Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
•added 2024/10/10 1:40 p.m.•5 views

User can share/use/create prompts not permission

Description Users can share/use/create prompts without being granted permission by the admin. This can break application logic and permissions. Proof of Concept 1. Go to acount admin disable function share/use/create prompt. 2. share/use/create prompts with normal user. POST /api/prompts HTTP/1.1...

5.4CVSS5.8AI score0.00334EPSS
Exploits1
Huntr
Huntr
•added 2023/06/28 9:47 a.m.•5 views

IDOR in Group members

Description By manipulating the ugid, user who is not in group can view the members list of the group Proof of Concept Step 1: Go to User Group function, see that this user can only view this two groups. Step 2: Click on View a group, manipulate the ugid, confirm that this user can view the Group...

6.8AI score
Exploits0
Huntr
Huntr
•added 2023/06/18 10:52 a.m.•5 views

Stored XSS on user "Write private message" function

Description An attacker can inject malicious executable scripts into the code of the message field. Proof of Concept Log in as a Member user, access Messages - Write private message function for sending admin a message.COde Insert this payload into the message field testscriptprompt'1'/script the...

6.5AI score
Exploits0
Huntr
Huntr
•added 2023/06/16 7:0 a.m.•5 views

Sensitive Cookie Without HttpOnly Flag

Description 1/ Access and login to the demo website: https://demo.fossbilling.org/ 2/ Press F12 on your keyboard or right-click on the website to open dev-tool. 3/ At Application tab, choose Cookies and there is BOXCLR sensitive cookie without HttpOnly flag. Proof of Concept Link image:...

6.9AI score
Exploits0
Huntr
Huntr
•added 2023/03/02 3:19 a.m.•5 views

SQL Injection in '/module/accounts/ajax.php'

Description There exists an SQL injection affecting the 'order'0'dir', start and length parameters located in the file /module/accounts/ajax.php Let's take a look at the following code: https://github.com/unilogies/bumsys/blob/9dc2de204116297a7e528c38bc3b1e89bf40f907/module/accounts/ajax.phpL1503...

7.8AI score
Exploits0
Huntr
Huntr
•added 2022/12/23 12:6 a.m.•5 views

Reflected XSS in any wordnet URL

Description A reflected XSS can be achieved by simply creating a URL such as: http://localhost:8000/alert1.html Proof of Concept nltk.app.wordnetapp.app Then hit http://localhost:8000/alert1.html in the browser...

6.1AI score
Exploits0
Huntr
Huntr
•added 2022/09/27 7:28 p.m.•6 views

Add Client function is vulnerable to stored HTML injection

Description HTML Injection also termed as ā€œvirtual defacementsā€ is one of the most simple and the most common vulnerability that arises when the web-page fails to sanitize the user-supplied input or validates the output, which thus allows the attacker to craft his payloads and injects the malicio...

0.7AI score
Exploits0
Huntr
Huntr
•added 2022/07/05 9:41 a.m.•5 views

Allows large characters in change password

Description The commafeedapplication allows large characters to insert in the input field "password" at password change feature which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. Proof of Concept 1. Login and go to profile 2. Go to password change feature 3. Fi...

1.6AI score
Exploits0References3
Huntr
Huntr
•added 2022/06/07 1:42 p.m.•5 views

Cross Site Scripting via Improper Input Validation

Description The parse-url The 5.0.8 version of the parser does not check url characters between protocols. This causes spoofing of the javascript protocol itself. Proof of Concept javascript const parseUrl = require"parse-url"; const express = require'express'; const app = express; parsed =...

0.8AI score
Exploits0
Huntr
Huntr
•added 2022/05/20 2:52 p.m.•5 views

UI REDRESSING

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept Go to this URL:...

0.7AI score
Exploits0References2
Huntr
Huntr
•added 2022/05/19 4:12 p.m.•5 views

Denial of Service on embed2 servlet

Description The application stores a 5MB file in a hashmap variable using a user input as a key, with a large number of requests its possible to increase the memory usage of the application and deny the access to embed2.js stencils resource Proof of Concept import requests...

0.7AI score
Exploits0
Huntr
Huntr
•added 2022/05/06 2:45 a.m.•5 views

0 quantity orders are allowed

Description In the case of commodity purchases, the quantity is 0. Orders should not be allowed to be created, consuming meaningless resource behavior, and the order quantity should always be =1 Proof of Concept...

3AI score
Exploits0
Huntr
Huntr
•added 2022/04/30 2:15 p.m.•5 views

Stored XSS in "campaigns"

Description The listmonk application is vulnerable to stored XSS in the "Name" input filed for "campaigns" for which when a user tried to delete the "campaigns" XSS gets triggered. Proof of Concept 1.Go to "Campaigns" - "All campaigns" - "New" 2.Put this payload: in the "Name" input field and fil...

