4072 matches found
Cross-site Scripting (XSS) - Stored in zikula-modules/content
Description Stored XSS in External element Feed when created Content Proof of Concept POST /content/item/edit?type=Zikula%5CContentModule%5CContentType%5CFeedType HTTP/2 Host: demo.ziku.la Cookie: zsid=5idn7q9udrp7mgirikmdlep45d User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0...
Cross-site Scripting (XSS) - Stored in zikula/core
Description Stored XSS in Blocks Module when Create new block with Block type ZikulaBlocksModule/Xslt Proof of Concept POST /blocks/admin/block/edit/8 HTTP/2 Host: demo.ziku.la Cookie: zsid=5idn7q9udrp7mgirikmdlep45d User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101...
Inefficient Regular Expression Complexity in josdejong/jsoneditor
✍️ Description The jsoneditor package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted element as input to the getInnerText function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex...
Open Redirect in zikula/core
Description Open Redirect on Login with parameter ?returnUrl= Proof of Concept POST /login?returnUrl=https://google.com HTTP/2 Host: demo.ziku.la Cookie: zsid=b6g4qa64983t2tg073uh1e1rjm User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...
Cross-site Scripting (XSS) - Stored in zikula-modules/content
Description Stored XSS in Content allows for the arbitrary execution of JavaScript Proof of Concept POST /content/admin/page/edit HTTP/2 Host: demo.ziku.la Cookie: zsid=3u8efffphk5430gdmlevluk6fa User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101 Firefox/93.0 Accept:...
Inefficient Regular Expression Complexity in nltk/nltk
✍️ Description The nltk package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide as an input to the readcomparisonblock function in the file "nltk/corpus/reader/comparativesents.py" may cause an application to consume an excessive amount of CPU. Belo...
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
Description Hello dear firefly-iii team I found some CSRFs with low priority in firefly-iii...
Server-Side Request Forgery (SSRF) in osticket/osticket
Description The SSRF vulnerability in OSTickets detailed in CVE-2020-24881 is still unfixed, attackers can still make arbitrary requests via the server to the private network via the PDF print generator although they will not be able to exfiltrate anything other than image data. Proof of Concept ...
Cross-site Scripting (XSS) - Stored in causefx/organizr
Description When creating a new Tab, the name of the tab can store JavaScript. This also happens, when editing the name of an existing Tab. - I tested it with docker image for Organizr hash 7fb764ccd226. organizr/organizr latest 7fb764ccd226 4 weeks ago 73.3MB - Branch is v2-master. Proof of...
Inefficient Regular Expression Complexity in pksunkara/inflect
✍️ Description The inflect package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted tablename as input to the classify function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. 🕵️♂️...
Cross-Site Request Forgery (CSRF) in janeczku/calibre-web
Description Hi team :, the /shelf/remove/id and /shelf/add/id is vulnerable against CSRFleading to the possibility to add and remove shelves' items on the behalf of the victim user. Proof of Concept 1. Install the application 2. Create a new shelf id == 1 in this case 3. The attacker sends the...
Cross-site Scripting (XSS) - Stored in zikula-modules/mediamodule
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept // PoC.js Steps to reproduce : 1 -- Go to link -- https://demo.ziku.la/media/media/create/paste/url 2 -- Inject Payload in...
Cross-site Scripting (XSS) - Reflected in zikula/core
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept // PoC.js POST /categories/admin/category/contextMenu HTTP/2 Host: demo.ziku.la Cookie: zsid=a9b37grip4in2kp0j6kaugdvrh...
Cross-site Scripting (XSS) - Reflected in zikula/core
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites Proof of Concept // PoC Request: POST /permissions/test HTTP/1.1 Host: demo.ziku.la Cookie: zsid=qk60gkn4dmhgrjc6io2kt3dij4 User-Agent:...
in zikula/core
Description Rate limit bypass sent unlimited email victim or any email address Proof of Concept There is no rate limit lost-user-name, attacker to send unlimited email to victim or any email address. POST /zauth/account/lost-user-name HTTP/1.1 Host: demo.ziku.la User-Agent: Mozilla/5.0 Windows NT...
