4072 matches found
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
✍️ Description Attacker able to Remove budgeted amount with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
✍️ Description Attacker able to delete Total available budget with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In...
Cross-site Scripting (XSS) - Stored in slackero/phpwcms
✍️ Description Stored xss 🕵️♂️ Proof of Concept Plz check this 1 minute video https://drive.google.com/file/d/1ycKDrN3ot623c-iYTaJYFNCjxCXChNx1/view?usp=sharing 💥 Impact xss bug...
Cross-site Scripting (XSS) - Stored in imran300/inventory
✍️ Description Stored xss bug using a xss payload in the product name when adding a new categorie in the product page. 🕵️♂️ Proof of Concept Goto http://localhost/inventory/index.php/Category/listcategory and click on add category and copy paste the following xss payload and paste it in the...
Cross-site Scripting (XSS) - Stored in imran300/inventory
✍️ Description Stored xss bug using a xss payload in the employee name when adding a new employee 🕵️♂️ Proof of Concept Goto http://localhost/inventory/employees/addemployee and click on add employee and copy paste the following xss payload and paste it in the EMP NAME javascript " Click on safe...
Cross-Site Request Forgery (CSRF) in admidio/admidio
✍️ Description Attacker able to delete any folder with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks...
Cross-Site Request Forgery (CSRF) in admidio/admidio
✍️ Description Attacker able to delete any event with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks i...
Cross-Site Request Forgery (CSRF) in admidio/admidio
✍️ Description Attacker able to delete any Announcements with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
Cross-Site Request Forgery (CSRF) in admidio/admidio
✍️ Description Attacker able to delete any album of a user with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
Cross-Site Request Forgery (CSRF) in admidio/admidio
✍️ Description Attacker able to delete any photo of a user with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
Cross-Site Request Forgery (CSRF) in admidio/admidio
✍️ Description Attacker able to unlock/lock any album with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
Cross-Site Request Forgery (CSRF) in admidio/admidio
✍️ Description Attacker able to delete any File & Doc with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
Cross-Site Request Forgery (CSRF) in leantime/leantime
✍️ Description CSRF on deleting a user. There is no token or anti csrf implemented. 🕵️♂️ Proof of Concept Create a .html file poc.html for example and copy paste the following code in it. Change localhost to ur domain or ip address. javascript CSRF PoC send this file to a admin when he opens the...
Cross-site Scripting (XSS) - Stored in leantime/leantime
✍️ Description Stored xss bug using a xss payload in the todo name when adding a todo item 🕵️♂️ Proof of Concept Goto http://localhost/tickets/showKanban and add a todo item and copy paste the following xss payload in the todo-name javascript " Click on safe and go to the My Timesheets tab and see...
Cross-site Scripting (XSS) - Stored in leantime/leantime
✍️ Description Stored xss bug using a xss payload in the Retrospectives Title when adding a new retrospective 🕵️♂️ Proof of Concept Goto http://localhost/retrospectives/showBoards and click on add more and copy paste the following xss payload in the title javascript " Click on safe and see the xss...
Cross-site Scripting (XSS) - Stored in leantime/leantime
✍️ Description Stored xss bug using a xss payload in the Ideas area when adding a comment in the discussion area 🕵️♂️ Proof of Concept Goto http://localhost/ideas/showBoards and click on add an idea and copy paste the following xss payload in the discussion field javascript " Click on safe and see...
Cross-site Scripting (XSS) - Stored in leantime/leantime
✍️ Description Stored xss bug using a xss payload in the new event title when adding a new event 🕵️♂️ Proof of Concept Goto http://localhost/calendar/addEvent and click on add event and copy paste the following xss payload javascript " Click on safe and see the xss popup with the cookie. 💥 Impact...
Cross-Site Request Forgery (CSRF) in aces/loris
✍️ Description Attacker able to upload any Media with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks i...
Cross-Site Request Forgery (CSRF) in aces/loris
✍️ Description Attacker able to create any Category with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attack...
Cross-Site Request Forgery (CSRF) in aces/loris
✍️ Description Attacker able to edit any Information with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
Cross-Site Request Forgery (CSRF) in aces/loris
✍️ Description Attacker able to upload any document with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attack...
Cross-Site Request Forgery (CSRF) in aces/loris
✍️ Description Attacker able to delete any user with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
Cross-Site Request Forgery (CSRF) in aces/loris
✍️ Description Attacker able to create admin user with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks...
Cross-Site Request Forgery (CSRF) in aces/loris
✍️ Description Attacker able to Create a New Candidate Profile with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In...
Server-Side Request Forgery (SSRF) in apostrophecms/apostrophe
✍️ Description Rendering Of SVG file causes SSRF 🕵️♂️ Proof of Concept /image.jpeg" / upload the svg file with the payload mentioned above change server name and preview it. then check the server for incoming request. 💥 Impact SSRF basic attack - host redirect , further researches of this attack...
Cross-site Scripting (XSS) - Stored in aces/loris
✍️ Description Cross-site scripting also known as XSS is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out...
