p.m.8 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

💥 BUG xss via invoice-comment 💥 VERSION TESTED latest version as of 3/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-invoice3/app/invoicesview.php and create a new invoice .\ During creation put bellow xss payload in...

2.5AI score
Exploits0
Huntr
Huntr
added 2021/07/03 3:12 p.m.8 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description stored xss via client comment 🕵️‍♂️ Proof of Concept 1. First goto http://localhost/online-invoice3/app/clientsview.php and create a new client .\ During creation put bellow xss payload in comment section and save it .\ xss"' 2. Now any user open this client then xss is executed...

2.5AI score
Exploits0
Huntr
Huntr
added 2021/07/03 6:7 a.m.8 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

💥 BUG STORED XSSS 💥 TESTED VERSION latest version as of 3/7/21 💥 STEP TO REPRODUCE plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/16Y2WR7PKj-OpDGGDMAxV60CaiSX2RZXl/view?usp=sharing...

0.1AI score
Exploits0
Huntr
Huntr
added 2021/07/03 3:8 a.m.8 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored xss in adding group name. 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Create a group and enter s"' in group name 2. Save and view it you will see popup 💥 Impact This vulnerability is capable of stored xss...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/07/03 1:58 a.m.8 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored xss in profile Full-name field.\ There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the State name field as tested on the latest release. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/07/02 1:8 a.m.8 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the State name field as tested on the latest release. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user account. 3. Enter the s"' payload in the...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/07/02 1:5 a.m.8 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Address field as tested on the latest release. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user account. 3. Enter the s"' payload in the...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/06/27 9:12 p.m.8 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description GET parameter ?plugin= of plugin.php is vulnerable to reflected cross site scripting. plugin.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at printf in plugin.php 🕵️‍♂️ Proof of Concept 1. Visit...

2.7AI score
Exploits0References1
Huntr
Huntr
added 2021/06/27 9:4 p.m.8 views

Cross-site Scripting (XSS) - Stored in falconchristmas/fpp

✍️ Description GET parameter &value= in fppjson.php is vulnerable to stored cross site scripting. Analysis Trace: 1. Application takes unvalidated user data in &value= from GET request of /fppjson.php?command=setSetting&plugin=&key=emailserver&value=ytes";alert1 2. Now visiting any application pag...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2021/06/27 8:25 p.m.8 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description GET parameter ?plugin= is vulnerable to reflected cross site scripting. Line 17 of pluginconfig.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at printf in pluginconfig.php at line 17. 🕵️‍♂️ Proof...

2.6AI score
Exploits0
Huntr
Huntr
added 2021/06/25 6:2 p.m.8 views

Cross-site Scripting (XSS) - Stored in microweber/microweber

✍️ Description Hello, I found CSRF + XSS on website so the impact of XSS could be presented. There is no CSRF token or protection on: http://example.microweber.me/checkout/contact-information-save CSRF HTML PoC: history.pushState'', '', '/' and when we submit request XSS gets executed at the same...

0.5AI score
Exploits0References2
Huntr
Huntr
added 2021/06/16 1:53 p.m.8 views

Prototype Pollution in gregberge/xstyled

✍️ Description @xstyled/util is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. 🕵️‍♂️ Proof of Concept 1. Create the following PoC file: js // poc.js var util = require"@xstyled/util" var obj =...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/06/15 8:7 a.m.8 views

Improper Privilege Management in polonel/trudesk

💥 BUG external user can submit ticket even when its disabled 💥 SUMMURY external user can submit ticket even when its disabled 💥 STEP TO REPRODUCE 1. First from admin account goto settings--tickets and disallow Allow public tickets .\ So, external user cant create ticket using url...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/06/12 7:32 a.m.8 views

in laravel/framework

✍️ Description The activeurl rule for validation in input fails to correctly check dns record with dnsgetrecord resulting in bypassing the validation. 🕵️‍♂️ Proof of Concept For a laravel installation having the following validation on route: php Route::get'/', function $urlValidator =...

6.9AI score
Exploits0
Huntr
Huntr
added 2021/06/02 6:35 p.m.8 views

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

✍️ Description The /export/export endpoint does not have CSRF Protection. This could be used to force download account data and potentially spoof users. 🕵️‍♂️ Proof of Concept - Login to user account. - Create the following file and open the page in browser. // PoC.html To verify that you are a...