Inefficient Regular Expression Complexity in mochajs/mocha
Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in mocha. It allows cause a denial of service when stripping crafted invalid function definition from strs. The ReDoS vulnerability is mainly due to the regex...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in spiral-project/ihatemoney
Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/10p4ejCFsLA6LO32nPNTRKqZjlqVHVpUf/view?usp=sharing Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP...
in zikula/core
Description Sensitive Data can be exposed even after logouting the application Proof of Concept Tested url :: https://demo.ziku.la/ Tested on :: Firefox 1 Login to the application 2 Got my account 3 Click logout button 4 Press browser back button 5 Now the we can re-enter to the dashboard Impact...
Inefficient Regular Expression Complexity in validatorjs/validator.js
Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in validator. It allows cause a denial of service when validating crafted invalid MagnetURIs. The ReDoS vulnerability is mainly due to the sub-pattern .+&tr=.+ with quantified overlapping adjacency and c...
Inefficient Regular Expression Complexity in isaacs/minimatch
Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in minimatch. It allows cause a denial of service when calling function braceExpand. The ReDoS vulnerability is mainly due to the regex /./ and can be exploited with the following code. Proof of Concept...
Heap-based Buffer Overflow in mruby/mruby
Description Heap buffer overflow in mruby Proof of Concept // poc.rb %= % .clear ensure begin unless ?n = % :regex or 11 Compile mruby with asan git clone https://github.com/mruby/mruby cd mruby LDFLAGS="-fsanitize=address" CFLAGS="-fsanitize=address -g" make ./bin/mruby poc.rb Result ./bin/mruby...
Cross-site Scripting (XSS) - Stored in zoujingli/thinkadmin
Description Stored XSS Content allows for the arbitrary execution of JavaScript Proof of Concept In Wechat management at feature - Reply rule management - Follow reply configuration - Default reply configuration - Follow automatic replies Save Reply text with payload : \x3csVg/\x3e XSS will trigg...
Session Fixation in alovoa/alovoa
Description On changing password both session using which user changes password and old sessions in any other browser or device does not expire and remains active. Proof of Concept STEPS TO REPRODUCE: 1. Log in to Browser A and make sure to check 'stay logged in to this device' checkbox while...
Stack-based Buffer Overflow in gwsw/less
Description The less utility is a pager used by many applications and setups. One such setup is access to log files. If permissions are not sufficient for regular users, less can be called with sudo. LESSSECURE=1 can be set to disable many dangerous operations which a regular user should not be...
Inefficient Regular Expression Complexity in chocobozzz/peertube
Description Hello Again dear Peertube team. I found inefficient regular expression in that have a Polynomial execution time that can be lead to ReDoS attacks and it is better to replace it with another regex or Use google re2 regex engine for server sides code. Proof of Concept I create two...
Cross-site Scripting (XSS) - Stored in zhongshaofa/easyadmin
Description Stored XSS in FileName allows for arbitrary execution of JavaScript Proof of Concept At Upload Management Upload File Image with filename : Sun'set.jpg Image Upload File https://user-images.githubusercontent.com/31820707/133646077-b6a14692-fea3-4a37-95e7-eb4c4e6f9073.png Image XSS...
in zoujingli/thinkadmin
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept: please Note that this leads also to a verbose error that shows credentials of the owner . Ex : Link --...
Inefficient Regular Expression Complexity in faisalman/ua-parser-js
Description Hello my dear I found another inefficient regular expression in ua-parser-js that have a Polynomial execution time not exponential but still dangerous. Proof of Concept I create two payloads that you can compare the execution times between them in Regexr provided links. payload 1...
in khodakhah/nodcms
Description Violation of secure design principles Proof of Concept step 1: click on login page and login into account. step 2: we can see dashboard and further options inside the application step 3: logout from application step 4: directly visit the url: https://demo.nodcms.com/admin/ step 5:...
Exposure of Sensitive Information to an Unauthorized Actor in opendatacube/odc-tools
Description Information Disclosure AWS PrincipleID, sourceIPAddress, configurationId and more. Proof of Concept https://raw.githubusercontent.com/opendatacube/odc-tools/develop/apps/dctools/tests/data/sentinel-2-nrt20200821.json Impact Leaks Sensitive Data...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ledgersmb/ledgersmb
Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/1ESnBKwFef8D42A2VD3W59vXMLdWhCxS9/view?usp=sharing Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP...
in khodakhah/nodcms
Description Clear Text submission of password through unencrypted channel Proof of Concept POST /en/login HTTP/1.1 Host: demo.nodcms.com User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:92.0 Gecko/20100101 Firefox/92.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language:...
