Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

✍️ Description Attacker is able to logout a user if a logged in user visits attacker website. 🕵️‍♂️ Proof of Concept 1. when you logged in open this POC.html in a browser 2. you can check unintentionally you loged out history.pushState'', '', '/' document.forms0.submit; 💥 Impact This vulnerability...

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

✍️ Description Attacker is able to enable a user notification if a logged in user visits attacker website. 🕵️‍♂️ Proof of Concept 1. when you logged in open this POC.html in a browser 2. you can check your notification is enable history.pushState'', '', '/' document.forms0.submit; 💥 Impact This...

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

✍️ Description Attacker is able to disable a user notification if a logged in user visits attacker website. 🕵️‍♂️ Proof of Concept 1. when you logged in open this POC.html in a browser 2. you can check your notification is disabled history.pushState'', '', '/' document.forms0.submit; 💥 Impact This...

in postfixadmin/postfixadmin

✍️ Description clickjacking attack 🕵️‍♂️ Proof of Concept i see there is no X-Frame-Options reseponse header present which allow to load entire website in iframe . And using this clickjacking attack can be performed . 💥 Impact clickjacking attack...

Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin

✍️ Description Attacker able to delete any menu with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin

✍️ Description Attacker able to delete any rule with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin

✍️ Description Attacker able to upload any picture with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks...

Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin

✍️ Description Attacker able to delete any admin with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks i...

Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin

✍️ Description Attacker able to delete any local picture with CSRF attack. It does not matter at all that phproject run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of filebrowser application. It does...

Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin

✍️ Description Attacker able to add any rule with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it is...

Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin

✍️ Description Attacker able to modify any menu with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin

✍️ Description Attacker able to change any password and username with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. I...

Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system

✍️ Description csrf bug to mass delete item price 🕵️‍♂️ Proof of Concept bellow request is vulnerable to csrf attack. here csrf token checking, no refferrer checking . There is nothing to prevent csrf attack . POST /online-invoicing-system/app/itempricesview.php HTTP/1.1 Host: localhost User-Agent:...

Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system

✍️ Description csrf bug to mass delete client 🕵️‍♂️ Proof of Concept bellow request is vulnerable to csrf attack. here csrf token checking, no refferrer checking . There is nothing to prevent csrf attack . POST /online-invoicing-system/app/clientsview.php HTTP/1.1 Host: localhost User-Agent:...

Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager

✍️ Description csrf bug to delete a backup 🕵️‍♂️ Proof of Concept Bellow request vulnerable to csrf bug which allow to delete database backup GET /online-rental-property-manager/app/admin/pageBackupRestore.php?action=delete&md5hash=eea01b37c4b7422a4 HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0...

Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system

✍️ Description csrf bug to create a backup 🕵️‍♂️ Proof of Concept Bellow request vulnerable to csrf bug which allow to create database backup GET /online-invoice/app/admin/pageBackupRestore.php?action=createbackup HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:90.0...

Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager

✍️ Description csrf bug to create a backup 🕵️‍♂️ Proof of Concept Bellow request vulnerable to csrf bug which allow to create database backup GET /online-rental-property-manager/app/admin/pageBackupRestore.php?action=createbackup HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Ubuntu; Linux...

Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager

✍️ Description CSRF bug in application 🕵️‍♂️ Proof of Concept Bellow request is vulnerable to csrf attack .\ Although there is csrf token in request but it does not checked in server-side . Any attacker provided csrf token is accepted here. POST /online-rental/app/applicationsleasesview.php...

Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager

✍️ Description CSRF bug in applicant 🕵️‍♂️ Proof of Concept Bellow request is vulnerable to csrf attack .\ Although there is csrf token in request but it does not checked in server-side . Any attacker provided csrf token is accepted here. POST /online-rental/app/applicantsandtenantsview.php...

Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager

✍️ Description CSRF bug to add property 🕵️‍♂️ Proof of Concept Bellow request is vulnerable to csrf attack .\ Although there is csrf token in request but it does not checked in server-side . Any attacker provided csrf token is accepted here. POST /online-rental/app/propertiesview.php HTTP/1.1 Host:...