1.3AI score
Exploits0References1
Huntr
Huntr
added 2021/05/29 9:15 p.m.8 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Hi, in https://github.com/FalconChristmas/fpp/blob/39aa11e6f9bf8e7ee63bdbb07ea9fcabf434a60e/www/uploadfile.phpL504 you build a JS script using unsanitized user input, this can lead to XSS : php var activeTabNumber = ; // 🕵️‍♂️ Proof of Concept Visit...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/05/29 8:53 p.m.8 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Hi, in https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/rebootRemoteFPP.phpL15 the variable ip is reflected without prior sanitization : php $ip = $GET'ip'; echo "Rebooting FPP system @ $ip\n"; 🕵️‍♂️ Proof of Concept Visit :...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/05/29 4:12 p.m.8 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description An XSS vulnerability is present in https://github.com/FalconChristmas/fpp/blob/f032d800a67ed280f8d577d95519a71c95114579/www/upgradeOS.phpL26 due to absence of user input sanitization : php Image: 🕵️‍♂️ Proof of Concept Visit...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/05/24 3:33 p.m.8 views

Improper Access Control in causefx/organizr

✍️ Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. 🕵️‍♂️ Proof of Concept Visit the following link to verify that you can use the service...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/05/23 3:21 p.m.8 views

Stack-based Buffer Overflow in codeplea/tinyexpr

✍️ Description Whilst experimenting with repl built from commit 61af1d, with Clang 10 +ASan on Ubuntu 20.04.2 LTS, we discovered an expression containing 4 null characters after a newline which, due to insufficient bounds checking, triggers a stack-buffer-overflow. 🕵️‍♂️ Proof of Concept echo...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/05/18 6:31 a.m.8 views

Cross-site Scripting (XSS) - Reflected in tagspaces/viewertext

✍️ Description viewerText used within the Tagspaces to show a preview of text files is vulnerable to cross site scripting. 🕵️‍♂️ Proof of Concept If any HTML is feeded to setContent function: javascript setContent"alert'xss'; It appends it to the dom without any filteration: javascript...

0.2AI score
Exploits0References2
Huntr
Huntr
added 2021/05/17 5:5 p.m.8 views

Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr

💥 BUG Stored xss bypassing xss filter 💥 SUMMURY There are many different user with different role . Here using this xss bug lower level user can make xss attack against higher level user 💥 PAYLOAD XSS15 💥 STEP TO REPRODUCE 1. First goto your account and edit a product . Now put above xss payload ...

7.1AI score
Exploits0
Huntr
Huntr
added 2021/05/12 2:37 p.m.8 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description In https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/runEventScript.phpL30 you echo unsanitied user input in two places : php \n"; // 1 echo "\n"; system$SUDO . " $fppDir/scripts/eventScript $scriptDirectory/$script $args"; echo "\n"; else ?...

7AI score
Exploits0
Huntr
Huntr
added 2021/05/12 2:20 p.m.8 views

OS Command Injection in falconchristmas/fpp

✍️ Description In https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/copystorage.phpL27 you build a command using unsanitized user input : php &1"; // no sanitization : echo "Command: $command\n"; echo...

1AI score
Exploits0
Huntr
Huntr
added 2021/05/06 10:45 p.m.8 views

Path Traversal in thecodingmachine/mouf

✍️ Description Mouf is vulnerable to path traversal attacks on mouf/mouf/src/direct/getsourcefile.php because it doesnt sanitize user supplied parameters as shown below. Vulnerable variable: file Method: GET The $file variable is constructed using the user supplied data, and then a file is open...

2.1AI score
Exploits0
Huntr
Huntr
added 2021/03/31 12:36 a.m.8 views

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through adding new media. 🕵️‍♂️ Proof of Concept Payload: . 1. With an authenticated user, access: http://localhost/private/en/medialibrary/mediaitemindex. 2. Select the option Online movies Youtube, Vimeo, ... and click on Next. 3. Select any source...

0.4AI score
Exploits0
Total number of security vulnerabilities4072