0.2AI score
Exploits0
Huntr
Huntr
•added 2022/04/27 7:52 a.m.•5 views

Stored XSS on Import Targets

Description Hello, When a XSS payload is used as the Add or Import Targets file name, it executes it hence stored XSS is possible. Proof of Concept Name a file .txt Import the file at /target/add/target You can see it being executed...

5.9AI score
Exploits0
Huntr
Huntr
•added 2022/02/20 8:8 p.m.•5 views

Classic Buffer Overflow in john

Description For 1Password Cloud Keychain plugin, the length of inputs are not properly checked. Then inputs are copied to fixed length buffers. For example, creating a salt with a larger length allow a buffer overflow. Proof of Concept Using the cloudkeychain.hash file: $ ./run/john...

0.4AI score
Exploits0
Huntr
Huntr
•added 2022/01/25 10:28 a.m.•5 views

Cross-site Scripting (XSS) - Stored in pimcore/customer-data-framework

Description stored xss vulnerability occurs when you change the value of Description at "Customer Management Framework" = "Customer automation rules" = "New Customers" = "Description" in the pimcore service. Proof of Concept txt XSS POC : 1. Open the https://10.x-dev.pimcore.fun/admin/ 2. After...

0.8AI score
Exploits0
Huntr
Huntr
•added 2022/01/16 5:16 a.m.•5 views

in mybatis/generator

Description The isConfigFile function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

1.6AI score
Exploits0
Huntr
Huntr
•added 2021/12/21 4:25 a.m.•5 views

in vim/vim

Description Untrusted Pointer Dereference leading to a segmentation fault Segmentation fault in vimregexecmulti at regexp.c:2896 Proof of Concept ./vim -u NONE -X -Z -e -s -S POC1 -c ':qa! POC1https://drive.google.com/file/d/1VOS93VSakO96z2rnvIdWDYRM9KAEIgC/view?usp=sharing bt Program received...

1.1AI score
Exploits0
Huntr
Huntr
•added 2021/12/10 1:43 p.m.•5 views

Cross-site Scripting (XSS) - Stored in openwhyd/openwhyd

Description openwhyd is vulnerable to Stored XSS at the Name field in User Profile. Payload " Steps to reproduce 1.After login, click on the username to go to the Profile page 2.Click Edit Profile button - choose Edit Profile Info 3.In the Name field, input payload "then click Save button 4.Reloa...

6.1AI score
Exploits0
Huntr
Huntr
•added 2021/10/17 2:18 p.m.•5 views

Cross-site Scripting (XSS) - Reflected in admidio/admidio

Description Am still able to reproduce the SVG-XSS vulnerability here https://huntr.dev/bounties/96221dff-0d40-4326-9a9e-f66608307980/ on my local system just downloaded the latest release on the website. Think you may have accidentally included SVG files into the whitelist. Proof of Concept POST...

5.9AI score
Exploits0
Huntr
Huntr
•added 2021/10/14 7:12 p.m.•5 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in frontaccountingerp/fa

āœļø Description The secure flag is not set for session cookie "PHPSESSID" in the application. Proof of Concept Check this for POC: Image Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing...

0.4AI score
Exploits0
Huntr
Huntr
•added 2021/10/13 10:43 p.m.•5 views

Session Fixation in bytebase/bytebase

Description If admin deciding to deactivate a user and the user already logged in the system before then until user remain in the current session he/she can do anything that can do them before...

1.6AI score
Exploits0
Huntr
Huntr
•added 2021/10/12 4:48 p.m.•5 views

in publify/publify

Description There is not Rate limit protection bypass sent unlimited email victim who have account email address. Proof of Concept There is no rate limit users/password, attacker to send unlimited email who have account victim email address. POST /users/password HTTP/1.1 Host:...

0.5AI score
Exploits0
Huntr
Huntr
•added 2021/10/11 6:15 a.m.•5 views

Cross-Site Request Forgery (CSRF) in collectiveaccess/providence

Description More AJAX endpoints vulnerable to CSRF. 1: GET http://10.0.2.15/providence/index.php/find/BrowseObjects/createSetFromResult 2: POST http://10.0.2.15/providence/index.php/find/SearchObjects/saveResultsEditorData Proof of Concept 1:...

