4072 matches found
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
โ๏ธ Description csrf bug to make clone of a role ๐ต๏ธโโ๏ธ Proof of Concept i see everywhere csrf token is checking but during cloning of role, it does not check csrf token .\ Belllow url is vulnerable to csrf attack to make a clone of role...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
โ๏ธ Description Stored xss via rolename ๐ต๏ธโโ๏ธ Proof of Concept 1. First goto https://demo.livehelperchat.com/siteadmin/permission/roles and create a role with xss payload xss"'' and save it .\ 2. now try to edit this role using url like...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
โ๏ธ Description Stored Xss on smtp/Sender address ๐ต๏ธโโ๏ธ Proof of Concept Step To Reproduce: 1. Go to system/smtp 2. add the payload: " on "Sender address" or "Default from e-mail address" or "Default from name" all the 3 params are vulnerable to xss 3. save it and you can see that the xss fires poc...
Cross-site Scripting (XSS) - Stored in yourls/yourls
โ๏ธ Description stored xss ๐ต๏ธโโ๏ธ Proof of Concept plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1MHQSKVczRNwDC8S6xKuedjMNcQw8YOz5/view?usp=sharing ๐ฅ Impact Stored xss allow to executed arbitary javascript code...
in circuitverse/circuitverse
โ๏ธ Description no rate limit allow to send unlimited email to any mail address ๐ต๏ธโโ๏ธ Proof of Concept During forgot password there is no rate limit to send password-reset email which allow to send unlimited email to a mail address. bellow request is vulnerable to rate-limit bug POST /users/password...
Improper Privilege Management in circuitverse/circuitverse
โ๏ธ Description subscribe to any private project ๐ต๏ธโโ๏ธ Proof of Concept There is two different user called user-A and user-B.\ 1. User-A created a private project .\ 2. Now User-B sent bellow request to subscribe to above private project PUT /commontator/threads/496401/subscribe HTTP/2 Host:...
Improper Privilege Management in circuitverse/circuitverse
โ๏ธ Description upvote in any private comment ๐ต๏ธโโ๏ธ Proof of Concept Bellow request is vulnerable to upvote in any comment of private project POST /commontator/comments/1312/upvote HTTP/2 Host: circuitverse.org Cookie: User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:90.0 Gecko/20100101...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
โ๏ธ Description here is a Stored XSS on the user profile image uploader via svg file ๐ต๏ธโโ๏ธ Proof of Concept Step to reproduce: 1. Go to account profile 2. Click the choose file option to update profile image 3. Upload the svg file containing malicious code: or you can download it from :...
in circuitverse/circuitverse
โ๏ธ Description Privilege escalation bug to add comment to any private project ๐ต๏ธโโ๏ธ Proof of Concept Bellow request is vulnerable to privilege escalation bug POST /commontator/threads/496401/comments HTTP/2 Host: circuitverse.org Cookie: .. User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:90.0...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
โ๏ธ Description Attacker is able to rename any file on the server if logged in user visits attacker website. ๐ต๏ธโโ๏ธ Proof of Concept Create a test.txt file under /home/user when you logged in open this POC.html in a browser you can check test.txt renames to test.php. //PoC.html history.pushState'',...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
โ๏ธ Description Attacker is able to delete any file on the server if logged in user visits attacker website. ๐ต๏ธโโ๏ธ Proof of Concept Create a test.txt file under /home/user when you logged in open this POC.html in a browser you can check test.txt deletes. //PoC.html history.pushState'', '', '/'...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
โ๏ธ Description The download/web-log endpoint does not have CSRF Protection. This could be used to force download access log and potentially sensitive information leakage. ๐ต๏ธโโ๏ธ Proof of Concept Login to user account. Create the following POC.html file and open the page in browser. To verify that...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
โ๏ธ Description The download/web-log endpoint does not have CSRF Protection. This could be used to force download error log and potentially sensitive information leakage. ๐ต๏ธโโ๏ธ Proof of Concept Login to user account. Create the following POC.html file and open the page in browser. To verify that you...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
โ๏ธ Description Attacker is able to "delete" an element from favorite. this vulnerability happens on some sections. for example on โFirewallโ tab list/firewall/ ๐ต๏ธโโ๏ธ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally first record deletes from...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
โ๏ธ Description Attacker is able to add an element to favorite. this vulnerability happens on some sections. for example on โFirewallโ tab list/firewall/ ๐ต๏ธโโ๏ธ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally first record saves as favorite...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
โ๏ธ Description In this application there is weak CSRF protection on backup functionality. therefore according to below POC.html when a logged in user visits attacker website then an unintentional backup request sends to application. ๐ต๏ธโโ๏ธ Proof of Concept //PoC.html history.pushState'', '', '/'...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
โ๏ธ Description Attacker is able to logout user if a logged in user visits attacker website. ๐ต๏ธโโ๏ธ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally you logged out history.pushState'', '', '/' document.forms0.submit; ๐ฅ Impact This vulnerability is...
in livehelperchat/livehelperchat
โ๏ธ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. ๐ต๏ธโโ๏ธ Proof of Concept ๐ฅ Impact According to PortSwigger references, it is possible for a page controlled by an attacker...
Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts
โ๏ธ Description Attacker able to delete any number of Accounting Subaccounts with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...
Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts
โ๏ธ Description Attacker able to change any role with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts
โ๏ธ Description Attacker able to delete any number of Agents with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSR...
Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts
โ๏ธ Description Attacker able to delete any number of Purchases invoices with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...
Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts
โ๏ธ Description Attacker able to delete any number of Accounting Reports with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...
Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts
โ๏ธ Description Attacker able to delete any number of customers with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In...
Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts
โ๏ธ Description Attacker able to delete any number of users with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
in yourls/yourls
โ๏ธ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. ๐ต๏ธโโ๏ธ Proof of Concept ๐ฅ Impact According to PortSwigger references, it is possible for a page controlled by an attacker...
in getgrav/grav-plugin-admin
โ๏ธ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. ๐ต๏ธโโ๏ธ Proof of Concept ๐ฅ Impact According to PortSwigger references, it is possible for a page controlled by an attacker...
Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2
โ๏ธ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userโs browser has no way to know that the script should not be trusted, and will...
Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2
โ๏ธ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userโs browser has no way to know that the script should not be trusted, and will...
Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2
โ๏ธ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userโs browser has no way to know that the script should not be trusted, and will...
Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2
โ๏ธ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userโs browser has no way to know that the script should not be trusted, and will...
Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2
โ๏ธ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userโs browser has no way to know that the script should not be trusted, and will...
Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2
โ๏ธ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userโs browser has no way to know that the script should not be trusted, and will...
Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2
โ๏ธ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userโs browser has no way to know that the script should not be trusted, and will...
Cross-site Scripting (XSS) - Stored in namelessmc/nameless
โ๏ธ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userโs browser has no way to know that the script should not be trusted, and will...
Code Injection in namelessmc/nameless
โ๏ธ Description Code Injection is the general term for attack types which consist of injecting code that is then interpreted/executed by the application. This type of attack exploits poor handling of untrusted data. These types of attacks are usually made possible due to a lack of proper...
Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin
โ๏ธ Description The Import functionality in the application is vulnerable to CSRF attacks. ๐ต๏ธโโ๏ธ Proof of Concept history.pushState'', '', '/' ๐ฅ Impact This vulnerability can let an attacker import data to the database without the knowledge/interaction of the user...
Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin
โ๏ธ Description The delete key functionality in the application is vulnerable to CSRF attack. ๐ต๏ธโโ๏ธ Proof of Concept history.pushState'', '', '/' ๐ฅ Impact This vulnerability can let an attacker delete data from the database without the knowledge/interaction of the user...
Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin
โ๏ธ Description The Add Key functionality in the Application is vulnerable to CSRF attack. ๐ต๏ธโโ๏ธ Proof of Concept history.pushState'', '', '/' ๐ฅ Impact This vulnerability can let an attacker add data to the database without the knowledge/interaction of the user. ๐ Location index.phpL1 ๐ References...
in erikdubbelboer/phpredisadmin
โ๏ธ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. ๐ต๏ธโโ๏ธ Proof of Concept ๐ฅ Impact According to PortSwigger references, it is possible for a page controlled by an attacker...
Cross-site Scripting (XSS) - Reflected in erikdubbelboer/phpredisadmin
โ๏ธ Description The application is vulnerable to XFS attack. ๐ต๏ธโโ๏ธ Proof of Concept Navigate to https://domain.tld/phpRedisAdmin/?https://www.eia.gov/state/maps The page https://www.eia.gov/state/maps.php will be loaded in an iframe on the page. ๐ฅ Impact Cross-Frame Scripting XFS is an attack that...
Cross-site Scripting (XSS) - Stored in janeczku/calibre-web
๐ฅ BUG stored xss via book description ๐ฅ STEP TO REPRODUCE Lets there is two user Admin and user-B . user-B has edit permission in book.\ \ 1. Now goto user-B account and visit http://localhost:8083/admin/book/12 and edit the metadata .\ During edit put bellow xss payload in book Description field...
SQL Injection in slackero/phpwcms
โ๏ธ Description Data enters a program from an untrusted source ๐ต๏ธโโ๏ธ Proof of Concept if$result = mysqliquery$db, 'SELECT FROM '. $phpwcms"dbprepend" ? $phpwcms"dbprepend".'' : ''.'phpwcmsuser' ๐ฅ Impact A successful attack may result in the unauthorized viewing of user lists, the deletion of entire...
Cross-site Scripting (XSS) - Reflected in slackero/phpwcms
โ๏ธ Description Reflected xss ๐ต๏ธโโ๏ธ Proof of Concept 'HTTP-REFERER: '.echoempty$ref ? 'unknown' : $ref; ๐ฅ Impact xss bug...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in slackero/phpwcms
โ๏ธ Description The secure flag is not set for PHPSESSID session cookie in the application. ๐ต๏ธโโ๏ธ Proof of Concept ๐ฅ Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from...
Sensitive Cookie Without 'HttpOnly' Flag in slackero/phpwcms
โ๏ธ Description HTTPOnly attribute is not set for session cookies in the application. ๐ต๏ธโโ๏ธ Proof of Concept ๐ฅ Impact When a cookie doesnโt have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS could lead to cookies being stolen. These include session cookies that can...
Cross-Site Request Forgery (CSRF) in admidio/admidio
โ๏ธ Description Attacker able to delete any Link with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
in cortezaproject/corteza-server
โ๏ธ Description Hi team i found an Unrestricted File Upload on https://latest.cortezaproject.org/ which let me upload anything. File Extensions Such as .html , .svg and others should not be executed on the server side. ๐ต๏ธโโ๏ธ Proof of Concept Step to Reproduce 1- Go to the Employees tab and choose an...
Cross-site Scripting (XSS) - Stored in cortezaproject/corteza-webapp-workflow
โ๏ธ Description Stored Cross-Site Scripting XSS is the type of XSS when a user injects a maliscous javascript code into the web applacation and it gets later rendered in victim browser. ๐ต๏ธโโ๏ธ Proof of Concept 1. Sign in to the application as admin 2. Go to workflows 3. Edit workflow and set the...
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
โ๏ธ Description Attacker able to set default currency with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...