4072 matches found
Cross-Site Request Forgery (CSRF) in pimcore/pimcore
βοΈ Description Your application have not any CSRF protection and also You set the SameSite attribute to Lax, this means if you want to alter some data with GET HTTP requests, then your site should be vulnerable to CSRF attacks with no doubt. First you run this Html payload and then you should see...
Use of a Broken or Risky Cryptographic Algorithm in serghey-rodin/vesta
βοΈ Description uniqid does not generate cryptographically secure strings, even if it did, supplying it with mtrand would render it insecure as an attacker would be able to gain access to a victim's account by simply knowing when they logged in, this could be used as a mass-account-takeover vector...
Business Logic Errors in pimcore/pimcore
βοΈ Description Pimcore is vulnerable to Business Logic error through negative products amount. π΅οΈββοΈ Proof of Concept HTML content: HTML 1. Save the above content into an HTML file. 2. Open the HTML file on the browser and click on Submit button. 3. Check out the total price. PoC video. π₯ Impact It...
Inefficient Regular Expression Complexity in erxes/erxes
βοΈ Description If we want to use Regex in our match or search or replace or β¦ functions, we must be sanitize this function's inputs. if an attacker capable to inject any Regex or abuse the exponential Regexes that used in our codes, then the ReDoS vulnerability appear and according to "freezing th...
Cross-Site Request Forgery (CSRF) in ampache/ampache
βοΈ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in ampache/ampache
βοΈ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in ampache/ampache
βοΈ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in ampache/ampache
βοΈ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in ampache/ampache
βοΈ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Cross-Site Request Forgery (CSRF) in ampache/ampache
βοΈ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
in alovoa/alovoa
βοΈ Description Affected versions of this package are vulnerable to XML External Entity XXE Injection via the SAML2AssertionValidator method. Access to external entities was not disabled in XML parsing. π΅οΈββοΈ Proof of Concept org.springframework.security spring-security-oauth2-client...
in janeczku/calibre-web
βοΈ Description The attribute name is not properly restricted so a user can change his username even when the view does not allow to change it. π΅οΈββοΈ Proof of Concept //The method changeprofile saves also de name if it is present in the request. It does not check if the user has the permission to...
Cross-Site Request Forgery (CSRF) in janeczku/calibre-web
βοΈ Description An attacker can make a user change his profile settings by CSRF vulnerability through PoC file. There is no CSRF token. π΅οΈββοΈ Proof of Concept For example, changing the email address from "[email protected]" to "[email protected]" test1's profile. Make the user open a link with this page...
in kestasjk/webdiplomacy
βοΈ Description According to previous explanation about weak cryptographic tokens, you also send the same weak token to users that forgot their passwords. here an attacker can also do Bruteforce attacks to take control of users accounts. π΅οΈββοΈ Proof of Concept...
Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy
βοΈ Description CSRF bug to watch a game π΅οΈββοΈ Proof of Concept no csrf token checking during watch game.\ Bellow request is vulnerable to csrf attack POST /redirect.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101 Firefox/88.0 Accept:...
Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy
βοΈ Description CSRF bug when contacting team π΅οΈββοΈ Proof of Concept no csrf token contact .\ Bellow request is vulnerable to csrf attack POST /contactUsDirect.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101 Firefox/88.0 Accept:...
Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy
βοΈ Description CSRF bug when disabling notice π΅οΈββοΈ Proof of Concept no csrf token checking during enable/desable notice .\ Bellow request is vulnerable to csrf attack POST /index.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101...
Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy
βοΈ Description CSRF bug when creating game π΅οΈββοΈ Proof of Concept no csrf token checking during gamecreate .\ Bellow request is vulnerable to csrf attack POST /gamecreate.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101 Firefox/88.0...
in kestasjk/webdiplomacy
βοΈ Description Bypass rate limit and sent unlimited email to any email address. π₯ Impact Attacker can sent unlimited email to any mail address . Many email service provider has limited email sending like 10000 email per month . If you exeed that limit then you will be extra charged . So, using thi...
Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy
βοΈ Description csrf bug to change user profile π΅οΈββοΈ Proof of Concept I see there no csrf token checking when updating user-profile save bellow html code in html file and host this file . Now sent this file link to vicitm when victim open the link then his profile information will be changed...
Code Injection in causefx/organizr
βοΈ Description The "version": "v6.4.1", is vulnerable to code injection, Affected versions of this package are vulnerable to Arbitrary Code Execution. If the $langpath parameter is passed unfiltered from user input, it can be set to a UNC path, and if an attacker is also able to persuade the serve...
Cross-Site Request Forgery (CSRF) in emoncms/dashboard
π₯ BUG csrf bug to change schedule to public π₯ STEP TO REPRODUCE 1. First login into your account and open the link http://localhost/emoncms/schedule/set.json?id=1&fields=%22public%22:true and your schedule will be change from private to public. π₯ IMPACT Any attacker can send those link to vicitm...
in emoncms/dashboard
π₯ BUG account takeover via host-header injection It allow attacker to change url of account-verification link and verify any email-address . π₯ STEP TO REPRODUCE 1. First as attacker create a account with email [email protected]. You dont own that email-address .\ You cant login untill you verify that...
Cross-Site Request Forgery (CSRF) in emoncms/dashboard
π₯ BUG csrf bug to regenerate api-key π₯ STEP TO REPRODUCE 1. First login into your account and open the link http://localhost/emoncms/user/newapikeywrite.json and a new api key will be generated. π₯ IMPACT Any attacker can send those link to vicitm and when vicitm open the link then api-key will be...