Sensitive Cookie Without 'HttpOnly' Flag in babybuddy/babybuddy
Description HttpOnly flag not mentioned Proof of Concept step to reproduce below show request GET /login/?next=/google.com HTTP/1.1 Host: demo.baby-buddy.net User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:92.0 Gecko/20100101 Firefox/92.0 Accept:...
in babybuddy/babybuddy
Description Violation of secure design principles Proof of Concept step 1: login to account and logout step 2: click back button in browser step 3:check rightt corner of there we can see user profile option step 4: click on that application settings is getting listed PoC image attached as link...
in babybuddy/babybuddy
Description Weak password implementation Proof of Concept step 1: login into account step 2: goto settings http://demo.baby-buddy.net/user/password/ step 3: change password admin to 12 and save changes step 4: we can see updated message application is allowing to set weak password. poc of image i...
Cross-site Scripting (XSS) - Stored in mineweb/minewebcms
Description A malicious actor is able to add new Notification with a malicious payload, and upon the user receives the notification, the malicious payload is being executed. Proof of Concept - 1; Log in with any user, who is able to submit notifications - 2; Create a new notification at...
in zoujingli/thinkadmin
Description upload file to any path Proof of Concept User can upload file to any path by path-traversal POST /admin/api.upload/file.html HTTP/2 Host: v6.thinkadmin.top Cookie: lang=zh-cn; PHPSESSID=88a2945fb139bb74f87137d2144709ab; limit=20 Content-Length: 14170 Sec-Ch-Ua: "Google Chrome";v="93",...
Code Injection in zoujingli/thinkadmin
Description remote code execution Proof of Concept Bellow request is vulnerable to arbitary system command injection .\ During file upload it does not properly check file upload which allow to upload php file and this php file will execute system command POST /admin/api.upload/file.html HTTP/2...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in babybuddy/babybuddy
Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/1zWCQRRZl42kEbqrs0QS4hXyUdjnBRf/view Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The...
Cross-site Scripting (XSS) - DOM in zoujingli/thinkadmin
Description DOM based xss via url hash frgament Proof of Concept First login into https://v6.thinkadmin.top and then visit https://v6.thinkadmin.top/admin.htmlhttps://bbounty.000webhostapp.com/cors.php?id=xxxxx2 and see xss is executed Impact DOM based xss via url hash fragment...
Cross-site Scripting (XSS) - Stored in zoujingli/thinkadmin
Description Stored xss Proof of Concept Plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1hyN4X9gIgQJH2B5QEFhkniGt78sIw1iF/view?usp=sharing Impact Xss allow to arbitary javascript code execution...
Cross-site Scripting (XSS) - Stored in zoujingli/thinkadmin
Description Stored xss via name Proof of Concept 1. First goto https://v6.thinkadmin.top/admin.html/admin/base.html?type=datea&spm=m-2-4-8 and edit a data and put bellow xss payload in Data name field . xss"' Now see xss is executed VIEDO...
Cross-site Scripting (XSS) - DOM in mineweb/minewebcms
✍️ Description A malicious actor is able to add a malicious payload as a new Navigation Bar Link Title, and after every time any users visit the main root page of the website, the XSS payload is executed and the session of whoever visits the site is compromised. 🕵️♂️ Proof of Concept 1; Create a...
Cross-site Scripting (XSS) - Stored in mineweb/minewebcms
Description A malicious actor is able to add a malicious payload as a new Page Title, and after every time any administrative user visits the /admin/pages route, the XSS payload is executed. Proof of Concept 1;Create a new Page at the following route: /admin/pages/add. Use the following payload a...
Cross-Site Request Forgery (CSRF) in pheditor/pheditor
Description Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering such as sending a link via email or chat, an attacker may trick the users of a web...
Cross-site Scripting (XSS) - Reflected in pheditor/pheditor
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...
Path Traversal in pheditor/pheditor
Description A path traversal attack also known as directory traversal aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be...
Open Redirect in sbrl/pepperminty-wiki
Description Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain...
Cross-site Scripting (XSS) - Reflected in sbrl/pepperminty-wiki
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...
in sbrl/pepperminty-wiki
Unrestricted Upload of File with Dangerous Type allows javascript injection Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file...