4072 matches found
Open Redirect in slackero/phpwcms
βοΈ Description Session hijacking via open redirection π΅οΈββοΈ Proof of Concept Steps to reproduce 1. Go to http://your-domain.tld/login.php?ref=http://attackers-domain.tld/? 2. Login to a valid account 3. You will be redirected to...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
βοΈ Description Attacker able to delete any Message with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the I...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
βοΈ Description Attacker able to delete any Organization with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know...
Cross-site Scripting (XSS) - Reflected in forkcms/forkcms
βοΈ Description The forkcms is vulnerable to XSS through settings translation π΅οΈββοΈ Proof of Concept 1. Go to https://demo.fork-cms.com/private/en/locale 2. In search box named "Reference code" input " 3. XSS payload will be executed π₯ Impact An attacker can execute JavaScript code in the website...
Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition
βοΈ Description Attacker is able to change a user profile state to private if a logged in user visits attacker website. π΅οΈββοΈ Proof of Concept 1. when you logged in open this POC.html in a browser 2. you can check your profile state changed form public to private history.pushState'', '', '/'...
Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin
βοΈ Description Attacker able to delete any menu with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin
βοΈ Description Attacker able to delete any rule with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin
βοΈ Description Attacker able to upload any picture with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks...
Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin
βοΈ Description Attacker able to delete any admin with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks i...
Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager
βοΈ Description csrf bug to delete a backup π΅οΈββοΈ Proof of Concept Bellow request vulnerable to csrf bug which allow to delete database backup GET /online-rental-property-manager/app/admin/pageBackupRestore.php?action=delete&md5hash=eea01b37c4b7422a4 HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0...
Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager
βοΈ Description CSRF bug in application π΅οΈββοΈ Proof of Concept Bellow request is vulnerable to csrf attack .\ Although there is csrf token in request but it does not checked in server-side . Any attacker provided csrf token is accepted here. POST /online-rental/app/applicationsleasesview.php...
Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager
βοΈ Description CSRF bug to add property π΅οΈββοΈ Proof of Concept Bellow request is vulnerable to csrf attack .\ Although there is csrf token in request but it does not checked in server-side . Any attacker provided csrf token is accepted here. POST /online-rental/app/propertiesview.php HTTP/1.1 Host:...
Cross-Site Request Forgery (CSRF) in alanaktion/phproject
βοΈ Description Attacker able to close any issue with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager
βοΈ Description Attacker able to create any Document management if users visit attacker site. π΅οΈββοΈ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check Document management with aaa name have been created. // PoC.html history.pushState'', '', '/' document.forms0.submit; π₯...
in amirsanni/mini-inventory-and-sales-management-system
π₯ BUG unprivileged user can delete item π₯ STEP TO REPDOUCE 1. From admin account goto https://1410inc.xyz/mini-inventory-and-sales-management-system/administrators and add new user callled user-B with basic role .\ 2. Now goto user-B account and here user-B cant see any item.\ Now user-B execute...
Cross-Site Request Forgery (CSRF) in sergix44/xbackbone
βοΈ Description following endpoint vulnerable to CSRF: /omeka/system/recalculateUserQuota Also there is not any different that you run The application in localhost or some real hosts, this is enough to login with a browser that used the browser for online web surfacing too. π΅οΈββοΈ Proof of Concept //...
Use of a Broken or Risky Cryptographic Algorithm in hdinnovations/unit3d-community-edition
βοΈ Description The referenced code block uses PHP's native md5 and uniqid functions to generate the attributes named passkey and rsskey - both of which are to be considered cryptographically insecure due to their usage of uniqid which is not to be considered cryptographically secure. π΅οΈββοΈ Proof of...
None in polonel/trudesk
1Go to https://docker.trudesk.io/ 2Enter the username and password 3Capture the request and start bruteforcing the password IMPACT: Account takeover...