0.4AI score
Exploits0
Huntr
Huntr
•added 2021/10/04 1:54 a.m.•5 views

Cross-Site Request Forgery (CSRF) in collectiveaccess/pawtucket2

Description After taking a look at the application again, I found few more create / update endpoints which should have CSRF protection Proof of Concept http://PAWTUCKET-URL/pawtucket/index.php/Lightbox/saveUserGroup?name=123&description=abc&groupid=...

0.4AI score
Exploits0
Huntr
Huntr
•added 2021/09/29 7:27 p.m.•5 views

in khodakhah/nodcms

Description There is no rate limit sent unlimited email victim or any email address Proof of Concept There is no rate limit return-password , attacker to send unlimited email to victim or any email address. POST /en/return-password HTTP/1.1 Host: demo.nodcms.com User-Agent: Mozilla/5.0 Windows NT...

0.5AI score
Exploits0
Huntr
Huntr
•added 2021/09/29 7:26 p.m.•5 views

Open Redirect in fisharebest/webtrees

Description I saw this report : https://huntr.dev/bounties/ad4278af-52b7-4c34-8d43-9b829105d499/ and Also your fix commit https://www.github.com/fisharebest/webtrees/commit/551ad4afbcef2a72a6cf6461f1747762180b12c5 then I should say that the fix can be bypassed with such payloads : If the baseurl ...

7.1AI score
Exploits0
Huntr
Huntr
•added 2021/09/24 4:5 p.m.•5 views

Cross-site Scripting (XSS) - Reflected in collectiveaccess/providence

Description Reflected XSS in form Search Proof of Concept // PoC.js POST /find/QuickSearch/Index HTTP/1.1 Host: demo.collectiveaccess.org Cookie: cademo=5b9d06b7-3860-477d-9d53-85e6b2b1ae99; CAcademouilocale=enUS User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101...

Exploits0
Huntr
Huntr
•added 2021/09/22 3:9 a.m.•5 views

Cross-site Scripting (XSS) - Stored in evereux/flicket

Description Stored XSS in deleting departments page due to unsanitized input in many places. Proof of Concept 1. Create a new department with name 2. After creating the above department, Click on delete icon next to it and see the pop up. 3. Create a new ticket with title 4. View the ticket and s...

6.1AI score
Exploits0
Huntr
Huntr
•added 2021/09/16 6:4 a.m.•5 views

Exposure of Sensitive Information to an Unauthorized Actor in opendatacube/odc-tools

Description Information Disclosure AWS PrincipleID, sourceIPAddress, configurationId and more. Proof of Concept https://raw.githubusercontent.com/opendatacube/odc-tools/develop/apps/dctools/tests/data/sentinel-2-nrt20200821.json Impact Leaks Sensitive Data...

0.5AI score
Exploits0
Huntr
Huntr
•added 2021/09/14 6:4 a.m.•5 views

Cross-site Scripting (XSS) - Reflected in sbrl/pepperminty-wiki

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.3AI score
Exploits0References2
Huntr
Huntr
•added 2021/09/12 11:23 p.m.•5 views

Cross-Site Request Forgery (CSRF) in justingit/dada-mail

āœļø Description Attacker able to Send any Mass mailing with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only with...

1.2AI score
Exploits0
Huntr
Huntr
•added 2021/09/09 11:19 a.m.•5 views

Cross-Site Request Forgery (CSRF) in microweber/microweber

āœļø Description Attacker able to delete any user if knows the user id parameter value. šŸ•µļøā€ā™‚ļø Proof of Concept Here after running PoC.html and you will see that the user with id 3 has been deleted. //PoC.html history.pushState'', '', '/' document.forms0.submit; šŸ’„ Impact Here a user with id value 3...

2.5AI score
Exploits0
Huntr
Huntr
•added 2021/09/07 1:24 a.m.•5 views

Cross-site Scripting (XSS) - Reflected in phoronix-test-suite/phoronix-test-suite

āœļø Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

2.3AI score
Exploits0References1
Huntr
Huntr
•added 2021/09/04 8:21 p.m.•5 views

Session Fixation in agentejo/cockpit

āœļø Description A malicious actor with access to the computer is able to reveal the loaded site's actual session identifier value from the stored cookie. Since upon login, this value does not change, the attacker can gain access via session hijacking, when the target logs in on the compromised...

2.5AI score
Exploits0
Huntr
Huntr
•added 2021/09/01 10:19 a.m.•5 views

Prototype Pollution in liriliri/licia

āœļø Description licia package is vulnerable to Prototype Pollution. The safeSet function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. šŸ•µļøā€ā™‚ļø Proof of Concept...

