4072 matches found
in zmister2016/mrdoc
βοΈ Description online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. like gitbook this package is vulnerable for RCE due to Yaml.load in import function π΅οΈββοΈ Proof of Concept Uploaded ZIp : Payload.yaml :...
Cross-site Scripting (XSS) - Stored in namelessmc/nameless
βοΈ Description Stored XSS in google analytics. π΅οΈββοΈ Proof of Concept 1. goto 'http://localhost/Nameless/index.php?route=/panel/core/seo/' logged in as admin. 2. enter "G-XXXXXXXX'; javascript:alert1; alert1; instead will cause any admin who visits the SEO page to have the java script activated on...
SQL Injection in phili67/ecclesiacrm
βοΈ Description SQL Injection SQLi found in search section for http://YOURIP/ecclesiacrm/v2/people/list/person. A SQL Injection allows an attacker to run SQL command remotely and can extract information such as password, usernames and other sensitive data. This SQLi is a blind SQLi and doesn't...
Cross-Site Request Forgery (CSRF) in qkqpttgf/onemanager-php
βοΈ Description Attacker able to rename any file with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
Cross-Site Request Forgery (CSRF) in qkqpttgf/onemanager-php
βοΈ Description Attacker able to rename any disktag with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks...
Cross-Site Request Forgery (CSRF) in qkqpttgf/onemanager-php
βοΈ Description Attacker able to make copy of any disk with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
Cross-Site Request Forgery (CSRF) in qkqpttgf/onemanager-php
βοΈ Description Attacker able to delete any disk with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
Cross-Site Request Forgery (CSRF) in qkqpttgf/onemanager-php
βοΈ Description Attacker able to delete any folder with CSRF attack history.pushState'', '', '/' As you can see there is no CSRF token...
Path Traversal in os4ed/opensis-classic
βοΈ Description The module.php modname parameter in OpenSIS 8.0 is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.; π΅οΈββοΈ Proof of Concept // Modules.php GET /Modules.php?modname=../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 302...
Cross-Site Request Forgery (CSRF) in aimeos/ai-client-html
βοΈ Description Attacker able to pin any product in favorites with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only...
Cross-Site Request Forgery (CSRF) in aimeos/ai-client-html
βοΈ Description Attacker able to add any product in favorites with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only...
Cross-site Scripting (XSS) - Stored in pimcore/pimcore
βοΈ Description pimcore is a Open Source Data & Experience Management Platform PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce this package is vulnerable for Stored XSS thru SEO menu π΅οΈββοΈ Proof of Concept π₯ Impact This vulnerability is capable of...
Cross-site Scripting (XSS) - Stored in pimcore/pimcore
βοΈ Description pimcore is a Open Source Data & Experience Management Platform PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce this package is vulnerable for Stored XSS thru adding customer π΅οΈββοΈ Proof of Concept π₯ Impact This vulnerability is capable of XSS...
Cross-site Scripting (XSS) - Stored in yogeshojha/rengine
βοΈ Description When a XSS payload is used as the name of a gf pattern, it executes. π΅οΈββοΈ Proof of Concept 1. Name a file .json 2. Import the file as a gf pattern at https://127.0.0.1/scanEngine/toolsettings 3. Click on the uploaded gf pattern. π₯ Impact The impact is same as any other Stored XSS...
Cross-site Scripting (XSS) - Reflected in azuracast/azuracast
βοΈ Description The Application is Vulnerable to reflected HTML Injection π΅οΈββοΈ Proof of Concept Open the following page in the browser as admin. The page is vulnerable to HTML Injection...
Cross-site Scripting (XSS) - Stored in pimcore/pimcore
βοΈ Description pimcore is a Open Source Data & Experience Management Platform PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce this package is vulnerable for Stored XSS custom meta data π΅οΈββοΈ Proof of Concept π₯ Impact This vulnerability is capable of Stored XSS...
Path Traversal in os4ed/opensis-classic
βοΈ Description The ajax.php modname parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. π΅οΈββοΈ Proof of Concept // Ajax.php GET /Ajax.php?modname=../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 302 Found Location: index.php...
Cross-Site Request Forgery (CSRF) in azuracast/azuracast
βοΈ Description Attacker able to enable any Streamer/DJ account section with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...