Cross-Site Request Forgery (CSRF) in francoisjacquet/rosariosis
βοΈ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Inefficient Regular Expression Complexity in erxes/erxes
βοΈ Description If we want to use Regex in our match or search or replace or β¦ functions, we must be sanitize this function's inputs. if an attacker capable to inject any Regex or abuse the exponential Regexes that used in our codes, then the ReDoS vulnerability appear and according to "freezing th...
in janeczku/calibre-web
βοΈ Description The attribute name is not properly restricted so a user can change his username even when the view does not allow to change it. π΅οΈββοΈ Proof of Concept //The method changeprofile saves also de name if it is present in the request. It does not check if the user has the permission to...
Improper Privilege Management in opensource-socialnetwork/opensource-socialnetwork
π₯ BUG unprivileged user can like to private album . π₯ IMPACT user who does not have permiison in private album still can comment in that album. π₯ STEP TO RERPODUCE There is two user called user-A and user-B.\ 1. First goto user-A account and create a private album . \ Lets album url is...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description CSRF bug to delete warehouse π΅οΈββοΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when delete warehouse ....
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description Attacker can Delete each Group with CSRF vulnerability when the Admin or SuperAdmin click on PoC.html file, it is enough to attacker know the Group id on server that start from 1. For bypass your CSRF token, I just delete token parameter value and set in nothings as you can see in "...
Cross-site Scripting (XSS) - Stored in sergix44/xbackbone
βοΈ Description Stored xss through file upload via a .svg file π΅οΈββοΈ Proof of Concept Upload a .svg file with the following content: javascript alertdocument.cookie; give a name you want ending with .svg store-xss.svg for example and upload the file, after upload click on open click on raw see the...
Cross-site Scripting (XSS) - Stored in omeka/omeka-s
βοΈ Description Stored xss bug using a xss payload in the Title when adding a new site. the xss is getting executed when you are trying to delete the website, see the PoC for details. π΅οΈββοΈ Proof of Concept Goto http://localhost/omeka/omeka-s/admin/site and click on add new site copy paste the...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
βοΈ Description I found a stored XSS in your project which is lead by adding unpaid invoice comment. π΅οΈββοΈ Proof of Concept Steps to reproduce: 1. Create a unpaid invoice. 2. Enter " in the comments. 3. Save and you will see XSS. π₯ Impact This vulnerability is capable of stored XSS...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
βοΈ Description I found a stored XSS in your project which is lead by adding Leases starting/ending. π΅οΈββοΈ Proof of Concept Steps to reproduce: 1. Create a Starting or Ending as both are vulnerable. 2. Enter " in the notes. 3. Save and you will see XSS. π₯ Impact This vulnerability is capable of...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
βοΈ Description I found a stored XSS in your project which is lead by adding comments when creating landlord due to improper sanitization. π΅οΈββοΈ Proof of Concept Steps to reproduce: 1. Create a Landlord. 2. Enter x''' in the comments. 3. Save and you will see prompt. π₯ Impact This vulnerability is...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
βοΈ Description I found a stored XSS in your project which is lead by adding anonymous group name. π΅οΈββοΈ Proof of Concept Steps to reproduce: 1. Create a group. 2. Enter group"' in the group name. 3. Save and visit view groups. 4. Click on the Anonymous group you just created. π₯ Impact This...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
βοΈ Description stored xss via Group name π΅οΈββοΈ Proof of Concept Step To Reproduce: Go to /admin/pageEditGroup.php and creat a group with payload: '/ Now visit user dashboard ie, /membershipprofile.php and see the xss pops up Poc video:...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
βοΈ Description Stored XSS in setting up mail sender's name sue to improper sanitization of user input. π΅οΈββοΈ Proof of Concept Steps to reproduce: 1. Go to http://192.168.43.130:8081/app/admin/pageSettings.php?search-settings=smtp 2. Enter payload " 3. Now visit...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
π₯ BUG xss via unpaid-invoice-comment π₯ VERSION TESTED latest version as of 3/7/21 π₯ IMPACT xss allow to execute arbitary javascript in vicitm account π₯ STEP TO REPRODUCE 1. goto http://localhost/online-invoice3/app/hooks/calendar-unpaid-invoices.php?date=2021-06-03&view=dayGridMonth and create a...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