Improper Privilege Management in bigprof-software/online-invoicing-system

💥 BUG CSRF bug to approve member 💥 IMPACT csrf bug allow to approov any user 💥 STEP TO REPRODUCE 1. Lets assume signup allowed in settings page and member need to approoved .\ Now From external user goto http://localhost/online-invoice/app/membershipsignup.php and signup for new member with...

Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system

💥 BUG CSRF bug to ban a member 💥 IMPACT csrf bug allow to ban any user 💥 STEP TO REPRODUCE 1. First goto http://localhost/online-invoice/app/admin/pageViewMembers.php and lets assume there present a member with username test.\ Now any user send link...

Cross-Site Request Forgery (CSRF) in star7th/showdoc

✍️ Description With CSRF vulnerability Attacker able to add any member to for any item if users visit attacker site. 🕵️‍♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that member with email address [email protected] that already should registered befor have access to...

Cross-site Scripting (XSS) - Stored in kalcaddle/kodexplorer

✍️ Description XSS via SVG file Upload 🕵️‍♂️ Proof of Concept upload the svg file with xss payload and open it with browser alertdocument.domain; 💥 Impact Custom JS code execution embedded with in the svg file...

in frangoteam/fuxa

✍️ Description This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. 🕵️‍♂️ Proof of Concept fs.writeFileSyncruntime.settings.userSettingsFile, JSON.stringifyreq.body, null, 4; mergeUserSettingsreq.body; res.end; FIx Consider using a rate-limiting...

in postfixadmin/postfixadmin

✍️ Description uniqid is used as input to MD5 when generating a PFATOKEN I'll refer to this as a session token - the function uniqid is not a CSPRNG but rather is a PRNG meaning that it cannot generate cryptographically reliable/secure values. 🕵️‍♂️ Proof of Concept Execute the below code: PHP "; ?...

in star7th/showdoc

✍️ Description The referenced code contains a hard-coded salt that is used for all passwords, ideally - a unique salt should be generated for each password and then would be stored alongside it as oppose to the constant one that is used for all passwords in the showdoc repository. 🕵️‍♂️ Proof of...

in star7th/showdoc

✍️ Description The referenced code block computes a MD5 hash based on a string "rgrsfsrfsrf", the current time, and a random number. The string used is static and does not appear to change, therefore I'm not sure why it is there in the first place as it does not provide any additional security...

Cross-Site Request Forgery (CSRF) in alanaktion/phproject

✍️ Description Attacker able to close any issue with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

Cross-Site Request Forgery (CSRF) in alanaktion/phproject

✍️ Description Attacker able to delete any group with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks i...

Cross-Site Request Forgery (CSRF) in alanaktion/phproject

✍️ Description Attacker able to delete any user with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

Cross-Site Request Forgery (CSRF) in alanaktion/phproject

✍️ Description Attacker able to delete any issue with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks i...

in aquilacms/aquilacms

✍️ Description Unauthenticated API function allows any user to change OR view another user first name, last name, password, and address information. As well, leaked activateAccountToken and resetPassToken can be viewed. 🕵️‍♂️ Proof of Concept The attacker can guess the correct MongoDBobject ID and...

in erudika/scoold

✍️ Description Bypass rate limit and sent unlimited email to any email address. 💥 Impact Attacker can sent unlimited email to any mail address . Many email service provider has limited email sending like 10000 email per month . If you exeed that limit then you will be extra charged . So, using thi...

in erudika/scoold

✍️ Description Bypass rate limit and sent unlimited email to any email address. 💥 Impact Attacker can sent unlimited email to any mail address . Many email service provider has limited email sending like 10000 email per month . If you exeed that limit then you will be extra charged . So, using thi...

Open Redirect in erudika/scoold

✍️ Description Open redirect bypass 🕵️‍♂️ Proof of Concept i see you resently fixed open-redirect . But it can be bypassed .\ 1. First login into your account and visit https://live.scoold.com/signin?returnto=https://[email protected]/xx and see you just redirected to different site 💥...

Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager

✍️ Description Attacker able to change users password if users visit attacker site. 🕵️‍♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that password changed to admin0 // PoC.html history.pushState'', '', '/' document.forms0.submit; 💥 Impact This vulnerability is...

Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager

✍️ Description Attacker able to create any Personal Data if users visit attacker site. 🕵️‍♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that Personal data with Denomination aaa have been created. // PoC.html history.pushState'', '', '/' input type="hidden" name="e...

Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager

✍️ Description Attacker able to delete any Personal Data if users visit attacker site. 🕵️‍♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that Personal data with idrecord value equal to 2 have been deleted. // PoC.html history.pushState'', '', '/'...

Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager

✍️ Description Attacker able to disable any Personal Data module if users visit attacker site. 🕵️‍♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that Personal data module with id value equal to 1 have been disabled. // PoC.html history.pushState'', '', '/'...

Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager

✍️ Description Attacker able to create any Document management if users visit attacker site. 🕵️‍♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check Document management with aaa name have been created. // PoC.html history.pushState'', '', '/' document.forms0.submit; 💥...

Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager

✍️ Description Attacker able to delete any Document management if users visit attacker site. 🕵️‍♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check Document management with idrecord value equal to 1 have been created. // PoC.html history.pushState'', '', '/'...

Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager

✍️ Description Attacker able to create any Contract if users visit attacker site. 🕵️‍♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check a Contract with aaaa name have been created. // PoC.html history.pushState'', '', '/' document.forms0.submit; 💥 Impact This...

Open Redirect in erudika/scoold

✍️ Description There is an open redirect vulnerability in the following URL: https://live.scoold.com/signin?returnto=https://google.com 🕵️‍♂️ Proof of Concept Step to reproduce 1. open above URL 2. login in the applicaiton 3. you redirect to google.com 💥 Impact That causes a redirection to an...

in amirsanni/mini-inventory-and-sales-management-system

💥 BUG unprivileged user can update stoke 💥 STEP TO REPDOUCE 1. From admin account goto https://1410inc.xyz/mini-inventory-and-sales-management-system/administrators and add new user callled user-B with basic role .\ 2. Now goto user-B account and here user-B cant see any item.\ Now user-B execute...

in amirsanni/mini-inventory-and-sales-management-system

💥 BUG unprivileged user can delete item 💥 STEP TO REPDOUCE 1. From admin account goto https://1410inc.xyz/mini-inventory-and-sales-management-system/administrators and add new user callled user-B with basic role .\ 2. Now goto user-B account and here user-B cant see any item.\ Now user-B execute...

Improper Privilege Management in amirsanni/mini-inventory-and-sales-management-system

💥 BUG unprivileged user can update item 💥 STEP TO REPDOUCE 1. From admin account goto https://1410inc.xyz/mini-inventory-and-sales-management-system/administrators and add new user callled user-B with basic role .\ 2. Now goto user-B account and here user-B cant see any item.\ Now user-B execute...

Improper Privilege Management in amirsanni/mini-inventory-and-sales-management-system

💥 BUG unprivileged user can add item 💥 STEP TO REPDOUCE 1. From admin account goto https://1410inc.xyz/mini-inventory-and-sales-management-system/administrators and add new user callled user-B with basic role .\ So, user-B cant add new item.\ 2. Now goto user-B account and here user-B cant see...

in sergix44/xbackbone

✍️ Description According to 1 we have : The secure attribute is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure attribute is to prevent cookies from being observed by unauthorized parties due to the...

Cross-Site Request Forgery (CSRF) in sergix44/xbackbone

✍️ Description following endpoint vulnerable to CSRF: /omeka/system/deleteOrphanFiles Also there is not any different that you run The application in localhost or some real hosts, this is enough to login with a browser that used the browser for online web surfacing too. 🕵️‍♂️ Proof of Concept //...