Open Redirect in openwhyd/openwhyd
βοΈ Description There is an open redirect in the following URL: https://openwhyd.org/consent?redirect=https://mdakh404.github.io after the user agrees on the site policy, it will be redirected to my blog ! it's an open redirect. π΅οΈββοΈ Proof of Concept 1- Open the link:...
Inefficient Regular Expression Complexity in ramda/ramda
βοΈ Description A ReDoS regular expression denial of service flaw was found in the ramda package. An attacker that is able to provide crafted input to the trim function may cause an application to consume an excessive amount of CPU. Similar attack ref: https://nvd.nist.gov/vuln/detail/CVE-2020-7753...
Inefficient Regular Expression Complexity in axios/axios
βοΈ Description A ReDoS regular expression denial of service flaw was found in the axios package. An attacker that is able to provide crafted input to the trim function may cause an application to consume an excessive amount of CPU. Similar attack ref: https://nvd.nist.gov/vuln/detail/CVE-2020-7753...
Sensitive Cookie Without 'HttpOnly' Flag in azuracast/azuracast
βοΈ Description HTTPOnly attribute is not set for session cookies in the application. π΅οΈββοΈ Proof of Concept π₯ Impact When a cookie doesnβt have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS could lead to cookies being stolen. These include session cookies that can...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in azuracast/azuracast
βοΈ Description The secure flag is not set for appsession cookie in the application. π΅οΈββοΈ Proof of Concept PoC Image: https://i.ibb.co/v1y0Fdv/cookie-flag.png π₯ Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP...
SQL Injection in opensourcepos/opensourcepos
βοΈ Description The Application is vulnerable to blind SQL Injection π΅οΈββοΈ Proof of Concept URL: https://dev.opensourcepos.org/itemkits/search?sort=1 Vulnerable Parameter: sort SQLMap POC --- Parameter: sort GET Type: boolean-based blind Title: Boolean-based blind - Parameter replace original value...
SQL Injection in opensourcepos/opensourcepos
βοΈ Description The Application is vulnerable to blind SQL Injection π΅οΈββοΈ Proof of Concept URL: https://dev.opensourcepos.org/giftcards/search?sort=1 Vulnerable Parameter: sort SQLMap POC --- Parameter: sort GET Type: boolean-based blind Title: Boolean-based blind - Parameter replace original value...
SQL Injection in opensourcepos/opensourcepos
βοΈ Description The Application is vulnerable to blind SQL Injection π΅οΈββοΈ Proof of Concept URL: https://dev.opensourcepos.org/attributes/search?sort=1 Vulnerable Parameter: sort SQLMap POC --- Parameter: sort GET Type: boolean-based blind Title: Boolean-based blind - Parameter replace original...
SQL Injection in opensourcepos/opensourcepos
βοΈ Description The Application is vulnerable to blind SQL Injection π΅οΈββοΈ Proof of Concept URL: https://dev.opensourcepos.org/suppliers/search?sort=1 Vulnerable Parameter: sort SQLMap POC --- Parameter: sort GET Type: boolean-based blind Title: Boolean-based blind - Parameter replace original value...
in opensourcepos/opensourcepos
βοΈ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. π΅οΈββοΈ Proof of Concept Image: https://i.ibb.co/cbtVcb1/clickjack.png π₯ Impact According to PortSwigger references, it is...
in opensourcepos/opensourcepos
βοΈ Description The giftcards/view/ POST request can be hijacked so that the information will be sent to another page, by modifying the login page URL. π΅οΈββοΈ Proof of Concept Change the login page URL to https://mydomain.com/giftcards/view/anotherpagehere Then the form action in the webpage will be...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
βοΈ Description Stored xss via generalsettings π΅οΈββοΈ Proof of Concept 1. gotohttps://demo.livehelperchat.com/siteadmin/chatbox/configuration and update a General settings with xss payload xss"'' and save it . 2. now try to edit this Chatbox settings using url like...
Cross-site Scripting (XSS) - Reflected in leantime/leantime
βοΈ Description Cross-site scripting XSS vulnerabilities Line 9 of delCanvasItem.tpl.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. π΅οΈββοΈ Proof of Concept /leancanvas/delCanvasItem/" π₯ Impact The attacker can: Perform any action within the...
in froxlor/froxlor
βοΈ Description The login form POST request can be hijacked so that the credentials will be sent to an external website, by modifying the login page URL. π΅οΈββοΈ Proof of Concept Change the login page URL to https://mydomain.com/index.php/evilsite.com Then the form action in the webpage will be...
