Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored xss in profile state field There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the State name field as tested on the latest release. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

💥 BUG xss via groupname permission 💥 VERSION TESTED latest version as of 1/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. first goto http://localhost/online-rental/app/admin/pageEditGroup.php and add a new group and put bellow xss payload in...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

💥 BUG Stored xss via group name 💥 TESTED VERSION latest version as of 01/07/21 💥 STEP TO REPRODUCE 1. create a group with bellow xss payload in name.\ group1"'.\ 2. Now add a new user called user-B to the above group .\ 3. Finally visit...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

💥 BUG xss via landlord comment 💥 VERSION TESTED latest version as of 1/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. first goto http://localhost/online-rental/app/rentalownersview.php and add a new landlord .\ During creation put bellow xss payloa...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

💥 BUG xss via groupname in item 💥 VERSION TESTED latest version as of 1/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. first goto http://localhost/online-invoice2/app/admin/pageEditGroup.php and add a new group and put bellow xss payload in...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

💥 BUG xss via groupname 💥 VERSION TESTED latest version as of 1/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. first goto http://localhost/online-invoice2/app/admin/pageEditGroup.php and add a new group and put bellow xss payload in group-name....

Improper Privilege Management in bigprof-software/online-invoicing-system

💥 BUG privilege escalation bug to add item to a price-history 💥 IMPACT unprivileged user can add item to a price-history 💥 STEP TO REPRODUCE 1. From admin account goto http://localhost/online-invoice2/app/admin/pageViewMembers.php and add new user called user-B .\ Now revoke all acccess from item...

Improper Privilege Management in bigprof-software/online-invoicing-system

💥 BUG privilege escalation bug to add invoice to a client . 💥 IMPACT unprivileged user can add invoice to a client 💥 STEP TO REPRODUCE 1. From admin account goto http://localhost/online-invoice2/app/admin/pageViewMembers.php and add new user called user-B .\ Now revoke all acccess from client...

in getgrav/grav

✍️ Description A cookie with an overly broad path can be accessed through other applications on the same domain. 🕵️‍♂️ Proof of Concept Application deployed at http://real.example.com/grav and the application sets a session ID cookie with path "/" when users log in to the forum. then below code is...

in projectsend/projectsend

💥 BUG create client even when self client registration is disabled 💥 IMPACT any user can create create client even when self client registration is disabled 💥 STEP TO REPRODUCE 1. From admin account goto http://localhost/projectsend2/options.php?section=clients and disabled client registration....

Cross-site Scripting (XSS) - Stored in projectsend/projectsend

✍️ Description section parameter at Line 331 of email-templates.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in email-templates.php at line 331 🕵️‍♂️ Proof of Concept Data enters in application...

Cross-site Scripting (XSS) - Reflected in projectsend/projectsend

✍️ Description GET parameter ?client= in Line 419 of manage-files.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in manage-files.php at line 419. 🕵️‍♂️ Proof of Concept Data enters a web application...

Cross-site Scripting (XSS) - Stored in devcode-it/openstamanager

✍️ Description Stored xss through file upload via anagrafiche 🕵️‍♂️ Proof of Concept Go to an existing Anagrafiche or create a new one. Upload a .svg file with the following content: javascript alertdocument.cookie; give a name you want ending with .svg store-xss.svg for example. when you click on...

in projectsend/projectsend

💥 BUG privilege escalation bug to update admin email-address and company name etc . 💥 IMPACT unprivileged user can update admin email-address and company name etc 💥 STEP TO REPRODUCE 1. From admin account goto http://localhost/projectsend2/users.php and add new user called user-B with uploader...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS in the online invoicing system view price history which is lead by adding invoice items. 💥 TESTED VERSION https://github.com/bigprof-software/online-invoicing-system/releases/tag/v5.0 🕵️‍♂️ Proof of Concept POC Video:...

Cross-site Scripting (XSS) - Reflected in projectsend/projectsend

💥 BUG reflected xss 💥 STEP TO REPRODUCE 1. Login to your account and visit url http://localhost/projectsend2/process.php?do=returnfilesids&files%5B0%5D%5Bname%5D=batch%5B%5D&files%5B0%5D%5Bvalue%5D=32%27%22%3E%3Cimg+src=x+onerror=alert%3E and see xss is executed 💥 IMPACT Attacker can execute...