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in devcode-it/openstamanager
✍️ Description A user without access to the software can inject a portion of HTML code in access logs. 🕵️♂️ Proof of Concept Simulate login with a crafter Client-IP header like this: curl -H 'Client-IP: INJECT' -d 'username=&password=&op=login' 'http://localhost//?op=login' The result is: 💥 Impact...
Cross-site Scripting (XSS) - Stored in ampache/ampache
✍️ Description This is a stored XSS in the mp3 management library. 🕵️♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Mark the album as favorite 1 and then open "Informations" - "Favorites" 2: 💥 Impact By uploading an mp3 with javascript...
Cross-site Scripting (XSS) - Stored in ampache/ampache
✍️ Description This is a stored XSS in the mp3 management library. 🕵️♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Vote an album 1 and then open "Informations" - "Most rated" 2: 💥 Impact By uploading an mp3 with javascript code into meta...
Cross-site Scripting (XSS) - Stored in ampache/ampache
✍️ Description This is a stored XSS in the mp3 management library. 🕵️♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Open "Artists" 1 under "Search" menu and then on the cover icon: 💥 Impact By uploading an mp3 with javascript code into...
Cross-site Scripting (XSS) - Stored in ampache/ampache
✍️ Description This is a stored XSS in the mp3 management library. 🕵️♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Open "New" 1 under "Information" menu: 💥 Impact By uploading an mp3 with javascript code into meta tag could permit an...
Cross-site Scripting (XSS) - Stored in ampache/ampache
✍️ Description This is a stored XSS in the mp3 management library. 🕵️♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Open "Artists" 1 under "Search" menu and then "Search" 2: 💥 Impact By uploading an mp3 with javascript code into meta tag...
Cross-site Scripting (XSS) - Stored in ampache/ampache
✍️ Description This is a stored XSS in the mp3 management library. 🕵️♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Open "Album" 1 under "Search" menu then click "Search" 2: 💥 Impact By uploading an mp3 with javascript code into meta tag...
Cross-site Scripting (XSS) - Stored in ampache/ampache
✍️ Description This is a stored XSS in the mp3 management library. 🕵️♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Open "Album" menu: 💥 Impact By uploading an mp3 with javascript code into meta tag could permit an attacker to execute...
Server-Side Request Forgery (SSRF) in bookstackapp/bookstack
✍️ Description User with "Editor" rights can create a special book page containing tag with "src" property pointing to any external or internal resource. Exporting this page using default domPdf will result in firing request from server side. 🕵️♂️ Proof of Concept Updating page with malicious...
Cross-site Scripting (XSS) - Stored in poowf/invoiceneko
✍️ Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Then, the vulnerability can be triggered when the user previews the document´s content...
Cross-site Scripting (XSS) - Stored in circuitverse/circuitverse
✍️ Description CircuitVerse is a free, open-source platform which allows users to construct digital logic circuits online this app is vulnerable for XSS thru creating Assignments 🕵️♂️ Proof of Concept 💥 Impact This vulnerability is capable of stealing cookies for group members...
Cross-site Scripting (XSS) - Stored in circuitverse/circuitverse
✍️ Description CircuitVerse is a free, open-source platform which allows users to construct digital logic circuits online this app is vulnerable for XSS thru creating projects 🕵️♂️ Proof of Concept 💥 Impact This vulnerability is capable Steeling cookies of users 📍 Location projectscontroller.rbL5...
Open Redirect in slackero/phpwcms
✍️ Description Session hijacking via open redirection 🕵️♂️ Proof of Concept Steps to reproduce 1. Go to http://your-domain.tld/login.php?ref=http://attackers-domain.tld/? 2. Login to a valid account 3. You will be redirected to...
Cross-site Scripting (XSS) - Reflected in erudika/scoold
✍️ Description It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser. 🕵️♂️ Proof of Concept...
Server-Side Request Forgery (SSRF) in erudika/scoold
✍️ Description Affected URL is vulnerable to Server-Side Request Forgery SSRF. An attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. 🕵️♂️ Proof of Concept @GetMapping"", "/id/" public String get@PathVariablerequired = false...
Cross-Site Request Forgery (CSRF) in microweber/microweber
✍️ Description Attacker able to delete all file forever from trash if knows the id parameter value of all files that exist in trash with CSRF attack. 🕵️♂️ Proof of Concept Here after running PoC.html on Firefox or Safari and click on submit button also can be auto-submit you will see that the file...
Denial of Service in cortezaproject/corteza-server
You can put a very long login email text until you get the last user to put and aries or DoS. Normally emails have 64 to 225 digits. Summary There is no limit to the number of characters in the login email, which allows a DoS attack. The DoS attack affects both server-side and client-side. NOTE:...
in filegator/filegator
Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills. This tricks...
in ampache/ampache
Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills. This tricks...
in francoisjacquet/rosariosis
Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills. This tricks...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
✍️ Description Attacker able to delete any contact with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the I...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
✍️ Description Attacker able to delete any Sales Order with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
✍️ Description Attacker able to delete any Message with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the I...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
✍️ Description Attacker able to delete any Document with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the...