Sensitive Cookie Without 'HttpOnly' Flag in froxlor/froxlor
βοΈ Description HTTPOnly attribute is not set for session cookies in the application. π΅οΈββοΈ Proof of Concept π₯ Impact When a cookie doesnβt have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS could lead to cookies being stolen. These include session cookies that can...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in froxlor/froxlor
βοΈ Description The secure flag is not set for PHPSESSID session cookie in the application. π΅οΈββοΈ Proof of Concept π₯ Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from...
Cross-site Scripting (XSS) - Reflected in zoujingli/thinkadmin
βοΈ Description The Application is Vulnerable to reflected XSS Attack. π΅οΈββοΈ Proof of Concept Open the following page in the browser as admin. The εεεη§° field is vulnerable to reflected XSS. An alert box is displayed as PoC...
in zoujingli/thinkadmin
βοΈ Description The application implements a cross-origin resource sharing CORS policy for requests that allows access from any domain. π΅οΈββοΈ Proof of Concept Request GET /data/shop.goods/index.html HTTP/2 Host: testdomain11.com Cookie: lang=zh-cn; PHPSESSID=45780759c5ea6ae0be9cfc95fde04bc9...
in zoujingli/thinkadmin
βοΈ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. π΅οΈββοΈ Proof of Concept π₯ Impact According to PortSwigger references, it is possible for a page controlled by an attacker...
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
βοΈ Description Attacker able to disable any widget with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks...
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
βοΈ Description Attacker able to reset any profile banner with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
βοΈ Description Attacker able to delete any reaction with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attack...
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
βοΈ Description Attacker able to leave any user message with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
βοΈ Description Attacker able to disable any module with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks...
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
βοΈ Description Attacker able to delete any custom page with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
Cross-site Scripting (XSS) - Stored in namelessmc/nameless
βοΈ Description stored xss via forum π΅οΈββοΈ Proof of Concept 1. First goto http://localhost/nameless/index.php?route=/panel/forums/&action=new and create a forum.\ During creation put bellow xss paylaod in forum icon.\ xss"' 2. Now save it .\ 3. Now goto above forum url...
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
βοΈ Description csrf bug to stick a topic π΅οΈββοΈ Proof of Concept Bellow url is vulnerable to csrf attack to stick a topic . http://localhost/nameless/index.php?route=/forum/stick/&tid=1 π₯ Impact csrf bug to stick a topic...
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
βοΈ Description csrf bug to follow a topic π΅οΈββοΈ Proof of Concept i see everywhere is csrf token checking . But in this case csrf token checking is missing .\ Bellow url is vulnerable to csrf attack to follow a topic . http://localhost/nameless/index.php?route=/forum/topic/1/&action=follow π₯ Impact...
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
βοΈ Description csrf bug to lock a topic π΅οΈββοΈ Proof of Concept i see everywhere is csrf token checking . But in this case csrf token checking is missing .\ Bellow url is vulnerable to csrf attack to lock a topic . http://localhost/nameless/index.php?route=/forum/lock/&tid=1 π₯ Impact csrf bug to...
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
βοΈ Description csrf bug to create a group chatlist π΅οΈββοΈ Proof of Concept There is no csrf token checking during creating a group-chatlist.\ Bellow request is vulnerable to csrf attack document.getElementById"myForm".submit π₯ Impact csrf bug to create a group chatlist...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
βοΈ Description stored xss XMP configuration π΅οΈββοΈ Proof of Concept Plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1j1b5XDv2v73539J5MYwxYDe0IPt9yS3f/view?usp=sharing π₯ Impact xss bug allow to execute arbitary javascript code...
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
βοΈ Description csrf bug to update uploaded-file π΅οΈββοΈ Proof of Concept Bellow request is vulnerable to csrf bug to update uploaded-file. Submit request POST /siteadmin/file/edit/2 HTTP/1.1 Host: demo.livehelperchat.com Cookie: PHPSESSID=b8cdt7e1436rstdhbgq5mjqskq User-Agent: Mozilla/5.0 X11;...