Cross-site Scripting (XSS) - Stored in projectsend/projectsend

💥 BUG CSRF bug to delete file 💥 SUMMURY during batch delete file there is no csrf token present 💥 STEP TO REPRODUCE 1. vulnerable url is http://localhost/projectsend2/manage-files.php?action=delete&batch=27&batch=31&page=1 .\ Here in this url change file-id to delete and open the url and see file...

Cross-site Scripting (XSS) - Stored in projectsend/projectsend

💥 BUG Stored xss during file upload 💥 STEP TO REPRODUCE check this 1 minute video to reproduce the bug https://drive.google.com/file/d/17TkVQxAOuXxSnlaPh4smvbJndcW-JQla/view?usp=sharing 💥 IMPACT Lower level user can make xss attack against admin. So, using this xss bug lower level user can execut...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the State name field as tested on the latest release. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user account. 3. Enter the s"' payload in the...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the City field as tested on the latest release. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user account. 3. Enter the s"' payload in the City...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Address field as tested on the latest release. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user account. 3. Enter the s"' payload in the...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Full name field as tested on latest release. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user account. 3. Enter the s"' payload in the Full...

Cross-site Scripting (XSS) - Reflected in bigprof-software/online-invoicing-system

✍️ Description /app/admin/pageTransferOwnership.php with sourceMemberID parameter is vulnerable to Reflected XSS. Line 216 of pageTransferOwnership.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

💥 BUG Stored xss via client address in invoice 💥 TESTED VERSION latest version as of 01/07/21 💥 STEP TO REPRODUCE 1. From admin account goto http://localhost/online-invoice2/app/admin/pageViewMembers.php and add a new user called user-B with read-write permission in invoice/client module .\ 2...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

💥 BUG Stored xss via group name 💥 TESTED VERSION latest version as of 01/07/21 💥 STEP TO REPRODUCE 1. create a group with bellow xss payload in name.\ group1"'.\ 2. Now add a new user called user-B to the above group .\ 3. Finally visit...

Session Fixation in filegator/filegator

✍️ Description the password reset function is vulnerable to session fixation bug, it's a small low hanging bug 🕵️‍♂️ Proof of Concept open filegator and login with similar accounts in multiple browsers. change the password of the user in one browser and reload the other login session. we can see...

Cross-site Scripting (XSS) - Stored in getgrav/grav

✍️ Description Grav is vulnerable to XSS via bad SVG files. It is possible to upload an SVG file that contains errors after script tags. 🕵️‍♂️ Proof of Concept SVG file content: html alertdocument.domain; 1. Create an SVG file with the above content. 2. Upload it through profile image update. 3...

Inefficient Regular Expression Complexity in chatwoot/chatwoot

✍️ Description If we want to use Regex in our match or search or replace or ... functions, we must be sanitize this function's inputs. if an attacker capable to inject any Regex or abuse the bad Regexes that used in our codes, then the ReDoS vulnerability appear and according to "freezing the web ...

Server-Side Request Forgery (SSRF) in kalcaddle/kodexplorer

✍️ Description The path is vulnerable to ssrf via svg file upload 🕵️‍♂️ Proof of Concept upload an SVG file with SSRF payload in it. open option on the file and open with browser. 💥 Impact redirect host via ssrf...

Cross-site Scripting (XSS) - Stored in combodo/itop

💥 BUG stored xss via file upload 💥 STEP TO REPRODUCE here in this case i uploaded a html file with xss payload inside.\ Plz check this 1 minute video to reproduce https://drive.google.com/file/d/1xKqYFgrsFUfp9Ufe4XiATQcAL-Q6Mr9G/view?usp=sharing 💥 Impact I see there is many different type of role...

Cross-site Scripting (XSS) - Stored in combodo/itop

💥 BUG stored xss via problem title 💥 STEP TO REPRODUCE Plz check this 1 minute video to reproduce https://drive.google.com/file/d/1n7ni3y5LNkK2ntrTTvVNLNOEmf2iKReO/view?usp=sharing 💥 Impact I see there is many different type of role base user . So, user who has permission to create problem can ma...