π₯ BUG xss via invoice-comment π₯ VERSION TESTED latest version as of 3/7/21 π₯ IMPACT xss allow to execute arbitary javascript in vicitm account π₯ STEP TO REPRODUCE 1. goto http://localhost/online-invoice3/app/invoicesview.php and create a new invoice .\ During creation put bellow xss payload in...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
βοΈ Description stored xss via client comment π΅οΈββοΈ Proof of Concept 1. First goto http://localhost/online-invoice3/app/clientsview.php and create a new client .\ During creation put bellow xss payload in comment section and save it .\ xss"' 2. Now any user open this client then xss is executed...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
π₯ BUG STORED XSSS π₯ TESTED VERSION latest version as of 3/7/21 π₯ STEP TO REPRODUCE plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/16Y2WR7PKj-OpDGGDMAxV60CaiSX2RZXl/view?usp=sharing...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
βοΈ Description Stored xss in adding group name. π΅οΈββοΈ Proof of Concept Steps to reproduce: 1. Create a group and enter s"' in group name 2. Save and view it you will see popup π₯ Impact This vulnerability is capable of stored xss...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
βοΈ Description Stored xss in profile Full-name field.\ There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the State name field as tested on the latest release. π΅οΈββοΈ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
βοΈ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the State name field as tested on the latest release. π΅οΈββοΈ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user account. 3. Enter the s"' payload in the...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
βοΈ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Address field as tested on the latest release. π΅οΈββοΈ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user account. 3. Enter the s"' payload in the...
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
βοΈ Description GET parameter ?plugin= of plugin.php is vulnerable to reflected cross site scripting. plugin.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at printf in plugin.php π΅οΈββοΈ Proof of Concept 1. Visit...
Cross-site Scripting (XSS) - Stored in falconchristmas/fpp
βοΈ Description GET parameter &value= in fppjson.php is vulnerable to stored cross site scripting. Analysis Trace: 1. Application takes unvalidated user data in &value= from GET request of /fppjson.php?command=setSetting&plugin=&key=emailserver&value=ytes";alert1 2. Now visiting any application pag...
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
βοΈ Description GET parameter ?plugin= is vulnerable to reflected cross site scripting. Line 17 of pluginconfig.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at printf in pluginconfig.php at line 17. π΅οΈββοΈ Proof...
Cross-site Scripting (XSS) - Stored in microweber/microweber
βοΈ Description Hello, I found CSRF + XSS on website so the impact of XSS could be presented. There is no CSRF token or protection on: http://example.microweber.me/checkout/contact-information-save CSRF HTML PoC: history.pushState'', '', '/' and when we submit request XSS gets executed at the same...
Prototype Pollution in gregberge/xstyled
βοΈ Description @xstyled/util is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. π΅οΈββοΈ Proof of Concept 1. Create the following PoC file: js // poc.js var util = require"@xstyled/util" var obj =...
Improper Privilege Management in polonel/trudesk
π₯ BUG external user can submit ticket even when its disabled π₯ SUMMURY external user can submit ticket even when its disabled π₯ STEP TO REPRODUCE 1. First from admin account goto settings--tickets and disallow Allow public tickets .\ So, external user cant create ticket using url...
in laravel/framework
βοΈ Description The activeurl rule for validation in input fails to correctly check dns record with dnsgetrecord resulting in bypassing the validation. π΅οΈββοΈ Proof of Concept For a laravel installation having the following validation on route: php Route::get'/', function $urlValidator =...
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
βοΈ Description The /export/export endpoint does not have CSRF Protection. This could be used to force download account data and potentially spoof users. π΅οΈββοΈ Proof of Concept - Login to user account. - Create the following file and open the page in browser. // PoC.html To verify that you are a...
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
βοΈ Description Hi, in https://github.com/FalconChristmas/fpp/blob/39aa11e6f9bf8e7ee63bdbb07ea9fcabf434a60e/www/uploadfile.phpL504 you build a JS script using unsanitized user input, this can lead to XSS : php var activeTabNumber = ; // π΅οΈββοΈ Proof of Concept Visit...
Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp
βοΈ Description Hi, in https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/rebootRemoteFPP.phpL15 the variable ip is reflected without prior sanitization : php $ip = $GET'ip'; echo "Rebooting FPP system @ $ip\n"; π΅οΈββοΈ Proof of Concept Visit :...