Cross-Site Request Forgery (CSRF) in emoncms/dashboard
π₯ BUG csrf bug to change email π₯ STEP TO REPRODUCE 1. First login into your account and open the link http://localhost/emoncms/user/changeemail.json?&email=admin%40localhost.combm and your email will be changed. π₯ IMPACT Any attacker can send those link to vicitm and when vicitm open the link the...
Cross-Site Request Forgery (CSRF) in emoncms/emoncms
βοΈ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...
Improper Privilege Management in opensource-socialnetwork/opensource-socialnetwork
π₯ BUG unprivileged user can like to private album . π₯ IMPACT user who does not have permiison in private album still can comment in that album. π₯ STEP TO RERPODUCE There is two user called user-A and user-B.\ 1. First goto user-A account and create a private album . \ Lets album url is...
Improper Privilege Management in opensource-socialnetwork/opensource-socialnetwork
π₯ BUG unprivileged user can comment to private album . π₯ IMPACT user who does not have permiison in private album still can comment in that album. π₯ STEP TO RERPODUCE There is two user called user-A and user-B.\ 1. First goto user-A account and create a private album . \ Lets album url is...
in janeczku/calibre-web
βοΈ Description A user can see the name of another user's private shelf through a forbidden error. π΅οΈββοΈ Proof of Concept 1. As user 1, try to add a book to a user 2's shelf: GET /shelf/add/2/2 2. See the returned error: Sorry you are not allowed to add a book to the the shelf: shelf test2 This is...
Improper Access Control in janeczku/calibre-web
βοΈ Description A user can edit the title of another user's shelf. π΅οΈββοΈ Proof of Concept The function editshelf calls directly to createeditshelf sending the queried shelf by the id from the path withouth checking if that shelf is theirs. // shelf.py @shelf.route"/shelf/edit/", methods="GET",...
in janeczku/calibre-web
βοΈ Description The app does not expire the user's session after the logout. It is possible to continue using the session even when the user has logged out. π΅οΈββοΈ Proof of Concept 1. Login as a user at /login. 2. Select logout, intercepting and copying the user's cookie. 3. After this logout, send a...
None in firefly-iii/firefly-iii
Improper Restriction of Excessive Authentication Attempts. The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks. STEPS FOR REPRODUCTION: 1Go to...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description CSRF bug to close a project π΅οΈββοΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when closing a project ....
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description CSRF bug to activate all contractline π΅οΈββοΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when activate all contract-line ....
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description CSRF bug to remove third-party from sales-order π΅οΈββοΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when removing third-party from sales-order ....
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description CSRF bug to classify bill of sales-order π΅οΈββοΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when classify bill of sales-order ....
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description CSRF bug to delete warehouse π΅οΈββοΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when delete warehouse ....
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description CSRF bug to validate inventory π΅οΈββοΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when validate inventory ....
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description CSRF bug to delete product variants π΅οΈββοΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when delete product variants ....
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description CSRF bug to delete customer price π΅οΈββοΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when delete customer price ....
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description CSRF bug to set-paid expense-report π΅οΈββοΈ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when set-paid expense report....
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description CSRF bug to remove linked file π΅οΈββοΈ Proof of Concept bellow request is vulnerable to csrf attack when removing linked file.\ https://demo.dolibarr.org/expensereport/card.php?id=202&action=removefile&file=%28PROV202%29%2F%28PROV202%29.pdf&entity=1 π₯ Impact csrf attack...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description In Billing | payment section the Customer invoices part, you protect invoice Statuses to any kind of modification from CSRF attacks but if I set CSRF token to nothings then I able to modify arbitrary invoice Statuses only with knowing their ids. In this PoC.html I am able to Validat...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description In Bank section the POS part, you don't protect resources from delete with CSRF attacks and then I able to delete/close arbitrary POS cash desk control entities only with knowing their ids. π΅οΈββοΈ Proof of Concept // PoC.html history.pushState'', '', '/' π₯ Impact This vulnerability is...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description In Bank section the Bank | Cash part, you protect List entities to delete with CSRF attacks but if I set CSRF token to nothings then I able to delete arbitrary List entities only with knowing their ids. π΅οΈββοΈ Proof of Concept // PoC.html history.pushState'', '', '/' input...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description In Ticket section , you protect tickets from being deleted with CSRF attacks but if I set CSRF token to nothings then I able to delete arbitrary tickets only with knowing their "trackid" parameter. π΅οΈββοΈ Proof of Concept // PoC.html history.pushState'', '', '/' π₯ Impact This...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
βοΈ Description In HRM -- Expenses reports Directory, you don't protect files built by mass actions to delete with CSRF attacks then attacker able to delete arbitrary reports only with knowing their names. π΅οΈββοΈ Proof of Concept // PoC.html history.pushState'', '', '/' ...
Cross-Site Request Forgery (CSRF) in microweber/microweber
βοΈ Description microweber is vulnerable to Cross-site request forgery. The app is not checking the CSRF token when adding new products to the cart. π΅οΈββοΈ Proof of Concept HTML content: HTML setTimeout = form.submit; , 2000; 1. Save the above content into an HTML file. 2. Open the file on the...
Business Logic Errors in microweber/microweber
βοΈ Description microweber is vulnerable to Business Logic error through negative product price. π΅οΈββοΈ Proof of Concept HTML content: HTML 1. Save the above content into an HTML file. 2. Access the app localhost and add a product to the cart. 3. Open the HTML file and click on submit button to take...
Cross-site Scripting (XSS) - Reflected in alovoa/alovoa
βοΈ Description xss bug π΅οΈββοΈ Proof of Concept 1. Open url https://alovoa.com/profile?lang=es%22%3E%3Cscript%3Ealert1%3C/script%3E and see xss is executed .\ My previous xss and this xss has different attacking endpoint and thats why i submitted two report π₯ Impact xss...