Cross-site Scripting (XSS) - Stored in combodo/itop

💥 BUG stored xss via contact lastname 💥 STEP TO REPRODUCE Plz check this 1 minute video to reproduce https://drive.google.com/file/d/1bR9ili6jKxX3UQ2dQUQTqNL0e4LsMDtk/view?usp=sharing 💥 Impact I see there is many different type of role base user . So, user who has permission to create contact can...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS in the online invoicing system when adding a group name. 🕵️‍♂️ Proof of Concept Video POC: https://drive.google.com/file/d/13VaUfJrhd7m565lMQWZMfzXhfYPVjPV/view?usp=sharing Payload: ''' 💥 Impact Stored XSS...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS in the online invoicing system which could be exploited by any user who has permission to add a client. when a comment is added during the creation of a client by the user then due to improper sanitization XSS payload gets triggered. 🕵️‍♂️ Proof of Concept Video...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS in the online invoicing system which could be exploited by any user who has permission to add the invoice. when a comment is added during the creation of invoices by any user then due to improper sanitization XSS payload gets triggered. 🕵️‍♂️ Proof of Concept...

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Reflected XSS in ping.php as IP parameter is not sanitized. 🕵️‍♂️ Proof of Concept Vulnerable Code: Ping Payload: Ping alert1 ? 💥 Impact This vulnerability is capable of reflected XSS...

in w7corp/easywechat

✍️ Description The method encryptsensitiveinformation in BaseClient.php uses the RSA algorithm without OAEP padding, thereby making the encryption weak. In order to use RSA securely, the OAEP padding mode Optimal Asymmetric Encryption Padding must be used. This category was derived from the Cigita...

in w7corp/easywechat

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...

in w7corp/easywechat

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description Stored xss bug using a xss payload in the full name field, other fields like address, city, state will work as well. 🕵️‍♂️ Proof of Concept Create a new user with the following payload " in one of the fields i mentioned above; full name, address etc... browse to you're profile and...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description /app/admin/pageEditGroup.php with group-name parameter of pageEditGroup.php is vulnerable to Stored XSS. Line 203 of pageEditGroup.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in...

Cross-site Scripting (XSS) - Reflected in bigprof-software/online-invoicing-system

✍️ Description Application is vulnerable to XSS through key parameter. Line 85 of membershippasswordReset.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in membershippasswordReset.php at line 85...

Open Redirect in causefx/organizr

✍️ Description The file index.php passes unvalidated data to an HTTP redirect function on line 7. Allowing unvalidated input to control the URL used in a redirect can aid phishing attacks. The data is sent at header in index.php at line 7. 🕵️‍♂️ Proof of Concept The following PHP code instructs the...

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description GET parameter ?plugin= of plugin.php is vulnerable to reflected cross site scripting. plugin.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at printf in plugin.php 🕵️‍♂️ Proof of Concept 1. Visit...

Cross-site Scripting (XSS) - Stored in falconchristmas/fpp

✍️ Description GET parameter &value= in fppjson.php is vulnerable to stored cross site scripting. Analysis Trace: 1. Application takes unvalidated user data in &value= from GET request of /fppjson.php?command=setSetting&plugin=&key=emailserver&value=ytes";alert1 2. Now visiting any application pag...

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description GET parameter ?plugin= is vulnerable to reflected cross site scripting. Line 17 of pluginconfig.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at printf in pluginconfig.php at line 17. 🕵️‍♂️ Proof...

Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system

✍️ Description The app/admin/pageDeleteGroup.php?groupID= does not have a CSRF protection. This could be used by attackers to trick the admin to delete a group from their invoice system. 🕵️‍♂️ Proof of Concept For this attack to work, a logged in admin, should visit the POC page...

Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system

✍️ Description The /app/admin/pageDeleteMember.php?memberID= does not have a CSRF protection. This could be used by attackers to trick the admin to delete a member from their invoice system. 🕵️‍♂️ Proof of Concept For this attack to work, a logged in admin, should visit the POC page...

Command Injection in sofianehamlaoui/lockdoor-framework

✍️ Description CI in Spaghetti function when it asks for custom agent. 🕵️‍♂️ Proof of Concept // PoC https://drive.google.com/file/d/11ljFoTHfge9tA2p9uezV9s1PvM62VC/view?usp=sharing 💥 Impact command run as root. So an attacker could do potential damage to the machine...

Command Injection in sofianehamlaoui/lockdoor-framework

✍️ Description CI in Spaghetti function when it asks for proxy. 🕵️‍♂️ Proof of Concept // PoC https://drive.google.com/file/d/1R8R261eHUPVK6BQRsemaU5CI3QpCI8d-/view?usp=sharing 💥 Impact command run as root. So an attacker could do potential damage to the machine...