2.7AI score
Exploits0
Huntr
Huntr
•added 2021/08/24 10:30 p.m.•5 views

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

āœļø Description Attacker able to delete any custom page with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

1.5AI score
Exploits0
Huntr
Huntr
•added 2021/08/23 7:7 p.m.•5 views

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

āœļø Description Attacker able to delete any number of Accounting Reports with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...

1.5AI score
Exploits0
Huntr
Huntr
•added 2021/08/21 4:39 p.m.•5 views

Cross-site Scripting (XSS) - Reflected in slackero/phpwcms

āœļø Description Reflected xss šŸ•µļøā€ā™‚ļø Proof of Concept 'HTTP-REFERER: '.echoempty$ref ? 'unknown' : $ref; šŸ’„ Impact xss bug...

2.1AI score
Exploits0
Huntr
Huntr
•added 2021/08/20 4:23 p.m.•5 views

Cross-Site Request Forgery (CSRF) in admidio/admidio

āœļø Description Attacker able to delete any Link with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

1.2AI score
Exploits0
Huntr
Huntr
•added 2021/08/17 8:11 p.m.•5 views

Cross-Site Request Forgery (CSRF) in admidio/admidio

āœļø Description Attacker able to unlock/lock any album with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

0.9AI score
Exploits0
Huntr
Huntr
•added 2021/07/30 5:36 p.m.•5 views

Cross-Site Request Forgery (CSRF) in sergix44/xbackbone

āœļø Description following endpoint vulnerable to CSRF: /omeka/upload/1/unpublish Also there is not any different that you run The application in localhost or some real hosts, this is enough to login with a browser that used the browser for online web surfacing too. šŸ•µļøā€ā™‚ļø Proof of Concept // PoC.html...

0.8AI score
Exploits0
Huntr
Huntr
•added 2021/07/28 6:47 p.m.•5 views

Cross-Site Request Forgery (CSRF) in easysoft/zentaopms

āœļø Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

0.8AI score
Exploits0
Huntr
Huntr
•added 2021/07/05 11:42 a.m.•5 views

Cross-Site Request Forgery (CSRF) in boxbilling/boxbilling

āœļø Description CSRF on changing password of an admin account. There is no token or anti csrf implemented. šŸ•µļøā€ā™‚ļø Proof of Concept Create a .html file poc.html for example and copy paste the following code in it. Change localhost to ur domain or ip address. javascript CSRF PoC send this file to a...

Exploits0
Huntr
Huntr
•added 2021/07/03 9:0 a.m.•5 views

Improper Privilege Management in bigprof-software/online-rental-property-manager

šŸ’„ BUG privilege escalation bug to add applications/leases to a applicant . šŸ’„ IMPACT unprivileged user can add applications/leases to a applicant šŸ’„ STEP TO REPRODUCE 1. From admin account goto http://localhost/online-rental/app/admin/pageViewMembers.php and add new user called user-B .\ Now revoke...

0.6AI score
Exploits0
Huntr
Huntr
•added 2021/07/03 2:38 a.m.•5 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

āœļø Description Stored xss in membership profile. šŸ•µļøā€ā™‚ļø Proof of Concept Steps to Reproduce: 1. Create a member account. 2. Login into the member account. 3. Enter the s"' payload in the State field. 4. Update the profile and You will see an alert. šŸ’„ Impact This vulnerability is capable of Stored XSS...

1.4AI score
Exploits0
Huntr
Huntr
•added 2021/07/02 1:4 a.m.•5 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

āœļø Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Full name field as tested on latest release. šŸ•µļøā€ā™‚ļø Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user account. 3. Enter the s"' payload in the Full...

0.5AI score
Exploits0
Huntr
Huntr
•added 2021/07/01 6:57 p.m.•5 views

Cross-site Scripting (XSS) - Reflected in bigprof-software/online-invoicing-system

āœļø Description /app/admin/pageTransferOwnership.php with sourceMemberID parameter is vulnerable to Reflected XSS. Line 216 of pageTransferOwnership.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in...

0.5AI score
Exploits0References1
Huntr
Huntr
•added 2021/06/30 12:31 p.m.•5 views

Cross-site Scripting (XSS) - Stored in combodo/itop

šŸ’„ BUG stored xss via problem title šŸ’„ STEP TO REPRODUCE Plz check this 1 minute video to reproduce https://drive.google.com/file/d/1n7ni3y5LNkK2ntrTTvVNLNOEmf2iKReO/view?usp=sharing šŸ’„ Impact I see there is many different type of role base user . So, user who has permission to create problem can ma...

6.8AI score
Exploits0
Huntr
Huntr
•added 2021/06/29 1:40 p.m.•5 views

in w7corp/easywechat

āœļø Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...

1.4AI score
Exploits0References1
Total number of security vulnerabilities4072